* get_identity_providers(): Retrieves available auth identity providers
* prepare_identity_providers_for_output(): Prepares auth identity
provider data for output (e.g. to templates, WS, etc)
* Use these helpers for the login renderer
Authentication has a hard coded list of valid internal user fields - but they are in a class variable. We need them
in oauth user_field_mapping so we need to move them to a central place and call them from oauth2 and auth.
Add a hook for auth plugins to be able to modify or check a user, before
raising any authentication errors.
The auth plugin needs to add a public function like this:
/**
* Pre user_login hook.
* This method is called from authenticate_user_login() right after the user
* object is generated. This gives the auth plugins an option to make adjustments
* before the verification process starts.
*
* @param object $user user object, later used for $USER
*/
public function pre_user_login_hook(&$user) {
// Override if needed.
}
This introduces a new hook allowing an auth plugin to redirect to an
external login page directly without redundant redirects to the standard
login page first, or where possible to authenticate the user and simply
continue loading the page without any redirects. For some protocols such
as SAML reducing the number of redirects to the bare minimum greatly
speeds up the login process on high latency networks.
Adding alternate name fields (firstnamephonetic, lastnamephonetic,
middlename, alternatename) to "Lock user fields" for all
authentification plugins. This is needed to sync alternate name fields
with external data sources and to lock them for editing.
List of changes:
* New OOP API using PHP namespace \core\session\.
* All handlers now update the sessions table consistently.
* Experimental DB session support in Oracle.
* Full support for session file handler (filesystem locking required).
* New option for alternative session directory.
* Official memcached session handler support.
* Workaround for memcached version with non-functional gc.
* Improved security - forced session id regeneration.
* Improved compatibility with recent PHP releases.
* Fixed borked CSS during install in debug mode.
* Switched to file based sessions in new installs.
* DB session setting disappears if DB does not support sessions.
* DB session setting disappears if session handler specified in config.php.
* Fast purging of sessions used in request only.
* No legacy distinction - file, database and memcached support the same functionality.
* Session handler name included in performance info.
* Fixed user_loggedin and user_loggedout event triggering.
* Other minor bugfixing and improvements.
* Fixed database session segfault if MUC disposed before $DB.
Limitations:
* Session access time is now updated right after session start.
* Support for $CFG->sessionlockloggedinonly was removed.
* First request does not update userid in sessions table.
* The timeouts may break badly if server hosting forces PHP.ini session settings.
* The session GC is a lot slower, we do not rely on external session timeouts.
* There cannot be any hooks triggered at the session write time.
* File and memcached handlers do not support session lock acquire timeouts.
* Some low level PHP session functions can not be used directly in Moodle code.
generate_email_supportuser was not creating user which can
be used by messaging system. core_user::get_support_user()
should be used to get support_user record.
internal means "uses password hash for user authentication", there is a new is_synchronised_with_external() method that indicates if moodle should automatically sync user info with external system after login; I have also improved the default for prevent_local_passwords() which is now defaulting to !is_internal()
