mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-01-17 21:49:15 +01:00
Code Issues Projects Releases Wiki Activity

Merge branch 'MDL-79958-main' of https://github.com/HuongNV13/moodle

Browse Source
This commit is contained in:
Huong Nguyen 2024-12-24 15:19:34 +07:00
commit c0c03fa2f7
No known key found for this signature in database
GPG Key ID: 40D88AB693A3E72A
36 changed files with 186 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
admin/tool/mfa/factor/admin/lang/en/factor_admin.php
View File

@ -26,6 +26,7 @@
$string['info'] = 'This factor allows for NOT being an administrator to count as a factor. Its intended use is to ensure administators require tighter security, so regular users get the weight for free, while admins must use other factors.';
$string['pluginname'] = 'Non-administrator';
$string['privacy:metadata'] = 'The Non-administrator factor plugin does not store any personal data.';
$string['settings:description'] = 'All users except site administrators receive the points for this factor. This allows you to require additional authentication factors for site administrators.';
$string['settings:shortdescription'] = 'Require additional authentication factors for administrators.';
$string['settings:weight_help'] = 'Weight is given to regular users for this factor, so admins must have more factors than a regular user to pass.';
$string['summarycondition'] = 'is not an admin';

3
admin/tool/mfa/factor/admin/settings.php
View File

@ -25,6 +25,9 @@
defined('MOODLE_INTERNAL') || die();
$settings->add(new admin_setting_heading('factor_admin/description', '', new lang_string('settings:description', 'factor_admin')));
$settings->add(new admin_setting_heading('factor_admin/settings', new lang_string('settings', 'moodle'), ''));
$enabled = new admin_setting_configcheckbox('factor_admin/enabled',
new lang_string('settings:enablefactor', 'tool_mfa'),
new lang_string('settings:enablefactor_help', 'tool_mfa'), 0);

1
admin/tool/mfa/factor/auth/lang/en/factor_auth.php
View File

@ -26,6 +26,7 @@
$string['info'] = 'Check the type of authentication used to log in as an MFA factor.';
$string['pluginname'] = 'Authentication type';
$string['privacy:metadata'] = 'The Authentication type factor plugin does not store any personal data.';
$string['settings:description'] = 'Automatically verify users based on their authentication type.';
$string['settings:goodauth'] = 'Factor authentication types';
$string['settings:goodauth_help'] = 'Select all authentication types to use as a factor for MFA. Any types not selected will not be treated as a FAIL in MFA.';
$string['settings:shortdescription'] = 'Allow users to bypass extra authentication steps based on their authentication type.';

3
admin/tool/mfa/factor/auth/settings.php
View File

@ -25,6 +25,9 @@
defined('MOODLE_INTERNAL') || die();
$settings->add(new admin_setting_heading('factor_auth/description', '', new lang_string('settings:description', 'factor_auth')));
$settings->add(new admin_setting_heading('factor_auth/settings', new lang_string('settings', 'moodle'), ''));
$enabled = new admin_setting_configcheckbox('factor_auth/enabled',
new lang_string('settings:enablefactor', 'tool_mfa'),
new lang_string('settings:enablefactor_help', 'tool_mfa'), 0);

4
admin/tool/mfa/factor/capability/lang/en/factor_capability.php
View File

@ -30,5 +30,7 @@ $string['settings:adminpasses'] = 'Site admins can pass this factor';
$string['settings:adminpasses_help'] = 'By default admins pass all capability checks, including this one which uses \'factor/capability:cannotpassfactor\', which means they will fail this factor.
If checked then all site admins will pass this factor if they do not have this capability from another role.
If unchecked site admins will fail this factor.';
$string['settings:description'] = '<p>Use the capability \'factor/capability:cannotpassfactor\' to specify which users need multiple-factor authentication.</p>
<p>You can assign this capability to users in the <a href="roles/manage.php">Define roles</a> page.</p>';
$string['settings:shortdescription'] = 'Specify which users must use other factors to authenticate. Must be combined with other factors.';
$string['summarycondition'] = 'does NOT have the factor/capability:cannotpassfactor capability in any role including site administrator.';
$string['summarycondition'] = 'does NOT have the \'factor/capability:cannotpassfactor\' capability in any role including site administrator.';

4
admin/tool/mfa/factor/capability/settings.php
View File

@ -25,6 +25,10 @@
defined('MOODLE_INTERNAL') || die();
$settings->add(new admin_setting_heading('factor_capability/description', '',
new lang_string('settings:description', 'factor_capability')));
$settings->add(new admin_setting_heading('factor_capability/settings', new lang_string('settings', 'moodle'), ''));
$enabled = new admin_setting_configcheckbox('factor_capability/enabled',
new lang_string('settings:enablefactor', 'tool_mfa'),
new lang_string('settings:enablefactor_help', 'tool_mfa'), 0);

6
admin/tool/mfa/factor/cohort/lang/en/factor_cohort.php
View File

@ -23,9 +23,11 @@
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
$string['pluginname'] = 'Cohort';
$string['privacy:metadata'] = 'The Cohort factor plugin does not store any personal data.';
$string['pluginname'] = 'Cohorts';
$string['privacy:metadata'] = 'The Cohorts factor plugin does not store any personal data.';
$string['settings:cohort'] = 'Non-passing cohorts';
$string['settings:cohort_help'] = 'Select the cohorts that will not pass this factor. This allows you to force these cohorts to use other factors to authenticate.';
$string['settings:description'] = '<p>Select the user cohorts that must use additional factors to authenticate. If this factor is not set up, all cohorts will be required to use additional factors by default.</p>
<p>This factor requires a cohort to be created.</p>';
$string['settings:shortdescription'] = 'Specify which cohorts of users must use other factors to authenticate. Must be combined with other factors.';
$string['summarycondition'] = 'does NOT have any of the following cohorts assigned in any context: {$a}';

4
admin/tool/mfa/factor/cohort/settings.php
View File

@ -26,6 +26,10 @@
defined('MOODLE_INTERNAL') || die();
require_once(__DIR__ . '/../../../../../cohort/lib.php');
$settings->add(new admin_setting_heading('factor_cohort/description', '',
new lang_string('settings:description', 'factor_cohort')));
$settings->add(new admin_setting_heading('factor_cohort/settings', new lang_string('settings', 'moodle'), ''));
$enabled = new admin_setting_configcheckbox('factor_cohort/enabled',
new lang_string('settings:enablefactor', 'tool_mfa'),
new lang_string('settings:enablefactor_help', 'tool_mfa'), 0);

31
admin/tool/mfa/factor/email/db/install.php Normal file
View File

@ -0,0 +1,31 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Installation code for factor_email.
*
* @package factor_email
* @copyright 2024 David Woloszyn <david.woloszyn@moodle.com>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
/**
* Perform install procedures for factor_email.
*/
function xmldb_factor_email_install(): void {
// The factor_email should be enabled by default. Just ensure it is ordered too.
set_config('factor_order', 'email', 'tool_mfa');
}

57
admin/tool/mfa/factor/email/db/upgrade.php Normal file
View File

@ -0,0 +1,57 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* factor_email upgrade library.
*
* @package factor_email
* @copyright 2024 David Woloszyn <david.woloszyn@moodle.com>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
/**
* MFA upgrade helper function.
*
* @param int $oldversion
*/
function xmldb_factor_email_upgrade($oldversion): bool {
if ($oldversion < 2024122400) {
// Check for sites that don't have MFA enabled.
if (!get_config('tool_mfa', 'enabled')) {
// Enable email factor.
set_config('enabled', 1, 'factor_email');
// Check factor order config to ensure email is situated in there.
$factororderconfig = get_config('tool_mfa', 'factor_order');
if (!$factororderconfig) {
set_config('factor_order', 'email', 'tool_mfa');
} else {
$order = explode(',', $factororderconfig);
// Remove any empty entries (this happens with entries like ',sms,email').
$order = array_filter($order);
if (!in_array('email', $order)) {
array_unshift($order, 'email');
$orderstring = implode(',', $order);
set_config('factor_order', $orderstring, 'tool_mfa');
}
}
}
upgrade_plugin_savepoint(true, 2024122400, 'factor', 'email');
}
return true;
}

1
admin/tool/mfa/factor/email/lang/en/factor_email.php
View File

@ -53,6 +53,7 @@ $string['managefactor'] = 'Manage email';
$string['manageinfo'] = '\'{$a}\' is being used to authenticate. This has been set up by your administrator.';
$string['pluginname'] = 'Email';
$string['privacy:metadata'] = 'The Email factor plugin does not store any personal data';
$string['settings:description'] = 'Users will receive a 6-digit verification code via email, which they must enter to complete the login process.';
$string['settings:duration'] = 'Validity duration';
$string['settings:duration_help'] = 'The period of time that the code is valid.';
$string['settings:shortdescription'] = 'Require users to enter a code received via email during login.';

5
admin/tool/mfa/factor/email/settings.php
View File

@ -25,9 +25,12 @@
defined('MOODLE_INTERNAL') || die();
$settings->add(new admin_setting_heading('factor_email/description', '', new lang_string('settings:description', 'factor_email')));
$settings->add(new admin_setting_heading('factor_email/settings', new lang_string('settings', 'moodle'), ''));
$enabled = new admin_setting_configcheckbox('factor_email/enabled',
new lang_string('settings:enablefactor', 'tool_mfa'),
new lang_string('settings:enablefactor_help', 'tool_mfa'), 0);
new lang_string('settings:enablefactor_help', 'tool_mfa'), 1);
$enabled->set_updatedcallback(function () {
\tool_mfa\manager::do_factor_action('email', get_config('factor_email', 'enabled') ? 'enable' : 'disable');
});

2
admin/tool/mfa/factor/email/version.php
View File

@ -26,7 +26,7 @@
defined('MOODLE_INTERNAL') || die();
$plugin->version = 2024121800; // The current plugin version (Date: YYYYMMDDXX).
$plugin->version = 2024122400; // The current plugin version (Date: YYYYMMDDXX).
$plugin->requires = 2024100100; // Requires this Moodle version.
$plugin->component = 'factor_email'; // Full name of the plugin (used for diagnostics).
$plugin->maturity = MATURITY_STABLE;

1
admin/tool/mfa/factor/grace/lang/en/factor_grace.php
View File

@ -31,6 +31,7 @@ $string['redirectsetup'] = 'You must complete setup for Multi-factor authenticat
$string['revokeexpiredfactors'] = 'Revoke expired grace period factors';
$string['settings:customwarning'] = 'Warning banner content';
$string['settings:customwarning_help'] = 'Add content here to replace the grace warning notification with custom HTML contents. Adding {timeremaining} in text will replace it with the current grace duration for the user, and {setuplink} will replace with the URL of the setup page for the user.';
$string['settings:description'] = 'Allow users to log in without MFA for a specified period of time, giving them time to set up their authentication factors. After the grace period expires, users must use MFA to log in.';
$string['settings:forcesetup'] = 'Force factor setup';
$string['settings:forcesetup_help'] = 'Forces a user to the preferences page to set up multi-factor authentication when the grace period expires. If unchecked, users will be unable to authenticate when the grace period expires.';
$string['settings:graceperiod'] = 'Grace period';

3
admin/tool/mfa/factor/grace/settings.php
View File

@ -25,6 +25,9 @@
defined('MOODLE_INTERNAL') || die();
$settings->add(new admin_setting_heading('factor_grace/description', '', new lang_string('settings:description', 'factor_grace')));
$settings->add(new admin_setting_heading('factor_grace/settings', new lang_string('settings', 'moodle'), ''));
$enabled = new admin_setting_configcheckbox('factor_grace/enabled',
new lang_string('settings:enablefactor', 'tool_mfa'),
new lang_string('settings:enablefactor_help', 'tool_mfa'), 0);

3
admin/tool/mfa/factor/grace/tests/factor_test.php
View File

@ -37,6 +37,9 @@ final class factor_test extends \advanced_testcase {
$user = $this->getDataGenerator()->create_user();
$this->setUser($user);
// Disable the email factor (enabled by default).
set_config('enabled', 0, 'factor_email');
$grace = \tool_mfa\plugininfo\factor::get_factor('grace');
$affecting = $grace->get_affecting_factors();
$this->assertEquals(0, count($affecting));

1
admin/tool/mfa/factor/iprange/lang/en/factor_iprange.php
View File

@ -28,6 +28,7 @@ $string['allowedipshasmyip'] = 'Your IP (<i>{$a->ip}</i>) is in the list and you
$string['allowedipshasntmyip'] = 'Your IP (<i>{$a->ip}</i>) is not in the list and you will not pass this factor.';
$string['pluginname'] = 'IP range';
$string['privacy:metadata'] = 'The IP range factor plugin does not store any personal data.';
$string['settings:description'] = 'Enable automatic user verification using IP addresses. This doesn\'t require user setup and can provide a secure, seamless login on trusted networks.';
$string['settings:safeips'] = 'Safe IP ranges';
$string['settings:safeips_help'] = 'Enter a list of IP addresses or subnets to be counted as a pass in factor. If empty nobody will pass this factor. {$a->info} {$a->syntax}';
$string['settings:shortdescription'] = 'Use IP addresses to automatically verify users\' identity.';

4
admin/tool/mfa/factor/iprange/settings.php
View File

@ -27,6 +27,10 @@ defined('MOODLE_INTERNAL') || die();
global $OUTPUT;
$settings->add(new admin_setting_heading('factor_iprange/description', '',
new lang_string('settings:description', 'factor_iprange')));
$settings->add(new admin_setting_heading('factor_iprange/settings', new lang_string('settings', 'moodle'), ''));
$enabled = new admin_setting_configcheckbox('factor_iprange/enabled',
new lang_string('settings:enablefactor', 'tool_mfa'),
new lang_string('settings:enablefactor_help', 'tool_mfa'), 0);

3
admin/tool/mfa/factor/nosetup/lang/en/factor_nosetup.php
View File

@ -23,9 +23,10 @@
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
$string['deleteunusablefactors'] = 'Delete unusable Nosetup factors';
$string['deleteunusablefactors'] = 'Delete unusable Optional MFA factors';
$string['info'] = 'This factor passes if the user has no other factors set up.';
$string['pluginname'] = 'No other factors';
$string['privacy:metadata'] = 'The No other factors plugin does not store any personal data';
$string['settings:description'] = 'Allow users who haven\'t set up any other authentication factors to bypass MFA until another factor is added.';
$string['settings:shortdescription'] = 'Allow users to bypass MFA if they have not set up any other authentication factor.';
$string['summarycondition'] = 'has no other factors set up';

4
admin/tool/mfa/factor/nosetup/settings.php
View File

@ -25,6 +25,10 @@
defined('MOODLE_INTERNAL') || die();
$settings->add(new admin_setting_heading('factor_nosetup/description', '',
new lang_string('settings:description', 'factor_nosetup')));
$settings->add(new admin_setting_heading('factor_nosetup/settings', new lang_string('settings', 'moodle'), ''));
$enabled = new admin_setting_configcheckbox('factor_nosetup/enabled',
new lang_string('settings:enablefactor', 'tool_mfa'),
new lang_string('settings:enablefactor_help', 'tool_mfa'), 0);

5
admin/tool/mfa/factor/role/lang/en/factor_role.php
View File

@ -23,8 +23,9 @@
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
$string['pluginname'] = 'Role';
$string['privacy:metadata'] = 'The Role factor plugin does not store any personal data.';
$string['pluginname'] = 'Roles';
$string['privacy:metadata'] = 'The Roles factor plugin does not store any personal data.';
$string['settings:description'] = 'Select the roles that must use additional factors to authenticate. If this factor is not turned on, all roles will be required to use an additional factor.';
$string['settings:roles'] = 'Non-passing roles';
$string['settings:roles_help'] = 'Select the roles that will not pass this factor. This allows you to force these roles to use other factors to authenticate.';
$string['settings:shortdescription'] = 'Specify which users must use other factors to authenticate, based on their role. Must be combined with other factors.';

3
admin/tool/mfa/factor/role/settings.php
View File

@ -25,6 +25,9 @@
defined('MOODLE_INTERNAL') || die();
$settings->add(new admin_setting_heading('factor_role/description', '', new lang_string('settings:description', 'factor_role')));
$settings->add(new admin_setting_heading('factor_role/settings', new lang_string('settings', 'moodle'), ''));
$enabled = new admin_setting_configcheckbox('factor_role/enabled',
new lang_string('settings:enablefactor', 'tool_mfa'),
new lang_string('settings:enablefactor_help', 'tool_mfa'), 0);

8
admin/tool/mfa/factor/sms/lang/en/factor_sms.php
View File

@ -45,16 +45,14 @@ $string['notification:smsgatewaymigration'] = 'SMS settings have moved';
$string['notification:smsgatewaymigrationinfo'] = 'A new SMS subsystem is now available for managing and configuring all SMS-related functions. Your existing SMS configurations have been migrated to the page <a href="{$a}">SMS gateways</a>.';
$string['logintitle'] = 'Enter the verification code sent to your mobile';
$string['phonehelp'] = 'Enter your mobile number (including country code) to receive a verification code.';
$string['pluginname'] = 'SMS mobile phone';
$string['privacy:metadata'] = 'The SMS mobile phone factor plugin does not store any personal data.';
$string['pluginname'] = 'SMS';
$string['privacy:metadata'] = 'The SMS factor plugin does not store any personal data.';
$string['revokefactorconfirmation'] = 'Remove \'{$a}\' SMS?';
$string['settings:duration'] = 'Validity duration';
$string['settings:duration_help'] = 'The period of time that the code is valid.';
$string['settings:gateway'] = 'SMS gateway';
$string['settings:gateway_help'] = 'The SMS provider you wish to send messages via';
$string['settings:heading'] = 'Users will receive an SMS with 6-digit code during login, which they must enter to complete the login process.
Users will need to register their mobile phone number first.';
$string['settings:heading'] = 'Users will receive a 6-digit verification code via SMS, which they must enter to complete the login process. Users will need to register their mobile phone number first.';
$string['settings:setupdesc'] = '<br><br>To use SMS as an authentication factor, you first need to <a href="{$a}">set up an SMS gateway</a>.';
$string['settings:shortdescription'] = 'Require users to enter a code received via SMS during login.';
$string['settings:smsgateway'] = 'SMS gateway';

1
admin/tool/mfa/factor/sms/settings.php
View File

@ -50,6 +50,7 @@ $settings->add(
),
),
);
$settings->add(new admin_setting_heading('factor_sms/settings', new lang_string('settings', 'moodle'), ''));
if (count($gatewayrecords) > 0) {
$gateways = [0 => new lang_string('none')];

2
admin/tool/mfa/factor/sms/tests/behat/factor_sms_login.feature
View File

@ -16,6 +16,8 @@ Feature: Login user with sms authentication factor
| enabled | 1 | factor_sms |
| weight | 100 | factor_sms |
| duration | 1800 | factor_sms |
And the following config values are set as admin:
| enabled | 0 | factor_email |
And I navigate to "Plugins > Admin tools > Multi-factor authentication" in site administration
And I follow "Edit settings for the SMS mobile phone factor"
And I set the field "SMS gateway" to "Dummy gateway (AWS)"

1
admin/tool/mfa/factor/token/lang/en/factor_token.php
View File

@ -27,6 +27,7 @@ $string['event:token_created'] = 'MFA token created.';
$string['form:trust'] = 'Trust this device for {$a}.';
$string['pluginname'] = 'Trust this device';
$string['privacy:metadata'] = 'The Trust this device factor plugin does not store any personal data.';
$string['settings:description'] = 'Allow users to bypass extra authentication on devices marked as trusted after the first authentication.';
$string['settings:expireovernight'] = 'Expire trust overnight';
$string['settings:expireovernight_help'] = 'This forces tokens to expire overnight, preventing midday interruptions for users. Instead they will be asked to multi-factor authenticate at the start of a day after expiry.';
$string['settings:expiry'] = 'Trust duration';

3
admin/tool/mfa/factor/token/settings.php
View File

@ -26,6 +26,9 @@
defined('MOODLE_INTERNAL') || die();
$settings->add(new admin_setting_heading('factor_token/description', '', new lang_string('settings:description', 'factor_token')));
$settings->add(new admin_setting_heading('factor_token/settings', new lang_string('settings', 'moodle'), ''));
$enabled = new admin_setting_configcheckbox('factor_token/enabled',
new lang_string('settings:enablefactor', 'tool_mfa'),
new lang_string('settings:enablefactor_help', 'tool_mfa'), 0);

1
admin/tool/mfa/factor/totp/lang/en/factor_totp.php
View File

@ -51,6 +51,7 @@ $string['privacy:metadata'] = 'The Authenticator app factor plugin does not stor
$string['replacefactor'] = 'Replace authenticator app';
$string['replacefactorconfirmation'] = 'Replace \'{$a}\' authenticator app?';
$string['revokefactorconfirmation'] = 'Remove \'{$a}\' authenticator app?';
$string['settings:description'] = 'Users will need an authenticator app installed on their mobile devices to generate a code, which they must enter during login.';
$string['settings:shortdescription'] = 'Require users to enter a code from an authenticator app on their devices during login.';
$string['settings:totplink'] = 'Show mobile app setup link';
$string['settings:totplink_help'] = 'If enabled the user will see a 3rd setup option with a direct otpauth:// link';

3
admin/tool/mfa/factor/totp/settings.php
View File

@ -26,6 +26,9 @@
defined('MOODLE_INTERNAL') || die();
$settings->add(new admin_setting_heading('factor_totp/description', '', new lang_string('settings:description', 'factor_totp')));
$settings->add(new admin_setting_heading('factor_totp/settings', new lang_string('settings', 'moodle'), ''));
$enabled = new admin_setting_configcheckbox('factor_totp/enabled',
new lang_string('settings:enablefactor', 'tool_mfa'),
new lang_string('settings:enablefactor_help', 'tool_mfa'), 0);

2
admin/tool/mfa/factor/webauthn/lang/en/factor_webauthn.php
View File

@ -49,6 +49,8 @@ $string['replacefactorconfirmation'] = 'Replace \'{$a}\' security key?';
$string['revokefactorconfirmation'] = 'Remove \'{$a}\' security key?';
$string['settings:authenticatortypes'] = 'Types of authenticator';
$string['settings:authenticatortypes_help'] = 'Toggle certain types of authenticators';
$string['settings:description'] = '<p>Users authenticate using a physical security key, such as a USB or NFC token, or a biometric method like a fingerprint. During login, they must physically use their security key to verify their identity.</p>
<p>Users will need to set up their own security keys first.</p>';
$string['settings:shortdescription'] = 'Require users to use a security key, like a USB or NFC token, or a biometric method, during login.';
$string['settings:userverification'] = 'User verification';
$string['settings:userverification_help'] = 'Serves to ensure the person authenticating is in fact who they say they are. User verification can take various forms, such as password, PIN, fingerprint, etc.';

4
admin/tool/mfa/factor/webauthn/settings.php
View File

@ -25,6 +25,10 @@
defined('MOODLE_INTERNAL') || die();
$settings->add(new admin_setting_heading('factor_webauthn/description', '',
new lang_string('settings:description', 'factor_webauthn')));
$settings->add(new admin_setting_heading('factor_webauthn/settings', new lang_string('settings', 'moodle'), ''));
$enabled = new admin_setting_configcheckbox('factor_webauthn/enabled',
new lang_string('settings:enablefactor', 'tool_mfa'),
new lang_string('settings:enablefactor_help', 'tool_mfa'), 0);

12
admin/tool/mfa/tests/admin_setting_managemfa_test.php
View File

@ -31,6 +31,16 @@ final class admin_setting_managemfa_test extends \advanced_testcase {
use \tool_mfa\tests\mfa_settings_trait;
/**
* Setup testcase.
*/
public function setUp(): void {
parent::setUp();
$this->resetAfterTest();
// Disable email factor (enabled by default).
$this->set_factor_state('email', 0);
}
/**
* Tests getting the factor combinations
*/
@ -137,7 +147,6 @@ final class admin_setting_managemfa_test extends \advanced_testcase {
* @param int $combinationscount expected count of available combinations
*/
public function test_get_factor_combinations_with_data_provider(array $factorset, int $combinationscount): void {
$this->resetAfterTest();
$enabledcount = 0;
foreach ($factorset as $factor) {
@ -168,7 +177,6 @@ final class admin_setting_managemfa_test extends \advanced_testcase {
* Tests checking the factor combinations
*/
public function test_factor_combination_checker(): void {
$this->resetAfterTest();
$managemfa = new \tool_mfa\table\admin_setting_managemfa();
$user = $this->getDataGenerator()->create_user();
$this->setUser($user);

4
admin/tool/mfa/tests/behat/tool_mfa_factor_management_table.feature
View File

@ -24,3 +24,7 @@ Feature: Manage factor plugins
And "Grace period" "table_row" should appear before "Trust this device" "table_row"
And I click on "Move down" "link" in the "Grace period" "table_row"
And "Grace period" "table_row" should appear after "Trust this device" "table_row"
Scenario: Email factor is enabled by default
Given I navigate to "Plugins > Admin tools > Multi-factor authentication" in site administration
And I should see "Disable Email" in the "Email" "table_row"

2
admin/tool/mfa/tests/behat/tool_mfa_setup_and_manage_user_factors.feature
View File

@ -39,6 +39,8 @@ Feature: Set up and manage user factors
| enabled | 1 | factor_webauthn |
And the following config values are set as admin:
| enabled | 1 | factor_sms |
And the following config values are set as admin:
| enabled | 0 | factor_email |
And the following "tool_mfa > User factors" exist:
| username | factor | label |
| admin | sms | +409111222 |

5
admin/tool/mfa/tests/manager_test.php
View File

@ -86,6 +86,9 @@ final class manager_test extends \advanced_testcase {
$user = $this->getDataGenerator()->create_user();
$this->setUser($user);
// Disable the email factor (enabled by default).
set_config('enabled', 0, 'factor_email');
// Check for fail status with no factors.
$this->assertEquals(\tool_mfa\plugininfo\factor::STATE_FAIL, \tool_mfa\manager::get_status());
@ -369,6 +372,8 @@ final class manager_test extends \advanced_testcase {
$this->setUser($user);
set_config('enabled', 1, 'factor_nosetup');
set_config('enabled', 1, 'tool_mfa');
// Disable the email factor (enabled by default).
set_config('enabled', 0, 'factor_email');
// Capability Check.
$this->assertTrue(\tool_mfa\manager::is_ready());

13
admin/tool/mfa/tests/plugininfo_factor_test.php
View File

@ -44,6 +44,9 @@ final class plugininfo_factor_test extends \advanced_testcase {
$user = $this->getDataGenerator()->create_user();
$this->setUser($user);
// Disable the email factor (enabled by default).
set_config('enabled', 0, 'factor_email');
// Test that with no enabled factors, fallback is returned.
$this->assertEquals('fallback', \tool_mfa\plugininfo\factor::get_next_user_login_factor()->name);
@ -90,22 +93,14 @@ final class plugininfo_factor_test extends \advanced_testcase {
$user = $this->getDataGenerator()->create_user();
$this->setUser($user);
// Create two active user factors.
// Add another factor (email factor is enabled by default).
set_config('enabled', 1, 'factor_totp');
set_config('enabled', 1, 'factor_webauthn');
$data = new \stdClass();
$data->userid = $user->id;
$data->factor = 'totp';
$data->label = 'testtotp';
$data->revoked = 0;
$DB->insert_record('tool_mfa', $data);
$data = new \stdClass();
$data->userid = $user->id;
$data->factor = 'webauthn';
$data->label = 'testwebauthn';
$data->revoked = 0;
$factorid = $DB->insert_record('tool_mfa', $data);
// Test there is more than one active factor.