See Release Notes
Long Term Support Release
Differences Between: [Versions 39 and 310]
1 <?php 2 // This file is part of Moodle - http://moodle.org/ 3 // 4 // Moodle is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // Moodle is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License 15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 16 /** 17 * Privacy test for the authentication oauth2 18 * 19 * @package auth_oauth2 20 * @category test 21 * @copyright 2018 Carlos Escobedo <carlos@moodle.com> 22 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 23 */ 24 25 defined('MOODLE_INTERNAL') || die(); 26 27 use \auth_oauth2\privacy\provider; 28 use \core_privacy\local\request\approved_contextlist; 29 use \core_privacy\local\request\writer; 30 use \core_privacy\tests\provider_testcase; 31 use core_privacy\local\request\approved_userlist; 32 33 /** 34 * Privacy test for the authentication oauth2 35 * 36 * @package auth_oauth2 37 * @category test 38 * @copyright 2018 Carlos Escobedo <carlos@moodle.com> 39 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 40 */ 41 class auth_oauth2_privacy_testcase extends provider_testcase { 42 /** 43 * Set up method. 44 */ 45 public function setUp() { 46 $this->resetAfterTest(); 47 $this->setAdminUser(); 48 } 49 50 /** 51 * Check that a user context is returned if there is any user data for this user. 52 */ 53 public function test_get_contexts_for_userid() { 54 $user = $this->getDataGenerator()->create_user(); 55 $this->assertEmpty(provider::get_contexts_for_userid($user->id)); 56 57 $issuer = \core\oauth2\api::create_standard_issuer('google'); 58 $info = []; 59 $info['username'] = 'gina'; 60 $info['email'] = 'gina@example.com'; 61 \auth_oauth2\api::link_login($info, $issuer, $user->id, false); 62 63 $contextlist = provider::get_contexts_for_userid($user->id); 64 // Check that we only get back one context. 65 $this->assertCount(1, $contextlist); 66 67 // Check that a context is returned is the expected. 68 $usercontext = \context_user::instance($user->id); 69 $this->assertEquals($usercontext->id, $contextlist->get_contextids()[0]); 70 } 71 72 /** 73 * Test that user data is exported correctly. 74 */ 75 public function test_export_user_data() { 76 $user = $this->getDataGenerator()->create_user(); 77 $issuer = \core\oauth2\api::create_standard_issuer('google'); 78 $info = []; 79 $info['username'] = 'gina'; 80 $info['email'] = 'gina@example.com'; 81 \auth_oauth2\api::link_login($info, $issuer, $user->id, false); 82 $usercontext = \context_user::instance($user->id); 83 84 $writer = writer::with_context($usercontext); 85 $this->assertFalse($writer->has_any_data()); 86 $approvedlist = new approved_contextlist($user, 'auth_oauth2', [$usercontext->id]); 87 provider::export_user_data($approvedlist); 88 $data = $writer->get_data([get_string('privacy:metadata:auth_oauth2', 'auth_oauth2'), $issuer->get('name')]); 89 $this->assertEquals($info['username'], $data->username); 90 $this->assertEquals($info['email'], $data->email); 91 } 92 93 /** 94 * Test deleting all user data for a specific context. 95 */ 96 public function test_delete_data_for_all_users_in_context() { 97 global $DB; 98 99 $user1 = $this->getDataGenerator()->create_user(); 100 $issuer1 = \core\oauth2\api::create_standard_issuer('google'); 101 $info = []; 102 $info['username'] = 'gina'; 103 $info['email'] = 'gina@example.com'; 104 \auth_oauth2\api::link_login($info, $issuer1, $user1->id, false); 105 $user1context = \context_user::instance($user1->id); 106 107 $user2 = $this->getDataGenerator()->create_user(); 108 $issuer2 = \core\oauth2\api::create_standard_issuer('microsoft'); 109 $info = []; 110 $info['username'] = 'jerry'; 111 $info['email'] = 'jerry@example.com'; 112 \auth_oauth2\api::link_login($info, $issuer2, $user2->id, false); 113 $user2context = \context_user::instance($user2->id); 114 115 // Get all oauth2 accounts. 116 $oauth2accounts = $DB->get_records('auth_oauth2_linked_login', array()); 117 // There should be two. 118 $this->assertCount(2, $oauth2accounts); 119 120 // Delete everything for the first user context. 121 provider::delete_data_for_all_users_in_context($user1context); 122 123 // Get all oauth2 accounts match with user1. 124 $oauth2accounts = $DB->get_records('auth_oauth2_linked_login', ['userid' => $user1->id]); 125 $this->assertCount(0, $oauth2accounts); 126 127 // Get all oauth2 accounts. 128 $oauth2accounts = $DB->get_records('auth_oauth2_linked_login', array()); 129 // There should be one. 130 $this->assertCount(1, $oauth2accounts); 131 } 132 133 /** 134 * This should work identical to the above test. 135 */ 136 public function test_delete_data_for_user() { 137 global $DB; 138 139 $user1 = $this->getDataGenerator()->create_user(); 140 $issuer1 = \core\oauth2\api::create_standard_issuer('google'); 141 $info = []; 142 $info['username'] = 'gina'; 143 $info['email'] = 'gina@example.com'; 144 \auth_oauth2\api::link_login($info, $issuer1, $user1->id, false); 145 $user1context = \context_user::instance($user1->id); 146 147 $user2 = $this->getDataGenerator()->create_user(); 148 $issuer2 = \core\oauth2\api::create_standard_issuer('microsoft'); 149 $info = []; 150 $info['username'] = 'jerry'; 151 $info['email'] = 'jerry@example.com'; 152 \auth_oauth2\api::link_login($info, $issuer2, $user2->id, false); 153 $user2context = \context_user::instance($user2->id); 154 155 // Get all oauth2 accounts. 156 $oauth2accounts = $DB->get_records('auth_oauth2_linked_login', array()); 157 // There should be two. 158 $this->assertCount(2, $oauth2accounts); 159 160 // Delete everything for the first user. 161 $approvedlist = new approved_contextlist($user1, 'auth_oauth2', [$user1context->id]); 162 provider::delete_data_for_user($approvedlist); 163 164 // Get all oauth2 accounts match with user1. 165 $oauth2accounts = $DB->get_records('auth_oauth2_linked_login', ['userid' => $user1->id]); 166 $this->assertCount(0, $oauth2accounts); 167 168 // Get all oauth2 accounts. 169 $oauth2accounts = $DB->get_records('auth_oauth2_linked_login', array()); 170 // There should be one user. 171 $this->assertCount(1, $oauth2accounts); 172 } 173 174 /** 175 * Test that only users with a user context are fetched. 176 */ 177 public function test_get_users_in_context() { 178 $this->resetAfterTest(); 179 180 $component = 'auth_oauth2'; 181 // Create a user. 182 $user = $this->getDataGenerator()->create_user(); 183 $usercontext = context_user::instance($user->id); 184 185 // The list of users should not return anything yet (related data still haven't been created). 186 $userlist = new \core_privacy\local\request\userlist($usercontext, $component); 187 provider::get_users_in_context($userlist); 188 $this->assertCount(0, $userlist); 189 190 $issuer = \core\oauth2\api::create_standard_issuer('google'); 191 $info = []; 192 $info['username'] = 'gina'; 193 $info['email'] = 'gina@example.com'; 194 \auth_oauth2\api::link_login($info, $issuer, $user->id, false); 195 196 // The list of users for user context should return the user. 197 provider::get_users_in_context($userlist); 198 $this->assertCount(1, $userlist); 199 $expected = [$user->id]; 200 $actual = $userlist->get_userids(); 201 $this->assertEquals($expected, $actual); 202 203 // The list of users for system context should not return any users. 204 $systemcontext = context_system::instance(); 205 $userlist = new \core_privacy\local\request\userlist($systemcontext, $component); 206 provider::get_users_in_context($userlist); 207 $this->assertCount(0, $userlist); 208 } 209 210 /** 211 * Test that data for users in approved userlist is deleted. 212 */ 213 public function test_delete_data_for_users() { 214 $this->resetAfterTest(); 215 216 $component = 'auth_oauth2'; 217 // Create user1. 218 $user1 = $this->getDataGenerator()->create_user(); 219 $usercontext1 = context_user::instance($user1->id); 220 // Create user2. 221 $user2 = $this->getDataGenerator()->create_user(); 222 $usercontext2 = context_user::instance($user2->id); 223 224 $issuer1 = \core\oauth2\api::create_standard_issuer('google'); 225 $info1 = []; 226 $info1['username'] = 'gina1'; 227 $info1['email'] = 'gina@example1.com'; 228 \auth_oauth2\api::link_login($info1, $issuer1, $user1->id, false); 229 230 $issuer2 = \core\oauth2\api::create_standard_issuer('google'); 231 $info2 = []; 232 $info2['username'] = 'gina2'; 233 $info2['email'] = 'gina@example2.com'; 234 \auth_oauth2\api::link_login($info2, $issuer2, $user2->id, false); 235 236 // The list of users for usercontext1 should return user1. 237 $userlist1 = new \core_privacy\local\request\userlist($usercontext1, $component); 238 provider::get_users_in_context($userlist1); 239 $this->assertCount(1, $userlist1); 240 $expected = [$user1->id]; 241 $actual = $userlist1->get_userids(); 242 $this->assertEquals($expected, $actual); 243 244 // The list of users for usercontext2 should return user2. 245 $userlist2 = new \core_privacy\local\request\userlist($usercontext2, $component); 246 provider::get_users_in_context($userlist2); 247 $this->assertCount(1, $userlist2); 248 $expected = [$user2->id]; 249 $actual = $userlist2->get_userids(); 250 $this->assertEquals($expected, $actual); 251 252 // Add userlist1 to the approved user list. 253 $approvedlist = new approved_userlist($usercontext1, $component, $userlist1->get_userids()); 254 255 // Delete user data using delete_data_for_user for usercontext1. 256 provider::delete_data_for_users($approvedlist); 257 258 // Re-fetch users in usercontext1 - The user list should now be empty. 259 $userlist1 = new \core_privacy\local\request\userlist($usercontext1, $component); 260 provider::get_users_in_context($userlist1); 261 $this->assertCount(0, $userlist1); 262 // Re-fetch users in usercontext2 - The user list should not be empty (user2). 263 $userlist2 = new \core_privacy\local\request\userlist($usercontext2, $component); 264 provider::get_users_in_context($userlist2); 265 $this->assertCount(1, $userlist2); 266 267 // User data should be only removed in the user context. 268 $systemcontext = context_system::instance(); 269 // Add userlist2 to the approved user list in the system context. 270 $approvedlist = new approved_userlist($systemcontext, $component, $userlist2->get_userids()); 271 // Delete user1 data using delete_data_for_user. 272 provider::delete_data_for_users($approvedlist); 273 // Re-fetch users in usercontext2 - The user list should not be empty (user2). 274 $userlist2 = new \core_privacy\local\request\userlist($usercontext2, $component); 275 provider::get_users_in_context($userlist2); 276 $this->assertCount(1, $userlist2); 277 } 278 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body