moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-09 19:06:41 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'MDL-79712-main' of https://github.com/snake/moodle

Browse source
This commit is contained in:
Andrew Nicols 2024-04-02 11:47:29 +08:00 committed by Shamim Rezaie
commit d1613e331f
2 changed files with 27 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

16
auth/lti/classes/local/ltiadvantage/event/event_handler.php
View file

@ -35,16 +35,14 @@ class event_handler {
* @return void * @return void
*/ */
public static function handle_user_loggedin(user_loggedin $event): void { public static function handle_user_loggedin(user_loggedin $event): void {
// The event data isn't important here. The intent of this listener is to ensure that the MoodleSession cookie gets the // The event data isn't important here. The intent of this listener is to ensure that the MoodleSession cookie is set up
// 'Partitioned' attribute, when required - an opt-in flag needed to use Chrome's partitioning mechanism, CHIPS. During LTI // properly during LTI launches + login. This means two things:
// auth, the auth class (auth/lti/auth.php) calls complete_user_login(), which generates a new session cookie as part of its // i) it's set with SameSite=None; Secure; where possible (since OIDC needs HTTPS this will almost always be possible).
// login process. This handler makes sure that this new cookie is intercepted and partitioned, if needed. // ii) it set with the 'Partitioned' attribute, when required.
// The former ensures cross-site cookies are sent for embedded launches. The latter is an opt-in flag needed to use Chrome's
// partitioning mechanism, CHIPS.
if (cookie_helper::cookies_supported()) { if (cookie_helper::cookies_supported()) {
if (cookie_helper::get_cookies_supported_method() == cookie_helper::COOKIE_METHOD_EXPLICIT_PARTITIONING) { cookie_helper::setup_session_cookie();
global $CFG;
cookie_helper::add_attributes_to_cookie_response_header('MoodleSession' . $CFG->sessioncookie,
['Partitioned', 'Secure']);
}
} }
} }
} }

24
auth/lti/classes/local/ltiadvantage/utility/cookie_helper.php
View file

@ -157,10 +157,8 @@ final class cookie_helper {
// Set a session flag storing the method used to set it, and make sure the session cookie uses this method. // Set a session flag storing the method used to set it, and make sure the session cookie uses this method.
$cookiemethod = $cookie1received ? self::COOKIE_METHOD_NO_PARTITIONING : self::COOKIE_METHOD_EXPLICIT_PARTITIONING; $cookiemethod = $cookie1received ? self::COOKIE_METHOD_NO_PARTITIONING : self::COOKIE_METHOD_EXPLICIT_PARTITIONING;
$SESSION->auth_lti_cookie_method = $cookiemethod; $SESSION->auth_lti_cookie_method = $cookiemethod;
if ($cookiemethod === self::COOKIE_METHOD_EXPLICIT_PARTITIONING) {
// This assumes secure is set, since that's the only way a paritioned test cookie have been set. self::setup_session_cookie();
self::add_attributes_to_cookie_response_header('MoodleSession'.$CFG->sessioncookie, ['Partitioned', 'Secure']);
}
} }
} }
} }
@ -210,6 +208,24 @@ final class cookie_helper {
} }
} }
/**
* Sets up the session cookie according to the method used in the cookie check, and with SameSite=None; Secure attributes.
*
* @return void
*/
public static function setup_session_cookie(): void {
global $CFG;
require_once($CFG->libdir . '/sessionlib.php');
if (is_moodle_cookie_secure()) {
$atts = ['SameSite=None', 'Secure'];
if (self::get_cookies_supported_method() == self::COOKIE_METHOD_EXPLICIT_PARTITIONING) {
$atts[] = 'Partitioned';
}
self::add_attributes_to_cookie_response_header('MoodleSession' . $CFG->sessioncookie, $atts);
}
}
/** /**
* Set a test cookie, using SameSite=None; Secure; attributes if possible, and with or without partitioning opt-in. * Set a test cookie, using SameSite=None; Secure; attributes if possible, and with or without partitioning opt-in.
* *