mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-01-19 06:18:28 +01:00
Code Issues Projects Releases Wiki Activity

MDL-58774 auth_oauth2: Prevent duplicate linked logins

Browse Source
This commit is contained in:
Damyon Wiese 2017-05-08 14:42:52 +08:00
parent e0abc2e405
commit 4f705f5d0d
3 changed files with 17 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
auth/oauth2/classes/api.php
View File

@ -105,6 +105,10 @@ class api {
$userid = $USER->id; $userid = $USER->id;
} }
if (linked_login::count_records(['username' => $userinfo['username']]) > 0) {
throw new moodle_exception('alreadylinked', 'auth_oauth2');
}
if (\core\session\manager::is_loggedinas()) { if (\core\session\manager::is_loggedinas()) {
throw new moodle_exception('notwhileloggedinas', 'auth_oauth2'); throw new moodle_exception('notwhileloggedinas', 'auth_oauth2');
} }
@ -144,9 +148,8 @@ class api {
$record->issuerid = $issuer->get('id'); $record->issuerid = $issuer->get('id');
$record->username = $userinfo['username']; $record->username = $userinfo['username'];
$record->userid = $userid; $record->userid = $userid;
$existing = linked_login::get_record((array)$record); if (linked_login::count_records(['username' => $userinfo['username']]) > 0) {
if ($existing) { throw new moodle_exception('alreadylinked', 'auth_oauth2');
return false;
} }
$record->email = $userinfo['email']; $record->email = $userinfo['email'];
$record->confirmtoken = random_string(32); $record->confirmtoken = random_string(32);
@ -239,6 +242,10 @@ class api {
require_once($CFG->dirroot.'/user/profile/lib.php'); require_once($CFG->dirroot.'/user/profile/lib.php');
require_once($CFG->dirroot.'/user/lib.php'); require_once($CFG->dirroot.'/user/lib.php');
if (linked_login::count_records(['username' => $userinfo['username']]) > 0) {
throw new moodle_exception('alreadylinked', 'auth_oauth2');
}
$user = new stdClass(); $user = new stdClass();
$user->username = $userinfo['username']; $user->username = $userinfo['username'];
$user->email = $userinfo['email']; $user->email = $userinfo['email'];

1
auth/oauth2/lang/en/auth_oauth2.php
View File

@ -83,3 +83,4 @@ $string['notwhileloggedinas'] = 'Linked logins cannot be managed while logged in
$string['oauth2:managelinkedlogins'] = 'Manage own linked login accounts'; $string['oauth2:managelinkedlogins'] = 'Manage own linked login accounts';
$string['plugindescription'] = 'This authentication plugin displays a list of the configured identity providers on the login page. Selecting an identity provider allows users to login with their credentials from an OAuth 2 provider.'; $string['plugindescription'] = 'This authentication plugin displays a list of the configured identity providers on the login page. Selecting an identity provider allows users to login with their credentials from an OAuth 2 provider.';
$string['pluginname'] = 'OAuth 2'; $string['pluginname'] = 'OAuth 2';
$string['alreadylinked'] = 'This external account is already linked to an account on this site';

4
auth/oauth2/linkedlogins.php
View File

@ -58,8 +58,12 @@ if ($action == 'new') {
$userinfo = $client->get_userinfo(); $userinfo = $client->get_userinfo();
if (!empty($userinfo)) { if (!empty($userinfo)) {
try {
\auth_oauth2\api::link_login($userinfo, $issuer); \auth_oauth2\api::link_login($userinfo, $issuer);
redirect($PAGE->url, get_string('changessaved'), null, \core\output\notification::NOTIFY_SUCCESS); redirect($PAGE->url, get_string('changessaved'), null, \core\output\notification::NOTIFY_SUCCESS);
} catch (Exception $e) {
redirect($PAGE->url, $e->getMessage(), null, \core\output\notification::NOTIFY_ERROR);
}
} else { } else {
redirect($PAGE->url, get_string('notloggedin', 'auth_oauth2'), null, \core\output\notification::NOTIFY_ERROR); redirect($PAGE->url, get_string('notloggedin', 'auth_oauth2'), null, \core\output\notification::NOTIFY_ERROR);
} }