Skip to content

Commit

Permalink
MDL-58220 oauth2: Use email as default username
Browse files Browse the repository at this point in the history 
And give better error messages.
  • Loading branch information
Damyon Wiese committed Apr 3, 2017
1 parent e7688f5 commit 7f15866
Show file tree
Hide file tree
Showing 4 changed files with 43 additions and 39 deletions.
11 changes: 6 additions & 5 deletions auth/oauth2/classes/auth.php
View file
Expand Up @@ -365,12 +365,12 @@ public function complete_login(client $client, $redirecturl) {
$userinfo = $client->get_userinfo();

if (!$userinfo) {
$errormsg = get_string('notloggedin', 'auth_oauth2');
$errormsg = get_string('loginerror_nouserinfo', 'auth_oauth2');
$SESSION->loginerrormsg = $errormsg;
redirect(new moodle_url($CFG->httpswwwroot . '/login/index.php'));
}
if (empty($userinfo['username']) || empty($userinfo['email'])) {
$errormsg = get_string('notloggedin', 'auth_oauth2');
$errormsg = get_string('loginerror_userincomplete', 'auth_oauth2');
$SESSION->loginerrormsg = $errormsg;
redirect(new moodle_url($CFG->httpswwwroot . '/login/index.php'));
}
Expand Down Expand Up @@ -414,7 +414,7 @@ public function complete_login(client $client, $redirecturl) {
}
$issuer = $client->get_issuer();
if (!$issuer->is_valid_login_domain($userinfo['email'])) {
$errormsg = get_string('notloggedin', 'auth_oauth2');
$errormsg = get_string('notloggedindebug', 'auth_oauth2', get_string('loginerror_invaliddomain', 'auth_oauth2'));
$SESSION->loginerrormsg = $errormsg;
redirect(new moodle_url($CFG->httpswwwroot . '/login/index.php'));
}
Expand Down Expand Up @@ -448,7 +448,8 @@ public function complete_login(client $client, $redirecturl) {

if (email_is_not_allowed($userinfo['email'])) {
// The username exists but the emails don't match. Refuse to continue.
$errormsg = get_string('emailnotallowed', 'auth_oauth2');
$reason = get_string('loginerror_invaliddomain', 'auth_oauth2');
$errormsg = get_string('notloggedindebug', 'auth_oauth2', $reason);
$SESSION->loginerrormsg = $errormsg;
redirect(new moodle_url($CFG->httpswwwroot . '/login/index.php'));
}
Expand Down Expand Up @@ -477,7 +478,7 @@ public function complete_login(client $client, $redirecturl) {
$this->update_picture($user);
redirect($redirecturl);
}
$errormsg = get_string('notloggedin', 'auth_oauth2');
$errormsg = get_string('notloggedindebug', 'auth_oauth2', get_string('loginerror_authenticationfailed', 'auth_oauth2'));
$SESSION->loginerrormsg = $errormsg;
redirect(new moodle_url($CFG->httpswwwroot . '/login/index.php'));
}
Expand Down
62 changes: 32 additions & 30 deletions auth/oauth2/lang/en/auth_oauth2.php
View file
Expand Up @@ -22,36 +22,15 @@
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/

$string['accountexists'] = 'A user already exists on this site with this username. If this is your account, login manually and link this link from your preferences page.';
$string['auth_oauth2description'] = 'OAuth 2 standards based authentication';
$string['auth_oauth2settings'] = 'OAuth 2 authentication settings.';
$string['notloggedin'] = 'The login attempt failed.';
$string['plugindescription'] = 'This authentication plugin displays a list of the configured identity providers on the moodle login page. Selecting an identity provider allows users to login with their credentials from an OAuth 2 provider.';
$string['pluginname'] = 'OAuth 2';
$string['emailconfirmlink'] = 'Link your accounts';
$string['emailconfirmlinksent'] = '<p>An existing account was found with this email address but it is not linked yet.</p>
<p>The accounts must be linked before you can login.</p>
<p>An email should have been sent to your address at <b>{$a}</b></p>
<p>It contains easy instructions to link your accounts.</p>
<p>If you continue to have difficulty, contact the site administrator.</p>';
$string['oauth2:managelinkedlogins'] = 'Manage own linked login accounts';
$string['linkedlogins'] = 'Linked logins';
$string['accountexists'] = 'A user already exists on this site with this username. If this is your account, login manually and link this link from your preferences page.';
$string['linkedloginshelp'] = 'Help with linked logins.';
$string['notwhileloggedinas'] = 'Linked logins cannot be managed while logged in as another user.';
$string['issuer'] = 'OAuth 2 Service';
$string['info'] = 'External account';
$string['createnewlinkedlogin'] = 'Link a new account ({$a})';
$string['confirmationpending'] = 'This account is pending email confirmation.';
$string['emailnotallowed'] = 'The email address is not permitted at this site.';
$string['createaccountswarning'] = 'This authentication plugin allows users to create accounts on your site. You may want to enable the setting "authpreventaccountcreation" if you use this plugin.';
$string['selfregistrationdisabled'] = 'No matching account could be found on this site, and this site does not allow self registration.';
$string['confirmlinkedloginemail'] = 'Hi {$a->fullname},
$string['confirmaccountemail'] = 'Hi {$a->fullname},
A request has been made to link the {$a->issuername} login
{$a->linkedemail} to your account at \'{$a->sitename}\'
A new account has been requested at \'{$a->sitename}\'
using your email address.
To confirm this request and link these logins, please go to this web address:
To confirm your new account, please go to this web address:
{$a->link}
Expand All @@ -62,13 +41,15 @@
If you need help, please contact the site administrator,
{$a->admin}';
$string['confirmlinkedloginemailsubject'] = '{$a}: linked login confirmation';
$string['confirmaccountemail'] = 'Hi {$a->fullname},
$string['confirmaccountemailsubject'] = '{$a}: account confirmation';
$string['confirmationpending'] = 'This account is pending email confirmation.';
$string['confirmlinkedloginemail'] = 'Hi {$a->fullname},
A new account has been requested at \'{$a->sitename}\'
A request has been made to link the {$a->issuername} login
{$a->linkedemail} to your account at \'{$a->sitename}\'
using your email address.
To confirm your new account, please go to this web address:
To confirm this request and link these logins, please go to this web address:
{$a->link}
Expand All @@ -79,4 +60,25 @@
If you need help, please contact the site administrator,
{$a->admin}';
$string['confirmaccountemailsubject'] = '{$a}: account confirmation';
$string['confirmlinkedloginemailsubject'] = '{$a}: linked login confirmation';
$string['createaccountswarning'] = 'This authentication plugin allows users to create accounts on your site. You may want to enable the setting "authpreventaccountcreation" if you use this plugin.';
$string['createnewlinkedlogin'] = 'Link a new account ({$a})';
$string['emailconfirmlink'] = 'Link your accounts';
$string['emailconfirmlinksent'] = '<p>An existing account was found with this email address but it is not linked yet.</p>
<p>The accounts must be linked before you can login.</p>
<p>An email should have been sent to your address at <b>{$a}</b></p>
<p>It contains easy instructions to link your accounts.</p>
<p>If you continue to have difficulty, contact the site administrator.</p>';
$string['info'] = 'External account';
$string['issuer'] = 'OAuth 2 Service';
$string['linkedlogins'] = 'Linked logins';
$string['linkedloginshelp'] = 'Help with linked logins.';
$string['loginerror_userincomplete'] = 'The user information returned did not contain a username and email address. The OAuth 2 service may be configured incorrectly.';
$string['loginerror_nouserinfo'] = 'No user information was returned. The OAuth 2 service may be configured incorrectly.';
$string['loginerror_invaliddomain'] = 'The email address is not allowed at this site.';
$string['loginerror_authenticationfailed'] = 'The authentication process failed.';
$string['notloggedindebug'] = 'The login attempt failed. Reason: {$a}';
$string['notwhileloggedinas'] = 'Linked logins cannot be managed while logged in as another user.';
$string['oauth2:managelinkedlogins'] = 'Manage own linked login accounts';
$string['plugindescription'] = 'This authentication plugin displays a list of the configured identity providers on the moodle login page. Selecting an identity provider allows users to login with their credentials from an OAuth 2 provider.';
$string['pluginname'] = 'OAuth 2';
5 changes: 1 addition & 4 deletions lib/classes/oauth2/api.php
View file
Expand Up @@ -107,7 +107,6 @@ private static function create_facebook() {
'name' => 'alternatename',
'last_name' => 'lastname',
'email' => 'email',
'third_party_id' => 'username',
'first_name' => 'firstname',
'picture-data-url' => 'picture',
'link' => 'url',
Expand Down Expand Up @@ -163,8 +162,7 @@ private static function create_microsoft() {
$mapping = [
'givenName' => 'firstname',
'surname' => 'lastname',
'mail' => 'email',
'userPrincipalName' => 'username',
'userPrincipalName' => 'email',
'displayName' => 'alternatename',
'officeLocation' => 'address',
'mobilePhone' => 'phone1',
Expand Down Expand Up @@ -425,7 +423,6 @@ protected static function discover_endpoints($issuer) {
'middle_name' => 'middlename',
'family_name' => 'lastname',
'email' => 'email',
'sub' => 'username',
'website' => 'url',
'nickname' => 'alternatename',
'picture' => 'picture',
Expand Down
4 changes: 4 additions & 0 deletions lib/classes/oauth2/client.php
View file
Expand Up @@ -269,6 +269,10 @@ public function get_userinfo() {
}
}

if (empty($user->username) && !empty($user->email)) {
$user->username = $user->email;
}

if (!empty($user->picture)) {
$user->picture = download_file_content($user->picture, null, null, false, 10, 10, true, null, false);
} else {
Expand Down

0 comments on commit 7f15866

Please sign in to comment.