moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-05 17:06:53 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'master_MDL-67802_2' of https://github.com/mattporritt/moodle

Browse source
This commit is contained in:
Shamim Rezaie 2022-03-10 08:57:16 +11:00
commit babf9e5770
4 changed files with 53 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

22
admin/tool/oauth2/classes/form/issuer.php
View file

@ -46,9 +46,6 @@ class issuer extends persistent {
/** @var string $type */ /** @var string $type */
protected $type; protected $type;
/** @var boolean $showrequireconfirm Whether to show the require confirmation email checkbox or not. */
protected $showrequireconfirm;
/** /**
* Constructor. * Constructor.
* *
@ -74,7 +71,6 @@ class issuer extends persistent {
if (array_key_exists('type', $customdata)) { if (array_key_exists('type', $customdata)) {
$this->type = $customdata['type']; $this->type = $customdata['type'];
} }
$this->showrequireconfirm = !empty($customdata['showrequireconfirm']);
parent::__construct($action, $customdata, $method, $target, $attributes, $editable, $ajaxformdata); parent::__construct($action, $customdata, $method, $target, $attributes, $editable, $ajaxformdata);
} }
@ -169,12 +165,19 @@ class issuer extends persistent {
$mform->addHelpButton('alloweddomains', 'issueralloweddomains', 'tool_oauth2'); $mform->addHelpButton('alloweddomains', 'issueralloweddomains', 'tool_oauth2');
$mform->hideIf('alloweddomains', 'showonloginpage', 'eq', \core\oauth2\issuer::SERVICEONLY); $mform->hideIf('alloweddomains', 'showonloginpage', 'eq', \core\oauth2\issuer::SERVICEONLY);
if ($this->showrequireconfirm) {
// Require confirmation email for new accounts. // Require confirmation email for new accounts.
$mform->addElement('advcheckbox', 'requireconfirmation', get_string('issuerrequireconfirmation', 'tool_oauth2')); $mform->addElement('advcheckbox', 'requireconfirmation',
get_string('issuerrequireconfirmation', 'tool_oauth2'));
$mform->addHelpButton('requireconfirmation', 'issuerrequireconfirmation', 'tool_oauth2'); $mform->addHelpButton('requireconfirmation', 'issuerrequireconfirmation', 'tool_oauth2');
$mform->hideIf('requireconfirmation', 'showonloginpage', 'eq', \core\oauth2\issuer::SERVICEONLY); $mform->hideIf('requireconfirmation', 'showonloginpage',
} 'eq', \core\oauth2\issuer::SERVICEONLY);
$mform->addElement('checkbox', 'acceptrisk', get_string('acceptrisk', 'tool_oauth2'));
$mform->addHelpButton('acceptrisk', 'acceptrisk', 'tool_oauth2');
$mform->hideIf('acceptrisk', 'showonloginpage',
'eq', \core\oauth2\issuer::SERVICEONLY);
$mform->hideIf('acceptrisk', 'requireconfirmation', 'checked');
if ($this->type == 'imsobv2p1' || $issuer->get('servicetype') == 'imsobv2p1') { if ($this->type == 'imsobv2p1' || $issuer->get('servicetype') == 'imsobv2p1') {
$mform->addRule('baseurl', null, 'required', null, 'client'); $mform->addRule('baseurl', null, 'required', null, 'client');
@ -249,6 +252,9 @@ class issuer extends persistent {
if (!strlen(trim($data->loginscopesoffline))) { if (!strlen(trim($data->loginscopesoffline))) {
$errors['loginscopesoffline'] = get_string('required'); $errors['loginscopesoffline'] = get_string('required');
} }
if (empty($data->requireconfirmation) && empty($data->acceptrisk)) {
$errors['acceptrisk'] = get_string('required');
}
} }
return $errors; return $errors;
} }

34
admin/tool/oauth2/issuers.php
View file

@ -56,24 +56,7 @@ if ($action == 'edit') {
$PAGE->navbar->add(get_string('createnewservice', 'tool_oauth2') . ' ' . get_string('custom_service', 'tool_oauth2')); $PAGE->navbar->add(get_string('createnewservice', 'tool_oauth2') . ' ' . get_string('custom_service', 'tool_oauth2'));
} }
$showrequireconfirm = false; $mform = new \tool_oauth2\form\issuer(null, ['persistent' => $issuer]);
if (!empty($issuerid)) {
// Show the "Require confirmation email" checkbox for trusted issuers like Google, Facebook and Microsoft.
$likefacebook = $DB->sql_like('url', ':facebook');
$likegoogle = $DB->sql_like('url', ':google');
$likemicrosoft = $DB->sql_like('url', ':microsoft');
$params = [
'issuerid' => $issuerid,
'facebook' => '%facebook%',
'google' => '%google%',
'microsoft' => '%microsoft%',
];
$select = "issuerid = :issuerid AND ($likefacebook OR $likegoogle OR $likemicrosoft)";
// We're querying from the oauth2_endpoint table because the base URLs of FB and Microsoft can be empty in the issuer table.
$showrequireconfirm = $DB->record_exists_select('oauth2_endpoint', $select, $params);
}
$mform = new \tool_oauth2\form\issuer(null, ['persistent' => $issuer, 'showrequireconfirm' => $showrequireconfirm]);
} }
if ($mform && $mform->is_cancelled()) { if ($mform && $mform->is_cancelled()) {
@ -128,11 +111,9 @@ if ($mform && $mform->is_cancelled()) {
$type = required_param('type', PARAM_ALPHANUM); $type = required_param('type', PARAM_ALPHANUM);
$docs = required_param('docslink', PARAM_ALPHAEXT); $docs = required_param('docslink', PARAM_ALPHAEXT);
$showrequireconfirm = optional_param('showrequireconfirm', false, PARAM_BOOL);
require_sesskey(); require_sesskey();
$issuer = core\oauth2\api::init_standard_issuer($type); $issuer = core\oauth2\api::init_standard_issuer($type);
$mform = new \tool_oauth2\form\issuer(null, ['persistent' => $issuer, 'type' => $type, $mform = new \tool_oauth2\form\issuer(null, ['persistent' => $issuer, 'type' => $type]);
'showrequireconfirm' => $showrequireconfirm]);
$PAGE->navbar->add(get_string('createnewservice', 'tool_oauth2') . ' ' . get_string($type . '_service', 'tool_oauth2')); $PAGE->navbar->add(get_string('createnewservice', 'tool_oauth2') . ' ' . get_string($type . '_service', 'tool_oauth2'));
echo $OUTPUT->header(); echo $OUTPUT->header();
@ -207,22 +188,19 @@ if ($mform && $mform->is_cancelled()) {
// Google template. // Google template.
$docs = 'admin/tool/oauth2/issuers/google'; $docs = 'admin/tool/oauth2/issuers/google';
$params = ['action' => 'edittemplate', 'type' => 'google', 'sesskey' => sesskey(), 'docslink' => $docs, $params = ['action' => 'edittemplate', 'type' => 'google', 'sesskey' => sesskey(), 'docslink' => $docs];
'showrequireconfirm' => true];
$addurl = new moodle_url('/admin/tool/oauth2/issuers.php', $params); $addurl = new moodle_url('/admin/tool/oauth2/issuers.php', $params);
echo $renderer->single_button($addurl, get_string('google_service', 'tool_oauth2')); echo $renderer->single_button($addurl, get_string('google_service', 'tool_oauth2'));
// Microsoft template. // Microsoft template.
$docs = 'admin/tool/oauth2/issuers/microsoft'; $docs = 'admin/tool/oauth2/issuers/microsoft';
$params = ['action' => 'edittemplate', 'type' => 'microsoft', 'sesskey' => sesskey(), 'docslink' => $docs, $params = ['action' => 'edittemplate', 'type' => 'microsoft', 'sesskey' => sesskey(), 'docslink' => $docs];
'showrequireconfirm' => true];
$addurl = new moodle_url('/admin/tool/oauth2/issuers.php', $params); $addurl = new moodle_url('/admin/tool/oauth2/issuers.php', $params);
echo $renderer->single_button($addurl, get_string('microsoft_service', 'tool_oauth2')); echo $renderer->single_button($addurl, get_string('microsoft_service', 'tool_oauth2'));
// Facebook template. // Facebook template.
$docs = 'admin/tool/oauth2/issuers/facebook'; $docs = 'admin/tool/oauth2/issuers/facebook';
$params = ['action' => 'edittemplate', 'type' => 'facebook', 'sesskey' => sesskey(), 'docslink' => $docs, $params = ['action' => 'edittemplate', 'type' => 'facebook', 'sesskey' => sesskey(), 'docslink' => $docs];
'showrequireconfirm' => true];
$addurl = new moodle_url('/admin/tool/oauth2/issuers.php', $params); $addurl = new moodle_url('/admin/tool/oauth2/issuers.php', $params);
echo $renderer->single_button($addurl, get_string('facebook_service', 'tool_oauth2')); echo $renderer->single_button($addurl, get_string('facebook_service', 'tool_oauth2'));
@ -249,7 +227,5 @@ if ($mform && $mform->is_cancelled()) {
echo $renderer->single_button($addurl, get_string('custom_service', 'tool_oauth2')); echo $renderer->single_button($addurl, get_string('custom_service', 'tool_oauth2'));
echo $renderer->container_end(); echo $renderer->container_end();
echo $OUTPUT->footer(); echo $OUTPUT->footer();
} }

2
admin/tool/oauth2/lang/en/tool_oauth2.php
View file

@ -22,6 +22,8 @@
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/ */
$string['acceptrisk'] = 'I understand that disabling email verification can be a security issue';
$string['acceptrisk_help'] = 'Disabling email verification can be a security issue. As it potentially allows users to authenticate as another in the right circumstances.';
$string['authconfirm'] = 'This action will grant permanent API access to Moodle for the authenticated account. This is intended to be used as a system account for managing files owned by Moodle.'; $string['authconfirm'] = 'This action will grant permanent API access to Moodle for the authenticated account. This is intended to be used as a system account for managing files owned by Moodle.';
$string['authconnected'] = 'The system account is now connected for offline access'; $string['authconnected'] = 'The system account is now connected for offline access';
$string['authnotconnected'] = 'The system account was not connected for offline access'; $string['authnotconnected'] = 'The system account was not connected for offline access';

30
admin/tool/oauth2/tests/behat/email_verification.feature Normal file
View file

@ -0,0 +1,30 @@
@tool @tool_oauth2 @external @javascript
Feature: OAuth2 email verification
In order to make sure administrators understand the ramifications of email verification
As an administrator
I should see email verifications notifications when configuring an Oauth2 provider.
Background:
Given I log in as "admin"
And I change window size to "large"
And I navigate to "Server > OAuth 2 services" in site administration
Scenario: Create, edit and delete standard service for Google toggling email verification.
Given I press "Google"
And I should see "Create new service: Google"
And I set the following fields to these values:
| Name | Testing service |
| Client ID | thisistheclientid |
| Client secret | supersecret |
Then I should not see "I understand that disabling email verification can be a security issue"
And I click on "Require email verification" "checkbox"
And I should see "I understand that disabling email verification can be a security issue"
And I click on "I understand that disabling email verification can be a security issue" "checkbox"
And I press "Save changes"
And I should see "Changes saved"
And I click on "Edit" "link" in the "Testing service" "table_row"
And I press "Save changes"
And I should see "Required"
And I click on "Require email verification" "checkbox"
And I press "Save changes"
And I should see "Changes saved"