MDL-65959 badges: Do not use badge user preference after verification

badges/backpack-add.php

@@ -49,7 +49,7 @@ if (!empty($issuedbadge->recipient->id)) {
     $badge = new badge($badgeid);
     $backpack = $DB->get_record('badge_backpack', array('userid' => $USER->id));
     $sitebackpack = badges_get_site_primary_backpack();
-    $userbackpack = badges_get_site_backpack($backpack->externalbackpackid);
+    $userbackpack = badges_get_site_backpack($backpack->externalbackpackid, $USER->id);
     $assertion = new core_badges_assertion($id, $sitebackpack->apiversion);
     $api = new \core_badges\backpack_api($sitebackpack);
     $api->authenticate();

badges/backpackemailverify.php

@@ -67,6 +67,8 @@ if (!is_null($storedsecret)) {
         // Remove the verification vars and redirect to the mypackpack page.
         unset_user_preference('badges_email_verify_secret');
         unset_user_preference('badges_email_verify_address');
+        unset_user_preference('badges_email_verify_backpackid');
+        unset_user_preference('badges_email_verify_password');
         redirect(new moodle_url($redirect), get_string('backpackemailverifysuccess', 'badges'),
             null, \core\output\notification::NOTIFY_SUCCESS);
     } else {

lib/badgeslib.php

@@ -922,12 +922,13 @@ function badges_open_badges_backpack_api() {
 }
 
 /**
- * Get a site backpacks by id or url.
+ * Get a site backpacks by id for a particular user or site (if userid is 0)
  *
  * @param int $id The backpack id.
+ * @param int $userid The owner of the backpack, 0 if it's a sitewide backpack else a user's site backpack
  * @return array(stdClass)
  */
-function badges_get_site_backpack($id) {
+function badges_get_site_backpack($id, int $userid = 0) {
     global $DB;
 
     $sql = "SELECT beb.*, bb.id AS badgebackpack, bb.password, bb.email AS backpackemail
@@ -935,7 +936,7 @@ function badges_get_site_backpack($id) {
          LEFT JOIN {badge_backpack} bb ON bb.externalbackpackid = beb.id AND bb.userid=:userid
              WHERE beb.id=:id";
 
-    return $DB->get_record_sql($sql, ['id' => $id, 'userid' => 0]);
+    return $DB->get_record_sql($sql, ['id' => $id, 'userid' => $userid]);
 }
 
 /**
@@ -957,11 +958,7 @@ function badges_get_site_primary_backpack() {
 function badges_get_site_backpacks() {
     global $DB, $CFG;
 
-    $sql = "SELECT beb.*, bb.id as badgebackpack, bb.password, bb.email as backpackemail
-            FROM {badge_external_backpack} beb
-            LEFT JOIN {badge_backpack} bb ON bb.externalbackpackid = beb.id
-            WHERE bb.id IS NULL OR bb.userid=:userid";
-    $all = $DB->get_records_sql($sql, ['userid' => 0]);
+    $all = $DB->get_records('badge_external_backpack');
 
     foreach ($all as $key => $bp) {
         if ($bp->id == $CFG->badges_site_backpack) {
@@ -994,6 +991,7 @@ function badges_get_badge_api_versions() {
 function badges_get_default_issuer() {
     global $CFG, $SITE;
 
+    $sitebackpack = badges_get_site_primary_backpack();
     $issuer = array();
     $issuerurl = new moodle_url('/');
     $issuer['name'] = $CFG->badges_defaultissuername;
@@ -1001,7 +999,7 @@ function badges_get_default_issuer() {
         $issuer['name'] = $SITE->fullname ? $SITE->fullname : $SITE->shortname;
     }
     $issuer['url'] = $issuerurl->out(false);
-    $issuer['email'] = $CFG->badges_defaultissuercontact;
+    $issuer['email'] = $sitebackpack->backpackemail ?? $CFG->badges_defaultissuercontact;
     $issuer['@context'] = OPEN_BADGES_V2_CONTEXT;
     $issuerid = new moodle_url('/badges/issuer_json.php');
     $issuer['id'] = $issuerid->out(false);