This patch modifies can_change_password() and adds change_password_url() to allow Shibboleth users to change their password
in case there is an (external) password change URL defined in Moodle. If no such URL is defined, the behaviour is the same
as without the proposed change.
Thanks FH-HWZ.ch for the contribution.
No longer set the return url to $SESSION->wantsurl, it doens't make
sense in this context, as the user is probably on the page they want.
Also add a note about this functionality to auth/ugrade.txt
If there is a required custom field that the user can fill by editing
their profile, and that field is missing, the user should be considered
as not fully set up. Instead, we want to redirect them to edit their
profile first.
There are some exceptions when we want to fall back to the previous
behaviour and check just the name and email fields. These exceptional
cases include checking remote user data in incoming MNet request (no
user id, no custom fields supported) and calls to require_login() with
redirecting disabled (typically ajax filepicker requests on profile
editing page itself).
Additional plugins that call the function user_not_fully_set_up()
themselves, should perform the strict check in most/typical cases. So
the strict mode is enabled by default even if it changes the behaviour
slightly. In improbable case of additional plugins relying on the
previous behaviour of the function, they can use the $strict parameter
and keep performing the lax check. However, I am sure the correct fix in
that case will likely be to stop abusing this function.
Note that custom fields are not currently transferred during the MNet
roaming. So having custom fields configured as required on MNet service
provider site (where users can't edit their profiles) is expected to
display an error (as the site is considered as misconfigured).
dirname() is a slow function compared with __DIR__ and using
'/../'. Moodle has a large number of legacy files that are included
each time a page loads and is not able to use an autoloader as it is
functional code. This allows those required includes to perform as
best as possible in this situation.
Add a hook for auth plugins to be able to modify or check a user, before
raising any authentication errors.
The auth plugin needs to add a public function like this:
/**
* Pre user_login hook.
* This method is called from authenticate_user_login() right after the user
* object is generated. This gives the auth plugins an option to make adjustments
* before the verification process starts.
*
* @param object $user user object, later used for $USER
*/
public function pre_user_login_hook(&$user) {
// Override if needed.
}
This commit replace as much as possible of clean_param and PARAM_ usages related to user object.
Also few unit tests has been changed to match the new validation
