(MDL-8973) Fix OOP model of new multi auth plugins + some other auth …

…related fixes, fixed change_password, ldap updates, etc.; TODO: fix docs

admin/auth.php

@@ -147,7 +147,7 @@
 foreach ($authsenabled as $auth) {
     $authplugin = get_auth_plugin($auth);
     $displayauths[$auth] = get_string("auth_{$auth}title", 'auth');
-    if (method_exists($authplugin, 'user_signup')) {
+    if ($authplugin->can_signup()) {
         $registrationauths[$auth] = get_string("auth_{$auth}title", 'auth');
     }
 }
@@ -158,7 +158,7 @@
     }
     $authplugin = get_auth_plugin($auth);
     $displayauths[$auth] = get_string("auth_{$auth}title", 'auth');
-    if (method_exists($authplugin, 'user_signup')) {
+    if ($authplugin->can_signup()) {
         $registrationauths[$auth] = get_string("auth_{$auth}title", 'auth');
     }
 }

admin/auth_config.php

@@ -19,9 +19,7 @@
         error(get_string('confirmsesskeybad', 'error'));
     }
 
-    if (method_exists($authplugin, 'validate_form')) {
-        $authplugin->validate_form($frm, $err);
-    }
+    $authplugin->validate_form($frm, $err);
 
     if (count($err) == 0) {
 

auth/cas/auth.php

@@ -15,20 +15,18 @@
     die('Direct access to this script is forbidden.');    ///  It must be included from a Moodle page
 }
 
+require_once($CFG->libdir.'/authlib.php');
+
 /**
  * CAS authentication plugin.
  */
-class auth_plugin_cas {
-
-    /**
-     * The configuration details for the plugin.
-     */
-    var $config;
+class auth_plugin_cas extends auth_plugin_base {
 
     /**
      * Constructor.
      */
     function auth_plugin_cas() {
+        $this->authtype = 'cas';
         $this->config = get_config('auth/cas');
     }
 
@@ -222,6 +220,17 @@ function can_change_password() {
         return !empty($this->config->changepasswordurl);
     }
 
+    function prelogin_hook() {
+        // Load alternative login screens if necessary
+        // TODO: fix the cas login screen
+        return;
+
+        if(!empty($CFG->cas_enabled)) {
+            require($CFG->dirroot.'/auth/cas/login.php');
+        }
+    }
+
+
     /**
      * Prints a form for configuring this authentication plugin.
      *

auth/db/auth.php

@@ -16,20 +16,18 @@
     die('Direct access to this script is forbidden.');    ///  It must be included from a Moodle page
 }
 
+require_once($CFG->libdir.'/authlib.php');
+
 /**
  * External database authentication plugin.
  */
-class auth_plugin_db {
-
-    /**
-     * The configuration details for the plugin.
-     */
-    var $config;
+class auth_plugin_db extends auth_plugin_base {
 
     /**
      * Constructor.
      */
     function auth_plugin_db() {
+        $this->authtype = 'db';
         $this->config = get_config('auth/db');
         if (empty($this->config->extencoding)) {
             $this->config->extencoding = 'utf-8';
@@ -572,7 +570,6 @@ function validate_form(&$form, &$err) {
             $this->config->changepasswordurl = '';
             set_config('changepasswordurl', '', 'auth/db');
         }
-        return true;
     }
 
     /**

auth/email/auth.php

@@ -16,21 +16,18 @@
     die('Direct access to this script is forbidden.');    ///  It must be included from a Moodle page
 }
 
+require_once($CFG->libdir.'/authlib.php');
 
 /**
  * Email authentication plugin.
  */
-class auth_plugin_email {
-
-    /**
-     * The configuration details for the plugin.
-     */
-    var $config;
+class auth_plugin_email extends auth_plugin_base {
 
     /**
      * Constructor.
      */
     function auth_plugin_email() {
+        $this->authtype = 'email';
         $this->config = get_config('auth/email');
     }
 
@@ -65,14 +62,18 @@ function user_update_password($user, $newpassword) {
         return update_internal_user_password($user, $newpassword);
     }
 
+    function can_signup() {
+        return true;
+    }
+
     /**
      * Sign up a new user ready for confirmation.
      * Password is passed in plaintext.
      *
      * @param object $user new user object (with system magic quotes)
      * @param boolean $notify print notice with link and terminate
      */
-    function user_signup($user, $notify = true) {
+    function user_signup($user, $notify=true) {
         $user->password = hash_internal_user_password($user->password);
 
         if (! ($user->id = insert_record('user', $user)) ) {
@@ -92,6 +93,15 @@ function user_signup($user, $notify = true) {
         }
     }
 
+    /**
+     * Returns true if plugin allows confirming of new users.
+     *
+     * @return bool
+     */
+    function can_confirm() {
+        return true;
+    }
+
     /**
      * Confirm the new user as registered.
      *

auth/fc/auth.php

@@ -15,22 +15,20 @@
     die('Direct access to this script is forbidden.');    ///  It must be included from a Moodle page
 }
 
+require_once($CFG->libdir.'/authlib.php');
+
 require_once 'fcFPP.php';
 
 /**
  * FirstClass authentication plugin.
  */
-class auth_plugin_fc {
-
-    /**
-     * The configuration details for the plugin.
-     */
-    var $config;
+class auth_plugin_fc extends auth_plugin_base {
 
     /**
      * Constructor.
      */
     function auth_plugin_fc() {
+        $this->authtype = 'fc';
         $this->config = get_config('auth/fc');
     }
 
@@ -116,14 +114,9 @@ function get_userinfo($username) {
      * Get users group membership from the FirstClass server user and check if
      * user is member of one of the groups of creators.
      */
-    function iscreator($username = 0) {
-        global $USER;
-
+    function iscreator($username) {
         if (! $this->config->creators) {
-            return false;
-        }
-        if (! $username) {
-            $username = $USER->username;
+            return null;
         }
 
         $fcgroups = array();
@@ -143,7 +136,9 @@ function iscreator($username = 0) {
         $creators = explode(";", $this->config->creators);
 
         foreach($creators as $creator) {
-            If (in_array($creator, $fcgroups)) return true;
+            if (in_array($creator, $fcgroups)) {
+                return true;
+            }
         }
 
         return false;
@@ -168,6 +163,30 @@ function can_change_password() {
         return false;
     }
 
+    /**
+     * Sync roles for this user
+     *
+     * @param $user object user object (without system magic quotes)
+     */
+    function sync_roles($user) {
+        $iscreator = $this->iscreator($user->username);
+        if ($iscreator === null) {
+            return; //nothing to sync - creators not configured
+        }
+
+        if ($roles = get_roles_with_capability('moodle/legacy:coursecreator', CAP_ALLOW)) {
+            $creatorrole = array_shift($roles);      // We can only use one, let's use the first one
+            $systemcontext = get_context_instance(CONTEXT_SYSTEM);
+
+            if ($iscreator) { // Following calls will not create duplicates
+                role_assign($creatorrole->id, $user->id, 0, $systemcontext->id, 0, 0, 0, 'fc');
+            } else {
+                //unassign only if previously assigned by this plugin!
+                role_unassign($creatorrole->id, $user->id, 0, $systemcontext->id, 'fc');
+            }
+        }
+    }
+
     /**
      * Prints a form for configuring this authentication plugin.
      *

auth/imap/auth.php

@@ -16,20 +16,18 @@
     die('Direct access to this script is forbidden.');    ///  It must be included from a Moodle page
 }
 
+require_once($CFG->libdir.'/authlib.php');
+
 /**
  * IMAP authentication plugin.
  */
-class auth_plugin_imap {
-
-    /**
-     * The configuration details for the plugin.
-     */
-    var $config;
+class auth_plugin_imap extends auth_plugin_base {
 
     /**
      * Constructor.
      */
     function auth_plugin_imap() {
+        $this->authtype = 'imap';
         $this->config = get_config('auth/imap');
     }