From d20af220f8c4b1a56ea79a5216d4c6fd275726e2 Mon Sep 17 00:00:00 2001
From: Jake Dallimore <jake@moodle.com>
Date: Mon, 26 Jun 2023 11:20:18 +0800
Subject: [PATCH] MDL-79520 core: update Clever integration to use OpenId
 Connect

Instead of creating the endpoints manually, and fetching the user info
from several endpoints, which also necessitates the use of a custom
client subclass, use the OpenId configuration endpoint to auto-configure
endpoints, and then use the userinfo endpoint to fetch user info.
---
 lib/classes/oauth2/client/clever.php  | 64 ---------------------------
 lib/classes/oauth2/service/clever.php | 51 ++++++---------------
 2 files changed, 13 insertions(+), 102 deletions(-)
 delete mode 100644 lib/classes/oauth2/client/clever.php

diff --git a/lib/classes/oauth2/client/clever.php b/lib/classes/oauth2/client/clever.php
deleted file mode 100644
index 1b3aa2b164b..00000000000
--- a/lib/classes/oauth2/client/clever.php
+++ /dev/null
@@ -1,64 +0,0 @@
-<?php
-// This file is part of Moodle - http://moodle.org/
-//
-// Moodle is free software: you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// Moodle is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
-
-namespace core\oauth2\client;
-
-use core\oauth2\client;
-
-/**
- * Class clever - Custom client handler to fetch data from Clever
- *
- * @package    core
- * @copyright  2022 OpenStax
- * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
- */
-class clever extends client {
-    /**
-     * Fetch the user id from the userinfo endpoint and then query userdata
-     *
-     * @return array|false
-     */
-    public function get_userinfo() {
-        $userinfo = parent::get_userinfo();
-        $userid = $userinfo['idnumber'];
-
-        return $this->get_userdata($userid);
-    }
-
-    /**
-     * Obtain user name and email data via the userdata endpoint
-     *
-     * @param string $userid User ID value
-     * @return array|false
-     */
-    private function get_userdata($userid) {
-        $url = $this->get_issuer()->get_endpoint_url('userdata');
-        $url .= '/' . $userid;
-
-        $response = $this->get($url);
-        if (!$response) {
-            return false;
-        }
-
-        $userinfo = json_decode($response);
-        if (json_last_error() != JSON_ERROR_NONE) {
-            debugging('Error encountered while decoding user information: ' . json_last_error_msg());
-            return false;
-        }
-
-        return $this->map_userinfo_to_fields($userinfo);
-    }
-}
diff --git a/lib/classes/oauth2/service/clever.php b/lib/classes/oauth2/service/clever.php
index 2d4c8ed4bab..8926bda50b5 100644
--- a/lib/classes/oauth2/service/clever.php
+++ b/lib/classes/oauth2/service/clever.php
@@ -18,7 +18,6 @@ namespace core\oauth2\service;
 
 use core\oauth2\issuer;
 use core\oauth2\discovery\openidconnect;
-use core\oauth2\endpoint;
 use core\oauth2\user_field_mapping;
 
 /**
@@ -39,7 +38,7 @@ class clever extends openidconnect implements issuer_interface {
             'name' => 'Clever',
             'image' => 'https://apps.clever.com/favicon.ico',
             'basicauth' => 1,
-            'baseurl' => '',
+            'baseurl' => 'https://clever.com',
             'showonloginpage' => issuer::LOGINONLY,
             'servicetype' => 'clever',
         ];
@@ -48,45 +47,21 @@ class clever extends openidconnect implements issuer_interface {
     }
 
     /**
-     * Create endpoints for this issuer.
+     * Create field mappings for this issuer.
      *
-     * @param issuer $issuer Issuer the endpoints should be created for.
-     * @return issuer
+     * @param issuer $issuer Issuer the field mappings should be created for.
      */
-    public static function create_endpoints(issuer $issuer): issuer {
-        $endpoints = [
-            'authorization_endpoint' => 'https://clever.com/oauth/authorize',
-            'token_endpoint' => 'https://clever.com/oauth/tokens',
-            'userinfo_endpoint' => 'https://api.clever.com/v3.0/me',
-            'userdata_endpoint' => 'https://api.clever.com/v3.0/users'
-        ];
-        foreach ($endpoints as $name => $url) {
-            $record = (object) [
-                'issuerid' => $issuer->get('id'),
-                'name' => $name,
-                'url' => $url
-            ];
-            $endpoint = new endpoint(0, $record);
-            $endpoint->create();
-        }
+    public static function create_field_mappings(issuer $issuer): void {
+        // Perform OIDC default field mapping.
+        parent::create_field_mappings($issuer);
 
-        // Create the field mappings.
-        $mapping = [
-            'data-id' => 'idnumber',
-            'data-name-first' => 'firstname',
-            'data-name-last' => 'lastname',
-            'data-email' => 'email'
+        // Create the additional 'sub' field mapping.
+        $record = (object) [
+            'issuerid' => $issuer->get('id'),
+            'externalfield' => 'sub',
+            'internalfield' => 'idnumber',
         ];
-        foreach ($mapping as $external => $internal) {
-            $record = (object) [
-                'issuerid' => $issuer->get('id'),
-                'externalfield' => $external,
-                'internalfield' => $internal
-            ];
-            $userfieldmapping = new user_field_mapping(0, $record);
-            $userfieldmapping->create();
-        }
-
-        return $issuer;
+        $userfieldmapping = new user_field_mapping(0, $record);
+        $userfieldmapping->create();
     }
 }