moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-04 08:26:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-68845 calendar: Move duplicated code to function

Browse source
This commit is contained in:
Juan Leyva 2020-09-16 18:41:47 +02:00
parent 5486b031ee
commit ea9c822fc3
4 changed files with 49 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

3
calendar/export.php
View file

@ -141,10 +141,9 @@ $formdata = array(
$exportform = new core_calendar_export_form(null, $formdata); $exportform = new core_calendar_export_form(null, $formdata);
$calendarurl = ''; $calendarurl = '';
if ($data = $exportform->get_data()) { if ($data = $exportform->get_data()) {
$password = $DB->get_record('user', array('id' => $USER->id), 'password');
$params = array(); $params = array();
$params['userid'] = $USER->id; $params['userid'] = $USER->id;
$params['authtoken'] = sha1($USER->id . (isset($password->password) ? $password->password : '') . $CFG->calendar_exportsalt); $params['authtoken'] = calendar_get_export_token($USER);
$params['preset_what'] = $data->events['exportevents']; $params['preset_what'] = $data->events['exportevents'];
$params['preset_time'] = $data->period['timeperiod']; $params['preset_time'] = $data->period['timeperiod'];

4
calendar/export_execute.php
View file

@ -24,7 +24,7 @@ if (!$checkuserid && !$checkusername) {
} }
//Check authentication token //Check authentication token
$authuserid = !empty($userid) && $authtoken == sha1($userid . $user->password . $CFG->calendar_exportsalt); $authuserid = !empty($userid) && $authtoken == calendar_get_export_token($user);
//allowing for fallback check of old url - MDL-27542 //allowing for fallback check of old url - MDL-27542
$authusername = !empty($username) && $authtoken == sha1($username . $user->password . $CFG->calendar_exportsalt); $authusername = !empty($username) && $authtoken == sha1($username . $user->password . $CFG->calendar_exportsalt);
if (!$authuserid && !$authusername) { if (!$authuserid && !$authusername) {
@ -44,7 +44,7 @@ $allowedwhat = ['all', 'user', 'groups', 'courses', 'categories'];
$allowedtime = ['weeknow', 'weeknext', 'monthnow', 'monthnext', 'recentupcoming', 'custom']; $allowedtime = ['weeknow', 'weeknext', 'monthnow', 'monthnext', 'recentupcoming', 'custom'];
if (!empty($generateurl)) { if (!empty($generateurl)) {
$authtoken = sha1($user->id . $user->password . $CFG->calendar_exportsalt); $authtoken = calendar_get_export_token($user);
$params = array(); $params = array();
$params['preset_what'] = $what; $params['preset_what'] = $what;
$params['preset_time'] = $time; $params['preset_time'] = $time;

17
calendar/lib.php
View file

@ -3667,11 +3667,10 @@ function calendar_get_timestamp($d, $m, $y, $time = 0) {
* @return array The data for template and template name. * @return array The data for template and template name.
*/ */
function calendar_get_footer_options($calendar) { function calendar_get_footer_options($calendar) {
global $CFG, $USER, $DB, $PAGE; global $CFG, $USER, $PAGE;
// Generate hash for iCal link. // Generate hash for iCal link.
$rawhash = $USER->id . $DB->get_field('user', 'password', ['id' => $USER->id]) . $CFG->calendar_exportsalt; $authtoken = calendar_get_export_token($USER);
$authtoken = sha1($rawhash);
$renderer = $PAGE->get_renderer('core_calendar'); $renderer = $PAGE->get_renderer('core_calendar');
$footer = new \core_calendar\external\footer_options_exporter($calendar, $USER->id, $authtoken); $footer = new \core_calendar\external\footer_options_exporter($calendar, $USER->id, $authtoken);
@ -3905,3 +3904,15 @@ function calendar_internal_update_course_and_group_permission(int $courseid, con
} }
} }
} }
/**
* Get the auth token for exporting the given user calendar.
* @param stdClass $user The user to export the calendar for
*
* @return string The export token.
*/
function calendar_get_export_token(stdClass $user): string {
global $CFG, $DB;
return sha1($user->id . $DB->get_field('user', 'password', ['id' => $user->id]) . $CFG->calendar_exportsalt);
}

32
calendar/tests/lib_test.php
View file

@ -963,4 +963,36 @@ class core_calendar_lib_testcase extends advanced_testcase {
// Viewing as someone not enrolled in a course with guest access on. // Viewing as someone not enrolled in a course with guest access on.
$this->assertTrue(calendar_view_event_allowed($caleventguest)); $this->assertTrue(calendar_view_event_allowed($caleventguest));
} }
/**
* Test for calendar_get_export_token for current user.
*/
public function test_calendar_get_export_token_for_current_user() {
global $USER, $DB, $CFG;
$this->setAdminUser();
// Get my token.
$authtoken = calendar_get_export_token($USER);
$expected = sha1($USER->id . $DB->get_field('user', 'password', ['id' => $USER->id]) . $CFG->calendar_exportsalt);
$this->assertEquals($expected, $authtoken);
}
/**
* Test for calendar_get_export_token for another user.
*/
public function test_calendar_get_export_token_for_another_user() {
global $CFG;
// Get any user token.
$generator = $this->getDataGenerator();
$user = $generator->create_user();
// Get other user token.
$authtoken = calendar_get_export_token($user);
$expected = sha1($user->id . $user->password . $CFG->calendar_exportsalt);
$this->assertEquals($expected, $authtoken);
}
} }