Merge upstream changes into Catalyst maintained branch

README.md

@@ -1,4 +1,4 @@
-# Microsoft 365 and Azure Active Directory Plugins for Moodle
+# Microsoft 365 and Microsoft Entra ID Plugins for Moodle
 
 ## OpenID Connect Authentication Plugin.
 

auth.php

@@ -45,6 +45,7 @@ class auth_plugin_oidc extends \auth_plugin_base {
      * Constructor.
      *
      * @param null $forceloginflow
+     * @throws moodle_exception
      */
     public function __construct($forceloginflow = null) {
         global $SESSION;
@@ -67,11 +68,20 @@ public function __construct($forceloginflow = null) {
         if (class_exists($loginflowclass)) {
             $this->loginflow = new $loginflowclass($this->config);
         } else {
-            throw new \coding_exception(get_string('errorbadloginflow', 'auth_oidc'));
+            throw new moodle_exception('errorbadloginflow', 'auth_oidc');
         }
         $this->config = $this->loginflow->config;
     }
 
+    /**
+     * Returns true if plugin can be manually set.
+     *
+     * @return bool
+     */
+    function can_be_manually_set() {
+        return true;
+    }
+
     /**
      * Returns a list of potential IdPs that this authentication plugin supports. Used to provide links on the login page.
      *
@@ -109,10 +119,10 @@ public function loginpage_hook() {
      * Determines if we will redirect to the redirecturi.
      *
      * @return bool If this returns true then redirect
-     * @throws \coding_exception
      */
     public function should_login_redirect() {
-        global $SESSION;
+        global $CFG, $SESSION;
+
         $oidc = optional_param('oidc', null, PARAM_BOOL);
         // Also support noredirect param - used by other auth plugins.
         $noredirect = optional_param('noredirect', 0, PARAM_BOOL);
@@ -128,16 +138,23 @@ public function should_login_redirect() {
         }
 
         // Check whether we've skipped the login page already.
-        // This is here because loginpage_hook is called again during form
-        // submission (all of login.php is processed) and ?oidc=off is not
-        // preserved forcing us to the IdP.
+        // This is here because loginpage_hook is called again during form submission (all of login.php is processed) and
+        // ?oidc=off is not preserved forcing us to the IdP.
         //
-        // This isn't needed when duallogin is on because $oidc will default to 0
-        // and duallogin is not part of the request.
+        // This isn't needed when duallogin is on because $oidc will default to 0 and duallogin is not part of the request.
         if ((isset($SESSION->oidc) && $SESSION->oidc == 0)) {
             return false;
         }
 
+        // If the user is redirectred to the login page immediately after logging out, don't redirect.
+        $silentloginmodesetting = get_config('auth_oidc', 'silentloginmode');
+        $forceredirectsetting = get_config('auth_oidc', 'forceredirect');
+        $forceloginsetting = get_config('core', 'forcelogin');
+        if ($silentloginmodesetting && $forceredirectsetting && $forceloginsetting && isset($_SERVER['HTTP_REFERER']) &&
+            strpos($_SERVER['HTTP_REFERER'], $CFG->wwwroot) !== false) {
+            return false;
+        }
+
         // Never redirect if requested so.
         if ($oidc === 0) {
             $SESSION->oidc = $oidc;
@@ -147,6 +164,7 @@ public function should_login_redirect() {
         if (isset($SESSION->oidc)) {
             unset($SESSION->oidc);
         }
+
         return true;
     }
 

binding_username_claim.php

@@ -0,0 +1,109 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
+/**
+ * Manage binding username claim page.
+ *
+ * @package auth_oidc
+ * @author Lai Wei <[email protected]>
+ * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ * @copyright (C) 2023 onwards Microsoft, Inc. (http://microsoft.com/)
+ */
+
+use auth_oidc\form\binding_username_claim;
+
+require_once(dirname(__FILE__) . '/../../config.php');
+require_once($CFG->libdir . '/adminlib.php');
+require_once($CFG->dirroot . '/auth/oidc/lib.php');
+
+require_login();
+
+$url = new moodle_url('/auth/oidc/binding_username_claim.php');
+$PAGE->set_url($url);
+$PAGE->set_context(context_system::instance());
+$PAGE->set_pagelayout('admin');
+$PAGE->set_heading(get_string('settings_page_binding_username_claim', 'auth_oidc'));
+$PAGE->set_title(get_string('settings_page_binding_username_claim', 'auth_oidc'));
+
+admin_externalpage_setup('auth_oidc_binding_username_claim');
+
+require_admin();
+
+$form = new binding_username_claim(null);
+$formdata = [];
+
+// Validate auth_oidc_binding_username_claim settings.
+$predefinedbindingclaims = ['auto', 'preferred_username', 'email', 'upn', 'unique_name', 'sub', 'oid', 'samaccountname'];
+
+$oidcconfig = get_config('auth_oidc');
+if (!isset($oidcconfig->bindingusernameclaim)) {
+    // bindingusernameclaim is not set, set default value.
+    $formdata['bindingusernameclaim'] = 'auto';
+    $formdata['customclaimname'] = '';
+    set_config('bindingusernameclaim', 'auto', 'auth_oidc');
+} else if(!$oidcconfig->bindingusernameclaim) {
+    $formdata['bindingusernameclaim'] = 'auto';
+    $formdata['customclaimname'] = '';
+} else if (in_array($oidcconfig->bindingusernameclaim, $predefinedbindingclaims)) {
+    $formdata['bindingusernameclaim'] = $oidcconfig->bindingusernameclaim;
+    $formdata['customclaimname'] = '';
+} else {
+    $formdata['bindingusernameclaim'] = 'custom';
+    $formdata['customclaimname'] = $oidcconfig->bindingusernameclaim;
+}
+
+$form->set_data($formdata);
+
+if ($form->is_cancelled()) {
+    redirect($url);
+} else if ($fromform = $form->get_data()) {
+    $configstosave = ['bindingusernameclaim', 'customclaimname'];
+
+    $configchanged = false;
+
+    foreach ($configstosave as $config) {
+        if (isset($fromform->$config)) {
+            $existingsetting = $oidcconfig->$config;
+            if ($fromform->$config != $existingsetting) {
+                $configchanged = true;
+                set_config($config, $fromform->$config, 'auth_oidc');
+                add_to_config_log($config, $existingsetting, $fromform->$config, 'auth_oidc');
+            }
+        }
+    }
+
+    if ($configchanged) {
+        redirect($url, get_string('binding_username_claim_updated', 'auth_oidc'));
+    } else {
+        redirect($url);
+    }
+}
+
+$existingclaims = auth_oidc_get_existing_claims();
+
+echo $OUTPUT->header();
+
+echo $OUTPUT->heading(get_string('binding_username_claim_heading', 'auth_oidc'));
+$bindingusernametoolurl = new moodle_url('/auth/oidc/change_binding_username_claim_tool.php');
+echo html_writer::tag('p', get_string('binding_username_claim_description', 'auth_oidc', $bindingusernametoolurl->out()));
+if ($existingclaims) {
+    echo html_writer::tag('p', get_string('binding_username_claim_description_existing_claims', 'auth_oidc',
+        implode(' / ', $existingclaims)));
+}
+
+$form->display();
+
+echo $OUTPUT->footer();

change_binding_username_claim_tool.php

@@ -0,0 +1,128 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
+/**
+ * Change binding username claim tool page.
+ *
+ * @package auth_oidc
+ * @author Lai Wei <[email protected]>
+ * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ * @copyright (C) 2023 onwards Microsoft, Inc. (http://microsoft.com/)
+ */
+
+use auth_oidc\form\change_binding_username_claim_tool_form1;
+use auth_oidc\form\change_binding_username_claim_tool_form2;
+use auth_oidc\preview;
+use auth_oidc\process;
+
+require_once(dirname(__FILE__) . '/../../config.php');
+require_once($CFG->libdir . '/adminlib.php');
+require_once($CFG->libdir . '/csvlib.class.php');
+
+require_login();
+
+$url = new moodle_url('/auth/oidc/change_binding_username_claim_tool.php');
+$PAGE->set_url($url);
+$PAGE->set_context(context_system::instance());
+$PAGE->set_pagelayout('admin');
+$PAGE->set_heading(get_string('settings_page_change_binding_username_claim_tool', 'auth_oidc'));
+$PAGE->set_title(get_string('settings_page_change_binding_username_claim_tool', 'auth_oidc'));
+
+admin_externalpage_setup('auth_oidc_change_binding_username_claim_tool');
+
+require_admin();
+
+$iid = optional_param('iid', '', PARAM_INT);
+$previewrows = optional_param('previewrows', 10, PARAM_INT);
+
+core_php_time_limit::raise(60 * 60); // 1 hour should be enough.
+raise_memory_limit(MEMORY_HUGE);
+
+if (empty($iid)) {
+    $form1 = new change_binding_username_claim_tool_form1();
+    if ($formdata = $form1->get_data()) {
+        $iid = csv_import_reader::get_new_iid('changebindingusernameclaimtool');
+        $cir = new csv_import_reader($iid, 'changebindingusernameclaimtool');
+
+        $content = $form1->get_file_content('usernamefile');
+
+        $readcount = $cir->load_csv_content($content, $formdata->encoding, $formdata->delimiter_name);
+        $csvloaderror = $cir->get_error();
+        unset($content);
+
+        if (!is_null($csvloaderror)) {
+            throw new moodle_exception('csvloaderror', '', $url, $csvloaderror);
+        }
+    } else {
+        echo $OUTPUT->header();
+
+        echo $OUTPUT->heading(get_string('change_binding_username_claim_tool', 'auth_oidc'));
+        $bindingusernameclaimurl = new moodle_url('/auth/oidc/binding_username_claim.php');
+        echo html_writer::tag('p', get_string('change_binding_username_claim_tool_description', 'auth_oidc',
+            $bindingusernameclaimurl->out()));
+
+        $form1->display();
+
+        echo $OUTPUT->footer();
+        exit;
+    }
+} else {
+    $cir = new csv_import_reader($iid, 'changebindingusernameclaimtool');
+}
+
+// Test if columns ok.
+$process = new process($cir);
+$filecolumns = $process->get_file_columns();
+
+$mform2 = new change_binding_username_claim_tool_form2(null,
+    ['columns' => $filecolumns, 'data' => ['iid' => $iid, 'previewrows' => $previewrows]]);
+
+// If a file has been uploaded, then process it.
+if ($mform2->is_cancelled()) {
+    $cir->cleanup(true);
+    redirect($url);
+} else if ($formdata = $mform2->get_data()) {
+    // Print the header.
+    echo $OUTPUT->header();
+    echo $OUTPUT->heading(get_string('change_binding_username_claim_tool_result', 'auth_oidc'));
+
+    $process->set_form_data($formdata);
+    $process->process();
+
+    echo $OUTPUT->box_start('boxwidthnarrow boxaligncenter generalbox', 'uploadresults');
+    echo html_writer::tag('p', join('<br />', $process->get_stats()));
+    echo $OUTPUT->box_end();
+
+    echo $OUTPUT->footer();
+    exit;
+}
+
+// Print the header.
+echo $OUTPUT->header();
+
+echo $OUTPUT->heading(get_string('change_binding_username_claim_tool', 'auth_oidc'));
+
+$table = new preview($cir, $filecolumns, $previewrows);
+
+echo html_writer::tag('div', html_writer::table($table), ['class' => 'flexible-wrap']);
+
+if ($table->get_no_error()) {
+    $mform2->display();
+}
+
+echo $OUTPUT->footer();
+
+exit;

classes/event/action_failed.php

@@ -49,15 +49,6 @@ public function get_description() {
         return $this->data['other'];
     }
 
-    /**
-     * Return legacy data for add_to_log().
-     *
-     * @return array
-     */
-    protected function get_legacy_logdata() {
-        return array(SITEID, 'auth_oidc', 'error', 'index.php');
-    }
-
     /**
      * Init method.
      *