MDL-58220 oauth2: Don't login as deleted users

Also prevent sesskey error on first page of new logins.
2025-01-18 22:08:20 +01:00 · 2017-03-31 10:31:53 +08:00 · 2017-03-31 10:31:53 +08:00 · 512e681a3b
commit 512e681a3b
parent 7f15866006
2 changed files with 10 additions and 2 deletions
--- a/auth/oauth2/classes/api.php
+++ b/auth/oauth2/classes/api.php
@ -76,7 +76,15 @@ class api {
            'issuerid' => $issuer->get('id'),
            'username' => $username
        ];
-        return linked_login::get_record($params);
+        $result = linked_login::get_record($params);
+
+        if ($result) {
+            $user = \core_user::get_user($result->get('userid'));
+            if (!empty($user) && !$user->deleted) {
+                return $result;
+            }
+        }
+        return false;
    }

    /**
--- a/auth/oauth2/login.php
+++ b/auth/oauth2/login.php
@ -25,7 +25,7 @@
 require_once('../../config.php');

 $issuerid = required_param('id', PARAM_INT);
-$wantsurl = new moodle_url(optional_param('wantsurl', '/', PARAM_URL));
+$wantsurl = new moodle_url(optional_param('wantsurl', '', PARAM_URL));

 require_sesskey();