MDL-29857 - google apis: Convert to OAuth 2.0

Updated the various plugins to use OAuth 2.0 for authentication
against google apis. Google are phasing out AuthSub and pushing OAuth as
the replacement.

This changes repository_googledocs, repository_picasa,
portfolio_googledocs and portfolio_picasa

The token for requests is now stored in session rather than a user
prefence and it persists less but doesn't bother the user more than
necessary.

The google docs portfolio plugin is converted to use resumable upload
API as this appears to be what Google have replaced this with.

Unfortunately unlike authsub OAuth will require some setup by admins,
this is linked as a docs page.

portfolio/googledocs/lang/en/portfolio_googledocs.php

@@ -1,5 +1,4 @@
 <?php
-
 // This file is part of Moodle - http://moodle.org/
 //
 // Moodle is free software: you can redistribute it and/or modify
@@ -23,7 +22,10 @@
  * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  */
 
+$string['clientid'] = 'Client ID';
+$string['oauthinfo'] = '<p>To use the google docs portfolio you must be registered with Google. Instructions for registing your installation with Google are described in <a href="{$a->docsurl}">Moodle Docs</a>. The redirect url should be set to:</p><p>{$a->callbackurl}</p>';
 $string['noauthtoken'] = 'An authentication token has not been recieved from google. Please ensure you are allowing moodle to access your google account';
 $string['nosessiontoken'] = 'A session token does not exist preventing export to google.';
 $string['pluginname'] = 'Google Docs';
 $string['sendfailed'] = 'The file {$a} failed to transfer to google';
+$string['secret'] = 'Secret';

portfolio/googledocs/lib.php

@@ -1,4 +1,19 @@
 <?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
 /**
  * Google Documents Portfolio Plugin
  *
@@ -9,48 +24,38 @@
 require_once($CFG->libdir.'/googleapi.php');
 
 class portfolio_plugin_googledocs extends portfolio_plugin_push_base {
-    private $sessiontoken;
+    private $googleoauth = null;
 
     public function supported_formats() {
-        return array(
-            PORTFOLIO_FORMAT_PLAINHTML,
-            PORTFOLIO_FORMAT_IMAGE,
-            PORTFOLIO_FORMAT_TEXT,
-            PORTFOLIO_FORMAT_PDF,
-            PORTFOLIO_FORMAT_DOCUMENT,
-            PORTFOLIO_FORMAT_PRESENTATION,
-            PORTFOLIO_FORMAT_SPREADSHEET
-        );
+        return array(PORTFOLIO_FORMAT_FILE);
     }
 
     public static function get_name() {
         return get_string('pluginname', 'portfolio_googledocs');
     }
 
     public function prepare_package() {
-        // we send the files as they are, no prep required
+        // We send the files as they are, no prep required.
         return true;
     }
 
-    public function get_interactive_continue_url(){
+    public function get_interactive_continue_url() {
         return 'http://docs.google.com/';
     }
 
     public function expected_time($callertime) {
-        // we trust what the portfolio says
+        // We trust what the portfolio says.
         return $callertime;
     }
 
     public function send_package() {
-
-        if(!$this->sessiontoken){
-            throw new portfolio_plugin_exception('nosessiontoken', 'portfolio_googledocs');
+        if (!$this->googleoauth) {
+            throw new portfolio_plugin_exception('noauthtoken', 'portfolio_googledocs');
         }
 
-        $gdocs = new google_docs(new google_authsub($this->sessiontoken));
-
+        $gdocs = new google_docs($this->googleoauth);
         foreach ($this->exporter->get_tempfiles() as $file) {
-            if(!$gdocs->send_file($file)){
+            if (!$gdocs->send_file($file)) {
                 throw new portfolio_plugin_exception('sendfailed', 'portfolio_gdocs', $file->get_filename());
             }
         }
@@ -62,64 +67,63 @@ public function steal_control($stage) {
             return false;
         }
 
-        $sesskey = google_docs::get_sesskey($this->get('user')->id);
-
-        if($sesskey){
-            try{
-                $gauth = new google_authsub($sesskey);
-                $this->sessiontoken = $sesskey;
-                return false;
-            }catch(Exception $e){
-                // sesskey is not valid, delete store and re-auth
-                google_docs::delete_sesskey($this->get('user')->id);
-            }
+        $this->initialize_oauth();
+        if ($this->googleoauth->is_logged_in()) {
+            return false;
+        } else {
+            return $this->googleoauth->get_login_url();
         }
-
-        return google_authsub::login_url($CFG->wwwroot.'/portfolio/add.php?postcontrol=1&id=' . $this->exporter->get('id') . '&sesskey=' . sesskey(), google_docs::REALM);
     }
 
     public function post_control($stage, $params) {
         if ($stage != PORTFOLIO_STAGE_CONFIG) {
             return;
         }
 
-        if(!array_key_exists('token', $params)){
-            throw new portfolio_plugin_exception('noauthtoken', 'portfolio_googledocs');
+        $this->initialize_oauth();
+        if ($this->googleoauth->is_logged_in()) {
+            return false;
+        } else {
+            return $this->googleoauth->get_login_url();
         }
-
-        // we now have our auth token, get a session token..
-        $gauth = new google_authsub(false, $params['token']);
-        $this->sessiontoken = $gauth->get_sessiontoken();
-
-        google_docs::set_sesskey($this->sessiontoken, $this->get('user')->id);
     }
 
     public static function allows_multiple_instances() {
         return false;
     }
-}
 
-/**
- * Registers to the user_deleted event to revoke any
- * subauth tokens we have from them
- *
- * @param $user user object
- * @return boolean true in all cases as its only minor cleanup
- */
-function portfolio_googledocs_user_deleted($user){
-    // it is only by luck that the user prefstill exists now?
-    // We probably need a pre-delete event?
-    if($sesskey = google_docs::get_sesskey($user->id)){
-        try{
-            $gauth = new google_authsub($sesskey);
-
-            $gauth->revoke_session_token();
-        }catch(Exception $e){
-            // we don't care that much about success- just being good
-            // google api citzens
-            return true;
-        }
+    public static function has_admin_config() {
+        return true;
+    }
+
+    public static function get_allowed_config() {
+        return array('clientid', 'secret');
+    }
+
+    public function admin_config_form(&$mform) {
+        $a = new stdClass;
+        $a->docsurl = get_docs_url('Google_OAuth2_Setup');
+        $a->callbackurl = google_oauth::callback_url()->out(false);
+
+        $mform->addElement('static', null, '', get_string('oauthinfo', 'portfolio_googledocs', $a));
+
+        $mform->addElement('text', 'clientid', get_string('clientid', 'portfolio_googledocs'));
+        $mform->addElement('text', 'secret', get_string('secret', 'portfolio_googledocs'));
+
+        $strrequired = get_string('required');
+        $mform->addRule('clientid', $strrequired, 'required', null, 'client');
+        $mform->addRule('secret', $strrequired, 'required', null, 'client');
     }
 
-    return true;
+    private function initialize_oauth() {
+        $returnurl = new moodle_url('/portfolio/add.php');
+        $returnurl->param('postcontrol', 1);
+        $returnurl->param('id', $this->exporter->get('id'));
+        $returnurl->param('sesskey', sesskey());
+
+        $clientid = $this->get_config('clientid');
+        $secret = $this->get_config('secret');
+
+        $this->googleoauth = new google_oauth($clientid, $secret, $returnurl->out(false), google_docs::REALM);
+    }
 }

portfolio/googledocs/version.php

@@ -24,7 +24,7 @@
 
 defined('MOODLE_INTERNAL') || die();
 
-$plugin->version   = 2011112900;        // The current plugin version (Date: YYYYMMDDXX)
-$plugin->requires  = 2011112900;        // Requires this Moodle version
-$plugin->component = 'portfolio_googledocs'; // Full name of the plugin (used for diagnostics)
+$plugin->version   = 2012051400;        // The current plugin version (Date: YYYYMMDDXX).
+$plugin->requires  = 2012051100;        // Requires this Moodle version.
+$plugin->component = 'portfolio_googledocs'; // Full name of the plugin (used for diagnostics).
 $plugin->cron      = 0;

portfolio/picasa/lang/en/portfolio_picasa.php

@@ -1,5 +1,4 @@
 <?php
-
 // This file is part of Moodle - http://moodle.org/
 //
 // Moodle is free software: you can redistribute it and/or modify
@@ -23,6 +22,9 @@
  * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  */
 
+$string['clientid'] = 'Client ID';
+$string['oauthinfo'] = '<p>To use the Picasa portfolio you must be registered with Google. Instructions for registing your installation with Google are described in <a href="{$a->docsurl}">Moodle Docs</a>. The redirect url should be set to:</p><p>{$a->callbackurl}</p>';
 $string['noauthtoken'] = 'An authentication token has not been recieved from google. Please ensure you are allowing moodle to access your google account';
 $string['pluginname'] = 'Picasa';
 $string['sendfailed'] = 'The file {$a} failed to transfer to picasa';
+$string['secret'] = 'Secret';