mirrored from git://git.moodle.org/moodle.git
/
imsbadgeconnect.php
173 lines (156 loc) · 7.24 KB
/
imsbadgeconnect.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
namespace core\oauth2\discovery;
use curl;
use stdClass;
use moodle_exception;
use core\oauth2\issuer;
use core\oauth2\endpoint;
/**
* Class for IMS Open Badge Connect API (aka OBv2.1) discovery definition.
*
* @package core
* @since Moodle 3.11
* @copyright 2021 Sara Arjona (sara@moodle.com)
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class imsbadgeconnect extends base_definition {
/**
* Get the URL for the discovery manifest.
*
* @param issuer $issuer The OAuth issuer the endpoints should be discovered for.
* @return string The URL of the discovery file, containing the endpoints.
*/
public static function get_discovery_endpoint_url(issuer $issuer): string {
$url = $issuer->get('baseurl');
if (!empty($url)) {
// Add slash at the end of the base url.
$url .= (substr($url, -1) == '/' ? '' : '/');
// Append the well-known file for IMS OBv2.1.
$url .= '.well-known/badgeconnect.json';
}
return $url;
}
/**
* Process the discovery information and create endpoints defined with the expected format.
*
* @param issuer $issuer The OAuth issuer the endpoints should be discovered for.
* @param stdClass $info The discovery information, with the endpoints to process and create.
* @return void
*/
protected static function process_configuration_json(issuer $issuer, stdClass $info): void {
$info = array_pop($info->badgeConnectAPI);
foreach ($info as $key => $value) {
if (substr_compare($key, 'Url', - strlen('Url')) === 0 && !empty($value)) {
$record = new stdClass();
$record->issuerid = $issuer->get('id');
// Convert key names from xxxxUrl to xxxx_endpoint, in order to make it compliant with the Moodle oAuth API.
$record->name = strtolower(substr($key, 0, - strlen('Url'))) . '_endpoint';
$record->url = $value;
$endpoint = new endpoint(0, $record);
$endpoint->create();
} else if ($key == 'scopesOffered') {
// Get and update supported scopes.
$issuer->set('scopessupported', implode(' ', $value));
$issuer->update();
} else if ($key == 'image' && empty($issuer->get('image'))) {
// Update the image with the value in the manifest file if it's valid and empty in the issuer.
$url = filter_var($value, FILTER_SANITIZE_URL);
// Remove multiple slashes in URL. It will fix the Badgr bug with image URL defined in their manifest.
$url = preg_replace('/([^:])(\/{2,})/', '$1/', $url);
if (filter_var($url, FILTER_VALIDATE_URL) !== false) {
$issuer->set('image', $url);
$issuer->update();
}
}
}
}
/**
* Process how to map user field information.
*
* @param issuer $issuer The OAuth issuer the endpoints should be discovered for.
* @return void
*/
protected static function create_field_mappings(issuer $issuer): void {
// In that case, there are no user fields to map.
}
/**
* Self-register the issuer if the 'registration' endpoint exists and client id and secret aren't defined.
*
* @param issuer $issuer The OAuth issuer to register.
* @return void
*/
protected static function register(issuer $issuer): void {
global $CFG, $SITE;
$clientid = $issuer->get('clientid');
$clientsecret = $issuer->get('clientsecret');
// Registration request for getting client id and secret will be done only they are empty in the issuer.
// For now this can't be run from PHPUNIT (because IMS testing platform needs real URLs). In the future, this
// request can be moved to the moodle-exttests repository.
if (empty($clientid) && empty($clientsecret) && (!defined('PHPUNIT_TEST') || !PHPUNIT_TEST)) {
$url = $issuer->get_endpoint_url('registration');
if ($url) {
$scopes = str_replace("\r", " ", $issuer->get('scopessupported'));
// Add slash at the end of the site URL.
$hosturl = $CFG->wwwroot;
$hosturl .= (substr($CFG->wwwroot, -1) == '/' ? '' : '/');
// Create the registration request following the format defined in the IMS OBv2.1 specification.
$request = [
'client_name' => $SITE->fullname,
'client_uri' => $hosturl,
'logo_uri' => $hosturl . 'pix/f/moodle-256.png',
'tos_uri' => $hosturl,
'policy_uri' => $hosturl,
'software_id' => 'moodle',
'software_version' => $CFG->version,
'redirect_uris' => [
$hosturl . 'admin/oauth2callback.php'
],
'token_endpoint_auth_method' => 'client_secret_basic',
'grant_types' => [
'authorization_code',
'refresh_token'
],
'response_types' => [
'code'
],
'scope' => $scopes
];
$jsonrequest = json_encode($request);
$curl = new curl();
$curl->setHeader(['Content-type: application/json']);
$curl->setHeader(['Accept: application/json']);
// Send the registration request.
if (!$jsonresponse = $curl->post($url, $jsonrequest)) {
$msg = 'Could not self-register identity issuer: ' . $issuer->get('name') .
". Wrong URL or JSON data [URL: $url]";
throw new moodle_exception($msg);
}
// Process the response and update client id and secret if they are valid.
$response = json_decode($jsonresponse);
if (property_exists($response, 'client_id')) {
$issuer->set('clientid', $response->client_id);
$issuer->set('clientsecret', $response->client_secret);
$issuer->update();
} else {
$msg = 'Could not self-register identity issuer: ' . $issuer->get('name') .
'. Invalid response ' . $jsonresponse;
throw new moodle_exception($msg);
}
}
}
}
}