MDL-58090 oauth2: Facebook

Add defaults for facebook authentication and drop behaviour field completely. Part of MDL-58220
2025-04-22 00:42:54 +02:00 · 2017-02-27 12:24:48 +08:00 · 2017-02-27 12:24:48 +08:00 · ddf65b8c05
commit ddf65b8c05
parent 485a22fc98
6 changed files with 80 additions and 54 deletions
--- a/admin/tool/oauth2/classes/form/issuer.php
+++ b/admin/tool/oauth2/classes/form/issuer.php
@ -76,11 +76,6 @@ class issuer extends persistent {
        $mform->addRule('baseurl', get_string('maximumchars', '', 1024), 'maxlength', 1024, 'client');
        $mform->addHelpButton('baseurl', 'issuerbaseurl', 'tool_oauth2');

-        // Offline access type.
-        $options = $endpoint->get_behaviour_list();
-        $mform->addElement('select', 'behaviour', get_string('issuerbehaviour', 'tool_oauth2'), $options);
-        $mform->addHelpButton('behaviour', 'issuerbehaviour', 'tool_oauth2');
-
        // Login scopes.
        $mform->addElement('text', 'loginscopes', get_string('issuerloginscopes', 'tool_oauth2'), 'maxlength="255"');
        $mform->addRule('loginscopes', null, 'required', null, 'client');
--- a/admin/tool/oauth2/classes/output/renderer.php
+++ b/admin/tool/oauth2/classes/output/renderer.php
@ -104,7 +104,7 @@ class renderer extends plugin_renderer_base {
            if (!empty($issuer->get('scopessupported'))) {
                $discovered = $OUTPUT->pix_icon('yes', get_string('discovered', 'tool_oauth2'), 'tool_oauth2');
            } else {
-                if ($issuer->get('behaviour') == $issuer::BEHAVIOUR_OPENID_CONNECT) {
+                if (!empty($issuer->get_endpoint_url('discovery'))) {
                    $discovered = $OUTPUT->pix_icon('no', get_string('notdiscovered', 'tool_oauth2'), 'tool_oauth2');
                } else {
                    $discovered = '-';
--- a/lib/classes/oauth2/api.php
+++ b/lib/classes/oauth2/api.php
@ -41,19 +41,11 @@ defined('MOODLE_INTERNAL') || die();
 */
 class api {

-    /**
-     * Called from install.php and upgrade.php - install the default list of issuers
-     * @return int The number of issuers installed.
-     */
-    public static function install_default_issuers() {
-        // Setup default list of identity issuers.
+    private static function create_google() {
        $record = (object) [
            'name' => 'Google',
            'image' => 'https://accounts.google.com/favicon.ico',
-            'behaviour' => issuer::BEHAVIOUR_OPENID_CONNECT,
            'baseurl' => 'http://accounts.google.com/',
-            'clientid' => '',
-            'clientsecret' => '',
            'loginparamsoffline' => 'access_type=offline&prompt=consent',
            'showonloginpage' => true
        ];
@ -68,17 +60,65 @@ class api {
        ];
        $endpoint = new endpoint(0, $record);
        $endpoint->create();
+    }

+    private static function create_facebook() {
+        // Facebook is a custom setup.
+        $record = (object) [
+            'name' => 'Facebook',
+            'image' => 'https://facebookbrand.com/wp-content/themes/fb-branding/prj-fb-branding/assets/images/fb-art.png',
+            'loginscopes' => 'public_profile email',
+            'loginscopesoffline' => 'public_profile email',
+            'showonloginpage' => true
+        ];
+
+        $issuer = new issuer(0, $record);
+        $issuer->create();
+
+        $endpoints = [
+            'authorization_endpoint' => 'https://www.facebook.com/v2.8/dialog/oauth',
+            'token_endpoint' => 'https://graph.facebook.com/v2.8/oauth/access_token',
+            'userinfo_endpoint' => 'https://graph.facebook.com/v2.8/me?fields=id,first_name,last_name,link,picture,name,email'
+        ];
+
+        foreach ($endpoints as $name => $url) {
+            $record = (object) [
+                'issuerid' => $issuer->get('id'),
+                'name' => $name,
+                'url' => $url
+            ];
+            $endpoint = new endpoint(0, $record);
+            $endpoint->create();
+        }
+
+        // Create the field mappings.
+        $mapping = [
+            'name' => 'alternatename',
+            'last_name' => 'lastname',
+            'email' => 'email',
+            'id' => 'username',
+            'first_name' => 'firstname',
+            'picture-data-url' => 'picture',
+            'link' => 'url',
+        ];
+        foreach ($mapping as $external => $internal) {
+            $record = (object) [
+                'issuerid' => $issuer->get('id'),
+                'externalfield' => $external,
+                'internalfield' => $internal
+            ];
+            $userfieldmapping = new user_field_mapping(0, $record);
+            $userfieldmapping->create();
+        }
+    }
+
+    private static function create_microsoft() {
        // Microsoft is a custom setup.
        $record = (object) [
            'name' => 'Microsoft',
            'image' => 'https://www.microsoft.com/favicon.ico',
-            'behaviour' => issuer::BEHAVIOUR_MICROSOFT,
-            'baseurl' => 'http://login.microsoftonline.com/common/oauth2/v2.0/',
-            'clientid' => '',
            'loginscopes' => 'openid profile email user.read',
            'loginscopesoffline' => 'openid profile email user.read offline_access',
-            'clientsecret' => '',
            'showonloginpage' => true
        ];

@ -122,6 +162,18 @@ class api {
            $userfieldmapping = new user_field_mapping(0, $record);
            $userfieldmapping->create();
        }
+    }
+
+    /**
+     * Called from install.php and upgrade.php - install the default list of issuers
+     * @return int The number of issuers installed.
+     */
+    public static function install_default_issuers() {
+        // Setup default list of identity issuers.
+        self::create_google();
+        self::create_microsoft();
+        self::create_facebook();
+
        return issuer::count_records();
    }

@ -175,7 +227,7 @@ class api {
    }

    /**
-     * If the behaviour supports discovery for this issuer, try and determine the list of valid endpoints.
+     * If the discovery endpoint exists for this issuer, try and determine the list of valid endpoints.
     *
     * @param issuer $issuer
     * @return int The number of discovered services.
@ -183,7 +235,7 @@ class api {
    protected static function discover_endpoints($issuer) {
        $curl = new curl();

-        if ($issuer->get('behaviour') != issuer::BEHAVIOUR_OPENID_CONNECT) {
+        if (empty($issuer->get('baseurl'))) {
            return 0;
        }

@ -192,7 +244,7 @@ class api {
            $url = $issuer->get('baseurl') . '/.well-known/openid-configuration';
        }

-        if (!$json = $curl->get($issuer->get_endpoint_url('discovery'))) {
+        if (!$json = $curl->get($url)) {
            $msg = 'Could not discover end points for identity issuer' . $issuer->get('name');
            throw new moodle_exception($msg);
        }
@ -231,6 +283,9 @@ class api {
        }

        // We got to here - must be a decent OpenID connect service. Add the default user field mapping list.
+        foreach (user_field_mapping::get_records(['issuerid' => $issuer->get('id')]) as $userfieldmapping) {
+            $userfieldmapping->delete();
+        }

        // Create the field mappings.
        $mapping = [
--- a/lib/classes/oauth2/issuer.php
+++ b/lib/classes/oauth2/issuer.php
@ -37,10 +37,6 @@ class issuer extends persistent {

    const TABLE = 'oauth2_issuer';

-    const BEHAVIOUR_OPENID_CONNECT = 'Open ID Connect';
-    const BEHAVIOUR_MICROSOFT = 'Microsoft OAuth 2.0';
-    const BEHAVIOUR_OAUTH2 = 'OAuth 2.0';
-
    /**
     * Return the definition of the properties of this model.
     *
@ -57,18 +53,16 @@ class issuer extends persistent {
                'default' => null
            ),
            'clientid' => array(
-                'type' => PARAM_RAW
+                'type' => PARAM_RAW,
+                'default' => ''
            ),
            'clientsecret' => array(
-                'type' => PARAM_RAW
-            ),
-            'behaviour' => array(
-                'type' => PARAM_NOTAGS,
-                'choices' => array(self::BEHAVIOUR_OPENID_CONNECT, self::BEHAVIOUR_MICROSOFT, self::BEHAVIOUR_OAUTH2),
-                'default' => self::BEHAVIOUR_OPENID_CONNECT
+                'type' => PARAM_RAW,
+                'default' => ''
            ),
            'baseurl' => array(
-                'type' => PARAM_URL
+                'type' => PARAM_URL,
+                'null' => NULL_ALLOWED,
            ),
            'showonloginpage' => array(
                'type' => PARAM_BOOL,
@ -115,27 +109,11 @@ class issuer extends persistent {
    }

    public function is_authentication_supported() {
-        $supportedloginbehaviours = [
-            self::BEHAVIOUR_OPENID_CONNECT,
-            self::BEHAVIOUR_MICROSOFT,
-        ];
-        return in_array($this->get('behaviour'), $supportedloginbehaviours);
+        return (!empty($this->get_endpoint_url('userinfo')));
    }

    public function is_system_account_setup_supported() {
-        $supportedsystemaccountbehaviours = [
-            self::BEHAVIOUR_OPENID_CONNECT,
-            self::BEHAVIOUR_MICROSOFT,
-        ];
-        return in_array($this->get('behaviour'), $supportedsystemaccountbehaviours);
-    }
-
-    public function get_behaviour_list() {
-        return [
-            self::BEHAVIOUR_OPENID_CONNECT => self::BEHAVIOUR_OPENID_CONNECT,
-            self::BEHAVIOUR_OAUTH2 => self::BEHAVIOUR_OAUTH2,
-            self::BEHAVIOUR_MICROSOFT => self::BEHAVIOUR_MICROSOFT
-        ];
+        return true;
    }

    public function is_system_account_connected() {
--- a/lib/db/install.xml
+++ b/lib/db/install.xml
@ -3493,7 +3493,6 @@
        <FIELD NAME="loginscopesoffline" TYPE="text" NOTNULL="true" DEFAULT="openid profile email" SEQUENCE="false" COMMENT="The scopes requested for a login attempt to generate a refresh token."/>
        <FIELD NAME="loginparams" TYPE="text" NOTNULL="true" DEFAULT="" SEQUENCE="false" COMMENT="Additional parameters sent for a login attempt."/>
        <FIELD NAME="loginparamsoffline" TYPE="text" NOTNULL="true" DEFAULT="openid profile email" SEQUENCE="false" COMMENT="Additional parameters sent for a login attempt to generate a refresh token."/>
-        <FIELD NAME="behaviour" TYPE="char" LENGTH="32" NOTNULL="true" DEFAULT="none" SEQUENCE="false" COMMENT="The type of behaviour for this oauth client."/>
        <FIELD NAME="scopessupported" TYPE="text" NOTNULL="false" SEQUENCE="false" COMMENT="The list of scopes this service supports."/>
        <FIELD NAME="showonloginpage" TYPE="int" LENGTH="2" NOTNULL="true" DEFAULT="1" SEQUENCE="false"/>
        <FIELD NAME="sortorder" TYPE="int" LENGTH="10" NOTNULL="true" SEQUENCE="false" COMMENT="The defined sort order."/>
--- a/lib/db/upgrade.php
+++ b/lib/db/upgrade.php
@ -2630,7 +2630,6 @@ function xmldb_main_upgrade($oldversion) {
        $table->add_field('loginscopesoffline', XMLDB_TYPE_TEXT, null, null, XMLDB_NOTNULL, null, null);
        $table->add_field('loginparams', XMLDB_TYPE_TEXT, null, null, XMLDB_NOTNULL, null, null);
        $table->add_field('loginparamsoffline', XMLDB_TYPE_TEXT, null, null, XMLDB_NOTNULL, null, null);
-        $table->add_field('behaviour', XMLDB_TYPE_CHAR, '32', null, XMLDB_NOTNULL, null, 'none');
        $table->add_field('scopessupported', XMLDB_TYPE_TEXT, null, null, null, null, null);
        $table->add_field('showonloginpage', XMLDB_TYPE_INTEGER, '2', null, XMLDB_NOTNULL, null, '1');
        $table->add_field('sortorder', XMLDB_TYPE_INTEGER, '10', null, XMLDB_NOTNULL, null, null);