Skip to content

Commit

Permalink
MDL-58220 oauth2: Global enable/disable for issuers.
Browse files Browse the repository at this point in the history
  • Loading branch information
Damyon Wiese committed Apr 3, 2017
1 parent 6e0d700 commit eca128b
Show file tree
Hide file tree
Showing 10 changed files with 99 additions and 1 deletion.
14 changes: 14 additions & 0 deletions admin/tool/oauth2/classes/output/renderer.php
View file
Expand Up @@ -154,6 +154,20 @@ public function issuers_table($issuers) {
$deleteurl = new moodle_url('/admin/tool/oauth2/issuers.php', ['id' => $issuer->get('id'), 'action' => 'delete']);
$deletelink = html_writer::link($deleteurl, $OUTPUT->pix_icon('t/delete', get_string('delete')));
$links .= ' ' . $deletelink;
// Enable / Disable.
if ($issuer->get('enabled')) {
// Disable.
$disableparams = ['id' => $issuer->get('id'), 'sesskey' => sesskey(), 'action' => 'disable'];
$disableurl = new moodle_url('/admin/tool/oauth2/issuers.php', $disableparams);
$disablelink = html_writer::link($disableurl, $OUTPUT->pix_icon('t/hide', get_string('disable')));
$links .= ' ' . $disablelink;
} else {
// Enable.
$enableparams = ['id' => $issuer->get('id'), 'sesskey' => sesskey(), 'action' => 'enable'];
$enableurl = new moodle_url('/admin/tool/oauth2/issuers.php', $enableparams);
$enablelink = html_writer::link($enableurl, $OUTPUT->pix_icon('t/show', get_string('enable')));
$links .= ' ' . $enablelink;
}
if (!$last) {
// Move down.
$params = ['id' => $issuer->get('id'), 'action' => 'movedown', 'sesskey' => sesskey()];
Expand Down
11 changes: 11 additions & 0 deletions admin/tool/oauth2/issuers.php
View file
Expand Up @@ -111,6 +111,17 @@
$editurl = new moodle_url('/admin/tool/oauth2/issuers.php', $params);
redirect($editurl, get_string('changessaved'), null, \core\output\notification::NOTIFY_SUCCESS);
}
} else if ($action == 'enable') {

require_sesskey();
core\oauth2\api::enable_issuer($issuerid);
redirect($PAGE->url, get_string('issuerenabled', 'tool_oauth2'), null, \core\output\notification::NOTIFY_SUCCESS);

} else if ($action == 'disable') {

require_sesskey();
core\oauth2\api::disable_issuer($issuerid);
redirect($PAGE->url, get_string('issuerdisabled', 'tool_oauth2'), null, \core\output\notification::NOTIFY_SUCCESS);

} else if ($action == 'delete') {

Expand Down
2 changes: 2 additions & 0 deletions admin/tool/oauth2/lang/en/tool_oauth2.php
View file
Expand Up @@ -84,6 +84,8 @@
$string['deleteendpointconfirm'] = 'Are you sure you want to delete the endpoint "{$a->endpoint}" for issuer "{$a->issuer}"? Any plugins relying on this endpoint will stop working.';
$string['deleteuserfieldmappingconfirm'] = 'Are you sure you want to delete the user field mapping for issuer "{$a}"?';
$string['issuerdeleted'] = 'Identity issuer deleted';
$string['issuerenabled'] = 'Identity issuer enabled';
$string['issuerdisabled'] = 'Identity issuer disabled';
$string['endpointdeleted'] = 'Endpoint deleted';
$string['userfieldmappingdeleted'] = 'User field mapping deleted';
$string['connectsystemaccount'] = 'Connect to a system account';
Expand Down
3 changes: 2 additions & 1 deletion auth/oauth2/classes/auth.php
View file
Expand Up @@ -180,7 +180,8 @@ public function get_userinfo($username) {
* @return boolean
*/
private function is_ready_for_login_page(\core\oauth2\issuer $issuer) {
return !empty($issuer->get('clientid')) &&
return $issuer->get('enabled') &&
!empty($issuer->get('clientid')) &&
!empty($issuer->get('clientsecret')) &&
$issuer->is_authentication_supported() &&
!empty($issuer->get('showonloginpage'));
Expand Down
33 changes: 33 additions & 0 deletions lib/classes/oauth2/api.php
View file
Expand Up @@ -616,6 +616,39 @@ public static function move_down_issuer($id) {
return $result;
}

/**
* Disable an identity issuer.
*
* Requires moodle/site:config capability at the system context.
*
* @param int $id The id of the identity issuer to enable.
* @return boolean
*/
public static function disable_issuer($id) {
require_capability('moodle/site:config', context_system::instance());
$issuer = new issuer($id);

$issuer->set('enabled', 0);
return $issuer->update();
}


/**
* Enable an identity issuer.
*
* Requires moodle/site:config capability at the system context.
*
* @param int $id The id of the identity issuer to enable.
* @return boolean
*/
public static function enable_issuer($id) {
require_capability('moodle/site:config', context_system::instance());
$issuer = new issuer($id);

$issuer->set('enabled', 1);
return $issuer->update();
}

/**
* Delete an identity issuer.
*
Expand Down
4 changes: 4 additions & 0 deletions lib/classes/oauth2/issuer.php
View file
Expand Up @@ -64,6 +64,10 @@ protected static function define_properties() {
'type' => PARAM_URL,
'default' => ''
),
'enabled' => array(
'type' => PARAM_BOOL,
'default' => true
),
'showonloginpage' => array(
'type' => PARAM_BOOL,
'default' => false
Expand Down
1 change: 1 addition & 0 deletions lib/db/install.xml
View file
Expand Up @@ -3494,6 +3494,7 @@
<FIELD NAME="loginparams" TYPE="text" NOTNULL="true" SEQUENCE="false" COMMENT="Additional parameters sent for a login attempt."/>
<FIELD NAME="loginparamsoffline" TYPE="text" NOTNULL="true" SEQUENCE="false" COMMENT="Additional parameters sent for a login attempt to generate a refresh token."/>
<FIELD NAME="scopessupported" TYPE="text" NOTNULL="false" SEQUENCE="false" COMMENT="The list of scopes this service supports."/>
<FIELD NAME="enabled" TYPE="int" LENGTH="2" NOTNULL="true" DEFAULT="1" SEQUENCE="false"/>
<FIELD NAME="showonloginpage" TYPE="int" LENGTH="2" NOTNULL="true" DEFAULT="1" SEQUENCE="false"/>
<FIELD NAME="sortorder" TYPE="int" LENGTH="10" NOTNULL="true" SEQUENCE="false" COMMENT="The defined sort order."/>
</FIELDS>
Expand Down
1 change: 1 addition & 0 deletions lib/db/upgrade.php
View file
Expand Up @@ -2632,6 +2632,7 @@ function xmldb_main_upgrade($oldversion) {
$table->add_field('loginparamsoffline', XMLDB_TYPE_TEXT, null, null, XMLDB_NOTNULL, null, null);
$table->add_field('scopessupported', XMLDB_TYPE_TEXT, null, null, null, null, null);
$table->add_field('showonloginpage', XMLDB_TYPE_INTEGER, '2', null, XMLDB_NOTNULL, null, '1');
$table->add_field('enabled', XMLDB_TYPE_INTEGER, '2', null, XMLDB_NOTNULL, null, '1');
$table->add_field('sortorder', XMLDB_TYPE_INTEGER, '10', null, XMLDB_NOTNULL, null, null);

// Adding keys to table oauth2_issuer.
Expand Down
18 changes: 18 additions & 0 deletions repository/googledocs/lib.php
View file
Expand Up @@ -201,6 +201,10 @@ public function get_listing($path='', $page = '') {
if (empty($path)) {
$path = $this->build_node_path('root', get_string('pluginname', 'repository_googledocs'));
}
if (!$this->issuer->get('enabled')) {
// Empty list of files for disabled repository.
return ['dynload' => false, 'list' => [], 'nologin' => true];
}

// We analyse the path to extract what to browse.
$trail = explode('/', $path);
Expand Down Expand Up @@ -416,6 +420,10 @@ public function logout() {
public function get_file($reference, $filename = '') {
global $CFG;

if (!$this->issuer->get('enabled')) {
throw new repository_exception('cannotdownload', 'repository');
}

$client = $this->get_user_oauth_client();
$base = 'https://www.googleapis.com/drive/v3';

Expand Down Expand Up @@ -557,6 +565,10 @@ public function callback() {
* @param array $options additional options affecting the file serving
*/
public function send_file($storedfile, $lifetime=null , $filter=0, $forcedownload=false, array $options = null) {
if (!$this->issuer->get('enabled')) {
throw new repository_exception('cannotdownload', 'repository');
}

$source = json_decode($storedfile->get_reference());

$fb = get_file_browser();
Expand Down Expand Up @@ -829,6 +841,9 @@ protected function set_file_sharing_anyone_with_link_can_read(\repository_google
* @return string updated reference (final one before it's saved to db).
*/
public function reference_file_selected($reference, $context, $component, $filearea, $itemid) {
if (!$this->issuer->get('enabled')) {
throw new repository_exception('cannotdownload', 'repository');
}
// What we need to do here is transfer ownership to the system user (or copy)
// then set the permissions so anyone with the share link can view,
// finally update the reference to contain the share link if it was not
Expand Down Expand Up @@ -919,6 +934,9 @@ public function reference_file_selected($reference, $context, $component, $filea
* @param int $filestatus
*/
public function get_reference_details($reference, $filestatus = 0) {
if (!$this->issuer->get('enabled')) {
throw new repository_exception('cannotdownload', 'repository');
}
if (empty($reference)) {
return get_string('unknownsource', 'repository');
}
Expand Down
13 changes: 13 additions & 0 deletions repository/skydrive/lib.php
View file
Expand Up @@ -198,6 +198,11 @@ public function get_listing($path='', $page = '') {
$path = $this->build_node_path('root', get_string('pluginname', 'repository_skydrive'));
}

if (!$this->issuer->get('enabled')) {
// Empty list of files for disabled repository.
return ['dynload' => false, 'list' => [], 'nologin' => true];
}

// We analyse the path to extract what to browse.
$trail = explode('/', $path);
$uri = array_pop($trail);
Expand Down Expand Up @@ -392,6 +397,10 @@ public function logout() {
public function get_file($reference, $filename = '') {
global $CFG;

if (!$this->issuer->get('enabled')) {
throw new repository_exception('cannotdownload', 'repository');
}

$client = $this->get_user_oauth_client();
$base = 'https://graph.microsoft.com/v1.0/';

Expand Down Expand Up @@ -505,6 +514,10 @@ public function callback() {
* @param array $options additional options affecting the file serving
*/
public function send_file($storedfile, $lifetime=null , $filter=0, $forcedownload=false, array $options = null) {
if (!$this->issuer->get('enabled')) {
throw new repository_exception('cannotdownload', 'repository');
}

$source = json_decode($storedfile->get_reference());

$fb = get_file_browser();
Expand Down

0 comments on commit eca128b

Please sign in to comment.