MDL-58220 oauth2: Use iputils to check domain

Allows wild cards and more strict checking against spec.

lib/classes/oauth2/issuer.php

@@ -142,6 +142,7 @@ class issuer extends persistent {
         if (empty($this->get('alloweddomains'))) {
             return true;
         }
+
         $validdomains = explode(',', $this->get('alloweddomains'));
 
         $parts = explode('@', $email, 2);
@@ -150,16 +151,7 @@ class issuer extends persistent {
             $emaildomain = $parts[1];
         }
 
-        $emaildomain = \core_text::strtolower(trim($emaildomain));
-        foreach ($validdomains as $checkdomain) {
-            $checkdomain = \core_text::strtolower(trim($checkdomain));
-
-            if ((\core_text::strlen($checkdomain) == \core_text::strlen($emaildomain)) &&
-                    (\core_text::strpos($checkdomain, $emaildomain) === 0)) {
-                return true;
-            }
-        }
-        return false;
+        return \core\ip_utils::is_domain_in_allowed_list($emaildomain, $validdomains);
     }
 
     /**

lib/tests/oauth2_test.php

@@ -196,6 +196,14 @@ class core_oauth2_testcase extends advanced_testcase {
         $this->assertFalse($issuer->is_valid_login_domain('invalid@email@example.net'));
         $this->assertTrue($issuer->is_valid_login_domain('longer.example@example.net'));
         $this->assertTrue($issuer->is_valid_login_domain('longer.example@example.com'));
+
+        $issuer->set('alloweddomains', '*.example.com');
+        // Wildcard.
+        $this->assertFalse($issuer->is_valid_login_domain(''));
+        $this->assertFalse($issuer->is_valid_login_domain('a@b'));
+        $this->assertFalse($issuer->is_valid_login_domain('longer.example@example'));
+        $this->assertFalse($issuer->is_valid_login_domain('longer.example@example.com'));
+        $this->assertTrue($issuer->is_valid_login_domain('longer.example@sub.example.com'));
     }
 
 }