KumiSystems/moodle-auth_jwt
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #9 from andrewhancox/master

Browse source 
Add user provisioning and test client code. Close #9
This commit is contained in:
Dmitrii Metelkin 2017-04-10 10:45:19 +10:00 committed by GitHub
commit c12c5214a4
9 changed files with 430 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

67
README.md
View file

@ -94,9 +94,70 @@ You can set URL to redirect users before they see Moodle login page. For example
to your web application to login page. You can use "enrolkey_skipsso" URL parameter to bypass this option.
E.g. http://yourmoodle.com/login/index.php?enrolkey_skipsso=1
**Example client**
The code below defines a function that can be used to obtain a login url.
You will need to add/remove parameters depending on whether you have iprestriction or update/create user enabled and which mapping field you are using.
The required library curl.php can be obtained from https://github.com/dongsheng/cURL
```
/**
* @param string $useremail Email address of user to create token for.
* @param string $firstname First name of user (used to update/create user).
* @param string $lastname Last name of user (used to update/create user).
* @param string $username Username of user (used to update/create user).
* @param string $ipaddress IP address of end user that login request will come from (probably $_SERVER['REMOTE_ADDR']).
* @param int $courseid Course id to send logged in users to, defaults to site home.
* @param int $modname Name of course module to send users to, defaults to none.
* @param int $activityid cmid to send logged in users to, defaults to site home.
* @return bool|string
*/
function getloginurl($useremail, $firstname, $lastname, $username, $ipaddress, $courseid = null, $modname = null, $activityid = null) {
require_once('./curl.php');
$token = 'YOUR_TOKEN';
$domainname = 'http://MOODLE_WWW_ROOT';
$functionname = 'auth_userkey_request_login_url';
$param = [
'user' => [
'firstname' => $firstname,
'lastname' => $lastname,
'username' => $username,
'email' => $useremail,
'ip' => $ipaddress
]
];
$serverurl = $domainname . '/webservice/rest/server.php' . '?wstoken=' . $token . '&wsfunction=' . $functionname . '&moodlewsrestformat=json';
$curl = new curl;
try {
$resp = $curl->post($serverurl, $param);
$resp = json_decode($resp);
$loginurl = $resp->loginurl;
} catch (Exception $ex) {
return false;
}
if (!isset($loginurl)) {
return false;
}
$path = '';
if (isset($courseid)) {
$path = '&wantsurl=' . urlencode("$domainname/course/view.php?id=$courseid");
}
if (isset($modname) && isset($activityid)) {
$path = '&wantsurl=' . urlencode("$domainname/mod/$modname/view.php?id=$activityid");
}
return $loginurl . $path;
}
echo getloginurl('barrywhite@googlemail.com', 'barry', 'white', 'barrywhite', '127.0.0.1', 2, 'certificate', 8);
```
TODO:
-----
1. Add users provisioning.
2. Implement logout webservice to be able to call it from external application.
3. Add a test client code to README.
1. Implement logout webservice to be able to call it from external application.

118
auth.php
View file

@ -29,6 +29,7 @@ use auth_userkey\userkey_manager_interface;
require_once($CFG->libdir . "/externallib.php");
require_once($CFG->libdir.'/authlib.php');
require_once($CFG->dirroot . '/user/lib.php');
/**
* User key authentication plugin.
@ -58,7 +59,8 @@ class auth_plugin_userkey extends auth_plugin_base {
'iprestriction' => 0,
'redirecturl' => '',
'ssourl' => '',
// TODO: use this field when implementing user creation. 'createuser' => 0.
'createuser' => false,
'updateuser' => false,
);
/**
@ -302,6 +304,19 @@ class auth_plugin_userkey extends auth_plugin_base {
return false;
}
/**
* Check if we need to update users.
*
* @return bool
*/
protected function should_update_user() {
if (isset($this->config->updateuser) && $this->config->updateuser == true) {
return true;
}
return false;
}
/**
* Check if restriction by IP is enabled.
*
@ -323,10 +338,88 @@ class auth_plugin_userkey extends auth_plugin_base {
* @return object User object.
*/
protected function create_user(array $data) {
// TODO:
// 1. Validate user
// 2. Create user.
// 3. Throw exception if something went wrong.
global $DB, $CFG;
$user = $data;
unset($user['ip']);
$user['auth'] = 'userkey';
$user['mnethostid'] = $CFG->mnet_localhost_id;
$requiredfieds = ['username', 'email', 'firstname', 'lastname'];
$missingfields = [];
foreach ($requiredfieds as $requiredfied) {
if (empty($user[$requiredfied])) {
$missingfields[] = $requiredfied;
}
}
if (!empty($missingfields)) {
throw new invalid_parameter_exception('Unable to create user, missing value(s): ' . implode(',', $missingfields));
}
if ($DB->record_exists('user', array('username' => $user['username'], 'mnethostid' => $CFG->mnet_localhost_id))) {
throw new invalid_parameter_exception('Username already exists: '.$user['username']);
}
if (!validate_email($user['email'])) {
throw new invalid_parameter_exception('Email address is invalid: '.$user['email']);
} else if (empty($CFG->allowaccountssameemail) &&
$DB->record_exists('user', array('email' => $user['email'], 'mnethostid' => $user['mnethostid']))) {
throw new invalid_parameter_exception('Email address already exists: '.$user['email']);
}
$userid = user_create_user($user);
return $DB->get_record('user', ['id' => $userid]);
}
/**
* Update an existing user.
*
* @param stdClass $user Existing user record.
* @param array $data Validated user data from web service.
*
* @return object User object.
*/
protected function update_user(\stdClass $user, array $data) {
global $DB, $CFG;
$userdata = $data;
unset($userdata['ip']);
$userdata['auth'] = 'userkey';
$changed = false;
foreach ($userdata as $key => $value) {
if ($user->$key != $value) {
$changed = true;
break;
}
}
if (!$changed) {
return $user;
}
if (
$user->username != $userdata['username']
&&
$DB->record_exists('user', array('username' => $userdata['username'], 'mnethostid' => $CFG->mnet_localhost_id))
) {
throw new invalid_parameter_exception('Username already exists: '.$userdata['username']);
}
if (!validate_email($userdata['email'])) {
throw new invalid_parameter_exception('Email address is invalid: '.$userdata['email']);
} else if (
empty($CFG->allowaccountssameemail)
&&
$user->email != $userdata['email']
&&
$DB->record_exists('user', array('email' => $userdata['email'], 'mnethostid' => $CFG->mnet_localhost_id))
) {
throw new invalid_parameter_exception('Email address already exists: '.$userdata['email']);
}
$userdata['id'] = $user->id;
$userdata = (object) $userdata;
user_update_user($userdata, false);
return $DB->get_record('user', ['id' => $user->id]);
}
/**
@ -381,6 +474,8 @@ class auth_plugin_userkey extends auth_plugin_base {
} else {
throw new invalid_parameter_exception('User is not exist');
}
} else if ($this->should_update_user()) {
$user = $this->update_user($user, $data);
}
return $user;
@ -506,7 +601,18 @@ class auth_plugin_userkey extends auth_plugin_base {
);
}
// TODO: add more fields here when we implement user creation.
$mappingfield = $this->get_mapping_field();
if ($this->should_create_user() || $this->should_update_user()) {
$parameters['firstname'] = new external_value(PARAM_NOTAGS, 'The first name(s) of the user', VALUE_OPTIONAL);
$parameters['lastname'] = new external_value(PARAM_NOTAGS, 'The family name of the user', VALUE_OPTIONAL);
if ($mappingfield != 'email') {
$parameters['email'] = new external_value(PARAM_RAW_TRIMMED, 'A valid and unique email address', VALUE_OPTIONAL);
}
if ($mappingfield != 'username') {
$parameters['username'] = new external_value(PARAM_USERNAME, 'A valid and unique username', VALUE_OPTIONAL);
}
}
return $parameters;
}

2
classes/userkey_manager_interface.php
View file

@ -24,6 +24,8 @@
namespace auth_userkey;
defined('MOODLE_INTERNAL') || die();
/**
* Interface userkey_manager_interface describes key manager behaviour.
*

2
externallib.php
View file

@ -22,6 +22,8 @@
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
defined('MOODLE_INTERNAL') || die();
require_once($CFG->libdir . "/externallib.php");
require_once($CFG->dirroot . "/webservice/lib.php");
require_once($CFG->dirroot . "/auth/userkey/auth.php");

5
lang/en/auth_userkey.php
View file

@ -32,8 +32,10 @@ A user has to have provided IP to be able to use a key to login to LMS.';
$string['keylifetime'] = 'User key life time';
$string['keylifetime_desc'] = 'Life time in seconds of the each user login key.';
$string['incorrectkeylifetime'] = 'User key life time should be a number';
$string['createuser'] = 'Crete user?';
$string['createuser'] = 'Create user?';
$string['createuser_desc'] = 'If enabled, a new user will be created if fail to find one in LMS.';
$string['updateuser'] = 'Update user?';
$string['updateuser_desc'] = 'If enabled, users will be updated with the properties supplied when the webservice is called.';
$string['redirecturl'] = 'Logout redirect URL';
$string['redirecturl_desc'] = 'Optionally you can redirect users to this URL after they logged out from LMS.';
$string['incorrectredirecturl'] = 'You should provide valid URL';
@ -43,3 +45,4 @@ $string['pluginisdisabled'] = 'The userkey authentication plugin is disabled.';
$string['ssourl'] = 'URL of SSO host';
$string['ssourl_desc'] = 'URL of the SSO host to redirect users to. If defined users will be redirected here on login instead of the Moodle Login page';
$string['redirecterrordetected'] = 'Unsupported redirect to {$a} detected, execution terminated.';
$string['noip'] = 'Unable to fetch IP address of client.';

22
settings.html
View file

@ -63,13 +63,19 @@ $fields = get_auth_plugin('userkey')->get_allowed_mapping_fields();
<?php if (isset($err[$field])) { echo $OUTPUT->notification($err[$field], 'notifyfailure'); } ?>
<?php print_string($field.'_desc', 'auth_userkey') ?></td>
</tr>
<!--UNCOMMENT FOLLOWING WHEN IMPLEMENT USER CREATION.-->
<!--<tr valign="top">-->
<!--<?php $field = 'createuser' ?>-->
<!--<td align="right"><label for="<?php echo $field ?>"><?php print_string($field, 'auth_userkey') ?></label></td>-->
<!--<td><?php echo html_writer::select($yesno, $field, $config->$field, false) ?>-->
<!--<?php if (isset($err[$field])) { echo $OUTPUT->notification($err[$field], 'notifyfailure'); } ?>-->
<!--<?php print_string($field.'_desc', 'auth_userkey')?></td>-->
<!--</tr>-->
<tr valign="top">
<?php $field = 'createuser' ?>
<td align="right"><label for="<?php echo $field ?>"><?php print_string($field, 'auth_userkey') ?></label></td>
<td><?php echo html_writer::select($yesno, $field, $config->$field, false) ?>
<?php if (isset($err[$field])) { echo $OUTPUT->notification($err[$field], 'notifyfailure'); } ?>
<?php print_string($field.'_desc', 'auth_userkey')?></td>
</tr>
<tr valign="top">
<?php $field = 'updateuser' ?>
<td align="right"><label for="<?php echo $field ?>"><?php print_string($field, 'auth_userkey') ?></label></td>
<td><?php echo html_writer::select($yesno, $field, $config->$field, false) ?>
<?php if (isset($err[$field])) { echo $OUTPUT->notification($err[$field], 'notifyfailure'); } ?>
<?php print_string($field.'_desc', 'auth_userkey')?></td>
</tr>
</table>

229
tests/auth_plugin_test.php
View file

@ -52,6 +52,7 @@ class auth_plugin_userkey_testcase extends advanced_testcase {
require_once($CFG->libdir . "/externallib.php");
require_once($CFG->dirroot . '/auth/userkey/tests/fake_userkey_manager.php');
require_once($CFG->dirroot . '/auth/userkey/auth.php');
require_once($CFG->dirroot . '/user/lib.php');
$this->auth = new auth_plugin_userkey();
$this->user = self::getDataGenerator()->create_user();
@ -277,6 +278,205 @@ class auth_plugin_userkey_testcase extends advanced_testcase {
$this->assertEquals($expected, $actual);
}
/**
* Test that we can request a key for a new user.
*/
public function test_return_correct_login_url_and_create_new_user() {
global $CFG, $DB;
set_config('createuser', true, 'auth_userkey');
$this->auth = new auth_plugin_userkey();
$userkeymanager = new \auth_userkey\fake_userkey_manager();
$this->auth->set_userkey_manager($userkeymanager);
$user = new stdClass();
$user->username = 'username';
$user->email = 'username@test.com';
$user->firstname = 'user';
$user->lastname = 'name';
$user->ip = '192.168.1.1';
$expected = $CFG->wwwroot . '/auth/userkey/login.php?key=FaKeKeyFoRtEsTiNg';
$actual = $this->auth->get_login_url($user);
$this->assertEquals($expected, $actual);
$userrecord = $DB->get_record('user', ['username' => 'username']);
$this->assertEquals($user->email, $userrecord->email);
$this->assertEquals($user->firstname, $userrecord->firstname);
$this->assertEquals($user->lastname, $userrecord->lastname);
$this->assertEquals('userkey', $userrecord->auth);
}
/**
* Test that we can request a key for a new user.
*/
public function test_missing_data_to_create_user() {
global $CFG, $DB;
set_config('createuser', true, 'auth_userkey');
$this->auth = new auth_plugin_userkey();
$userkeymanager = new \auth_userkey\fake_userkey_manager();
$this->auth->set_userkey_manager($userkeymanager);
$user = new stdClass();
$user->email = 'username@test.com';
$user->ip = '192.168.1.1';
$this->setExpectedException('invalid_parameter_exception', 'Unable to create user, missing value(s): username,firstname,lastname');
$this->auth->get_login_url($user);
}
/**
* Test that when we attempt to create a new user duplicate usernames are caught.
*/
public function test_create_refuse_duplicate_username() {
set_config('createuser', true, 'auth_userkey');
$this->auth = new auth_plugin_userkey();
$userkeymanager = new \auth_userkey\fake_userkey_manager();
$this->auth->set_userkey_manager($userkeymanager);
$originaluser = new stdClass();
$originaluser->username = 'username';
$originaluser->email = 'username@test.com';
$originaluser->firstname = 'user';
$originaluser->lastname = 'name';
$originaluser->city = 'brighton';
$originaluser->ip = '192.168.1.1';
self::getDataGenerator()->create_user($originaluser);
$duplicateuser = clone($originaluser);
$duplicateuser->email = 'duplicateuser@test.com';
$this->setExpectedException('invalid_parameter_exception', 'Username already exists: username');
$this->auth->get_login_url($duplicateuser);
}
/**
* Test that when we attempt to create a new user duplicate emails are caught.
*/
public function test_create_refuse_duplicate_email() {
set_config('createuser', true, 'auth_userkey');
set_config('mappingfield', 'username', 'auth_userkey');
$this->auth = new auth_plugin_userkey();
$userkeymanager = new \auth_userkey\fake_userkey_manager();
$this->auth->set_userkey_manager($userkeymanager);
$originaluser = new stdClass();
$originaluser->username = 'username';
$originaluser->email = 'username@test.com';
$originaluser->firstname = 'user';
$originaluser->lastname = 'name';
$originaluser->city = 'brighton';
$originaluser->ip = '192.168.1.1';
self::getDataGenerator()->create_user($originaluser);
$duplicateuser = clone($originaluser);
$duplicateuser->username = 'duplicateuser';
$this->setExpectedException('invalid_parameter_exception', 'Email address already exists: username@test.com');
$this->auth->get_login_url($duplicateuser);
}
/**
* Test that we can request a key for an existing user and update their details.
*/
public function test_return_correct_login_url_and_update_user() {
global $CFG, $DB;
set_config('updateuser', true, 'auth_userkey');
$this->auth = new auth_plugin_userkey();
$userkeymanager = new \auth_userkey\fake_userkey_manager();
$this->auth->set_userkey_manager($userkeymanager);
$originaluser = new stdClass();
$originaluser->username = 'username';
$originaluser->email = 'username@test.com';
$originaluser->firstname = 'user';
$originaluser->lastname = 'name';
$originaluser->city = 'brighton';
$originaluser->ip = '192.168.1.1';
self::getDataGenerator()->create_user($originaluser);
$user = new stdClass();
$user->username = 'usernamechanged';
$user->email = 'username@test.com';
$user->firstname = 'userchanged';
$user->lastname = 'namechanged';
$user->ip = '192.168.1.1';
$expected = $CFG->wwwroot . '/auth/userkey/login.php?key=FaKeKeyFoRtEsTiNg';
$actual = $this->auth->get_login_url($user);
$this->assertEquals($expected, $actual);
$userrecord = $DB->get_record('user', ['email' => $user->email]);
$this->assertEquals($user->username, $userrecord->username);
$this->assertEquals($user->firstname, $userrecord->firstname);
$this->assertEquals($user->lastname, $userrecord->lastname);
$this->assertEquals($originaluser->city, $userrecord->city);
$this->assertEquals('userkey', $userrecord->auth);
}
/**
* Test that when we attempt to update a user duplicate emails are caught.
*/
public function test_update_refuse_duplicate_email() {
set_config('updateuser', true, 'auth_userkey');
set_config('mappingfield', 'username', 'auth_userkey');
$this->auth = new auth_plugin_userkey();
$userkeymanager = new \auth_userkey\fake_userkey_manager();
$this->auth->set_userkey_manager($userkeymanager);
self::getDataGenerator()->create_user(['email' => 'trytoduplicate@test.com']);
self::getDataGenerator()->create_user(['username' => 'username']);
$originaluser = new stdClass();
$originaluser->username = 'username';
$originaluser->email = 'trytoduplicate@test.com';
$originaluser->firstname = 'user';
$originaluser->lastname = 'name';
$originaluser->city = 'brighton';
$originaluser->ip = '192.168.1.1';
$this->setExpectedException('invalid_parameter_exception', 'Email address already exists: trytoduplicate@test.com');
$this->auth->get_login_url($originaluser);
}
/**
* Test that when we attempt to update a user duplicate usernames are caught.
*/
public function test_update_refuse_duplicate_username() {
set_config('updateuser', true, 'auth_userkey');
$this->auth = new auth_plugin_userkey();
$userkeymanager = new \auth_userkey\fake_userkey_manager();
$this->auth->set_userkey_manager($userkeymanager);
self::getDataGenerator()->create_user(['username' => 'trytoduplicate']);
self::getDataGenerator()->create_user(['email' => 'username@test.com']);
$originaluser = new stdClass();
$originaluser->username = 'trytoduplicate';
$originaluser->email = 'username@test.com';
$originaluser->firstname = 'user';
$originaluser->lastname = 'name';
$originaluser->city = 'brighton';
$originaluser->ip = '192.168.1.1';
$this->setExpectedException('invalid_parameter_exception', 'Username already exists: trytoduplicate');
$this->auth->get_login_url($originaluser);
}
/**
* Test that we can get login url if we do not use fake keymanager.
*/
@ -394,6 +594,33 @@ class auth_plugin_userkey_testcase extends advanced_testcase {
$actual = $this->auth->get_request_login_url_user_parameters();
$this->assertEquals($expected, $actual);
// Check IP if createuser enabled.
set_config('createuser', true, 'auth_userkey');
$this->auth = new auth_plugin_userkey();
$expected = array(
'ip' => new external_value(PARAM_HOST, 'User IP address'),
'firstname' => new external_value(PARAM_NOTAGS, 'The first name(s) of the user', VALUE_OPTIONAL),
'lastname' => new external_value(PARAM_NOTAGS, 'The family name of the user', VALUE_OPTIONAL),
'email' => new external_value(PARAM_RAW_TRIMMED, 'A valid and unique email address', VALUE_OPTIONAL),
'username' => new external_value(PARAM_USERNAME, 'A valid and unique username', VALUE_OPTIONAL),
);
$actual = $this->auth->get_request_login_url_user_parameters();
$this->assertEquals($expected, $actual);
set_config('createuser', false, 'auth_userkey');
// Check IP if updateuser enabled.
set_config('updateuser', true, 'auth_userkey');
$this->auth = new auth_plugin_userkey();
$expected = array(
'ip' => new external_value(PARAM_HOST, 'User IP address'),
'firstname' => new external_value(PARAM_NOTAGS, 'The first name(s) of the user', VALUE_OPTIONAL),
'lastname' => new external_value(PARAM_NOTAGS, 'The family name of the user', VALUE_OPTIONAL),
'email' => new external_value(PARAM_RAW_TRIMMED, 'A valid and unique email address', VALUE_OPTIONAL),
'username' => new external_value(PARAM_USERNAME, 'A valid and unique username', VALUE_OPTIONAL),
);
$actual = $this->auth->get_request_login_url_user_parameters();
$this->assertEquals($expected, $actual);
set_config('updateuser', false, 'auth_userkey');
}
/**
@ -531,6 +758,8 @@ class auth_plugin_userkey_testcase extends advanced_testcase {
$formconfig->iprestriction = 0;
$formconfig->redirecturl = 'http://google.com/';
$formconfig->ssourl = 'http://google.com/';
$formconfig->createuser = false;
$formconfig->updateuser = false;
$this->auth->process_config($formconfig);

2
tests/fake_userkey_manager.php
View file

@ -24,6 +24,8 @@
namespace auth_userkey;
defined('MOODLE_INTERNAL') || die();
class fake_userkey_manager implements userkey_manager_interface {

2
version.php
View file

@ -24,7 +24,7 @@
defined('MOODLE_INTERNAL') || die;
$plugin->version = 2016092600; // The current plugin version (Date: YYYYMMDDXX)
$plugin->version = 2016092601; // The current plugin version (Date: YYYYMMDDXX)
$plugin->release = 2016092600; // Match release exactly to version.
$plugin->requires = 2015051100; // Requires this Moodle version.
$plugin->component = 'auth_userkey'; // Full name of the plugin (used for diagnostics).