MDL-58793 auth: Do not report migrated settings as new ones on upgrade

As a result of fixing the auth plugins config storage in MDL-12689, many
settings would be falsely reported as new ones by
admin/upgradesettings.php. We do not want to confuse admins so we try to
reduce the bewilderment by pre-populating the config_plugins table with
default values. This should be done only for disabled auth methods. The
enabled methods have their settings already stored, so reporting actual
new settings for them is valid.

auth/cas/db/upgrade.php

@@ -62,6 +62,7 @@ function xmldb_auth_cas_upgrade($oldversion) {
     if ($oldversion < 2017020700) {
         // Convert info in config plugins from auth/cas to auth_cas.
         upgrade_fix_config_auth_plugin_names('cas');
+        upgrade_fix_config_auth_plugin_defaults('cas');
         upgrade_plugin_savepoint(true, 2017020700, 'auth', 'cas');
     }
 

auth/db/db/upgrade.php

@@ -38,6 +38,7 @@ function xmldb_auth_db_upgrade($oldversion) {
     if ($oldversion < 2017032800) {
         // Convert info in config plugins from auth/db to auth_db
         upgrade_fix_config_auth_plugin_names('db');
+        upgrade_fix_config_auth_plugin_defaults('db');
         upgrade_plugin_savepoint(true, 2017032800, 'auth', 'db');
     }
 

auth/email/db/upgrade.php

@@ -38,6 +38,7 @@ function xmldb_auth_email_upgrade($oldversion) {
     if ($oldversion < 2017020700) {
         // Convert info in config plugins from auth/email to auth_email.
         upgrade_fix_config_auth_plugin_names('email');
+        upgrade_fix_config_auth_plugin_defaults('email');
         upgrade_plugin_savepoint(true, 2017020700, 'auth', 'email');
     }
 

auth/fc/db/upgrade.php

@@ -38,6 +38,7 @@ function xmldb_auth_fc_upgrade($oldversion) {
     if ($oldversion < 2017020700) {
         // Convert info in config plugins from auth/fc to auth_fc.
         upgrade_fix_config_auth_plugin_names('fc');
+        upgrade_fix_config_auth_plugin_defaults('fc');
         upgrade_plugin_savepoint(true, 2017020700, 'auth', 'fc');
     }
 

auth/imap/db/upgrade.php

@@ -38,6 +38,7 @@ function xmldb_auth_imap_upgrade($oldversion) {
     if ($oldversion < 2017020700) {
         // Convert info in config plugins from auth/imap to auth_imap.
         upgrade_fix_config_auth_plugin_names('imap');
+        upgrade_fix_config_auth_plugin_defaults('imap');
         upgrade_plugin_savepoint(true, 2017020700, 'auth', 'imap');
     }
 

auth/ldap/db/upgrade.php

@@ -62,6 +62,7 @@ function xmldb_auth_ldap_upgrade($oldversion) {
     if ($oldversion < 2017020700) {
         // Convert info in config plugins from auth/ldap to auth_ldap.
         upgrade_fix_config_auth_plugin_names('ldap');
+        upgrade_fix_config_auth_plugin_defaults('ldap');
         upgrade_plugin_savepoint(true, 2017020700, 'auth', 'ldap');
     }
 

auth/manual/db/upgrade.php

@@ -50,6 +50,7 @@ function xmldb_auth_manual_upgrade($oldversion) {
     if ($oldversion < 2017020700) {
         // Convert info in config plugins from auth/manual to auth_manual.
         upgrade_fix_config_auth_plugin_names('manual');
+        upgrade_fix_config_auth_plugin_defaults('manual');
         upgrade_plugin_savepoint(true, 2017020700, 'auth', 'manual');
     }
 

auth/mnet/db/upgrade.php

@@ -49,6 +49,7 @@ function xmldb_auth_mnet_upgrade($oldversion) {
     if ($oldversion < 2017020700) {
         // Convert info in config plugins from auth/mnet to auth_mnet.
         upgrade_fix_config_auth_plugin_names('mnet');
+        upgrade_fix_config_auth_plugin_defaults('mnet');
         upgrade_plugin_savepoint(true, 2017020700, 'auth', 'mnet');
     }
 

auth/nntp/db/upgrade.php

@@ -38,6 +38,7 @@ function xmldb_auth_nntp_upgrade($oldversion) {
     if ($oldversion < 2017020700) {
         // Convert info in config plugins from auth/nntp to auth_nntp.
         upgrade_fix_config_auth_plugin_names('nntp');
+        upgrade_fix_config_auth_plugin_defaults('nntp');
         upgrade_plugin_savepoint(true, 2017020700, 'auth', 'nntp');
     }
 

auth/none/db/upgrade.php

@@ -38,6 +38,7 @@ function xmldb_auth_none_upgrade($oldversion) {
     if ($oldversion < 2017020700) {
         // Convert info in config plugins from auth/none to auth_none.
         upgrade_fix_config_auth_plugin_names('none');
+        upgrade_fix_config_auth_plugin_defaults('none');
         upgrade_plugin_savepoint(true, 2017020700, 'auth', 'none');
     }
 

auth/pam/db/upgrade.php

@@ -38,6 +38,7 @@ function xmldb_auth_pam_upgrade($oldversion) {
     if ($oldversion < 2017020700) {
         // Convert info in config plugins from auth/pam to auth_pam.
         upgrade_fix_config_auth_plugin_names('pam');
+        upgrade_fix_config_auth_plugin_defaults('pam');
         upgrade_plugin_savepoint(true, 2017020700, 'auth', 'pam');
     }
 

auth/pop3/db/upgrade.php

@@ -38,6 +38,7 @@ function xmldb_auth_pop3_upgrade($oldversion) {
     if ($oldversion < 2017020700) {
         // Convert info in config plugins from auth/pop3 to auth_pop3.
         upgrade_fix_config_auth_plugin_names('pop3');
+        upgrade_fix_config_auth_plugin_defaults('pop3');
         upgrade_plugin_savepoint(true, 2017020700, 'auth', 'pop3');
     }
 

auth/shibboleth/db/upgrade.php

@@ -38,6 +38,7 @@ function xmldb_auth_shibboleth_upgrade($oldversion) {
     if ($oldversion < 2017020700) {
         // Convert info in config plugins from auth/shibboleth to auth_shibboleth.
         upgrade_fix_config_auth_plugin_names('shibboleth');
+        upgrade_fix_config_auth_plugin_defaults('shibboleth');
         upgrade_plugin_savepoint(true, 2017020700, 'auth', 'shibboleth');
     }
 

auth/upgrade.txt

@@ -3,10 +3,11 @@ information provided here is intended especially for developers.
 
 === 3.3 ===
 
-* Authentication plugins have been migrated to use the admin settings API.
-  Plugins should use a settings.php file to manage configurations rather than using the config.html files.
-  See how the helper function upgrade_fix_config_auth_plugin_names() can be used to convert the legacy settings to the
-  new ones.
+* Authentication plugins have been migrated to use the admin settings API.  Plugins should use a settings.php file to
+  manage configurations rather than using the old config.html files. See how the helper function
+  upgrade_fix_config_auth_plugin_names() can be used to convert the legacy settings to the new ones. Another helper
+  function upgrade_fix_config_auth_plugin_defaults() can be used to populate the settings with default values so that
+  they are not falsely reported as newly added ones.
 * The function 'print_auth_lock_options' has been replaced by 'display_auth_lock_options' which uses the admin settings API.
   See auth_manual as an exmple of how it can be used.  More information can be found in MDL-12689.
 * The list of supported identity providers (SSO IdP) returned by the 'loginpage_idp_list' method (used to render the

lib/upgradelib.php

@@ -2569,3 +2569,53 @@ function upgrade_fix_config_auth_plugin_names($plugin) {
         unset_config($name, 'auth/'.$plugin);
     }
 }
+
+/**
+ * Populate the auth plugin settings with defaults if needed.
+ *
+ * As a result of fixing the auth plugins config storage, many settings would
+ * be falsely reported as new ones by admin/upgradesettings.php. We do not want
+ * to confuse admins so we try to reduce the bewilderment by pre-populating the
+ * config_plugins table with default values. This should be done only for
+ * disabled auth methods. The enabled methods have their settings already
+ * stored, so reporting actual new settings for them is valid.
+ *
+ * @param string $plugin the auth plugin name such as 'cas', 'manual' or 'mnet'
+ */
+function upgrade_fix_config_auth_plugin_defaults($plugin) {
+    global $CFG;
+
+    $pluginman = core_plugin_manager::instance();
+    $enabled = $pluginman->get_enabled_plugins('auth');
+
+    if (isset($enabled[$plugin])) {
+        // Do not touch settings of enabled auth methods.
+        return;
+    }
+
+    // We can't directly use {@link core\plugininfo\auth::load_settings()} here
+    // because the plugins are not fully upgraded yet. Instead, we emulate what
+    // that method does. We fetch a temporary instance of the plugin's settings
+    // page to get access to the settings and their defaults. Note we are not
+    // adding that temporary instance into the admin tree. Yes, this is a hack.
+
+    $plugininfo = $pluginman->get_plugin_info('auth_'.$plugin);
+    $adminroot = admin_get_root();
+    $ADMIN = $adminroot;
+    $auth = $plugininfo;
+
+    $section = $plugininfo->get_settings_section_name();
+    $settingspath = $plugininfo->full_path('settings.php');
+
+    if (file_exists($settingspath)) {
+        $settings = new admin_settingpage($section, 'Emulated settings page for auth_'.$plugin, 'moodle/site:config');
+        include($settingspath);
+
+        if ($settings) {
+            // Consistently with what admin/cli/upgrade.php does, apply the default settings twice.
+            // I assume this is done for theoretical cases when a default value depends on an other.
+            admin_apply_default_settings($settings, false);
+            admin_apply_default_settings($settings, false);
+        }
+    }
+}