Only call user_update_user when the relevant user data has changed,
preventing unnecessary user_updated events. This also removes the
line setting timemodified on the user since user_update_user already
handles this.
If the enrolment instance (the 'published resource') has been upgraded
from LTI 1.1/2.0 to LTI 1.3 (i.e. a new instance was not created),
prevent legacy launches which may occur from old resource links. Only
LTI Advantage launches should be permitted through the method.
If the enrolment method is updated from an LTI 1.1/2.0 tool to an LTI
1.3 tool, it may have associated enrol_lti_users records not having
ltideploymentid values. These are legacy users and must not be returned
by the repository, which deals only with LTI 1.3 LTI users.
As in MDL-74691, we need either or both of these fields, meaning either
one could be omitted. This just supports that as per the fix made in
MDL-74691.
This covers the following cases:
1. Where only the 'lineitem' service endpoint is provided
2. Where only the 'lineitems' service endpoint is provided.
Existing tests already cover the case where both are provided.
If member sync runs before the user launches the tool, a partial record
is created, without consumer secret. Subsequent launches of the tool by
that member don't resolve this and this results in grade sync failing
for any affected users. This patch:
- data fixes the existing affected rows
- fixes the launch code, ensuring secret is recorded on launch,
irrespective of whether the user info record has been created already
or not.
Fixes the enrol_lti_users.consumersecret field for LTI 2.0 users.
This field erroneously contained the tool secret and not the consumer
secret needed for service requests when used with LTI 2.0 consumers,
which resulted in complete grade sync failure for LTI 2.0 consumers.
This patch:
- adds an upgrade step to address existing incorrect secrets for LTI
2.0 launched users. It sets these to the correct consumer secret.
- fixes the way the secret is first set during a launch, ensuring
this->consumer->secret is used, which properly captures either the
tool secret (for 1.1 launches) or the consumer secret (for 2.0
launches).
The lib/lti1p3 library now passes $options['form_params'] instead of
$options['body'] when making access token requests. To maintain the
'application/x-www-form-urlencoded' content-type required by OAuth 2.0
(https://www.rfc-editor.org/rfc/rfc6749#section-4.1.3), the client has
been changed to convert these array params into a body query string,
which matches the behaviour prior to the library upgrade and makes
the tool can continue to call tool platform services. Support for
$options['body'] remains, as this is still used during service calls.
This issue just goes over all the currently incorrect
namespaces in test cases and:
1. Change the namespace to the correct one.
2. Move/rename it to correct location if needed (level 2 and down).
3. Remove not needed MOODLE_INTERNAL check when possible.
4. Remove file phpdoc when the file only has one class.
5. Make small adjustments in case the change of namespace requires it.
Change-Id: Ia169a8c1dae9c6132d40158ac2a3e346dc3f5e1e
Co-authored-by: Sarah Cotton <sarah.cotton@catalyst-eu.net>
Co-authored-by: Mark Johnson <mark.johnson@catalyst-eu.net>
Verify the expected behaviour of the sync_members and sync_grades tasks
when enrolment instances are disabled, whether as a byproduct of module
deletion, or as status change made by the user.
Adds a warning to the 'name' column of the tables, letting teachers know
that the activity exposed by the method has been deleted and what their
options are.
