Skip to content

Commit

Permalink
Merge branch 'MDL-59512-master' of git://github.com/Dagefoerde/moodle
Browse files Browse the repository at this point in the history
  • Loading branch information
David Monllao committed Nov 22, 2017
2 parents 4b560e4 + b323508 commit eee87c8
Show file tree
Hide file tree
Showing 8 changed files with 46 additions and 5 deletions.
4 changes: 4 additions & 0 deletions admin/tool/oauth2/classes/form/issuer.php
View file
Expand Up @@ -78,6 +78,10 @@ public function definition() {
$mform->addRule('clientsecret', get_string('maximumchars', '', 255), 'maxlength', 255, 'client'); $mform->addRule('clientsecret', get_string('maximumchars', '', 255), 'maxlength', 255, 'client');
$mform->addHelpButton('clientsecret', 'issuerclientsecret', 'tool_oauth2'); $mform->addHelpButton('clientsecret', 'issuerclientsecret', 'tool_oauth2');


// Use basic authentication.
$mform->addElement('checkbox', 'basicauth', get_string('usebasicauth', 'tool_oauth2'));
$mform->addHelpButton('basicauth', 'usebasicauth', 'tool_oauth2');

// Login scopes. // Login scopes.
$mform->addElement('text', 'loginscopes', get_string('issuerloginscopes', 'tool_oauth2')); $mform->addElement('text', 'loginscopes', get_string('issuerloginscopes', 'tool_oauth2'));
$mform->addRule('loginscopes', null, 'required', null, 'client'); $mform->addRule('loginscopes', null, 'required', null, 'client');
Expand Down
2 changes: 2 additions & 0 deletions admin/tool/oauth2/lang/en/tool_oauth2.php
View file
Expand Up @@ -95,6 +95,8 @@
$string['systemaccountconnected'] = 'System account connected'; $string['systemaccountconnected'] = 'System account connected';
$string['systemaccountnotconnected'] = 'System account not connected'; $string['systemaccountnotconnected'] = 'System account not connected';
$string['systemauthstatus'] = 'System account connected'; $string['systemauthstatus'] = 'System account connected';
$string['usebasicauth'] = 'Authenticate token requests via HTTP headers';
$string['usebasicauth_help'] = 'Utilize the HTTP Basic authentication scheme when sending client ID and password with a refresh token request. Recommended by the OAuth 2 standard, but may not be available with some issuers.';
$string['userfieldexternalfield'] = 'External field name'; $string['userfieldexternalfield'] = 'External field name';
$string['userfieldexternalfield_help'] = 'Name of the field provided by the external OAuth system.'; $string['userfieldexternalfield_help'] = 'Name of the field provided by the external OAuth system.';
$string['userfieldinternalfield_help'] = 'Name of the Moodle user field that should be mapped from the external field.'; $string['userfieldinternalfield_help'] = 'Name of the Moodle user field that should be mapped from the external field.';
Expand Down
11 changes: 9 additions & 2 deletions lib/classes/oauth2/client.php
View file
Expand Up @@ -70,6 +70,7 @@ public function __construct(issuer $issuer, $returnurl, $scopesrequired, $system
if (empty($returnurl)) { if (empty($returnurl)) {
$returnurl = new moodle_url('/'); $returnurl = new moodle_url('/');
} }
$this->basicauth = $issuer->get('basicauth');
parent::__construct($issuer->get('clientid'), $issuer->get('clientsecret'), $returnurl, $scopes); parent::__construct($issuer->get('clientid'), $issuer->get('clientsecret'), $returnurl, $scopes);
} }


Expand Down Expand Up @@ -177,11 +178,17 @@ public function upgrade_refresh_token(system_account $systemaccount) {
$refreshtoken = $systemaccount->get('refreshtoken'); $refreshtoken = $systemaccount->get('refreshtoken');


$params = array('refresh_token' => $refreshtoken, $params = array('refresh_token' => $refreshtoken,
'client_id' => $this->issuer->get('clientid'),
'client_secret' => $this->issuer->get('clientsecret'),
'grant_type' => 'refresh_token' 'grant_type' => 'refresh_token'
); );


if ($this->basicauth) {
$idsecret = urlencode($this->issuer->get('clientid')) . ':' . urlencode($this->issuer->get('clientsecret'));
$this->setHeader('Authorization: Basic ' . base64_encode($idsecret));
} else {
$params['client_id'] = $this->issuer->get('clientid');
$params['client_secret'] = $this->issuer->get('clientsecret');
}

// Requests can either use http GET or POST. // Requests can either use http GET or POST.
if ($this->use_http_get()) { if ($this->use_http_get()) {
$response = $this->get($this->token_url(), $params); $response = $this->get($this->token_url(), $params);
Expand Down
4 changes: 4 additions & 0 deletions lib/classes/oauth2/issuer.php
View file
Expand Up @@ -72,6 +72,10 @@ protected static function define_properties() {
'type' => PARAM_BOOL, 'type' => PARAM_BOOL,
'default' => false 'default' => false
), ),
'basicauth' => array(
'type' => PARAM_BOOL,
'default' => false
),
'scopessupported' => array( 'scopessupported' => array(
'type' => PARAM_RAW, 'type' => PARAM_RAW,
'null' => NULL_ALLOWED, 'null' => NULL_ALLOWED,
Expand Down
1 change: 1 addition & 0 deletions lib/db/install.xml
View file
Expand Up @@ -3514,6 +3514,7 @@
<FIELD NAME="scopessupported" TYPE="text" NOTNULL="false" SEQUENCE="false" COMMENT="The list of scopes this service supports."/> <FIELD NAME="scopessupported" TYPE="text" NOTNULL="false" SEQUENCE="false" COMMENT="The list of scopes this service supports."/>
<FIELD NAME="enabled" TYPE="int" LENGTH="2" NOTNULL="true" DEFAULT="1" SEQUENCE="false"/> <FIELD NAME="enabled" TYPE="int" LENGTH="2" NOTNULL="true" DEFAULT="1" SEQUENCE="false"/>
<FIELD NAME="showonloginpage" TYPE="int" LENGTH="2" NOTNULL="true" DEFAULT="1" SEQUENCE="false"/> <FIELD NAME="showonloginpage" TYPE="int" LENGTH="2" NOTNULL="true" DEFAULT="1" SEQUENCE="false"/>
<FIELD NAME="basicauth" TYPE="int" LENGTH="2" NOTNULL="true" DEFAULT="0" SEQUENCE="false" COMMENT="Use HTTP Basic authentication scheme when sending client ID and password"/>
<FIELD NAME="sortorder" TYPE="int" LENGTH="10" NOTNULL="true" SEQUENCE="false" COMMENT="The defined sort order."/> <FIELD NAME="sortorder" TYPE="int" LENGTH="10" NOTNULL="true" SEQUENCE="false" COMMENT="The defined sort order."/>
<FIELD NAME="requireconfirmation" TYPE="int" LENGTH="2" NOTNULL="true" DEFAULT="1" SEQUENCE="false"/> <FIELD NAME="requireconfirmation" TYPE="int" LENGTH="2" NOTNULL="true" DEFAULT="1" SEQUENCE="false"/>
</FIELDS> </FIELDS>
Expand Down
15 changes: 15 additions & 0 deletions lib/db/upgrade.php
View file
Expand Up @@ -2811,5 +2811,20 @@ function xmldb_main_upgrade($oldversion) {
// Automatically generated Moodle v3.4.0 release upgrade line. // Automatically generated Moodle v3.4.0 release upgrade line.
// Put any upgrade step following this. // Put any upgrade step following this.


if ($oldversion < 2017111300.011) {

// Define field basicauth to be added to oauth2_issuer.
$table = new xmldb_table('oauth2_issuer');
$field = new xmldb_field('basicauth', XMLDB_TYPE_INTEGER, '2', null, XMLDB_NOTNULL, null, '0', 'showonloginpage');

// Conditionally launch add field basicauth.
if (!$dbman->field_exists($table, $field)) {
$dbman->add_field($table, $field);
}

// Main savepoint reached.
upgrade_main_savepoint(true, 2017111300.011);
}

return true; return true;
} }
12 changes: 10 additions & 2 deletions lib/oauthlib.php
View file
Expand Up @@ -403,6 +403,8 @@ abstract class oauth2_client extends curl {
private $mocknextresponse = ''; private $mocknextresponse = '';
/** @var array $upgradedcodes list of upgraded codes in this request */ /** @var array $upgradedcodes list of upgraded codes in this request */
private static $upgradedcodes = []; private static $upgradedcodes = [];
/** @var bool basicauth */
protected $basicauth = false;


/** /**
* Returns the auth url for OAuth 2.0 request * Returns the auth url for OAuth 2.0 request
Expand Down Expand Up @@ -542,12 +544,18 @@ public function build_post_data($params) {
public function upgrade_token($code) { public function upgrade_token($code) {
$callbackurl = self::callback_url(); $callbackurl = self::callback_url();
$params = array('code' => $code, $params = array('code' => $code,
'client_id' => $this->clientid,
'client_secret' => $this->clientsecret,
'grant_type' => 'authorization_code', 'grant_type' => 'authorization_code',
'redirect_uri' => $callbackurl->out(false), 'redirect_uri' => $callbackurl->out(false),
); );


if ($this->basicauth) {
$idsecret = urlencode($this->clientid) . ':' . urlencode($this->clientsecret);
$this->setHeader('Authorization: Basic ' . base64_encode($idsecret));
} else {
$params['client_id'] = $this->clientid;
$params['client_secret'] = $this->clientsecret;
}

// Requests can either use http GET or POST. // Requests can either use http GET or POST.
if ($this->use_http_get()) { if ($this->use_http_get()) {
$response = $this->get($this->token_url(), $params); $response = $this->get($this->token_url(), $params);
Expand Down
2 changes: 1 addition & 1 deletion version.php
View file
Expand Up @@ -29,7 +29,7 @@


defined('MOODLE_INTERNAL') || die(); defined('MOODLE_INTERNAL') || die();


$version = 2017111300.01; // YYYYMMDD = weekly release date of this DEV branch. $version = 2017111300.011; // YYYYMMDD = weekly release date of this DEV branch.
// RR = release increments - 00 in DEV branches. // RR = release increments - 00 in DEV branches.
// .XX = incremental changes. // .XX = incremental changes.


Expand Down

0 comments on commit eee87c8

Please sign in to comment.