mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-01-19 06:18:28 +01:00
Code Issues Projects Releases Wiki Activity

MDL-63592 auth_oauth2: Add support for removal of context users

Browse Source 
This issue is part of the MDL-62560 Epic.
This commit is contained in:
Mihail Geshoski 2018-10-10 16:17:19 +08:00 committed by David Monllao
parent 5038a863e7
commit 60f3eec644
2 changed files with 154 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
auth/oauth2/classes/privacy/provider.php
View File

@ -24,11 +24,13 @@ namespace auth_oauth2\privacy;
defined('MOODLE_INTERNAL') || die();
use \core_privacy\local\metadata\collection;
use \core_privacy\local\request\contextlist;
use \core_privacy\local\request\approved_contextlist;
use \core_privacy\local\request\transform;
use \core_privacy\local\request\writer;
use core_privacy\local\metadata\collection;
use core_privacy\local\request\contextlist;
use core_privacy\local\request\approved_contextlist;
use core_privacy\local\request\transform;
use core_privacy\local\request\writer;
use core_privacy\local\request\userlist;
use core_privacy\local\request\approved_userlist;
/**
* Privacy provider for auth_oauth2
@ -39,6 +41,7 @@ use \core_privacy\local\request\writer;
*/
class provider implements
\core_privacy\local\metadata\provider,
\core_privacy\local\request\core_userlist_provider,
\core_privacy\local\request\plugin\provider {
/**
@ -84,6 +87,33 @@ class provider implements
return $contextlist;
}
/**
* Get the list of users within a specific context.
*
* @param userlist $userlist The userlist containing the list of users who have data in this context/plugin combination.
*/
public static function get_users_in_context(userlist $userlist) {
$context = $userlist->get_context();
if (!$context instanceof \context_user) {
return;
}
$params = [
'contextuser' => CONTEXT_USER,
'contextid' => $context->id
];
$sql = "SELECT ctx.instanceid as userid
FROM {auth_oauth2_linked_login} ao
JOIN {context} ctx
ON ctx.instanceid = ao.userid
AND ctx.contextlevel = :contextuser
WHERE ctx.id = :contextid";
$userlist->add_from_sql('userid', $sql, $params);
}
/**
* Export all oauth2 information for the list of contexts and this user.
*
@ -126,6 +156,19 @@ class provider implements
static::delete_user_data($context->instanceid);
}
/**
* Delete multiple users within a single context.
*
* @param approved_userlist $userlist The approved context and user information to delete information for.
*/
public static function delete_data_for_users(approved_userlist $userlist) {
$context = $userlist->get_context();
if ($context instanceof \context_user) {
static::delete_user_data($context->instanceid);
}
}
/**
* Delete all user data for this user only.
*

106
auth/oauth2/tests/privacy_provider_test.php
View File

@ -28,6 +28,7 @@ use \auth_oauth2\privacy\provider;
use \core_privacy\local\request\approved_contextlist;
use \core_privacy\local\request\writer;
use \core_privacy\tests\provider_testcase;
use core_privacy\local\request\approved_userlist;
/**
* Privacy test for the authentication oauth2
@ -169,4 +170,109 @@ class auth_oauth2_privacy_testcase extends provider_testcase {
// There should be one user.
$this->assertCount(1, $oauth2accounts);
}
/**
* Test that only users with a user context are fetched.
*/
public function test_get_users_in_context() {
$this->resetAfterTest();
$component = 'auth_oauth2';
// Create a user.
$user = $this->getDataGenerator()->create_user();
$usercontext = context_user::instance($user->id);
// The list of users should not return anything yet (related data still haven't been created).
$userlist = new \core_privacy\local\request\userlist($usercontext, $component);
provider::get_users_in_context($userlist);
$this->assertCount(0, $userlist);
$issuer = \core\oauth2\api::create_standard_issuer('google');
$info = [];
$info['username'] = 'gina';
$info['email'] = 'gina@example.com';
\auth_oauth2\api::link_login($info, $issuer, $user->id, false);
// The list of users for user context should return the user.
provider::get_users_in_context($userlist);
$this->assertCount(1, $userlist);
$expected = [$user->id];
$actual = $userlist->get_userids();
$this->assertEquals($expected, $actual);
// The list of users for system context should not return any users.
$systemcontext = context_system::instance();
$userlist = new \core_privacy\local\request\userlist($systemcontext, $component);
provider::get_users_in_context($userlist);
$this->assertCount(0, $userlist);
}
/**
* Test that data for users in approved userlist is deleted.
*/
public function test_delete_data_for_users() {
$this->resetAfterTest();
$component = 'auth_oauth2';
// Create user1.
$user1 = $this->getDataGenerator()->create_user();
$usercontext1 = context_user::instance($user1->id);
// Create user2.
$user2 = $this->getDataGenerator()->create_user();
$usercontext2 = context_user::instance($user2->id);
$issuer1 = \core\oauth2\api::create_standard_issuer('google');
$info1 = [];
$info1['username'] = 'gina1';
$info1['email'] = 'gina@example1.com';
\auth_oauth2\api::link_login($info1, $issuer1, $user1->id, false);
$issuer2 = \core\oauth2\api::create_standard_issuer('google');
$info2 = [];
$info2['username'] = 'gina2';
$info2['email'] = 'gina@example2.com';
\auth_oauth2\api::link_login($info2, $issuer2, $user2->id, false);
// The list of users for usercontext1 should return user1.
$userlist1 = new \core_privacy\local\request\userlist($usercontext1, $component);
provider::get_users_in_context($userlist1);
$this->assertCount(1, $userlist1);
$expected = [$user1->id];
$actual = $userlist1->get_userids();
$this->assertEquals($expected, $actual);
// The list of users for usercontext2 should return user2.
$userlist2 = new \core_privacy\local\request\userlist($usercontext2, $component);
provider::get_users_in_context($userlist2);
$this->assertCount(1, $userlist2);
$expected = [$user2->id];
$actual = $userlist2->get_userids();
$this->assertEquals($expected, $actual);
// Add userlist1 to the approved user list.
$approvedlist = new approved_userlist($usercontext1, $component, $userlist1->get_userids());
// Delete user data using delete_data_for_user for usercontext1.
provider::delete_data_for_users($approvedlist);
// Re-fetch users in usercontext1 - The user list should now be empty.
$userlist1 = new \core_privacy\local\request\userlist($usercontext1, $component);
provider::get_users_in_context($userlist1);
$this->assertCount(0, $userlist1);
// Re-fetch users in usercontext2 - The user list should not be empty (user2).
$userlist2 = new \core_privacy\local\request\userlist($usercontext2, $component);
provider::get_users_in_context($userlist2);
$this->assertCount(1, $userlist2);
// User data should be only removed in the user context.
$systemcontext = context_system::instance();
// Add userlist2 to the approved user list in the system context.
$approvedlist = new approved_userlist($systemcontext, $component, $userlist2->get_userids());
// Delete user1 data using delete_data_for_user.
provider::delete_data_for_users($approvedlist);
// Re-fetch users in usercontext2 - The user list should not be empty (user2).
$userlist2 = new \core_privacy\local\request\userlist($usercontext2, $component);
provider::get_users_in_context($userlist2);
$this->assertCount(1, $userlist2);
}
}