Moodle APIs
3.8
Moodle 3.8.6 (Build: 20201109)
|
Moodle Network authentication plugin. More...
Public Member Functions | |
__construct () | |
Constructor. | |
auth_plugin_mnet () | |
Old syntax of class constructor. More... | |
can_be_manually_set () | |
Returns whether or not this authentication plugin can be manually set for users, for example, when bulk uploading users. More... | |
can_change_password () | |
Returns true if this authentication plugin can change the user's password. More... | |
can_confirm () | |
Returns true if plugin allows confirming of new users. More... | |
can_edit_profile () | |
Returns true if this authentication plugin can edit the users' profile. More... | |
can_login_remotely ($username, $mnethostid) | |
Checks the MNET access control table to see if the username/mnethost is permitted to login to this moodle. More... | |
can_reset_password () | |
Returns true if plugin allows resetting of internal password. More... | |
can_signup () | |
Returns true if plugin allows resetting of internal password. More... | |
change_password_url () | |
Returns the URL for changing the user's pw, or false if the default can be used. More... | |
config_form ($config, $err, $user_fields) | |
Prints a form for configuring this authentication plugin. More... | |
confirm_mnet_session ($token, $remotepeer) | |
This function confirms the remote (ID provider) host's mnet session by communicating the token and UA over the XMLRPC transport layer, and returns the local user record on success. More... | |
edit_profile_url () | |
Returns the URL for editing the users' profile, or empty if the default URL can be used. More... | |
end_local_sessions (&$sessionArray) | |
To delete a host, we must delete all current sessions that users from that host are currently engaged in. More... | |
fetch_theme_info () | |
Returns the theme information and logo url as strings. More... | |
fetch_user_image ($username) | |
Returns the user's profile image info. More... | |
generate_token () | |
Generate a random string for use as an RPC session token. | |
get_custom_user_profile_fields () | |
Return custom user profile fields. More... | |
get_description () | |
Get the auth description (from core or own auth lang files) More... | |
get_password_change_info (stdClass $user) | |
Returns information on how the specified user can change their password. More... | |
get_title () | |
Return the properly translated human-friendly title of this auth plugin. More... | |
get_userinfo ($username) | |
Read user information from external database and returns it as array(). More... | |
has_service ($mnethostid, $servicename) | |
Determines if an MNET host is providing the nominated service. More... | |
ignore_timeout_hook ($user, $sid, $timecreated, $timemodified) | |
Hook called before timing out of database session. More... | |
is_captcha_enabled () | |
Returns whether or not the captcha element is enabled. More... | |
is_configured () | |
Returns false if this plugin is enabled but not configured. More... | |
is_internal () | |
Returns true if this authentication plugin is 'internal'. More... | |
is_synchronised_with_external () | |
Indicates if moodle should automatically update internal user records with data from external sources using the information from get_userinfo() method. More... | |
keepalive_client () | |
Poll the IdP server to let it know that a user it has authenticated is still online. More... | |
keepalive_server ($array) | |
Receives an array of usernames from a remote machine and prods their sessions to keep them alive. More... | |
kill_child ($username, $useragent) | |
When the IdP requests that child sessions are terminated, this function will be called on each of the child hosts. More... | |
kill_children ($username, $useragent) | |
The IdP uses this function to kill child sessions on other hosts. More... | |
kill_parent ($username, $useragent) | |
The SP uses this function to kill the session on the parent IdP. More... | |
object | loginpage_hook () |
Hook for overriding behaviour of login page. More... | |
loginpage_idp_list ($wantsurl) | |
Returns a list of MNet IdPs that the user can roam from. More... | |
logoutpage_hook () | |
Hook for overriding behaviour of logout page. More... | |
password_expire ($username) | |
return number of days to user password expires More... | |
postlogout_hook ($user) | |
Post logout hook. More... | |
pre_loginpage_hook () | |
Hook for overriding behaviour before going to the login page. More... | |
pre_user_login_hook (&$user) | |
Pre user_login hook. More... | |
prelogout_hook () | |
Cleanup any remote mnet_sessions, kill the local mnet_session data. More... | |
prevent_local_passwords () | |
Indicates if password hashes should be stored in local moodle database. More... | |
process_config ($config) | |
Processes and stores configuration data for this authentication plugin. More... | |
refresh_log ($array) | |
Receives an array of log entries from an SP and adds them to the mnet_log table. More... | |
signup_form () | |
Return a form to capture user details for account creation. More... | |
start_jump_session ($mnethostid, $wantsurl, $wantsurlbackhere=false) | |
Starts an RPC jump session and returns the jump redirect URL. More... | |
sync_roles ($user) | |
Sync roles for this user - usually creator. More... | |
test_settings () | |
Test if settings are correct, print info to output. | |
trim_logline ($logline) | |
Trims a log line from mnet peer to limit each part to a length which can be stored in our DB. More... | |
update_enrolments ($username, $courses) | |
Invoke this function on the IDP to update it with enrolment info local to the SP right after calling user_authorise() More... | |
update_mnet_session ($user, $token, $remotepeer) | |
creates (or updates) the mnet session once { More... | |
user_authenticated_hook (&$user, $username, $password) | |
Post authentication hook. More... | |
user_authorise ($token, $useragent) | |
Return user data for the provided token, compare with user_agent string. More... | |
user_confirm ($username, $confirmsecret) | |
Confirm the new user as registered. More... | |
user_delete ($olduser) | |
User delete requested - internal user record is mared as deleted already, username not present anymore. More... | |
user_exists ($username) | |
Checks if user exists in external db. More... | |
user_login ($username, $password) | |
This function is normally used to determine if the username and password are correct for local logins. More... | |
user_signup ($user, $notify=true) | |
Sign up a new user ready for confirmation. More... | |
user_update ($olduser, $newuser) | |
Called when the user record is updated. More... | |
user_update_password ($user, $newpassword) | |
Updates the user's password. More... | |
validate_form ($form, &$err) | |
A chance to validate form data, and last chance to do stuff before it is inserted in config_plugin. More... | |
Static Public Member Functions | |
static | get_identity_providers ($authsequence) |
Return the list of enabled identity providers. More... | |
static | prepare_identity_providers_for_output ($identityproviders, renderer_base $output) |
Prepare a list of identity providers for output. More... | |
Public Attributes | |
string | $authtype |
Authentication plugin type - the same as db field. | |
object | $config |
The configuration details for the plugin. | |
array | $userfields = core_user::AUTHSYNCFIELDS |
Protected Member Functions | |
update_user_record ($username, $updatekeys=false, $triggerevent=false, $suspenduser=false) | |
Update a local user record from an external source. More... | |
Protected Attributes | |
string | $errorlogtag = '' |
The tag we want to prepend to any error log messages. | |
Moodle Network authentication plugin.
auth_plugin_mnet::auth_plugin_mnet | ( | ) |
|
inherited |
Returns whether or not this authentication plugin can be manually set for users, for example, when bulk uploading users.
This should be overriden by authentication plugins where setting the authentication method manually is allowed.
bool |
Reimplemented in auth_oauth2\auth, auth_plugin_none, auth_plugin_nologin, auth_plugin_manual, auth_plugin_ldap, and auth_plugin_email.
auth_plugin_mnet::can_change_password | ( | ) |
Returns true if this authentication plugin can change the user's password.
bool |
Reimplemented from auth_plugin_base.
|
inherited |
Returns true if plugin allows confirming of new users.
bool |
Reimplemented in auth_plugin_ldap, and auth_plugin_email.
|
inherited |
Returns true if this authentication plugin can edit the users' profile.
bool |
auth_plugin_mnet::can_login_remotely | ( | $username, | |
$mnethostid | |||
) |
Checks the MNET access control table to see if the username/mnethost is permitted to login to this moodle.
string | $username | The username |
int | $mnethostid | The id of the remote mnethost |
bool | Whether the user can login from the remote host |
|
inherited |
Returns true if plugin allows resetting of internal password.
bool |
Reimplemented in auth_plugin_webservice, auth_oauth2\auth, auth_plugin_none, auth_plugin_nologin, auth_plugin_manual, auth_plugin_ldap, auth_plugin_email, and auth_plugin_db.
|
inherited |
Returns true if plugin allows resetting of internal password.
bool |
Reimplemented in auth_plugin_ldap, and auth_plugin_email.
auth_plugin_mnet::change_password_url | ( | ) |
Returns the URL for changing the user's pw, or false if the default can be used.
moodle_url |
Reimplemented from auth_plugin_base.
|
inherited |
Prints a form for configuring this authentication plugin.
This function is called from admin/auth.php, and outputs a full page with a form for configuring this plugin.
object | $config | |
object | $err | |
array | $user_fields |
auth_plugin_mnet::confirm_mnet_session | ( | $token, | |
$remotepeer | |||
) |
This function confirms the remote (ID provider) host's mnet session by communicating the token and UA over the XMLRPC transport layer, and returns the local user record on success.
string | $token | The random session token. |
mnet_peer | $remotepeer | The ID provider mnet_peer object. |
array | The local user record. |
|
inherited |
Returns the URL for editing the users' profile, or empty if the default URL can be used.
This method is used if can_edit_profile() returns true. This method is called only when user is logged in, it may use global $USER.
moodle_url | url of the profile page or null if standard used |
auth_plugin_mnet::end_local_sessions | ( | & | $sessionArray | ) |
To delete a host, we must delete all current sessions that users from that host are currently engaged in.
string | $sessionidarray | An array of session hashes |
bool | True on success |
auth_plugin_mnet::fetch_theme_info | ( | ) |
Returns the theme information and logo url as strings.
string | The theme info |
auth_plugin_mnet::fetch_user_image | ( | $username | ) |
Returns the user's profile image info.
If the user exists and has a profile picture, the returned array will contain keys: f1 - the content of the default 100x100px image f1_mimetype - the mimetype of the f1 file f2 - the content of the 35x35px variant of the image f2_mimetype - the mimetype of the f2 file
The mimetype information was added in Moodle 2.0. In Moodle 1.x, images are always jpegs.
int | $username | The id of the user |
false|array | false if user not found, empty array if no picture exists, array with data otherwise |
|
inherited |
Return custom user profile fields.
array | list of custom fields. |
|
inherited |
Get the auth description (from core or own auth lang files)
string | The description |
|
staticinherited |
Return the list of enabled identity providers.
Each identity provider data contains the keys url, name and iconurl (or icon). See the documentation of auth_plugin_base::loginpage_idp_list() for detailed description of the returned structure.
array | $authsequence | site's auth sequence (list of auth plugins ordered) |
array | List of arrays describing the identity providers |
|
inherited |
Returns information on how the specified user can change their password.
stdClass | $user | A user object |
string[] | An array of strings with keys subject and message |
Reimplemented in auth_oauth2\auth, and auth_plugin_nologin.
|
inherited |
Return the properly translated human-friendly title of this auth plugin.
|
inherited |
Read user information from external database and returns it as array().
Function should return all information available. If you are saving this information to moodle user-table you should honour synchronisation flags
string | $username | username |
mixed | array with no magic quotes or false on error |
Reimplemented in auth_plugin_shibboleth, auth_oauth2\auth, auth_plugin_ldap, auth_plugin_db, and auth_plugin_cas.
auth_plugin_mnet::has_service | ( | $mnethostid, | |
$servicename | |||
) |
Determines if an MNET host is providing the nominated service.
int | $mnethostid | The id of the remote host |
string | $servicename | The name of the service |
bool | Whether the service is available on the remote host |
|
inherited |
Hook called before timing out of database session.
This is useful for SSO and MNET.
object | $user | |
string | $sid | session id |
int | $timecreated | start of session |
int | $timemodified | user last seen |
bool | true means do not timeout session yet |
|
inherited |
Returns whether or not the captcha element is enabled.
@abstract Implement in child classes
bool |
Reimplemented in auth_plugin_email.
|
inherited |
Returns false if this plugin is enabled but not configured.
bool |
Reimplemented in auth_plugin_db.
auth_plugin_mnet::is_internal | ( | ) |
Returns true if this authentication plugin is 'internal'.
bool |
Reimplemented from auth_plugin_base.
|
inherited |
Indicates if moodle should automatically update internal user records with data from external sources using the information from get_userinfo() method.
bool | true means automatically copy data from ext to user table |
Reimplemented in auth_oauth2\auth, and auth_plugin_db.
auth_plugin_mnet::keepalive_client | ( | ) |
Poll the IdP server to let it know that a user it has authenticated is still online.
void |
auth_plugin_mnet::keepalive_server | ( | $array | ) |
Receives an array of usernames from a remote machine and prods their sessions to keep them alive.
array | $array | An array of usernames |
string | "All ok" or an error message |
auth_plugin_mnet::kill_child | ( | $username, | |
$useragent | |||
) |
When the IdP requests that child sessions are terminated, this function will be called on each of the child hosts.
The machine that calls the function (over xmlrpc) provides us with the mnethostid we need.
string | $username | Username for session to kill |
string | $useragent | SHA1 hash of user agent to look for |
bool | True on success |
auth_plugin_mnet::kill_children | ( | $username, | |
$useragent | |||
) |
The IdP uses this function to kill child sessions on other hosts.
string | $username | Username for session to kill |
string | $useragent | SHA1 hash of user agent to look for |
string | A plaintext report of what has happened |
auth_plugin_mnet::kill_parent | ( | $username, | |
$useragent | |||
) |
The SP uses this function to kill the session on the parent IdP.
string | $username | Username for session to kill |
string | $useragent | SHA1 hash of user agent to look for |
string | A plaintext report of what has happened |
|
inherited |
Hook for overriding behaviour of login page.
This method is called from login/index.php page for all enabled auth plugins.
@global object
Reimplemented in auth_plugin_shibboleth, auth_plugin_ldap, and auth_plugin_cas.
auth_plugin_mnet::loginpage_idp_list | ( | $wantsurl | ) |
Returns a list of MNet IdPs that the user can roam from.
string | $wantsurl | The relative url fragment the user wants to get to. |
array | List of arrays with keys url, icon and name. |
Reimplemented from auth_plugin_base.
auth_plugin_mnet::logoutpage_hook | ( | ) |
Hook for overriding behaviour of logout page.
This method is called from login/logout.php page for all enabled auth plugins.
@global string
Reimplemented from auth_plugin_base.
|
inherited |
return number of days to user password expires
If userpassword does not expire it should return 0. If password is already expired it should return negative value.
mixed | $username | username (with system magic quotes) |
integer |
Reimplemented in auth_plugin_manual, and auth_plugin_ldap.
|
inherited |
Post logout hook.
This method is used after moodle logout by auth classes to execute server logout.
stdClass | $user | clone of USER object before the user session was terminated |
Reimplemented in auth_plugin_cas.
|
inherited |
Hook for overriding behaviour before going to the login page.
This method is called from require_login from potentially any page for all enabled auth plugins and gives each plugin a chance to redirect directly to an external login page, or to instantly login a user where possible.
If an auth plugin implements this hook, it must not rely on ONLY this hook in order to work, as there are many ways a user can browse directly to the standard login page. As a general rule in this case you should also implement the loginpage_hook as well.
|
inherited |
Pre user_login hook.
This method is called from authenticate_user_login() right after the user object is generated. This gives the auth plugins an option to make adjustments before the verification process starts.
object | $user | user object, later used for $USER |
auth_plugin_mnet::prelogout_hook | ( | ) |
Cleanup any remote mnet_sessions, kill the local mnet_session data.
This is called by require_logout in moodlelib
void |
Reimplemented from auth_plugin_base.
|
staticinherited |
Prepare a list of identity providers for output.
array | $identityproviders | as returned by self::get_identity_providers() |
renderer_base | $output |
array | the identity providers ready for output |
auth_plugin_mnet::prevent_local_passwords | ( | ) |
Indicates if password hashes should be stored in local moodle database.
bool | true means md5 password hash stored in user table, false means flag 'not_cached' stored there instead |
Reimplemented from auth_plugin_base.
|
inherited |
Processes and stores configuration data for this authentication plugin.
object | object with submitted configuration settings (without system magic quotes) |
auth_plugin_mnet::refresh_log | ( | $array | ) |
Receives an array of log entries from an SP and adds them to the mnet_log table.
array | $array | An array of usernames |
string | "All ok" or an error message |
|
inherited |
Return a form to capture user details for account creation.
This is used in /login/signup.php.
moodle_form | A form which edits a record from the user table. |
auth_plugin_mnet::start_jump_session | ( | $mnethostid, | |
$wantsurl, | |||
$wantsurlbackhere = false |
|||
) |
Starts an RPC jump session and returns the jump redirect URL.
int | $mnethostid | id of the mnet host to jump to |
string | $wantsurl | url to redirect to after the jump (usually on remote system) |
boolean | $wantsurlbackhere | defaults to false, means that the remote system should bounce us back here rather than somewhere inside its wwwroot |
|
inherited |
Sync roles for this user - usually creator.
$user | object user object (without system magic quotes) |
Reimplemented in auth_plugin_ldap.
auth_plugin_mnet::trim_logline | ( | $logline | ) |
Trims a log line from mnet peer to limit each part to a length which can be stored in our DB.
object | $logline | The log information to be trimmed |
object | The passed logline object trimmed to not exceed storable limits |
auth_plugin_mnet::update_enrolments | ( | $username, | |
$courses | |||
) |
Invoke this function on the IDP to update it with enrolment info local to the SP right after calling user_authorise()
Normally called by the SP after calling user_authorise()
string | $username | The username |
array | $courses | Assoc array of courses following the structure of mnetservice_enrol_courses |
bool |
auth_plugin_mnet::update_mnet_session | ( | $user, | |
$token, | |||
$remotepeer | |||
) |
creates (or updates) the mnet session once {
|
protectedinherited |
Update a local user record from an external source.
This is a lighter version of the one in moodlelib – won't do expensive ops such as enrolment.
string | $username | username |
array | $updatekeys | fields to update, false updates all fields. |
bool | $triggerevent | set false if user_updated event should not be triggered. This will not affect user_password_updated event triggering. |
bool | $suspenduser | Should the user be suspended? |
stdClass|bool | updated user record or false if there is no new info to update. |
|
inherited |
Post authentication hook.
This method is called from authenticate_user_login() for all enabled auth plugins.
object | $user | user object, later used for $USER |
string | $username | (with system magic quotes) |
string | $password | plain text password (with system magic quotes) |
auth_plugin_mnet::user_authorise | ( | $token, | |
$useragent | |||
) |
Return user data for the provided token, compare with user_agent string.
string | $token | The unique ID provided by remotehost. |
string | $useragent | User Agent string. |
array::$userdata | Array of user info for remote host |
|
inherited |
Confirm the new user as registered.
string | $username | |
string | $confirmsecret |
Reimplemented in auth_plugin_webservice, auth_plugin_manual, auth_oauth2\auth, auth_plugin_ldap, and auth_plugin_email.
|
inherited |
User delete requested - internal user record is mared as deleted already, username not present anymore.
Do any action in external database.
object | $user | Userobject before delete (without system magic quotes) |
void |
|
inherited |
Checks if user exists in external db.
string | $username | (with system magic quotes) |
bool |
Reimplemented in auth_plugin_ldap, and auth_plugin_db.
auth_plugin_mnet::user_login | ( | $username, | |
$password | |||
) |
This function is normally used to determine if the username and password are correct for local logins.
Always returns false, as local users do not need to login over mnet xmlrpc.
string | $username | The username |
string | $password | The password |
bool | Authentication success or failure. |
Reimplemented from auth_plugin_base.
|
inherited |
Sign up a new user ready for confirmation.
Password is passed in plaintext.
object | $user | new user object |
boolean | $notify | print notice with link and terminate |
Reimplemented in auth_plugin_ldap, and auth_plugin_email.
|
inherited |
Called when the user record is updated.
Modifies user in external database. It takes olduser (before changes) and newuser (after changes) compares information saved modified information to external db.
mixed | $olduser | Userobject before modifications (without system magic quotes) |
mixed | $newuser | Userobject new modified userobject (without system magic quotes) |
boolean | true if updated or update ignored; false if error |
Reimplemented in auth_plugin_ldap, and auth_plugin_db.
|
inherited |
Updates the user's password.
In previous versions of Moodle, the function auth_user_update_password accepted a username as the first parameter. The revised function expects a user object.
object | $user | User table object |
string | $newpassword | Plaintext password |
bool | True on success |
Reimplemented in auth_plugin_webservice, auth_plugin_none, auth_plugin_nologin, auth_plugin_manual, auth_plugin_ldap, auth_plugin_email, and auth_plugin_db.
|
inherited |
A chance to validate form data, and last chance to do stuff before it is inserted in config_plugin.
object | object with submitted configuration settings (without system magic quotes) | |
array | $err | array of error messages |