Skip to content

Commit

Permalink
Merge branch 'wip-85446-m40' into MOODLE_40_STABLE
Browse files Browse the repository at this point in the history 
# Conflicts:
#	local/o365/classes/observers.php
  • Loading branch information
@weilai-irl
weilai-irl committed Oct 5, 2022
2 parents 647a407 + e05f1fd commit 52f2ee8
Show file tree
Hide file tree
Showing 3 changed files with 55 additions and 32 deletions.
2 changes: 2 additions & 0 deletions auth/oidc/lang/en/auth_oidc.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,8 @@
$string['settings_section_other_params'] = 'Other parameters';
$string['authentication_and_endpoints_saved'] = 'Authentication and endpoint settings updated.';
$string['application_updated'] = 'OpenID Connect application setting was updated.';
$string['application_updated_azure'] = 'OpenID Connect application setting was updated.<br/>
<span class="warning" style="color: red;">Azure administrator will need to <b>Provide admin consent</b> and <b>Verify setup</b> again on the <a href="{$a}" target="_blank">Microsoft 365 integration configuration page</a> if "Identity Provider (IdP) Type" or "Client authentication method" settings are updated.</span>';

$string['event_debug'] = 'Debug message';

Expand Down
40 changes: 22 additions & 18 deletions auth/oidc/manageapplication.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,37 +73,41 @@
if ($form->is_cancelled()) {
redirect($url);
} else if ($fromform = $form->get_data()) {
// Save idptype.
set_config('idptype', $fromform->idptype, 'auth_oidc');

// Save clientid.
set_config('clientid', $fromform->clientid, 'auth_oidc');

// Save tenantnameorguid.
set_config('tenantnameorguid', $fromform->tenantnameorguid, 'auth_oidc');

// Save clientauthmethod.
// Handle odd cases where clientauthmethod is not received.
if (!isset($fromform->clientauthmethod)) {
$fromform->clientauthmethod = optional_param('clientauthmethod', AUTH_OIDC_AUTH_METHOD_SECRET, PARAM_INT);
}
set_config('clientauthmethod', $fromform->clientauthmethod, 'auth_oidc');

// Prepare config settings to save.
$configstosave = ['idptype', 'clientid', 'tenantnameorguid', 'clientauthmethod', 'authendpoint', 'tokenendpoint'];

// Depending on the value of clientauthmethod, save clientsecret or (clientprivatekey and clientcert).
switch ($fromform->clientauthmethod) {
case AUTH_OIDC_AUTH_METHOD_SECRET:
set_config('clientsecret', $fromform->clientsecret, 'auth_oidc');
$configstosave[] = 'clientsecret';
break;
case AUTH_OIDC_AUTH_METHOD_CERTIFICATE:
set_config('clientprivatekey', $fromform->clientprivatekey, 'auth_oidc');
set_config('clientcert', $fromform->clientcert, 'auth_oidc');
$configstosave[] = 'clientprivatekey';
$configstosave[] = 'clientcert';
break;
}

// Save endpoints.
set_config('authendpoint', $fromform->authendpoint, 'auth_oidc');
set_config('tokenendpoint', $fromform->tokenendpoint, 'auth_oidc');
// Save config settings.
foreach ($configstosave as $config) {
$existingsetting = get_config('auth_oidc', $config);
if ($fromform->$config != $existingsetting) {
set_config($config, $fromform->$config, 'auth_oidc');
add_to_config_log($config, $existingsetting, $fromform->$config, 'auth_oidc');
}
}

redirect($url, get_string('application_updated', 'auth_oidc'));
// Redirect message depend on IdP type.
if ($fromform->idptype == AUTH_OIDC_IDP_TYPE_OTHER) {
redirect($url, get_string('application_updated', 'auth_oidc'));
} else {
$localo365configurl = new moodle_url('/admin/settings.php', ['section' => 'local_o365']);
redirect($url, get_string('application_updated_azure', 'auth_oidc', $localo365configurl->out()));
}
}

echo $OUTPUT->header();
Expand Down
45 changes: 31 additions & 14 deletions local/o365/classes/observers.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -841,20 +841,37 @@ public static function handle_config_log_created(config_log_created $event) : bo

$eventdata = $event->get_data();

// If Azure app is changed, all tokens need to be deleted.
if ($eventdata['other']['plugin'] == 'auth_oidc' && $eventdata['other']['name'] == 'clientid') {
// Clear local_o365_token table.
$DB->delete_records('local_o365_token');

// Clear auth_oidc_token table.
$DB->delete_records('auth_oidc_token');

// Delete delta user token, and force a user sync task run.
unset_config('local_o365', 'task_usersync_lastdeltatoken');
if ($usersynctask = $DB->get_record('task_scheduled',
['component' => 'local_o365', 'classname' => '\local_o365\task\usersync'])) {
$usersynctask->nextruntime = time();
$DB->update_record('task_scheduled', $usersynctask);
if ($eventdata['other']['plugin'] == 'auth_oidc') {
switch ($eventdata['other']['name']) {
case 'clientid':
// Clear local_o365_token table.
$DB->delete_records('local_o365_token');

// Clear auth_oidc_token table.
$DB->delete_records('auth_oidc_token');

// Clear local_o365_connections table.
$DB->delete_records('local_o365_connections');

// Clear user records in local_o365_objects table.
$DB->delete_records('local_o365_objects', ['type' => 'user']);

// Delete delta user token, and force a user sync task run.
unset_config('local_o365', 'task_usersync_lastdeltatoken');
if ($usersynctask = $DB->get_record('task_scheduled',
['component' => 'local_o365', 'classname' => '\local_o365\task\usersync'])) {
$usersynctask->nextruntime = time();
$DB->update_record('task_scheduled', $usersynctask);
}

// No call to "break;" on purpose.
case 'idptype':
case 'clientauthmethod':
// If client ID, IdP type, or authentication method has changed, unset token and verify setup results.
// Azure admin needs to set up again.
unset_config('apptokens', 'local_o365');
unset_config('adminconsent', 'local_o365');
unset_config('azuresetupresult', 'local_o365');
}
}

Expand Down

0 comments on commit 52f2ee8

Please sign in to comment.