It shoudl be possible to link multiple OAuth2 sources which have the
same e-mail address to an account.
This patch makes the check for an existing linked account stricter so
that it only checks for linked account records which match the same
issuer, and which do not have expired confirmation tokens.
It has never been guaranteed that settings.php would always be included
from inside the core\plugininfo\auth::load_settings() scope only.
Alternative fix would be to use $plugininfo->name but I think it is
better to be explicit here (same as we are explicit with setting names,
strings etc).
Significant string changes:
* errorinvalidbyhour,core_calendar - correcting number from 59 to 23
* cron_help,core_admin - updated recommendation to run cron every minute
* tour1_content_end, tour1_content_welcome, tour2_content_end,
tour2_content_welcome all in tool_usertours - removing reference to
3.2
* invalidsesskey,core_error and invalidsesskey,mod_wiki - more
understandable error message
* pluginname_help and pluginnamesummary in qtype_essay - explaining that
the question type can be used for file uploads
* formatnoinline, mustattach and mustrequire in qtype_essay - changing
the word 'inline' to 'online'
The login domains were checking the email of the moodle account, not the returned
email from oauth. Also after a failure, it was not killing the oauth session, which
prevents you trying again with a different account.
The username passed to the confirm account link request is the oauth username,
which may be different to the moodle username so can't be used to look up the user record.
This was broken by the refactoring to always link logins. Some of the static
variables could also be removed but I'll do that in a later issue to keep this patch small.
New accounts and linking a login to an existing account MUST go through email verification.
We cannot trust the emails we get from oauth providers have been confirmed.
Part of MDL-58220
Show the username and email of the connected system account (if it ever requires refreshing - this will help identity the account
to re-authorise).
Part of MDL-58220
