MDL-58943 oauth2: Added nextcloud to standard issuers

* New button allows to create standard issuer for nextcloud * Since the endpoints url has to be https and nextcloud relys on the baseurl to create the endpoints, the baseurl of issuers has now to be https as well (or empty). * Google's baseurl was changed to https (there was no reason not to), whereas Facebook and Microsoft baseurls remain empty. * In case of the creation of a nextcloud issuer, the baseurl is required. * Nextcloud requires the baseurl, therefore a parameter is added to create_standard_issuer($type, $baseurl = false). That parameter not required (or used) for anything but Nextcloud.
2025-01-17 21:49:15 +01:00 · 2018-08-16 14:53:13 +02:00 · 2018-08-16 14:53:13 +02:00 · 3e3e120d3a
commit 3e3e120d3a
parent fa6cd89b24
7 changed files with 117 additions and 7 deletions
--- a/admin/tool/oauth2/classes/form/issuer.php
+++ b/admin/tool/oauth2/classes/form/issuer.php
@ -139,6 +139,9 @@ class issuer extends persistent {
        $mform->addElement('text', 'baseurl', get_string('issuerbaseurl', 'tool_oauth2'));
        $mform->addRule('baseurl', get_string('maximumchars', '', 1024), 'maxlength', 1024, 'client');
        $mform->addHelpButton('baseurl', 'issuerbaseurl', 'tool_oauth2');
+        if ($this->type && $this->type == 'nextcloud') {
+            $mform->addRule('baseurl', null, 'required', null, 'client');
+        }

        // Allowed Domains.
        $mform->addElement('text', 'alloweddomains', get_string('issueralloweddomains', 'tool_oauth2'));
--- a/admin/tool/oauth2/issuers.php
+++ b/admin/tool/oauth2/issuers.php
@ -192,6 +192,11 @@ if ($mform && $mform->is_cancelled()) {
    $addurl = new moodle_url('/admin/tool/oauth2/issuers.php', $params);
    echo $renderer->single_button($addurl, get_string('createnewfacebookissuer', 'tool_oauth2'));
    $addurl = new moodle_url('/admin/tool/oauth2/issuers.php', ['action' => 'edit']);
+    $docs = 'admin/tool/oauth2/issuers/nextcloud';
+    $params = ['action' => 'edittemplate', 'type' => 'nextcloud', 'sesskey' => sesskey(), 'docslink' => $docs];
+    $addurl = new moodle_url('/admin/tool/oauth2/issuers.php', $params);
+    echo $renderer->single_button($addurl, get_string('createnewnextcloudissuer', 'tool_oauth2'));
+    $addurl = new moodle_url('/admin/tool/oauth2/issuers.php', ['action' => 'edit']);
    echo $renderer->single_button($addurl, get_string('createnewissuer', 'tool_oauth2'));
    echo $OUTPUT->footer();

--- a/admin/tool/oauth2/lang/en/tool_oauth2.php
+++ b/admin/tool/oauth2/lang/en/tool_oauth2.php
@ -35,6 +35,7 @@ $string['createnewfacebookissuer'] = 'Create new Facebook service';
 $string['createnewgoogleissuer'] = 'Create new Google service';
 $string['createnewissuer'] = 'Create new custom service';
 $string['createnewmicrosoftissuer'] = 'Create new Microsoft service';
+$string['createnewnextcloudissuer'] = 'Create new Nextcloud service';
 $string['createnewuserfieldmapping'] = 'Create new user field mapping for issuer "{$a}"';
 $string['deleteconfirm'] = 'Are you sure you want to delete the identity issuer "{$a}"? Any plugins relying on this issuer will stop working.';
 $string['deleteendpointconfirm'] = 'Are you sure you want to delete the endpoint "{$a->endpoint}" for issuer "{$a->issuer}"? Any plugins relying on this endpoint will stop working.';
--- a/lib/classes/oauth2/api.php
+++ b/lib/classes/oauth2/api.php
@ -50,7 +50,7 @@ class api {
        $record = (object) [
            'name' => 'Google',
            'image' => 'https://accounts.google.com/favicon.ico',
-            'baseurl' => 'http://accounts.google.com/',
+            'baseurl' => 'https://accounts.google.com/',
            'loginparamsoffline' => 'access_type=offline&prompt=consent',
            'showonloginpage' => true
        ];
@ -223,10 +223,76 @@ class api {
        return $issuer;
    }

+    /**
+     * Build a nextcloud ready OAuth 2 service.
+     * @return \core\oauth2\issuer
+     */
+    private static function init_nextcloud() {
+        // Nextcloud has a custom baseurl. Thus, the creation of endpoints has to be done later.
+        $record = (object) [
+            'name' => 'Nextcloud',
+            'image' => 'https://nextcloud.com/wp-content/themes/next/assets/img/common/favicon.png?x16328',
+            'basicauth' => 1,
+        ];
+
+        $issuer = new issuer(0, $record);
+
+        return $issuer;
+    }
+
+    /**
+     * Create endpoints for nextcloud issuers.
+     * @param issuer $issuer issuer the endpoints should be created for.
+     * @return mixed
+     * @throws \coding_exception
+     * @throws \core\invalid_persistent_exception
+     */
+    private static function create_endpoints_for_nextcloud($issuer) {
+        $baseurl = $issuer->get('baseurl');
+        // Add trailing slash to baseurl, if needed.
+        if (substr($baseurl, -1) !== '/') {
+            $baseurl .= '/';
+        }
+
+        $endpoints = [
+            // Baseurl will be prepended later.
+            'authorization_endpoint' => 'index.php/apps/oauth2/authorize',
+            'token_endpoint' => 'index.php/apps/oauth2/api/v1/token',
+            'userinfo_endpoint' => 'ocs/v2.php/cloud/user?format=json',
+            'webdav_endpoint' => 'remote.php/webdav/',
+            'ocs_endpoint' => 'ocs/v1.php/apps/files_sharing/api/v1/shares',
+        ];
+
+        foreach ($endpoints as $name => $url) {
+            $record = (object) [
+                'issuerid' => $issuer->get('id'),
+                'name' => $name,
+                'url' => $baseurl . $url,
+            ];
+            $endpoint = new \core\oauth2\endpoint(0, $record);
+            $endpoint->create();
+        }
+
+        // Create the field mappings.
+        $mapping = [
+            'ocs-data-email' => 'email',
+            'ocs-data-id' => 'username',
+        ];
+        foreach ($mapping as $external => $internal) {
+            $record = (object) [
+                'issuerid' => $issuer->get('id'),
+                'externalfield' => $external,
+                'internalfield' => $internal
+            ];
+            $userfieldmapping = new \core\oauth2\user_field_mapping(0, $record);
+            $userfieldmapping->create();
+        }
+    }
+
    /**
     * Initializes a record for one of the standard issuers to be displayed in the settings.
     * The issuer is not yet created in the database.
-     * @param string $type One of google, facebook, microsoft
+     * @param string $type One of google, facebook, microsoft, nextcloud
     * @return \core\oauth2\issuer
     */
    public static function init_standard_issuer($type) {
@ -237,6 +303,8 @@ class api {
            return self::init_microsoft();
        } else if ($type == 'facebook') {
            return self::init_facebook();
+        } else if ($type == 'nextcloud') {
+            return self::init_nextcloud();
        } else {
            throw new moodle_exception('OAuth 2 service type not recognised: ' . $type);
        }
@ -244,7 +312,7 @@ class api {

    /**
     * Create endpoints for standard issuers, based on the issuer created from submitted data.
-     * @param string $type One of google, facebook, microsoft
+     * @param string $type One of google, facebook, microsoft, nextcloud
     * @param issuer $issuer issuer the endpoints should be created for.
     * @return \core\oauth2\issuer
     */
@ -256,17 +324,20 @@ class api {
            return self::create_endpoints_for_microsoft($issuer);
        } else if ($type == 'facebook') {
            return self::create_endpoints_for_facebook($issuer);
+        } else if ($type == 'nextcloud') {
+            return self::create_endpoints_for_nextcloud($issuer);
        } else {
            throw new moodle_exception('OAuth 2 service type not recognised: ' . $type);
        }
    }

    /**
-     *     Create one of the standard issuers.
-     * @param string $type One of google, facebook, or microsoft
+     * Create one of the standard issuers.
+     * @param string $type One of google, facebook, microsoft, or nextcloud
+     * @param string|false $baseurl Baseurl (only required for nextcloud)
     * @return \core\oauth2\issuer
     */
-    public static function create_standard_issuer($type) {
+    public static function create_standard_issuer($type, $baseurl = false) {
        require_capability('moodle/site:config', context_system::instance());
        if ($type == 'google') {
            $issuer = self::init_google();
@ -280,6 +351,14 @@ class api {
            $issuer = self::init_facebook();
            $issuer->create();
            return self::create_endpoints_for_facebook($issuer);
+        } else if ($type == 'nextcloud') {
+            if (!$baseurl) {
+                throw new moodle_exception('Nextcloud service type requires the baseurl parameter.');
+            }
+            $issuer = self::init_nextcloud();
+            $issuer->set('baseurl', $baseurl);
+            $issuer->create();
+            return self::create_endpoints_for_nextcloud($issuer);
        } else {
            throw new moodle_exception('OAuth 2 service type not recognised: ' . $type);
        }
--- a/lib/classes/oauth2/issuer.php
+++ b/lib/classes/oauth2/issuer.php
@ -26,6 +26,7 @@ namespace core\oauth2;
 defined('MOODLE_INTERNAL') || die();

 use core\persistent;
+use lang_string;

 /**
 * Class for loading/storing issuer from the DB
@ -209,4 +210,18 @@ class issuer extends persistent {

        return true;
    }
+
+    /**
+     * Custom validator for end point URLs.
+     * Because we send Bearer tokens we must ensure SSL.
+     *
+     * @param string $value The value to check.
+     * @return lang_string|boolean
+     */
+    protected function validate_baseurl($value) {
+        if (!empty($value) && strpos($value, 'https://') !== 0) {
+            return new lang_string('sslonlyaccess', 'error');
+        }
+        return true;
+    }
 }
--- a/lib/tests/oauth2_test.php
+++ b/lib/tests/oauth2_test.php
@ -42,12 +42,17 @@ class core_oauth2_testcase extends advanced_testcase {
        \core\oauth2\api::create_standard_issuer('google');
        \core\oauth2\api::create_standard_issuer('facebook');
        \core\oauth2\api::create_standard_issuer('microsoft');
+        \core\oauth2\api::create_standard_issuer('nextcloud', 'https://dummy.local/nextcloud/');
+
+        $this->expectException(\moodle_exception::class);
+        \core\oauth2\api::create_standard_issuer('nextcloud');

        $issuers = \core\oauth2\api::get_all_issuers();

        $this->assertEquals($issuers[0]->get('name'), 'Google');
        $this->assertEquals($issuers[1]->get('name'), 'Facebook');
        $this->assertEquals($issuers[2]->get('name'), 'Microsoft');
+        $this->assertEquals($issuers[3]->get('name'), 'Nextcloud');

        \core\oauth2\api::move_down_issuer($issuers[0]->get('id'));

@ -56,6 +61,7 @@ class core_oauth2_testcase extends advanced_testcase {
        $this->assertEquals($issuers[0]->get('name'), 'Facebook');
        $this->assertEquals($issuers[1]->get('name'), 'Google');
        $this->assertEquals($issuers[2]->get('name'), 'Microsoft');
+        $this->assertEquals($issuers[3]->get('name'), 'Nextcloud');

        \core\oauth2\api::delete_issuer($issuers[1]->get('id'));

@ -63,6 +69,7 @@ class core_oauth2_testcase extends advanced_testcase {

        $this->assertEquals($issuers[0]->get('name'), 'Facebook');
        $this->assertEquals($issuers[1]->get('name'), 'Microsoft');
+        $this->assertEquals($issuers[2]->get('name'), 'Nextcloud');
    }

    /**
--- a/repository/googledocs/tests/generator/lib.php
+++ b/repository/googledocs/tests/generator/lib.php
@ -47,7 +47,7 @@ class repository_googledocs_generator extends testing_repository_generator {
        $issuerrecord = (object) [
            'name' => 'Google',
            'image' => 'https://accounts.google.com/favicon.ico',
-            'baseurl' => 'http://accounts.google.com/',
+            'baseurl' => 'https://accounts.google.com/',
            'loginparamsoffline' => 'access_type=offline&prompt=consent',
            'showonloginpage' => true
        ];