Merge branch 'MDL-40045_master' of https://github.com/markn86/moodle

auth/ldap/auth.php

@@ -1739,12 +1739,11 @@ function ntlmsso_finish() {
             return false;
         }
         $username   = $cf[$key];
+
         // Here we want to trigger the whole authentication machinery
         // to make sure no step is bypassed...
         $user = authenticate_user_login($username, $key);
         if ($user) {
-            add_to_log(SITEID, 'user', 'login', "view.php?id=$USER->id&course=".SITEID,
-                       $user->id, 0, $user->id);
             complete_user_login($user);
 
             // Cleanup the key to prevent reuse...
@@ -1763,7 +1762,10 @@ function ntlmsso_finish() {
                 $urltogo = $CFG->wwwroot.'/';
                 unset($SESSION->wantsurl);
             }
-            redirect($urltogo);
+            // We do not want to redirect if we are in a PHPUnit test.
+            if (!PHPUNIT_TEST) {
+                redirect($urltogo);
+            }
         }
         // Should never reach here.
         return false;

auth/ldap/tests/plugin_test.php

@@ -236,6 +236,73 @@ public function test_auth_ldap() {
         ldap_close($connection);
     }
 
+    /**
+     * Test logging in via LDAP calls a user_loggedin event.
+     */
+    public function test_ldap_user_loggedin_event() {
+        global $CFG, $DB, $USER;
+
+        require_once($CFG->dirroot . '/auth/ldap/auth.php');
+
+        $this->resetAfterTest();
+
+        $this->setAdminUser();
+
+        $user = clone($USER);
+
+        // The USER variable no longer stores the password hash, so set it here.
+        $user->password = 'password';
+
+        // Note: we are just going to trigger the function that calls the event,
+        // not actually perform a LDAP login, for the sake of sanity.
+        $ldap = new auth_plugin_ldap();
+
+        // Set the key for the cache flag we want to set which is used by LDAP.
+        set_cache_flag($ldap->pluginconfig . '/ntlmsess', sesskey(), $user->username, AUTH_NTLMTIMEOUT);
+
+        // We are going to need to set the sesskey as the user's password in order for the LDAP log in to work.
+        update_internal_user_password($user, sesskey());
+
+        // The function ntlmsso_finish is responsible for triggering the event, so call it directly and catch the event.
+        $sink = $this->redirectEvents();
+        // We need to supress this function call, or else we will get the message "session_regenerate_id(): Cannot
+        // regenerate session id - headers already sent" as the ntlmsso_finish function calls complete_user_login
+        @$ldap->ntlmsso_finish();
+        $events = $sink->get_events();
+        $sink->close();
+
+        // Unset the password now.
+        unset($user->password);
+
+        // Get the user from the DB and set the expected variables.
+        $dbuser = $DB->get_record('user', array('id' => $user->id), '*', MUST_EXIST);
+        $user->firstaccess = (int) $dbuser->firstaccess;
+        $user->lastaccess = (int) $dbuser->lastaccess;
+        $user->currentlogin = (int) $dbuser->currentlogin;
+        $user->sesskey = sesskey();
+        $user->lastcourseaccess = array();
+        $user->currentcourseaccess = array();
+        $user->groupmember = array();
+        $user->profile = array();
+        $user->preference = array(
+            '_lastloaded' => time()
+        );
+
+        // Check that the event is valid.
+        $this->assertCount(2, $events);
+        $event = $events[0];
+        $this->assertInstanceOf('\core\event\user_updated', $event);
+        $event = $events[1];
+        $this->assertInstanceOf('\core\event\user_loggedin', $event);
+        $this->assertEquals('user', $event->objecttable);
+        $this->assertEquals('2', $event->objectid);
+        $this->assertEquals(context_system::instance()->id, $event->contextid);
+        $this->assertEquals($user, $event->get_record_snapshot('user', 2));
+        $expectedlog = array(SITEID, 'user', 'login', 'view.php?id=' . $USER->id . '&course=' . SITEID, $user->id,
+            0, $user->id);
+        $this->assertEventLegacyLogData($expectedlog, $event);
+    }
+
     protected function create_ldap_user($connection, $topdn, $i) {
         $o = array();
         $o['objectClass']   = array('inetOrgPerson', 'organizationalPerson', 'person', 'posixAccount');

auth/shibboleth/index.php

@@ -46,23 +46,7 @@
 
         if ($shibbolethauth->user_login($frm->username, $frm->password)
                 && $user = authenticate_user_login($frm->username, $frm->password)) {
-
-            enrol_check_plugins($user);
-            \core\session\manager::set_user($user);
-
-            $USER->loggedin = true;
-            $USER->site     = $CFG->wwwroot; // for added security, store the site in the
-
-            update_user_login_times();
-
-            // Don't show previous shibboleth username on login page
-
-            set_login_session_preferences();
-
-            unset($SESSION->lang);
-            $SESSION->justloggedin = true;
-
-            add_to_log(SITEID, 'user', 'login', "view.php?id=$USER->id&course=".SITEID, $USER->id, 0, $USER->id);
+            complete_user_login($user);
 
             if (user_not_fully_set_up($USER)) {
                 $urltogo = $CFG->wwwroot.'/user/edit.php?id='.$USER->id.'&course='.SITEID;

lang/en/moodle.php

@@ -711,7 +711,9 @@
 $string['eventcoursesectionupdated'] = ' Course section updated';
 $string['eventusercreated'] = 'User created';
 $string['eventuserdeleted'] = 'User deleted';
+$string['eventuserlistviewed'] = 'User list viewed';
 $string['eventuserloggedout'] = 'User logged out';
+$string['eventuserprofileviewed'] = 'User profile viewed';
 $string['eventuserupdated'] = 'User updated';
 $string['everybody'] = 'Everybody';
 $string['executeat'] = 'Execute at';

lib/classes/event/user_list_viewed.php

@@ -0,0 +1,76 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
+/**
+ * Defines the user list viewed event.
+ *
+ * @package    core
+ * @copyright  2013 Mark Nelson <[email protected]>
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+
+namespace core\event;
+
+defined('MOODLE_INTERNAL') || die();
+
+class user_list_viewed extends \core\event\base {
+
+    /**
+     * Initialise required event data properties.
+     */
+    protected function init() {
+        $this->data['objecttable'] = 'course';
+        $this->data['crud'] = 'r';
+        $this->data['level'] = self::LEVEL_OTHER;
+    }
+
+    /**
+     * Returns localised event name.
+     *
+     * @return string
+     */
+    public static function get_name() {
+        return get_string('eventuserlistviewed');
+    }
+
+    /**
+     * Returns non-localised event description with id's for admin use only.
+     *
+     * @return string
+     */
+    public function get_description() {
+        return 'User ' . $this->userid . ' viewed the list of users in the course ' . $this->other['courseid'];
+    }
+
+    /**
+     * Returns relevant URL.
+     *
+     * @return \moodle_url
+     */
+    public function get_url() {
+        return new \moodle_url('/user/index.php', array('id' => $this->other['courseid']));
+    }
+
+    /**
+     * Returns array of parameters to be passed to legacy add_to_log() function.
+     *
+     * @return array
+     */
+    protected function get_legacy_logdata() {
+        return array($this->other['courseid'], 'user', 'view all', 'index.php?id=' . $this->other['courseid'], '');
+    }
+
+}

lib/classes/event/user_loggedin.php

@@ -50,7 +50,7 @@ public function get_description() {
      * @return array
      */
     protected function get_legacy_logdata() {
-        return array(SITEID, 'user', 'login', "view.php?id=" . $this->data['objectid'] . "&course=".SITEID,
+        return array(SITEID, 'user', 'login', 'view.php?id=' . $this->data['objectid'] . '&course=' . SITEID,
             $this->data['objectid'], 0, $this->data['objectid']);
     }
 

lib/classes/event/user_profile_viewed.php

@@ -0,0 +1,77 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
+/**
+ * Defines the user profile viewed event.
+ *
+ * @package    core
+ * @copyright  2013 Mark Nelson <[email protected]>
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+
+namespace core\event;
+
+defined('MOODLE_INTERNAL') || die();
+
+class user_profile_viewed extends base {
+
+    /**
+     * Initialise required event data properties.
+     */
+    protected function init() {
+        $this->data['objecttable'] = 'user';
+        $this->data['crud'] = 'r';
+        $this->data['level'] = self::LEVEL_OTHER;
+    }
+
+    /**
+     * Returns localised event name.
+     *
+     * @return string
+     */
+    public static function get_name() {
+        return get_string('eventuserprofileviewed');
+    }
+
+    /**
+     * Returns non-localised event description with id's for admin use only.
+     *
+     * @return string
+     */
+    public function get_description() {
+        return 'User ' . $this->userid . ' viewed the profile for user ' . $this->relateduserid . ' in the course ' .
+            $this->other['courseid'];
+    }
+
+    /**
+     * Returns relevant URL.
+     *
+     * @return \moodle_url
+     */
+    public function get_url() {
+        return new \moodle_url('/user/view.php', array('id' => $this->relateduserid, 'course' => $this->other['courseid']));
+    }
+
+    /**
+     * Returns array of parameters to be passed to legacy add_to_log() function.
+     *
+     * @return array
+     */
+    protected function get_legacy_logdata() {
+        return array($this->other['courseid'], 'user', 'view', 'view.php?id=' . $this->relateduserid . '&course=' .
+            $this->other['courseid'], $this->relateduserid);
+    }
+}

login/change_password.php

@@ -31,12 +31,14 @@
 $id     = optional_param('id', SITEID, PARAM_INT); // current course
 $return = optional_param('return', 0, PARAM_BOOL); // redirect after password change
 
+$systemcontext = context_system::instance();
+
 //HTTPS is required in this page when $CFG->loginhttps enabled
 $PAGE->https_required();
 
 $PAGE->set_url('/login/change_password.php', array('id'=>$id));
 
-$PAGE->set_context(context_system::instance());
+$PAGE->set_context($systemcontext);
 
 if ($return) {
     // this redirect prevents security warning because https can not POST to http pages
@@ -53,8 +55,6 @@
 
 $strparticipants = get_string('participants');
 
-$systemcontext = context_system::instance();
-
 if (!$course = $DB->get_record('course', array('id'=>$id))) {
     print_error('invalidcourseid');
 }
@@ -120,8 +120,6 @@
 
     $strpasswordchanged = get_string('passwordchanged');
 
-    add_to_log($course->id, 'user', 'change password', "view.php?id=$USER->id&course=$course->id", "$USER->id");
-
     $fullname = fullname($USER, true);
 
     $PAGE->navbar->add($fullname, new moodle_url('/user/view.php', array('id'=>$USER->id, 'course'=>$course->id)));

user/index.php

@@ -86,7 +86,16 @@
         }
     }
 
-    add_to_log($course->id, 'user', 'view all', 'index.php?id='.$course->id, '');
+    $event = \core\event\user_list_viewed::create(array(
+        'context' => $context,
+        'objectid' => $course->id,
+        'other' => array(
+            'courseid' => $course->id,
+            'courseshortname' => $course->shortname,
+            'coursefullname' => $course->fullname
+        )
+    ));
+    $event->trigger();
 
     $bulkoperations = has_capability('moodle/course:bulkmessaging', $context);
 

user/view.php

@@ -186,11 +186,22 @@
     }
 }
 
-/// OK, security out the way, now we are showing the user
-
-add_to_log($course->id, "user", "view", "view.php?id=$user->id&course=$course->id", "$user->id");
-
-/// Get the hidden field list
+// OK, security out the way, now we are showing the user.
+// Trigger a user profile viewed event.
+$event = \core\event\user_profile_viewed::create(array(
+    'objectid' => $USER->id,
+    'relateduserid' => $user->id,
+    'context' => $usercontext,
+    'other' => array(
+        'courseid' => $course->id,
+        'courseshortname' => $course->shortname,
+        'coursefullname' => $course->fullname
+    )
+));
+$event->add_record_snapshot('user', $user);
+$event->trigger();
+
+// Get the hidden field list.
 if (has_capability('moodle/user:viewhiddendetails', $coursecontext)) {
     $hiddenfields = array();
 } else {