mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-14 04:52:36 +02:00
Code Issues Projects Releases Wiki Activity

Merge branch 'MDL-40045_master' of https://github.com/markn86/moodle

Browse Source
This commit is contained in:
Dan Poltawski 2013-10-22 13:00:23 +08:00 committed by Eloy Lafuente (stronk7)
commit 616e57d926
10 changed files with 257 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
auth/ldap/auth.php
View File

@ -1739,12 +1739,11 @@ class auth_plugin_ldap extends auth_plugin_base {
return false;
}
$username = $cf[$key];
// Here we want to trigger the whole authentication machinery
// to make sure no step is bypassed...
$user = authenticate_user_login($username, $key);
if ($user) {
add_to_log(SITEID, 'user', 'login', "view.php?id=$USER->id&course=".SITEID,
$user->id, 0, $user->id);
complete_user_login($user);
// Cleanup the key to prevent reuse...
@ -1763,7 +1762,10 @@ class auth_plugin_ldap extends auth_plugin_base {
$urltogo = $CFG->wwwroot.'/';
unset($SESSION->wantsurl);
}
redirect($urltogo);
// We do not want to redirect if we are in a PHPUnit test.
if (!PHPUNIT_TEST) {
redirect($urltogo);
}
}
// Should never reach here.
return false;

67
auth/ldap/tests/plugin_test.php
View File

@ -236,6 +236,73 @@ class auth_ldap_plugin_testcase extends advanced_testcase {
ldap_close($connection);
}
/**
* Test logging in via LDAP calls a user_loggedin event.
*/
public function test_ldap_user_loggedin_event() {
global $CFG, $DB, $USER;
require_once($CFG->dirroot . '/auth/ldap/auth.php');
$this->resetAfterTest();
$this->setAdminUser();
$user = clone($USER);
// The USER variable no longer stores the password hash, so set it here.
$user->password = 'password';
// Note: we are just going to trigger the function that calls the event,
// not actually perform a LDAP login, for the sake of sanity.
$ldap = new auth_plugin_ldap();
// Set the key for the cache flag we want to set which is used by LDAP.
set_cache_flag($ldap->pluginconfig . '/ntlmsess', sesskey(), $user->username, AUTH_NTLMTIMEOUT);
// We are going to need to set the sesskey as the user's password in order for the LDAP log in to work.
update_internal_user_password($user, sesskey());
// The function ntlmsso_finish is responsible for triggering the event, so call it directly and catch the event.
$sink = $this->redirectEvents();
// We need to supress this function call, or else we will get the message "session_regenerate_id(): Cannot
// regenerate session id - headers already sent" as the ntlmsso_finish function calls complete_user_login
@$ldap->ntlmsso_finish();
$events = $sink->get_events();
$sink->close();
// Unset the password now.
unset($user->password);
// Get the user from the DB and set the expected variables.
$dbuser = $DB->get_record('user', array('id' => $user->id), '*', MUST_EXIST);
$user->firstaccess = (int) $dbuser->firstaccess;
$user->lastaccess = (int) $dbuser->lastaccess;
$user->currentlogin = (int) $dbuser->currentlogin;
$user->sesskey = sesskey();
$user->lastcourseaccess = array();
$user->currentcourseaccess = array();
$user->groupmember = array();
$user->profile = array();
$user->preference = array(
'_lastloaded' => time()
);
// Check that the event is valid.
$this->assertCount(2, $events);
$event = $events[0];
$this->assertInstanceOf('\core\event\user_updated', $event);
$event = $events[1];
$this->assertInstanceOf('\core\event\user_loggedin', $event);
$this->assertEquals('user', $event->objecttable);
$this->assertEquals('2', $event->objectid);
$this->assertEquals(context_system::instance()->id, $event->contextid);
$this->assertEquals($user, $event->get_record_snapshot('user', 2));
$expectedlog = array(SITEID, 'user', 'login', 'view.php?id=' . $USER->id . '&course=' . SITEID, $user->id,
0, $user->id);
$this->assertEventLegacyLogData($expectedlog, $event);
}
protected function create_ldap_user($connection, $topdn, $i) {
$o = array();
$o['objectClass'] = array('inetOrgPerson', 'organizationalPerson', 'person', 'posixAccount');

18
auth/shibboleth/index.php
View File

@ -46,23 +46,7 @@
if ($shibbolethauth->user_login($frm->username, $frm->password)
&& $user = authenticate_user_login($frm->username, $frm->password)) {
enrol_check_plugins($user);
\core\session\manager::set_user($user);
$USER->loggedin = true;
$USER->site = $CFG->wwwroot; // for added security, store the site in the
update_user_login_times();
// Don't show previous shibboleth username on login page
set_login_session_preferences();
unset($SESSION->lang);
$SESSION->justloggedin = true;
add_to_log(SITEID, 'user', 'login', "view.php?id=$USER->id&course=".SITEID, $USER->id, 0, $USER->id);
complete_user_login($user);
if (user_not_fully_set_up($USER)) {
$urltogo = $CFG->wwwroot.'/user/edit.php?id='.$USER->id.'&course='.SITEID;

2
lang/en/moodle.php
View File

@ -711,7 +711,9 @@ $string['eventcourseupdated'] = 'Course updated';
$string['eventcoursesectionupdated'] = ' Course section updated';
$string['eventusercreated'] = 'User created';
$string['eventuserdeleted'] = 'User deleted';
$string['eventuserlistviewed'] = 'User list viewed';
$string['eventuserloggedout'] = 'User logged out';
$string['eventuserprofileviewed'] = 'User profile viewed';
$string['eventuserupdated'] = 'User updated';
$string['everybody'] = 'Everybody';
$string['executeat'] = 'Execute at';

76
lib/classes/event/user_list_viewed.php Normal file
View File

@ -0,0 +1,76 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Defines the user list viewed event.
*
* @package core
* @copyright 2013 Mark Nelson <markn@moodle.com>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
namespace core\event;
defined('MOODLE_INTERNAL') || die();
class user_list_viewed extends \core\event\base {
/**
* Initialise required event data properties.
*/
protected function init() {
$this->data['objecttable'] = 'course';
$this->data['crud'] = 'r';
$this->data['level'] = self::LEVEL_OTHER;
}
/**
* Returns localised event name.
*
* @return string
*/
public static function get_name() {
return get_string('eventuserlistviewed');
}
/**
* Returns non-localised event description with id's for admin use only.
*
* @return string
*/
public function get_description() {
return 'User ' . $this->userid . ' viewed the list of users in the course ' . $this->other['courseid'];
}
/**
* Returns relevant URL.
*
* @return \moodle_url
*/
public function get_url() {
return new \moodle_url('/user/index.php', array('id' => $this->other['courseid']));
}
/**
* Returns array of parameters to be passed to legacy add_to_log() function.
*
* @return array
*/
protected function get_legacy_logdata() {
return array($this->other['courseid'], 'user', 'view all', 'index.php?id=' . $this->other['courseid'], '');
}
}

2
lib/classes/event/user_loggedin.php
View File

@ -50,7 +50,7 @@ class user_loggedin extends \core\event\base {
* @return array
*/
protected function get_legacy_logdata() {
return array(SITEID, 'user', 'login', "view.php?id=" . $this->data['objectid'] . "&course=".SITEID,
return array(SITEID, 'user', 'login', 'view.php?id=' . $this->data['objectid'] . '&course=' . SITEID,
$this->data['objectid'], 0, $this->data['objectid']);
}

77
lib/classes/event/user_profile_viewed.php Normal file
View File

@ -0,0 +1,77 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Defines the user profile viewed event.
*
* @package core
* @copyright 2013 Mark Nelson <markn@moodle.com>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
namespace core\event;
defined('MOODLE_INTERNAL') || die();
class user_profile_viewed extends base {
/**
* Initialise required event data properties.
*/
protected function init() {
$this->data['objecttable'] = 'user';
$this->data['crud'] = 'r';
$this->data['level'] = self::LEVEL_OTHER;
}
/**
* Returns localised event name.
*
* @return string
*/
public static function get_name() {
return get_string('eventuserprofileviewed');
}
/**
* Returns non-localised event description with id's for admin use only.
*
* @return string
*/
public function get_description() {
return 'User ' . $this->userid . ' viewed the profile for user ' . $this->relateduserid . ' in the course ' .
$this->other['courseid'];
}
/**
* Returns relevant URL.
*
* @return \moodle_url
*/
public function get_url() {
return new \moodle_url('/user/view.php', array('id' => $this->relateduserid, 'course' => $this->other['courseid']));
}
/**
* Returns array of parameters to be passed to legacy add_to_log() function.
*
* @return array
*/
protected function get_legacy_logdata() {
return array($this->other['courseid'], 'user', 'view', 'view.php?id=' . $this->relateduserid . '&course=' .
$this->other['courseid'], $this->relateduserid);
}
}

8
login/change_password.php
View File

@ -31,12 +31,14 @@ require_once($CFG->libdir.'/authlib.php');
$id = optional_param('id', SITEID, PARAM_INT); // current course
$return = optional_param('return', 0, PARAM_BOOL); // redirect after password change
$systemcontext = context_system::instance();
//HTTPS is required in this page when $CFG->loginhttps enabled
$PAGE->https_required();
$PAGE->set_url('/login/change_password.php', array('id'=>$id));
$PAGE->set_context(context_system::instance());
$PAGE->set_context($systemcontext);
if ($return) {
// this redirect prevents security warning because https can not POST to http pages
@ -53,8 +55,6 @@ if ($return) {
$strparticipants = get_string('participants');
$systemcontext = context_system::instance();
if (!$course = $DB->get_record('course', array('id'=>$id))) {
print_error('invalidcourseid');
}
@ -120,8 +120,6 @@ if ($mform->is_cancelled()) {
$strpasswordchanged = get_string('passwordchanged');
add_to_log($course->id, 'user', 'change password', "view.php?id=$USER->id&amp;course=$course->id", "$USER->id");
$fullname = fullname($USER, true);
$PAGE->navbar->add($fullname, new moodle_url('/user/view.php', array('id'=>$USER->id, 'course'=>$course->id)));

11
user/index.php
View File

@ -86,7 +86,16 @@
}
}
add_to_log($course->id, 'user', 'view all', 'index.php?id='.$course->id, '');
$event = \core\event\user_list_viewed::create(array(
'context' => $context,
'objectid' => $course->id,
'other' => array(
'courseid' => $course->id,
'courseshortname' => $course->shortname,
'coursefullname' => $course->fullname
)
));
$event->trigger();
$bulkoperations = has_capability('moodle/course:bulkmessaging', $context);

19
user/view.php
View File

@ -186,11 +186,22 @@ if ($user->deleted) {
}
}
/// OK, security out the way, now we are showing the user
// OK, security out the way, now we are showing the user.
// Trigger a user profile viewed event.
$event = \core\event\user_profile_viewed::create(array(
'objectid' => $USER->id,
'relateduserid' => $user->id,
'context' => $usercontext,
'other' => array(
'courseid' => $course->id,
'courseshortname' => $course->shortname,
'coursefullname' => $course->fullname
)
));
$event->add_record_snapshot('user', $user);
$event->trigger();
add_to_log($course->id, "user", "view", "view.php?id=$user->id&course=$course->id", "$user->id");
/// Get the hidden field list
// Get the hidden field list.
if (has_capability('moodle/user:viewhiddendetails', $coursecontext)) {
$hiddenfields = array();
} else {