Moodle APIs 3.9
Moodle 3.9.13+ (Build: 20220325)
Public Member Functions | Static Public Member Functions | Public Attributes | Protected Member Functions | Protected Attributes | List of all members
auth_plugin_lti Class Reference

LTI Authentication plugin. More...

Inheritance diagram for auth_plugin_lti:
auth_plugin_base

Public Member Functions

 __construct ()
 Constructor.
 
 can_be_manually_set ()
 Returns whether or not this authentication plugin can be manually set for users, for example, when bulk uploading users. More...
 
 can_change_password ()
 Returns true if this authentication plugin can change the users' password. More...
 
 can_confirm ()
 Returns true if plugin allows confirming of new users. More...
 
 can_edit_profile ()
 Returns true if this authentication plugin can edit the users' profile. More...
 
 can_reset_password ()
 Returns true if plugin allows resetting of internal password. More...
 
 can_signup ()
 Returns true if plugin allows resetting of internal password. More...
 
 change_password_url ()
 Returns the URL for changing the users' passwords, or empty if the default URL can be used. More...
 
 config_form ($config, $err, $user_fields)
 Prints a form for configuring this authentication plugin. More...
 
 edit_profile_url ()
 Returns the URL for editing the users' profile, or empty if the default URL can be used. More...
 
 get_custom_user_profile_fields ()
 Return custom user profile fields. More...
 
 get_description ()
 Get the auth description (from core or own auth lang files) More...
 
 get_password_change_info (stdClass $user)
 Returns information on how the specified user can change their password. More...
 
 get_title ()
 Return the properly translated human-friendly title of this auth plugin. More...
 
 get_userinfo ($username)
 Read user information from external database and returns it as array(). More...
 
 ignore_timeout_hook ($user, $sid, $timecreated, $timemodified)
 Hook called before timing out of database session. More...
 
 is_captcha_enabled ()
 Returns whether or not the captcha element is enabled. More...
 
 is_configured ()
 Returns false if this plugin is enabled but not configured. More...
 
 is_internal ()
 Returns true if this authentication plugin is "internal". More...
 
 is_synchronised_with_external ()
 Indicates if moodle should automatically update internal user records with data from external sources using the information from get_userinfo() method. More...
 
object loginpage_hook ()
 Hook for overriding behaviour of login page. More...
 
 loginpage_idp_list ($wantsurl)
 Returns a list of potential IdPs that this authentication plugin supports. More...
 
object logoutpage_hook ()
 Hook for overriding behaviour of logout page. More...
 
 password_expire ($username)
 return number of days to user password expires More...
 
 postlogout_hook ($user)
 Post logout hook. More...
 
 pre_loginpage_hook ()
 Hook for overriding behaviour before going to the login page. More...
 
 pre_user_login_hook (&$user)
 Pre user_login hook. More...
 
object prelogout_hook ()
 Pre logout hook. More...
 
 prevent_local_passwords ()
 Indicates if password hashes should be stored in local moodle database. More...
 
 process_config ($config)
 Processes and stores configuration data for this authentication plugin. More...
 
 signup_form ()
 Return a form to capture user details for account creation. More...
 
 sync_roles ($user)
 Sync roles for this user - usually creator. More...
 
 user_authenticated_hook (&$user, $username, $password)
 Post authentication hook. More...
 
 user_confirm ($username, $confirmsecret)
 Confirm the new user as registered. More...
 
 user_delete ($olduser)
 User delete requested - internal user record is mared as deleted already, username not present anymore. More...
 
 user_exists ($username)
 Checks if user exists in external db. More...
 
 user_login ($username, $password)
 Users can not log in via the traditional login form. More...
 
 user_signup ($user, $notify=true)
 Sign up a new user ready for confirmation. More...
 
 user_update ($olduser, $newuser)
 Called when the user record is updated. More...
 
 user_update_password ($user, $newpassword)
 Updates the user's password. More...
 
 validate_form ($form, &$err)
 A chance to validate form data, and last chance to do stuff before it is inserted in config_plugin. More...
 

Static Public Member Functions

static get_identity_providers ($authsequence)
 Return the list of enabled identity providers. More...
 
static prepare_identity_providers_for_output ($identityproviders, renderer_base $output)
 Prepare a list of identity providers for output. More...
 

Public Attributes

string $authtype
 Authentication plugin type - the same as db field.
 
object $config
 The configuration details for the plugin.
 
array $userfields = core_user::AUTHSYNCFIELDS
 

Protected Member Functions

 update_user_record ($username, $updatekeys=false, $triggerevent=false, $suspenduser=false)
 Update a local user record from an external source. More...
 

Protected Attributes

string $errorlogtag = ''
 The tag we want to prepend to any error log messages.
 

Detailed Description

LTI Authentication plugin.

License
http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later

Member Function Documentation

◆ can_be_manually_set()

auth_plugin_base::can_be_manually_set ( )
inherited

Returns whether or not this authentication plugin can be manually set for users, for example, when bulk uploading users.

This should be overriden by authentication plugins where setting the authentication method manually is allowed.

Return values
bool
Since
Moodle 2.6

Reimplemented in auth_plugin_email, auth_plugin_ldap, auth_plugin_manual, auth_plugin_nologin, auth_plugin_none, and auth_oauth2\auth.

◆ can_change_password()

auth_plugin_base::can_change_password ( )
inherited

Returns true if this authentication plugin can change the users' password.

Return values
bool

Reimplemented in auth_plugin_cas, auth_plugin_db, auth_plugin_email, auth_plugin_ldap, auth_plugin_manual, auth_plugin_mnet, auth_plugin_nologin, auth_plugin_none, auth_oauth2\auth, auth_plugin_shibboleth, and auth_plugin_webservice.

◆ can_confirm()

auth_plugin_base::can_confirm ( )
inherited

Returns true if plugin allows confirming of new users.

Return values
bool

Reimplemented in auth_plugin_email, and auth_plugin_ldap.

◆ can_edit_profile()

auth_plugin_base::can_edit_profile ( )
inherited

Returns true if this authentication plugin can edit the users' profile.

Return values
bool

◆ can_reset_password()

auth_plugin_base::can_reset_password ( )
inherited

Returns true if plugin allows resetting of internal password.

Return values
bool

Reimplemented in auth_plugin_db, auth_plugin_email, auth_plugin_ldap, auth_plugin_manual, auth_plugin_nologin, auth_plugin_none, auth_oauth2\auth, and auth_plugin_webservice.

◆ can_signup()

auth_plugin_base::can_signup ( )
inherited

Returns true if plugin allows resetting of internal password.

Return values
bool

Reimplemented in auth_plugin_email, and auth_plugin_ldap.

◆ change_password_url()

auth_plugin_base::change_password_url ( )
inherited

Returns the URL for changing the users' passwords, or empty if the default URL can be used.

This method is used if can_change_password() returns true. This method is called only when user is logged in, it may use global $USER. If you are using a plugin config variable in this method, please make sure it is set before using it, as this method can be called even if the plugin is disabled, in which case the config values won't be set.

Return values
moodle_urlurl of the profile page or null if standard used

Reimplemented in auth_plugin_cas, auth_plugin_db, auth_plugin_email, auth_plugin_ldap, auth_plugin_manual, auth_plugin_mnet, auth_plugin_none, auth_oauth2\auth, auth_plugin_shibboleth, and auth_plugin_webservice.

◆ config_form()

auth_plugin_base::config_form (   $config,
  $err,
  $user_fields 
)
inherited

Prints a form for configuring this authentication plugin.

This function is called from admin/auth.php, and outputs a full page with a form for configuring this plugin.

Parameters
object$config
object$err
array$user_fields
Deprecated:
since Moodle 3.3

◆ edit_profile_url()

auth_plugin_base::edit_profile_url ( )
inherited

Returns the URL for editing the users' profile, or empty if the default URL can be used.

This method is used if can_edit_profile() returns true. This method is called only when user is logged in, it may use global $USER.

Return values
moodle_urlurl of the profile page or null if standard used

◆ get_custom_user_profile_fields()

auth_plugin_base::get_custom_user_profile_fields ( )
inherited

Return custom user profile fields.

Return values
arraylist of custom fields.

◆ get_description()

auth_plugin_base::get_description ( )
inherited

Get the auth description (from core or own auth lang files)

Return values
stringThe description

◆ get_identity_providers()

static auth_plugin_base::get_identity_providers (   $authsequence)
staticinherited

Return the list of enabled identity providers.

Each identity provider data contains the keys url, name and iconurl (or icon). See the documentation of auth_plugin_base::loginpage_idp_list() for detailed description of the returned structure.

Parameters
array$authsequencesite's auth sequence (list of auth plugins ordered)
Return values
arrayList of arrays describing the identity providers

◆ get_password_change_info()

auth_plugin_base::get_password_change_info ( stdClass  $user)
inherited

Returns information on how the specified user can change their password.

Parameters
stdClass$userA user object
Return values
string[]An array of strings with keys subject and message

Reimplemented in auth_plugin_nologin, and auth_oauth2\auth.

◆ get_title()

auth_plugin_base::get_title ( )
inherited

Return the properly translated human-friendly title of this auth plugin.

Todo:
Document this function

◆ get_userinfo()

auth_plugin_base::get_userinfo (   $username)
inherited

Read user information from external database and returns it as array().

Function should return all information available. If you are saving this information to moodle user-table you should honour synchronisation flags

Parameters
string$usernameusername
Return values
mixedarray with no magic quotes or false on error

Reimplemented in auth_plugin_cas, auth_plugin_db, auth_plugin_ldap, auth_oauth2\auth, and auth_plugin_shibboleth.

◆ ignore_timeout_hook()

auth_plugin_base::ignore_timeout_hook (   $user,
  $sid,
  $timecreated,
  $timemodified 
)
inherited

Hook called before timing out of database session.

This is useful for SSO and MNET.

Parameters
object$user
string$sidsession id
int$timecreatedstart of session
int$timemodifieduser last seen
Return values
booltrue means do not timeout session yet

◆ is_captcha_enabled()

auth_plugin_base::is_captcha_enabled ( )
inherited

Returns whether or not the captcha element is enabled.

@abstract Implement in child classes

Return values
bool

Reimplemented in auth_plugin_email.

◆ is_configured()

auth_plugin_base::is_configured ( )
inherited

Returns false if this plugin is enabled but not configured.

Return values
bool

Reimplemented in auth_plugin_db.

◆ is_internal()

auth_plugin_base::is_internal ( )
inherited

Returns true if this authentication plugin is "internal".

Internal plugins use password hashes from Moodle user table for authentication.

Return values
bool

Reimplemented in auth_plugin_cas, auth_plugin_db, auth_plugin_email, auth_plugin_ldap, auth_plugin_manual, auth_plugin_mnet, auth_plugin_nologin, auth_plugin_none, auth_oauth2\auth, auth_plugin_shibboleth, and auth_plugin_webservice.

◆ is_synchronised_with_external()

auth_plugin_base::is_synchronised_with_external ( )
inherited

Indicates if moodle should automatically update internal user records with data from external sources using the information from get_userinfo() method.

Return values
booltrue means automatically copy data from ext to user table

Reimplemented in auth_plugin_db, and auth_oauth2\auth.

◆ loginpage_hook()

object auth_plugin_base::loginpage_hook ( )
inherited

Hook for overriding behaviour of login page.

This method is called from login/index.php page for all enabled auth plugins.

@global object

Reimplemented in auth_plugin_cas, auth_plugin_ldap, and auth_plugin_shibboleth.

◆ loginpage_idp_list()

auth_plugin_base::loginpage_idp_list (   $wantsurl)
inherited

Returns a list of potential IdPs that this authentication plugin supports.

This is used to provide links on the login page and the login block.

The parameter $wantsurl is typically used by the plugin to implement a return-url feature.

The returned value is expected to be a list of associative arrays with string keys:

  • url => (moodle_url|string) URL of the page to send the user to for authentication
  • name => (string) Human readable name of the IdP
  • iconurl => (moodle_url|string) URL of the icon representing the IdP (since Moodle 3.3)

For legacy reasons, pre-3.3 plugins can provide the icon via the key:

  • icon => (pix_icon) Icon representing the IdP
Parameters
string$wantsurlThe relative url fragment the user wants to get to.
Return values
arrayList of associative arrays with keys url, name, iconurl|icon

Reimplemented in auth_plugin_cas, auth_plugin_mnet, auth_oauth2\auth, and auth_plugin_shibboleth.

◆ logoutpage_hook()

object auth_plugin_base::logoutpage_hook ( )
inherited

Hook for overriding behaviour of logout page.

This method is called from login/logout.php page for all enabled auth plugins.

@global string

Reimplemented in auth_plugin_cas, auth_plugin_mnet, and auth_plugin_shibboleth.

◆ password_expire()

auth_plugin_base::password_expire (   $username)
inherited

return number of days to user password expires

If userpassword does not expire it should return 0. If password is already expired it should return negative value.

Parameters
mixed$usernameusername (with system magic quotes)
Return values
integer

Reimplemented in auth_plugin_ldap, and auth_plugin_manual.

◆ postlogout_hook()

auth_plugin_base::postlogout_hook (   $user)
inherited

Post logout hook.

This method is used after moodle logout by auth classes to execute server logout.

Parameters
stdClass$userclone of USER object before the user session was terminated

Reimplemented in auth_plugin_cas.

◆ pre_loginpage_hook()

auth_plugin_base::pre_loginpage_hook ( )
inherited

Hook for overriding behaviour before going to the login page.

This method is called from require_login from potentially any page for all enabled auth plugins and gives each plugin a chance to redirect directly to an external login page, or to instantly login a user where possible.

If an auth plugin implements this hook, it must not rely on ONLY this hook in order to work, as there are many ways a user can browse directly to the standard login page. As a general rule in this case you should also implement the loginpage_hook as well.

◆ pre_user_login_hook()

auth_plugin_base::pre_user_login_hook ( $user)
inherited

Pre user_login hook.

This method is called from authenticate_user_login() right after the user object is generated. This gives the auth plugins an option to make adjustments before the verification process starts.

Parameters
object$useruser object, later used for $USER

◆ prelogout_hook()

object auth_plugin_base::prelogout_hook ( )
inherited

Pre logout hook.

This method is called from require_logout() for all enabled auth plugins,

Reimplemented in auth_plugin_mnet.

◆ prepare_identity_providers_for_output()

static auth_plugin_base::prepare_identity_providers_for_output (   $identityproviders,
renderer_base  $output 
)
staticinherited

Prepare a list of identity providers for output.

Parameters
array$identityprovidersas returned by self::get_identity_providers()
renderer_base$output
Return values
arraythe identity providers ready for output

◆ prevent_local_passwords()

auth_plugin_base::prevent_local_passwords ( )
inherited

Indicates if password hashes should be stored in local moodle database.

Return values
booltrue means md5 password hash stored in user table, false means flag 'not_cached' stored there instead

Reimplemented in auth_plugin_cas, auth_plugin_db, auth_plugin_email, auth_plugin_ldap, auth_plugin_manual, auth_plugin_mnet, auth_plugin_nologin, auth_plugin_none, auth_oauth2\auth, and auth_plugin_shibboleth.

◆ process_config()

auth_plugin_base::process_config (   $config)
inherited

Processes and stores configuration data for this authentication plugin.

Parameters
objectobject with submitted configuration settings (without system magic quotes)
Deprecated:
since Moodle 3.3

◆ signup_form()

auth_plugin_base::signup_form ( )
inherited

Return a form to capture user details for account creation.

This is used in /login/signup.php.

Return values
moodle_formA form which edits a record from the user table.

◆ sync_roles()

auth_plugin_base::sync_roles (   $user)
inherited

Sync roles for this user - usually creator.

Parameters
$userobject user object (without system magic quotes)

Reimplemented in auth_plugin_ldap.

◆ update_user_record()

auth_plugin_base::update_user_record (   $username,
  $updatekeys = false,
  $triggerevent = false,
  $suspenduser = false 
)
protectedinherited

Update a local user record from an external source.

This is a lighter version of the one in moodlelib – won't do expensive ops such as enrolment.

Parameters
string$usernameusername
array$updatekeysfields to update, false updates all fields.
bool$triggereventset false if user_updated event should not be triggered. This will not affect user_password_updated event triggering.
bool$suspenduserShould the user be suspended?
Return values
stdClass|boolupdated user record or false if there is no new info to update.

◆ user_authenticated_hook()

auth_plugin_base::user_authenticated_hook ( $user,
  $username,
  $password 
)
inherited

Post authentication hook.

This method is called from authenticate_user_login() for all enabled auth plugins.

Parameters
object$useruser object, later used for $USER
string$username(with system magic quotes)
string$passwordplain text password (with system magic quotes)

◆ user_confirm()

auth_plugin_base::user_confirm (   $username,
  $confirmsecret 
)
inherited

Confirm the new user as registered.

Parameters
string$username
string$confirmsecret

Reimplemented in auth_plugin_email, auth_plugin_ldap, auth_oauth2\auth, auth_plugin_manual, and auth_plugin_webservice.

◆ user_delete()

auth_plugin_base::user_delete (   $olduser)
inherited

User delete requested - internal user record is mared as deleted already, username not present anymore.

Do any action in external database.

Parameters
object$userUserobject before delete (without system magic quotes)
Return values
void

◆ user_exists()

auth_plugin_base::user_exists (   $username)
inherited

Checks if user exists in external db.

Parameters
string$username(with system magic quotes)
Return values
bool

Reimplemented in auth_plugin_db, and auth_plugin_ldap.

◆ user_login()

auth_plugin_lti::user_login (   $username,
  $password 
)

Users can not log in via the traditional login form.

Parameters
string$usernameThe username
string$passwordThe password
Return values
boolAuthentication success or failure

Reimplemented from auth_plugin_base.

◆ user_signup()

auth_plugin_base::user_signup (   $user,
  $notify = true 
)
inherited

Sign up a new user ready for confirmation.

Password is passed in plaintext.

Parameters
object$usernew user object
boolean$notifyprint notice with link and terminate

Reimplemented in auth_plugin_email, and auth_plugin_ldap.

◆ user_update()

auth_plugin_base::user_update (   $olduser,
  $newuser 
)
inherited

Called when the user record is updated.

Modifies user in external database. It takes olduser (before changes) and newuser (after changes) compares information saved modified information to external db.

Parameters
mixed$olduserUserobject before modifications (without system magic quotes)
mixed$newuserUserobject new modified userobject (without system magic quotes)
Return values
booleantrue if updated or update ignored; false if error

Reimplemented in auth_plugin_db, and auth_plugin_ldap.

◆ user_update_password()

auth_plugin_base::user_update_password (   $user,
  $newpassword 
)
inherited

Updates the user's password.

In previous versions of Moodle, the function auth_user_update_password accepted a username as the first parameter. The revised function expects a user object.

Parameters
object$userUser table object
string$newpasswordPlaintext password
Return values
boolTrue on success

Reimplemented in auth_plugin_db, auth_plugin_email, auth_plugin_ldap, auth_plugin_manual, auth_plugin_nologin, auth_plugin_none, and auth_plugin_webservice.

◆ validate_form()

auth_plugin_base::validate_form (   $form,
$err 
)
inherited

A chance to validate form data, and last chance to do stuff before it is inserted in config_plugin.

Parameters
objectobject with submitted configuration settings (without system magic quotes)
array$errarray of error messages
Deprecated:
since Moodle 3.3

The documentation for this class was generated from the following file: