mirror of
https://github.com/moodle/moodle.git
synced 2025-03-14 04:30:15 +01:00
MDL-65637 core_oauth2: Introduce a new custom linkedin oauth2 client
This commit is contained in:
parent
169e1812ed
commit
8e71f6b1f1
@ -234,6 +234,12 @@ if ($mform && $mform->is_cancelled()) {
|
||||
$addurl = new moodle_url('/admin/tool/oauth2/issuers.php', $params);
|
||||
echo $renderer->single_button($addurl, get_string('imsobv2p1_service', 'tool_oauth2'));
|
||||
|
||||
// Linkedin template.
|
||||
$docs = 'admin/tool/oauth2/issuers/linkedin';
|
||||
$params = ['action' => 'edittemplate', 'type' => 'linkedin', 'sesskey' => sesskey(), 'docslink' => $docs];
|
||||
$addurl = new moodle_url('/admin/tool/oauth2/issuers.php', $params);
|
||||
echo $renderer->single_button($addurl, get_string('linkedin_service', 'tool_oauth2'));
|
||||
|
||||
// Generic issuer.
|
||||
$addurl = new moodle_url('/admin/tool/oauth2/issuers.php', ['action' => 'edit']);
|
||||
echo $renderer->single_button($addurl, get_string('custom_service', 'tool_oauth2'));
|
||||
|
@ -96,6 +96,7 @@ $string['issueruseininternalonly'] = 'Internal services only';
|
||||
$string['issueruseinloginonly'] = 'Login page only';
|
||||
$string['issuerusedforlogin'] = 'Login';
|
||||
$string['issuerusedforinternal'] = 'Internal services';
|
||||
$string['linkedin_service'] = 'LinkedIn';
|
||||
$string['logindisplay'] = 'Display on login page as';
|
||||
$string['loginissuer'] = 'Allow login';
|
||||
$string['microsoft_service'] = 'Microsoft';
|
||||
|
@ -428,8 +428,8 @@ class api {
|
||||
}
|
||||
// Get all the scopes!
|
||||
$scopes = self::get_system_scopes_for_issuer($issuer);
|
||||
|
||||
$client = new \core\oauth2\client($issuer, null, $scopes, true);
|
||||
$class = self::get_client_classname($issuer->get('servicetype'));
|
||||
$client = new $class($issuer, null, $scopes, true);
|
||||
|
||||
if (!$client->is_logged_in()) {
|
||||
if (!$client->upgrade_refresh_token($systemaccount)) {
|
||||
@ -451,11 +451,33 @@ class api {
|
||||
*/
|
||||
public static function get_user_oauth_client(issuer $issuer, moodle_url $currenturl, $additionalscopes = '',
|
||||
$autorefresh = false) {
|
||||
$client = new \core\oauth2\client($issuer, $currenturl, $additionalscopes, false, $autorefresh);
|
||||
$class = self::get_client_classname($issuer->get('servicetype'));
|
||||
$client = new $class($issuer, $currenturl, $additionalscopes, false, $autorefresh);
|
||||
|
||||
return $client;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the client classname for an issuer.
|
||||
*
|
||||
* @param string $type The OAuth issuer type (google, facebook...).
|
||||
* @return string The classname for the custom client or core client class if the class for the defined type
|
||||
* doesn't exist or null type is defined.
|
||||
*/
|
||||
protected static function get_client_classname(?string $type): string {
|
||||
// Default core client class.
|
||||
$classname = 'core\\oauth2\\client';
|
||||
|
||||
if (!empty($type)) {
|
||||
$typeclassname = 'core\\oauth2\\client\\' . $type;
|
||||
if (class_exists($typeclassname)) {
|
||||
$classname = $typeclassname;
|
||||
}
|
||||
}
|
||||
|
||||
return $classname;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the list of defined endpoints for this OAuth issuer
|
||||
*
|
||||
@ -798,8 +820,8 @@ class api {
|
||||
$scopes = self::get_system_scopes_for_issuer($issuer);
|
||||
|
||||
// Allow callbacks to inject non-standard scopes to the auth request.
|
||||
|
||||
$client = new client($issuer, $returnurl, $scopes, true);
|
||||
$class = self::get_client_classname($issuer->get('servicetype'));
|
||||
$client = new $class($issuer, $returnurl, $scopes, true);
|
||||
|
||||
if (!optional_param('response', false, PARAM_BOOL)) {
|
||||
$client->log_out();
|
||||
|
63
lib/classes/oauth2/client/linkedin.php
Normal file
63
lib/classes/oauth2/client/linkedin.php
Normal file
@ -0,0 +1,63 @@
|
||||
<?php
|
||||
// This file is part of Moodle - http://moodle.org/
|
||||
//
|
||||
// Moodle is free software: you can redistribute it and/or modify
|
||||
// it under the terms of the GNU General Public License as published by
|
||||
// the Free Software Foundation, either version 3 of the License, or
|
||||
// (at your option) any later version.
|
||||
//
|
||||
// Moodle is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
// GNU General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU General Public License
|
||||
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
namespace core\oauth2\client;
|
||||
|
||||
use core\oauth2\client;
|
||||
|
||||
/**
|
||||
* Class linkedin - Custom client handler to fetch data from linkedin
|
||||
*
|
||||
* Custom oauth2 client for linkedin as it doesn't support OIDC and has a different way to get
|
||||
* key information for users - firstname, lastname, email.
|
||||
*
|
||||
* @copyright 2021 Peter Dias
|
||||
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
|
||||
* @package core
|
||||
*/
|
||||
class linkedin extends client {
|
||||
/**
|
||||
* Fetch the user info from the userinfo and email endpoint and map fields back
|
||||
*
|
||||
* @return array|false
|
||||
*/
|
||||
public function get_userinfo() {
|
||||
$user = array_merge(parent::get_userinfo(), $this->get_useremail());
|
||||
return $user;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the email address of the user from the email endpoint
|
||||
*
|
||||
* @return array|false
|
||||
*/
|
||||
private function get_useremail() {
|
||||
$url = $this->get_issuer()->get_endpoint_url('email');
|
||||
|
||||
$response = $this->get($url);
|
||||
if (!$response) {
|
||||
return false;
|
||||
}
|
||||
$userinfo = new \stdClass();
|
||||
try {
|
||||
$userinfo = json_decode($response);
|
||||
} catch (\Exception $e) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return $this->map_userinfo_to_fields($userinfo);
|
||||
}
|
||||
}
|
106
lib/classes/oauth2/service/linkedin.php
Normal file
106
lib/classes/oauth2/service/linkedin.php
Normal file
@ -0,0 +1,106 @@
|
||||
<?php
|
||||
// This file is part of Moodle - http://moodle.org/
|
||||
//
|
||||
// Moodle is free software: you can redistribute it and/or modify
|
||||
// it under the terms of the GNU General Public License as published by
|
||||
// the Free Software Foundation, either version 3 of the License, or
|
||||
// (at your option) any later version.
|
||||
//
|
||||
// Moodle is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
// GNU General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU General Public License
|
||||
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
namespace core\oauth2\service;
|
||||
|
||||
use core\oauth2\issuer;
|
||||
use core\oauth2\endpoint;
|
||||
use core\oauth2\user_field_mapping;
|
||||
|
||||
/**
|
||||
* Class linkedin.
|
||||
*
|
||||
* Custom oauth2 issuer for linkedin as it doesn't support OIDC and has a different way to get
|
||||
* key information for users - firstname, lastname, email.
|
||||
*
|
||||
* @copyright 2021 Peter Dias
|
||||
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
|
||||
* @package core
|
||||
*/
|
||||
class linkedin implements issuer_interface {
|
||||
/**
|
||||
* Build an OAuth2 issuer, with all the default values for this service.
|
||||
*
|
||||
* @return issuer The issuer initialised with proper default values.
|
||||
*/
|
||||
public static function init(): issuer {
|
||||
$record = (object) [
|
||||
'name' => 'LinkedIn',
|
||||
'image' => 'https://static.licdn.com/scds/common/u/images/logos/favicons/v1/favicon.ico',
|
||||
'baseurl' => 'https://api.linkedin.com/v2',
|
||||
'loginscopes' => 'r_liteprofile r_emailaddress',
|
||||
'loginscopesoffline' => 'r_liteprofile r_emailaddress',
|
||||
'showonloginpage' => issuer::EVERYWHERE,
|
||||
'servicetype' => 'linkedin',
|
||||
];
|
||||
|
||||
$issuer = new issuer(0, $record);
|
||||
return $issuer;
|
||||
}
|
||||
|
||||
/**
|
||||
* Create endpoints for this issuer.
|
||||
*
|
||||
* @param issuer $issuer Issuer the endpoints should be created for.
|
||||
* @return issuer
|
||||
*/
|
||||
public static function create_endpoints(issuer $issuer): issuer {
|
||||
$endpoints = [
|
||||
'authorization_endpoint' => 'https://www.linkedin.com/oauth/v2/authorization',
|
||||
'token_endpoint' => 'https://www.linkedin.com/oauth/v2/accessToken',
|
||||
'email_endpoint' => 'https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))',
|
||||
'userinfo_endpoint' => "https://api.linkedin.com/v2/me?projection=(localizedFirstName,localizedLastName,"
|
||||
. "profilePicture(displayImage~digitalmediaAsset:playableStreams))",
|
||||
];
|
||||
foreach ($endpoints as $name => $url) {
|
||||
$record = (object) [
|
||||
'issuerid' => $issuer->get('id'),
|
||||
'name' => $name,
|
||||
'url' => $url
|
||||
];
|
||||
$endpoint = new endpoint(0, $record);
|
||||
$endpoint->create();
|
||||
}
|
||||
|
||||
// Create the field mappings.
|
||||
$mapping = [
|
||||
'localizedFirstName' => 'firstname',
|
||||
'localizedLastName' => 'lastname',
|
||||
'elements[0]-handle~-emailAddress' => 'email',
|
||||
'profilePicture-displayImage~-elements[0]-identifiers[0]-identifier' => 'picture'
|
||||
];
|
||||
foreach ($mapping as $external => $internal) {
|
||||
$record = (object) [
|
||||
'issuerid' => $issuer->get('id'),
|
||||
'externalfield' => $external,
|
||||
'internalfield' => $internal
|
||||
];
|
||||
$userfieldmapping = new user_field_mapping(0, $record);
|
||||
$userfieldmapping->create();
|
||||
}
|
||||
|
||||
return $issuer;
|
||||
}
|
||||
|
||||
/**
|
||||
* Linkedin does not have a discovery url that could be found. Return empty.
|
||||
* @param issuer $issuer
|
||||
* @return int
|
||||
*/
|
||||
public static function discover_endpoints($issuer): int {
|
||||
return 0;
|
||||
}
|
||||
}
|
@ -3848,7 +3848,7 @@
|
||||
<FIELD NAME="timecreated" TYPE="int" LENGTH="10" NOTNULL="true" SEQUENCE="false" COMMENT="The time this record was created."/>
|
||||
<FIELD NAME="usermodified" TYPE="int" LENGTH="10" NOTNULL="true" SEQUENCE="false" COMMENT="The user who modified this record."/>
|
||||
<FIELD NAME="issuerid" TYPE="int" LENGTH="10" NOTNULL="true" SEQUENCE="false" COMMENT="The oauth issuer."/>
|
||||
<FIELD NAME="externalfield" TYPE="char" LENGTH="64" NOTNULL="true" SEQUENCE="false" COMMENT="The fieldname returned by the userinfo endpoint."/>
|
||||
<FIELD NAME="externalfield" TYPE="char" LENGTH="500" NOTNULL="true" SEQUENCE="false" COMMENT="The fieldname returned by the userinfo endpoint."/>
|
||||
<FIELD NAME="internalfield" TYPE="char" LENGTH="64" NOTNULL="true" SEQUENCE="false" COMMENT="The name of the Moodle field this user field maps to."/>
|
||||
</FIELDS>
|
||||
<KEYS>
|
||||
|
@ -2650,5 +2650,15 @@ function xmldb_main_upgrade($oldversion) {
|
||||
upgrade_main_savepoint(true, 2021052500.90);
|
||||
}
|
||||
|
||||
if ($oldversion < 2021052700.01) {
|
||||
// Update the externalfield to be larger.
|
||||
$table = new xmldb_table('oauth2_user_field_mapping');
|
||||
$field = new xmldb_field('externalfield', XMLDB_TYPE_CHAR, '500', null, XMLDB_NOTNULL, false, null, 'issuerid');
|
||||
$dbman->change_field_type($table, $field);
|
||||
|
||||
// Main savepoint reached.
|
||||
upgrade_main_savepoint(true, 2021052700.01);
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
@ -29,7 +29,7 @@
|
||||
|
||||
defined('MOODLE_INTERNAL') || die();
|
||||
|
||||
$version = 2021052700.00; // YYYYMMDD = weekly release date of this DEV branch.
|
||||
$version = 2021052700.01; // YYYYMMDD = weekly release date of this DEV branch.
|
||||
// RR = release increments - 00 in DEV branches.
|
||||
// .XX = incremental changes.
|
||||
$release = '4.0dev (Build: 20210527)'; // Human-friendly version name
|
||||
|
Loading…
x
Reference in New Issue
Block a user