From c637d96786de875d80e187f9051c352af1931870 Mon Sep 17 00:00:00 2001
From: fabmen <menard.fabrice@gmail.com>
Date: Mon, 27 Nov 2017 13:54:53 +0100
Subject: [PATCH 1/4] MDL-60435 auth_shibboleth: Display IDPs for
 Authentication Shibboleth.

Using Identity Providers for Authentication Shibboleth, instead of a manual link.
---
 auth/shibboleth/auth.php                    | 26 +++++++++
 auth/shibboleth/lang/en/auth_shibboleth.php |  2 +
 auth/shibboleth/lib.php                     | 64 +++++++++++++++++++++
 auth/shibboleth/settings.php                |  6 ++
 4 files changed, 98 insertions(+)
 create mode 100644 auth/shibboleth/lib.php

diff --git a/auth/shibboleth/auth.php b/auth/shibboleth/auth.php
index fe6244c8c8a..dcfde9e1987 100644
--- a/auth/shibboleth/auth.php
+++ b/auth/shibboleth/auth.php
@@ -277,6 +277,32 @@ class auth_plugin_shibboleth extends auth_plugin_base {
             return;
         }
     }
+
+    /**
+     * Return a list of identity providers to display on the login page.
+     *
+     * @param string $wantsurl The requested URL.
+     * @return array List of arrays with keys url, iconurl and name.
+     */
+    public function loginpage_idp_list($wantsurl) {
+        global $CFG;
+        $config = get_config('auth_shibboleth');
+        if (empty($CFG->loginhttps)) {
+            $securewwwroot = $CFG->wwwroot;
+        } else {
+            $securewwwroot = str_replace('http:', 'https:', $CFG->wwwroot);
+        }
+        $result = [];
+        $url = new moodle_url($securewwwroot.'/auth/shibboleth/index.php');
+        $iconurl = moodle_url::make_pluginfile_url(context_system::instance()->id,
+                                                   'auth_shibboleth',
+                                                   'logo',
+                                                   null,
+                                                   '/',
+                                                   $config->auth_logo);
+        $result[] = ['url' => $url, 'iconurl' => $iconurl, 'name' => $config->login_name];
+        return $result;
+    }
 }
 
 
diff --git a/auth/shibboleth/lang/en/auth_shibboleth.php b/auth/shibboleth/lang/en/auth_shibboleth.php
index 659e4d1a1e9..8ef9ec1b2bc 100644
--- a/auth/shibboleth/lang/en/auth_shibboleth.php
+++ b/auth/shibboleth/lang/en/auth_shibboleth.php
@@ -25,6 +25,8 @@
 
 $string['auth_shib_auth_method'] = 'Authentication method name';
 $string['auth_shib_auth_method_description'] = 'Provide a name for the Shibboleth authentication method that is familiar to your users. This could be the name of your Shibboleth federation, e.g. <tt>SWITCHaai Login</tt> or <tt>InCommon Login</tt> or similar.';
+$string['auth_shib_auth_logo'] = 'Authentication method logo';
+$string['auth_shib_auth_logo_description'] = 'Provide a logo for the Shibboleth authentication method that is familiar to your users. This could be the logo of your Shibboleth federation, e.g. <tt>SWITCHaai Login</tt> or <tt>InCommon Login</tt> or similar.';
 $string['auth_shib_contact_administrator'] = 'In case you are not associated with the given organizations and you need access to a course on this server, please contact the <a href="mailto:{$a}">Moodle Administrator</a>.';
 $string['auth_shibbolethdescription'] = 'Using this method users are created and authenticated using <a href="http://shibboleth.internet2.edu/">Shibboleth</a>.<br />Be sure to read the <a href="../auth/shibboleth/README.txt">README</a> for Shibboleth on how to set up your Moodle with Shibboleth';
 $string['auth_shibboleth_errormsg'] = 'Please select the organization you are member of!';
diff --git a/auth/shibboleth/lib.php b/auth/shibboleth/lib.php
new file mode 100644
index 00000000000..f8ac7573984
--- /dev/null
+++ b/auth/shibboleth/lib.php
@@ -0,0 +1,64 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
+/**
+ * This file contains the hooks for the Shibboleth authentication module.
+ *
+ * @package auth_shibboleth
+ * @copyright 2018 Fabrice Ménard
+ * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+
+defined('MOODLE_INTERNAL') || die;
+
+/**
+ * Serves the logo file settings.
+ *
+ * @param stdClass $course course object
+ * @param stdClass $cm course module object
+ * @param stdClass $context context object
+ * @param string $filearea file area
+ * @param array $args extra arguments
+ * @param bool $forcedownload whether or not force download
+ * @param array $options additional options affecting the file serving
+ * @return bool false if file not found, does not return if found - justsend the file
+ */
+function auth_shibboleth_pluginfile($course, $cm, $context, $filearea, $args, $forcedownload, array $options=array()) {
+    if ($context->contextlevel != CONTEXT_SYSTEM) {
+        return false;
+    }
+
+    if ($filearea !== 'logo' ) {
+        return false;
+    }
+
+    $itemid = 0;
+
+    $filename = array_pop($args);
+    if (!$args) {
+        $filepath = '/';
+    } else {
+        $filepath = '/'.implode('/', $args).'/';
+    }
+
+    $fs = get_file_storage();
+    $file = $fs->get_file($context->id, 'auth_shibboleth', $filearea, $itemid, $filepath, $filename);
+    if (!$file) {
+        return false;
+    }
+
+    send_stored_file($file, null, 0, $forcedownload, $options);
+}
diff --git a/auth/shibboleth/settings.php b/auth/shibboleth/settings.php
index c9013783bfe..1b46ea67ee0 100644
--- a/auth/shibboleth/settings.php
+++ b/auth/shibboleth/settings.php
@@ -63,6 +63,12 @@ if ($ADMIN->fulltree) {
             get_string('auth_shib_auth_method', 'auth_shibboleth'),
             get_string('auth_shib_auth_method_description', 'auth_shibboleth'), 'Shibboleth Login', PARAM_RAW_TRIMMED));
 
+    // Authentication method logo.
+    $opts = array('accepted_types' => array('.png', '.jpg', '.gif', '.webp', '.tiff', '.svg'));
+    $settings->add(new admin_setting_configstoredfile('auth_shibboleth/auth_logo',
+                get_string('auth_shib_auth_logo', 'auth_shibboleth'),
+                get_string('auth_shib_auth_logo_description', 'auth_shibboleth'), 'logo', 0, $opts));
+
     // Login directions.
     $settings->add(new admin_setting_configtextarea('auth_shibboleth/auth_instructions',
             get_string('auth_shib_instructions_key', 'auth_shibboleth'),

From 4826b1e42b4d161cb49b99a92e3e008ff76d7f06 Mon Sep 17 00:00:00 2001
From: Mark Nelson <markn@moodle.com>
Date: Mon, 16 Jul 2018 15:47:11 +0800
Subject: [PATCH 2/4] MDL-60435 auth_shibboleth: removed usage of deprecated
 loginhttps

---
 auth/shibboleth/auth.php | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/auth/shibboleth/auth.php b/auth/shibboleth/auth.php
index dcfde9e1987..174d3fa2493 100644
--- a/auth/shibboleth/auth.php
+++ b/auth/shibboleth/auth.php
@@ -285,15 +285,9 @@ class auth_plugin_shibboleth extends auth_plugin_base {
      * @return array List of arrays with keys url, iconurl and name.
      */
     public function loginpage_idp_list($wantsurl) {
-        global $CFG;
         $config = get_config('auth_shibboleth');
-        if (empty($CFG->loginhttps)) {
-            $securewwwroot = $CFG->wwwroot;
-        } else {
-            $securewwwroot = str_replace('http:', 'https:', $CFG->wwwroot);
-        }
         $result = [];
-        $url = new moodle_url($securewwwroot.'/auth/shibboleth/index.php');
+        $url = new moodle_url('/auth/shibboleth/index.php');
         $iconurl = moodle_url::make_pluginfile_url(context_system::instance()->id,
                                                    'auth_shibboleth',
                                                    'logo',

From 87647c07fb91cd1ff8b1d5d96ceadf1b6aaf883f Mon Sep 17 00:00:00 2001
From: Mark Nelson <markn@moodle.com>
Date: Mon, 16 Jul 2018 15:57:20 +0800
Subject: [PATCH 3/4] MDL-60435 auth_shibboleth: dont display button if not
 configured

---
 auth/shibboleth/auth.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/auth/shibboleth/auth.php b/auth/shibboleth/auth.php
index 174d3fa2493..39ca032b44e 100644
--- a/auth/shibboleth/auth.php
+++ b/auth/shibboleth/auth.php
@@ -287,6 +287,12 @@ class auth_plugin_shibboleth extends auth_plugin_base {
     public function loginpage_idp_list($wantsurl) {
         $config = get_config('auth_shibboleth');
         $result = [];
+
+        // Before displaying the button check that Shibboleth is set-up correctly.
+        if (empty($config->user_attribute)) {
+            return $result;
+        }
+
         $url = new moodle_url('/auth/shibboleth/index.php');
         $iconurl = moodle_url::make_pluginfile_url(context_system::instance()->id,
                                                    'auth_shibboleth',

From c61a4a9d21c65b49b8c997ae48f8599fb0df8b37 Mon Sep 17 00:00:00 2001
From: Mark Nelson <markn@moodle.com>
Date: Mon, 16 Jul 2018 18:20:14 +0800
Subject: [PATCH 4/4] MDL-60435 auth_shibboleth: changed accepted image types

---
 auth/shibboleth/settings.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/auth/shibboleth/settings.php b/auth/shibboleth/settings.php
index 1b46ea67ee0..e4b4c3a9f86 100644
--- a/auth/shibboleth/settings.php
+++ b/auth/shibboleth/settings.php
@@ -64,10 +64,9 @@ if ($ADMIN->fulltree) {
             get_string('auth_shib_auth_method_description', 'auth_shibboleth'), 'Shibboleth Login', PARAM_RAW_TRIMMED));
 
     // Authentication method logo.
-    $opts = array('accepted_types' => array('.png', '.jpg', '.gif', '.webp', '.tiff', '.svg'));
     $settings->add(new admin_setting_configstoredfile('auth_shibboleth/auth_logo',
                 get_string('auth_shib_auth_logo', 'auth_shibboleth'),
-                get_string('auth_shib_auth_logo_description', 'auth_shibboleth'), 'logo', 0, $opts));
+                get_string('auth_shib_auth_logo_description', 'auth_shibboleth'), 'logo', 0, ['accepted_types' => ['image']]));
 
     // Login directions.
     $settings->add(new admin_setting_configtextarea('auth_shibboleth/auth_instructions',