mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-01-18 22:08:20 +01:00
Code Issues Projects Releases Wiki Activity

MDL-58220 oauth2: obey $CFG->authpreventaccountcreation

Browse Source
This commit is contained in:
Damyon Wiese 2017-04-05 12:51:56 +08:00
parent 04056e715b
commit 6cee96c8af
2 changed files with 60 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
auth/oauth2/classes/auth.php
View File

@ -365,11 +365,23 @@ class auth extends \auth_plugin_base {
$userinfo = $client->get_userinfo();
if (!$userinfo) {
// Trigger login failed event.
$failurereason = AUTH_LOGIN_NOUSER;
$event = \core\event\user_login_failed::create(['other' => ['username' => $userinfo['username'],
'reason' => $failurereason]]);
$event->trigger();
$errormsg = get_string('loginerror_nouserinfo', 'auth_oauth2');
$SESSION->loginerrormsg = $errormsg;
redirect(new moodle_url($CFG->httpswwwroot . '/login/index.php'));
}
if (empty($userinfo['username']) || empty($userinfo['email'])) {
// Trigger login failed event.
$failurereason = AUTH_LOGIN_NOUSER;
$event = \core\event\user_login_failed::create(['other' => ['username' => $userinfo['username'],
'reason' => $failurereason]]);
$event->trigger();
$errormsg = get_string('loginerror_userincomplete', 'auth_oauth2');
$SESSION->loginerrormsg = $errormsg;
redirect(new moodle_url($CFG->httpswwwroot . '/login/index.php'));
@ -403,17 +415,35 @@ class auth extends \auth_plugin_base {
$userinfo = (array) $mappeduser;
$userwasmapped = true;
} else {
// Trigger login failed event.
$failurereason = AUTH_LOGIN_UNAUTHORISED;
$event = \core\event\user_login_failed::create(['other' => ['username' => $userinfo['username'],
'reason' => $failurereason]]);
$event->trigger();
$errormsg = get_string('confirmationpending', 'auth_oauth2');
$SESSION->loginerrormsg = $errormsg;
redirect(new moodle_url($CFG->httpswwwroot . '/login/index.php'));
}
} else if (!empty($linkedlogin)) {
// Trigger login failed event.
$failurereason = AUTH_LOGIN_UNAUTHORISED;
$event = \core\event\user_login_failed::create(['other' => ['username' => $userinfo['username'],
'reason' => $failurereason]]);
$event->trigger();
$errormsg = get_string('confirmationpending', 'auth_oauth2');
$SESSION->loginerrormsg = $errormsg;
redirect(new moodle_url($CFG->httpswwwroot . '/login/index.php'));
}
$issuer = $client->get_issuer();
if (!$issuer->is_valid_login_domain($userinfo['email'])) {
// Trigger login failed event.
$failurereason = AUTH_LOGIN_UNAUTHORISED;
$event = \core\event\user_login_failed::create(['other' => ['username' => $userinfo['username'],
'reason' => $failurereason]]);
$event->trigger();
$errormsg = get_string('notloggedindebug', 'auth_oauth2', get_string('loginerror_invaliddomain', 'auth_oauth2'));
$SESSION->loginerrormsg = $errormsg;
redirect(new moodle_url($CFG->httpswwwroot . '/login/index.php'));
@ -439,6 +469,11 @@ class auth extends \auth_plugin_base {
$exists = \core_user::get_user_by_username($userinfo['username']);
// Creating a new user?
if ($exists) {
// Trigger login failed event.
$failurereason = AUTH_LOGIN_FAILED;
$event = \core\event\user_login_failed::create(['other' => ['username' => $userinfo['username'],
'reason' => $failurereason]]);
$event->trigger();
// The username exists but the emails don't match. Refuse to continue.
$errormsg = get_string('accountexists', 'auth_oauth2');
@ -447,6 +482,11 @@ class auth extends \auth_plugin_base {
}
if (email_is_not_allowed($userinfo['email'])) {
// Trigger login failed event.
$failurereason = AUTH_LOGIN_FAILED;
$event = \core\event\user_login_failed::create(['other' => ['username' => $userinfo['username'],
'reason' => $failurereason]]);
$event->trigger();
// The username exists but the emails don't match. Refuse to continue.
$reason = get_string('loginerror_invaliddomain', 'auth_oauth2');
$errormsg = get_string('notloggedindebug', 'auth_oauth2', $reason);
@ -454,6 +494,19 @@ class auth extends \auth_plugin_base {
redirect(new moodle_url($CFG->httpswwwroot . '/login/index.php'));
}
if (!empty($CFG->authpreventaccountcreation)) {
// Trigger login failed event.
$failurereason = AUTH_LOGIN_UNAUTHORISED;
$event = \core\event\user_login_failed::create(['other' => ['username' => $userinfo['username'],
'reason' => $failurereason]]);
$event->trigger();
// The username does not exist and settings prevent creating new accounts.
$reason = get_string('loginerror_cannotcreateaccounts', 'auth_oauth2');
$errormsg = get_string('notloggedindebug', 'auth_oauth2', $reason);
$SESSION->loginerrormsg = $errormsg;
redirect(new moodle_url($CFG->httpswwwroot . '/login/index.php'));
}
$PAGE->set_url('/auth/oauth2/confirm-account.php');
$PAGE->set_context(context_system::instance());
@ -478,6 +531,12 @@ class auth extends \auth_plugin_base {
$this->update_picture($user);
redirect($redirecturl);
}
// Trigger login failed event.
$failurereason = AUTH_LOGIN_FAILED;
$event = \core\event\user_login_failed::create(['other' => ['username' => $userinfo['username'],
'reason' => $failurereason]]);
$event->trigger();
$errormsg = get_string('notloggedindebug', 'auth_oauth2', get_string('loginerror_authenticationfailed', 'auth_oauth2'));
$SESSION->loginerrormsg = $errormsg;
redirect(new moodle_url($CFG->httpswwwroot . '/login/index.php'));

1
auth/oauth2/lang/en/auth_oauth2.php
View File

@ -77,6 +77,7 @@ $string['loginerror_userincomplete'] = 'The user information returned did not co
$string['loginerror_nouserinfo'] = 'No user information was returned. The OAuth 2 service may be configured incorrectly.';
$string['loginerror_invaliddomain'] = 'The email address is not allowed at this site.';
$string['loginerror_authenticationfailed'] = 'The authentication process failed.';
$string['loginerror_cannotcreateaccounts'] = 'The account does not exist and this site does not allow self-registration.';
$string['notloggedindebug'] = 'The login attempt failed. Reason: {$a}';
$string['notwhileloggedinas'] = 'Linked logins cannot be managed while logged in as another user.';
$string['oauth2:managelinkedlogins'] = 'Manage own linked login accounts';