KumiSystems/moodle-auth_jwt
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #6 from CatalystIT-AU/userkeymanager_changes

Browse source 
Userkeymanager changes
This commit is contained in:
Dmitrii Metelkin 2016-08-27 21:40:42 +10:00 committed by GitHub
commit 8bcd3d18c2
5 changed files with 216 additions and 157 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

143
auth.php
View file

@ -66,6 +66,7 @@ class auth_plugin_userkey extends auth_plugin_base {
public function __construct() {
$this->authtype = 'userkey';
$this->config = get_config('auth_userkey');
$this->userkeymanager = new core_userkey_manager($this->config);
}
/**
@ -88,43 +89,15 @@ class auth_plugin_userkey extends auth_plugin_base {
* @throws \moodle_exception If something went wrong.
*/
public function user_login_userkey() {
global $DB, $SESSION, $CFG;
global $SESSION, $CFG;
$keyvalue = required_param('key', PARAM_ALPHANUM);
$wantsurl = optional_param('wantsurl', '', PARAM_URL);
$options = array(
'script' => core_userkey_manager::CORE_USER_KEY_MANAGER_SCRIPT,
'value' => $keyvalue
);
$key = $this->userkeymanager->validate_key($keyvalue);
$this->userkeymanager->delete_keys($key->userid);
if (!$key = $DB->get_record('user_private_key', $options)) {
print_error('invalidkey');
}
if (!isset($this->userkeymanager)) {
$userkeymanager = new core_userkey_manager($key->userid, $this->config);
$this->set_userkey_manager($userkeymanager);
}
$this->userkeymanager->delete_key();
if (!empty($key->validuntil) and $key->validuntil < time()) {
print_error('expiredkey');
}
if ($key->iprestriction) {
$remoteaddr = getremoteaddr(null);
if (empty($remoteaddr) or !address_in_subnet($remoteaddr, $key->iprestriction)) {
print_error('ipmismatch');
}
}
if (!$user = $DB->get_record('user', array('id' => $key->userid))) {
print_error('invaliduserid');
}
$user = get_complete_user_data('id', $user->id);
$user = get_complete_user_data('id', $key->userid);
complete_user_login($user);
// Identify this session as using user key auth method.
@ -177,7 +150,7 @@ class auth_plugin_userkey extends auth_plugin_base {
public function config_form($config, $err, $userfields) {
global $CFG, $OUTPUT;
$config = (object) array_merge($this->defaults, (array) $config );
$config = (object) array_merge($this->defaults, (array) $config);
include("settings.html");
}
@ -220,6 +193,8 @@ class auth_plugin_userkey extends auth_plugin_base {
/**
* Set userkey manager.
*
* This function is the only way to inject dependency, because of the way auth plugins work.
*
* @param \auth_userkey\userkey_manager_interface $keymanager
*/
public function set_userkey_manager(userkey_manager_interface $keymanager) {
@ -245,8 +220,8 @@ class auth_plugin_userkey extends auth_plugin_base {
* @return bool
*/
protected function should_create_user() {
if (isset($this->config->createuser)) {
return $this->config->createuser;
if (isset($this->config->createuser) && $this->config->createuser == true) {
return true;
}
return false;
@ -257,7 +232,7 @@ class auth_plugin_userkey extends auth_plugin_base {
*
* @return bool
*/
protected function is_iprestriction_enabled() {
protected function is_ip_restriction_enabled() {
if (isset($this->config->iprestriction) && $this->config->iprestriction == true) {
return true;
}
@ -267,8 +242,12 @@ class auth_plugin_userkey extends auth_plugin_base {
/**
* Create a new user.
*
* @param array $data Validated user data from web service.
*
* @return object User object.
*/
protected function create_user() {
protected function create_user(array $data) {
// TODO:
// 1. Validate user
// 2. Create user.
@ -276,28 +255,44 @@ class auth_plugin_userkey extends auth_plugin_base {
}
/**
* Return login URL.
* Validate user data from web service.
*
* @param array|stdClass $data User data.
* @param mixed $data User data from web service.
*
* @return string Login URL.
* @return array
*
* @throws \invalid_parameter_exception
* @throws \invalid_parameter_exception If provided data is invalid.
*/
public function get_login_url($data) {
global $CFG, $DB;
protected function validate_user_data($data) {
$data = (array)$data;
$mappingfield = $this->get_mapping_field();
if (!isset($data[$mappingfield]) || empty($data[$mappingfield])) {
throw new invalid_parameter_exception('Required field "' . $mappingfield . '" is not set or empty.');
}
if ($this->is_iprestriction_enabled() && !isset($data['ip'])) {
if ($this->is_ip_restriction_enabled() && !isset($data['ip'])) {
throw new invalid_parameter_exception('Required parameter "ip" is not set.');
}
return $data;
}
/**
* Return user object.
*
* @param array $data Validated user data.
*
* @return object A user object.
*
* @throws \invalid_parameter_exception If user is not exist and we don't need to create a new.
*/
protected function get_user(array $data) {
global $DB, $CFG;
$mappingfield = $this->get_mapping_field();
$params = array(
$mappingfield => $data[$mappingfield],
'mnethostid' => $CFG->mnet_localhost_id,
@ -306,20 +301,60 @@ class auth_plugin_userkey extends auth_plugin_base {
$user = $DB->get_record('user', $params);
if (empty($user)) {
if (!$this->should_create_user()) {
throw new invalid_parameter_exception('User is not exist');
if ($this->should_create_user()) {
$user = $this->create_user($data);
} else {
$user = $this->create_user();
throw new invalid_parameter_exception('User is not exist');
}
}
if (!isset($this->userkeymanager)) {
$ips = isset($data['ip']) ? $data['ip'] : null;
$userkeymanager = new core_userkey_manager($user->id, $this->config, $ips);
$this->set_userkey_manager($userkeymanager);
return $user;
}
/**
* Return allowed IPs from user data.
*
* @param array $data Validated user data.
*
* @return null|string Allowed IPs or null.
*/
protected function get_allowed_ips(array $data) {
if (isset($data['ip']) && !empty($data['ip'])) {
return $data['ip'];
}
$userkey = $this->userkeymanager->create_key();
return null;
}
/**
* Generate login user key.
*
* @param array $data Validated user data.
*
* @return string
* @throws \invalid_parameter_exception
*/
protected function generate_user_key(array $data) {
$user = $this->get_user($data);
$ips = $this->get_allowed_ips($data);
return $this->userkeymanager->create_key($user->id, $ips);
}
/**
* Return login URL.
*
* @param array|stdClass $data User data from web service.
*
* @return string Login URL.
*
* @throws \invalid_parameter_exception
*/
public function get_login_url($data) {
global $CFG;
$userdata = $this->validate_user_data($data);
$userkey = $this->generate_user_key($userdata);
return $CFG->wwwroot . '/auth/userkey/login.php?key=' . $userkey;
}
@ -389,7 +424,7 @@ class auth_plugin_userkey extends auth_plugin_base {
protected function get_user_fields_parameters() {
$parameters = array();
if ($this->is_iprestriction_enabled()) {
if ($this->is_ip_restriction_enabled()) {
$parameters['ip'] = new external_value(
PARAM_HOST,
'User IP address'

134
classes/core_userkey_manager.php
View file

@ -36,34 +36,6 @@ class core_userkey_manager implements userkey_manager_interface {
*/
const DEFAULT_KEY_LIFE_TIME_IN_SECONDS = 60;
/**
* Generated user key.
*
* @var string
*/
protected $userkey;
/**
* User id.
*
* @var int
*/
protected $userid;
/**
* Shows if we need restrict user key by IP.
*
* @var null | bool
*/
protected $iprestriction = null;
/**
* Time when user key will be expired in unix stamp format.
*
* @var null | string
*/
protected $validuntil = null;
/**
* Config object.
*
@ -74,54 +46,94 @@ class core_userkey_manager implements userkey_manager_interface {
/**
* Constructor.
*
* @param $userid
* @param \stdClass $config
* @param null|string $allowedips
*
* @throws \Exception If there is no user with provided userid.
*/
public function __construct($userid, \stdClass $config, $allowedips = null) {
$this->userid = $userid;
public function __construct(\stdClass $config) {
$this->config = $config;
if (isset($config->iprestriction) && !empty($config->iprestriction)) {
if ($allowedips) {
$this->iprestriction = $allowedips;
} else {
$this->iprestriction = getremoteaddr($this->iprestriction);
}
}
if (isset($config->keylifetime) && (int)$config->keylifetime > 0) {
$this->validuntil = time() + $config->keylifetime;
} else {
$this->validuntil = time() + self::DEFAULT_KEY_LIFE_TIME_IN_SECONDS;
}
}
/**
* Create a user key.
*
* @param int $userid User ID.
* @param null|array $allowedips A list of allowed ips for this key.
*
* @return string Generated key.
*/
public function create_key() {
$this->delete_key();
$this->userkey = create_user_key(
self::CORE_USER_KEY_MANAGER_SCRIPT,
$this->userid,
$this->userid,
$this->iprestriction,
$this->validuntil
);
public function create_key($userid, $allowedips = null) {
$this->delete_keys($userid);
return $this->userkey;
if (isset($this->config->keylifetime) && (int)$this->config->keylifetime > 0) {
$validuntil = time() + $this->config->keylifetime;
} else {
$validuntil = time() + self::DEFAULT_KEY_LIFE_TIME_IN_SECONDS;
}
$iprestriction = null;
if (isset($this->config->iprestriction) && !empty($this->config->iprestriction)) {
if ($allowedips) {
$iprestriction = $allowedips;
} else {
$iprestriction = getremoteaddr(null);
}
}
return create_user_key(
self::CORE_USER_KEY_MANAGER_SCRIPT,
$userid,
$userid,
$iprestriction,
$validuntil
);
}
/**
* Delete all user keys.
* Delete all keys for a specific user.
*
* @param int $userid User ID.
*/
public function delete_key() {
delete_user_key(self::CORE_USER_KEY_MANAGER_SCRIPT, $this->userid);
public function delete_keys($userid) {
delete_user_key(self::CORE_USER_KEY_MANAGER_SCRIPT, $userid);
}
/**
* Validates key and returns key data object if valid.
*
* @param string $keyvalue User key value.
*
* @return object Key object including userid property.
*
* @throws \moodle_exception If provided key is not valid.
*/
public function validate_key($keyvalue) {
global $DB;
$options = array(
'script' => self::CORE_USER_KEY_MANAGER_SCRIPT,
'value' => $keyvalue
);
if (!$key = $DB->get_record('user_private_key', $options)) {
print_error('invalidkey');
}
if (!empty($key->validuntil) and $key->validuntil < time()) {
print_error('expiredkey');
}
if ($key->iprestriction) {
$remoteaddr = getremoteaddr(null);
if (empty($remoteaddr) or !address_in_subnet($remoteaddr, $key->iprestriction)) {
print_error('ipmismatch');
}
}
if (!$user = $DB->get_record('user', array('id' => $key->userid))) {
print_error('invaliduserid');
}
return $key;
}
}

22
classes/userkey_manager_interface.php
View file

@ -33,13 +33,29 @@ interface userkey_manager_interface {
/**
* Create a user key.
*
* @param int $userid User ID.
* @param null|array $allowedips A list of allowed ips for this key.
*
* @return string Generated key.
*/
public function create_key();
public function create_key($userid, $allowedips = null);
/**
* Delete a user key.
* Delete all keys for a specific user.
*
* @param int $userid User ID.
*/
public function delete_key();
public function delete_keys($userid);
/**
* Validates key and returns key data object if valid.
*
* @param string $keyvalue Key value.
*
* @return object Key object including userid property.
*
* @throws \moodle_exception If provided key is not valid.
*/
public function validate_key($keyvalue);
}

66
tests/core_userkey_manager_test.php
View file

@ -29,6 +29,9 @@ use auth_userkey\core_userkey_manager;
/**
* Tests for core_userkey_manager class.
*
* Key validation is fully covered in auth_plugin_test.php file.
* TODO: write tests for validate_key() function.
*
* @copyright 2016 Dmitrii Metelkin (dmitriim@catalyst-au.net)
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
@ -58,18 +61,7 @@ class core_userkey_manager_testcase extends advanced_testcase {
* Test that core_userkey_manager implements userkey_manager_interface interface.
*/
public function test_implements_userkey_manager_interface() {
$manager = new core_userkey_manager($this->user->id, $this->config);
$expected = 'auth_userkey\userkey_manager_interface';
$this->assertInstanceOf($expected, $manager);
}
/**
* Test that we can use user ID of not existing user.
*/
public function test_that_manager_does_not_care_if_user_is_not_exists() {
$brokenuserid = 500;
$manager = new core_userkey_manager($brokenuserid, $this->config);
$manager = new core_userkey_manager($this->config);
$expected = 'auth_userkey\userkey_manager_interface';
$this->assertInstanceOf($expected, $manager);
@ -82,8 +74,8 @@ class core_userkey_manager_testcase extends advanced_testcase {
global $DB;
$_SERVER['HTTP_CLIENT_IP'] = '192.168.1.1';
$manager = new core_userkey_manager($this->user->id, $this->config);
$value = $manager->create_key();
$manager = new core_userkey_manager($this->config);
$value = $manager->create_key($this->user->id);
$actualkey = $DB->get_record('user_private_key', array('userid' => $this->user->id));
@ -103,8 +95,8 @@ class core_userkey_manager_testcase extends advanced_testcase {
$this->config->iprestriction = true;
$_SERVER['HTTP_CLIENT_IP'] = '192.168.1.1';
$manager = new core_userkey_manager($this->user->id, $this->config);
$value = $manager->create_key();
$manager = new core_userkey_manager($this->config);
$value = $manager->create_key($this->user->id);
$actualkey = $DB->get_record('user_private_key', array('userid' => $this->user->id));
@ -123,8 +115,8 @@ class core_userkey_manager_testcase extends advanced_testcase {
global $DB;
$this->config->iprestriction = true;
$manager = new core_userkey_manager($this->user->id, $this->config, '192.168.1.3');
$value = $manager->create_key();
$manager = new core_userkey_manager($this->config);
$value = $manager->create_key($this->user->id, '192.168.1.3');
$actualkey = $DB->get_record('user_private_key', array('userid' => $this->user->id));
@ -144,8 +136,8 @@ class core_userkey_manager_testcase extends advanced_testcase {
$this->config->iprestriction = false;
$_SERVER['HTTP_CLIENT_IP'] = '192.168.1.1';
$manager = new core_userkey_manager($this->user->id, $this->config);
$value = $manager->create_key();
$manager = new core_userkey_manager($this->config);
$value = $manager->create_key($this->user->id);
$actualkey = $DB->get_record('user_private_key', array('userid' => $this->user->id));
@ -165,8 +157,8 @@ class core_userkey_manager_testcase extends advanced_testcase {
$this->config->iprestriction = false;
$_SERVER['HTTP_CLIENT_IP'] = '192.168.1.1';
$manager = new core_userkey_manager($this->user->id, $this->config, '192.168.1.1');
$value = $manager->create_key();
$manager = new core_userkey_manager($this->config);
$value = $manager->create_key($this->user->id, '192.168.1.1');
$actualkey = $DB->get_record('user_private_key', array('userid' => $this->user->id));
@ -186,8 +178,8 @@ class core_userkey_manager_testcase extends advanced_testcase {
$this->config->iprestriction = 'string';
$_SERVER['HTTP_CLIENT_IP'] = '192.168.1.1';
$manager = new core_userkey_manager($this->user->id, $this->config);
$value = $manager->create_key();
$manager = new core_userkey_manager($this->config);
$value = $manager->create_key($this->user->id);
$actualkey = $DB->get_record('user_private_key', array('userid' => $this->user->id));
@ -205,8 +197,8 @@ class core_userkey_manager_testcase extends advanced_testcase {
public function test_create_correct_key_if_keylifetime_is_not_set() {
global $DB;
$manager = new core_userkey_manager($this->user->id, $this->config);
$value = $manager->create_key();
$manager = new core_userkey_manager($this->config);
$value = $manager->create_key($this->user->id);
$actualkey = $DB->get_record('user_private_key', array('userid' => $this->user->id));
@ -226,8 +218,8 @@ class core_userkey_manager_testcase extends advanced_testcase {
$this->config->keylifetime = 3000;
$manager = new core_userkey_manager($this->user->id, $this->config);
$value = $manager->create_key();
$manager = new core_userkey_manager($this->config);
$value = $manager->create_key($this->user->id);
$actualkey = $DB->get_record('user_private_key', array('userid' => $this->user->id));
@ -248,8 +240,8 @@ class core_userkey_manager_testcase extends advanced_testcase {
$this->config->keylifetime = '3000';
$manager = new core_userkey_manager($this->user->id, $this->config);
$value = $manager->create_key();
$manager = new core_userkey_manager($this->config);
$value = $manager->create_key($this->user->id);
$actualkey = $DB->get_record('user_private_key', array('userid' => $this->user->id));
@ -268,13 +260,13 @@ class core_userkey_manager_testcase extends advanced_testcase {
public function test_can_delete_created_key() {
global $DB;
$manager = new core_userkey_manager($this->user->id, $this->config);
$manager->create_key();
$manager = new core_userkey_manager($this->config);
$value = $manager->create_key($this->user->id);
$keys = $DB->get_records('user_private_key', array('userid' => $this->user->id));
$this->assertEquals(1, count($keys));
$manager->delete_key();
$manager->delete_keys($this->user->id);
$keys = $DB->get_records('user_private_key', array('userid' => $this->user->id));
$this->assertEquals(0, count($keys));
@ -286,7 +278,7 @@ class core_userkey_manager_testcase extends advanced_testcase {
public function test_can_delete_all_existing_keys() {
global $DB;
$manager = new core_userkey_manager($this->user->id, $this->config);
$manager = new core_userkey_manager($this->config);
create_user_key('auth/userkey', $this->user->id);
create_user_key('auth/userkey', $this->user->id);
@ -295,7 +287,7 @@ class core_userkey_manager_testcase extends advanced_testcase {
$keys = $DB->get_records('user_private_key', array('userid' => $this->user->id));
$this->assertEquals(3, count($keys));
$manager->delete_key();
$manager->delete_keys($this->user->id);
$keys = $DB->get_records('user_private_key', array('userid' => $this->user->id));
$this->assertEquals(0, count($keys));
@ -307,7 +299,7 @@ class core_userkey_manager_testcase extends advanced_testcase {
public function test_create_only_one_key() {
global $DB;
$manager = new core_userkey_manager($this->user->id, $this->config);
$manager = new core_userkey_manager($this->config);
create_user_key('auth/userkey', $this->user->id);
create_user_key('auth/userkey', $this->user->id);
@ -316,7 +308,7 @@ class core_userkey_manager_testcase extends advanced_testcase {
$keys = $DB->get_records('user_private_key', array('userid' => $this->user->id));
$this->assertEquals(3, count($keys));
$manager->create_key();
$manager->create_key($this->user->id);
$keys = $DB->get_records('user_private_key', array('userid' => $this->user->id));
$this->assertEquals(1, count($keys));
}

8
tests/fake_userkey_manager.php
View file

@ -27,11 +27,15 @@ namespace auth_userkey;
class fake_userkey_manager implements userkey_manager_interface {
public function create_key() {
public function create_key($userid, $allowedips = null) {
return 'FaKeKeyFoRtEsTiNg';
}
public function delete_key() {
public function delete_keys($userid) {
// TODO: Implement delete_keys() method.
}
public function validate_key($keyvalue) {
// TODO: Implement validate_key() method.
}
}