feat(auth_jwt): add JWT secret key configuration

Introduced new settings for JWT secret and its description to the JWT authentication plugin. The settings allow administrators to configure a secret key used for signing JWT tokens. Also updated the plugin version to ensure proper synchronization with these changes. Addresses setup requirements for heightened JWT security.
2024-06-25 19:26:41 +02:00 · 2024-06-25 19:26:41 +02:00 · 6b51e0bceb
commit 6b51e0bceb
parent 828af94032
3 changed files with 79 additions and 31 deletions
--- a/lang/en/auth_jwt.php
+++ b/lang/en/auth_jwt.php
@ -54,3 +54,5 @@ $string['redirecterrordetected'] = 'Unsupported redirect to {$a} detected, execu
 $string['noip'] = 'Unable to fetch IP address of client.';
 $string['privacy:metadata'] = 'JWT authentication plugin does not store any personal data.';
 $string['incorrectlogout'] = 'Incorrect logout request';
+$string['jwtsecret'] = 'JWT secret';
+$string['jwtsecret_desc'] = 'Secret key to sign JWT tokens with.';
--- a/settings.php
+++ b/settings.php
@ -28,40 +28,86 @@ if ($ADMIN->fulltree) {
        $yesno = array(get_string('no'), get_string('yes'));
        $fields = get_auth_plugin('jwt')->get_allowed_mapping_fields();

-    $settings->add(new admin_setting_configselect('auth_jwt/mappingfield',
+        $settings->add(new admin_setting_configselect(
+                'auth_jwt/mappingfield',
                new lang_string('mappingfield', 'auth_jwt'),
-        new lang_string('mappingfield_desc', 'auth_jwt'), 0, $fields));
+                new lang_string('mappingfield_desc', 'auth_jwt'),
+                0,
+                $fields
+        ));

-    $settings->add(new admin_setting_configtext('auth_jwt/keylifetime', get_string('keylifetime', 'auth_jwt'),
+        $settings->add(new admin_setting_configtext(
+                'auth_jwt/keylifetime',
+                get_string('keylifetime', 'auth_jwt'),
                get_string('keylifetime_desc', 'auth_jwt', 'auth'),
-            '60', PARAM_INT));
+                '60',
+                PARAM_INT
+        ));

-    $settings->add(new admin_setting_configselect('auth_jwt/iprestriction',
+        $settings->add(new admin_setting_configselect(
+                'auth_jwt/iprestriction',
                new lang_string('iprestriction', 'auth_jwt'),
-            new lang_string('iprestriction_desc', 'auth_jwt'), 0, $yesno));
+                new lang_string('iprestriction_desc', 'auth_jwt'),
+                0,
+                $yesno
+        ));

-    $settings->add(new admin_setting_configtext('auth_jwt/ipwhitelist', get_string('ipwhitelist', 'auth_jwt'),
+        $settings->add(new admin_setting_configtext(
+                'auth_jwt/ipwhitelist',
+                get_string('ipwhitelist', 'auth_jwt'),
                get_string('ipwhitelist_desc', 'auth_jwt', 'auth'),
-            '', PARAM_TEXT));
+                '',
+                PARAM_TEXT
+        ));

-    $settings->add(new admin_setting_configtext('auth_jwt/redirecturl', get_string('redirecturl', 'auth_jwt'),
+        $settings->add(new admin_setting_configtext(
+                'auth_jwt/redirecturl',
+                get_string('redirecturl', 'auth_jwt'),
                get_string('redirecturl_desc', 'auth_jwt', 'auth'),
-            '', PARAM_URL));
+                '',
+                PARAM_URL
+        ));

-    $settings->add(new admin_setting_configtext('auth_jwt/ssourl', get_string('ssourl', 'auth_jwt'),
+        $settings->add(new admin_setting_configtext(
+                'auth_jwt/ssourl',
+                get_string('ssourl', 'auth_jwt'),
                get_string('ssourl_desc', 'auth_jwt', 'auth'),
-            '', PARAM_URL));
+                '',
+                PARAM_URL
+        ));

-    $settings->add(new admin_setting_configselect('auth_jwt/createuser',
+        $settings->add(new admin_setting_configselect(
+                'auth_jwt/createuser',
                new lang_string('createuser', 'auth_jwt'),
-            new lang_string('createuser_desc', 'auth_jwt'), 0, $yesno));
+                new lang_string('createuser_desc', 'auth_jwt'),
+                0,
+                $yesno
+        ));

-    $settings->add(new admin_setting_configselect('auth_jwt/updateuser',
+        $settings->add(new admin_setting_configselect(
+                'auth_jwt/updateuser',
                new lang_string('updateuser', 'auth_jwt'),
-            new lang_string('updateuser_desc', 'auth_jwt'), 0, $yesno));
+                new lang_string('updateuser_desc', 'auth_jwt'),
+                0,
+                $yesno
+        ));
+
+        $settings->add(new admin_setting_configtext(
+                'auth_jwt/jwtsecret',
+                get_string('jwtsecret', 'auth_jwt'),
+                get_string('jwtsecret_desc', 'auth_jwt', 'auth'),
+                '',
+                PARAM_TEXT
+        ));

        // Display locking / mapping of profile fields.
        $authplugin = get_auth_plugin('jwt');
-    display_auth_lock_options($settings, $authplugin->authtype,
-        $authplugin->userfields, get_string('auth_fieldlocks_help', 'auth'), false, false);
+        display_auth_lock_options(
+                $settings,
+                $authplugin->authtype,
+                $authplugin->userfields,
+                get_string('auth_fieldlocks_help', 'auth'),
+                false,
+                false
+        );
 }
--- a/version.php
+++ b/version.php
@ -24,7 +24,7 @@

 defined('MOODLE_INTERNAL') || die;

-$plugin->version   = 2022081901;        // The current plugin version (Date: YYYYMMDDXX).
+$plugin->version   = 2024062500;        // The current plugin version (Date: YYYYMMDDXX).
 $plugin->release   = 2022081901;        // Match release exactly to version.
 $plugin->requires  = 2017051500;        // Requires Moodle 3.3 version.
 $plugin->component = 'auth_jwt';    // Full name of the plugin (used for diagnostics).