1 <?php 2 // This file is part of Moodle - http://moodle.org/ 3 // 4 // Moodle is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // Moodle is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License 15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 16 /** 17 * Page allowing a platform user, identified by their {iss, sub} tuple, to be bound to a new or existing Moodle account. 18 * 19 * This is an LTI Advantage specific login feature. 20 * 21 * The auth flow defined in auth_lti\auth::complete_login() redirects here when a launching user does not have an 22 * account binding yet. This page prompts the user to select between: 23 * a) An auto provisioned account. 24 * An account with auth type 'lti' is created for the user. This account is bound to the launch credentials. 25 * Or 26 * b) Use an existing account 27 * The standard Moodle auth flow is leveraged to get an existing user account. This account is then bound to the launch 28 * credentials. 29 * 30 * @package auth_lti 31 * @copyright 2021 Jake Dallimore <jrhdallimore@gmail.com> 32 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 33 */ 34 35 use core\event\user_login_failed; 36 use core\output\notification; 37 38 require_once(__DIR__ . '/../../config.php'); 39 40 global $OUTPUT, $PAGE, $SESSION; 41 42 // Form fields dealing with the user's choice about account types (new, existing). 43 $newaccount = optional_param('new_account', false, PARAM_BOOL); 44 $existingaccount = optional_param('existing_account', false, PARAM_BOOL); 45 46 if (empty($SESSION->auth_lti) || empty($SESSION->auth_lti->launchdata)) { 47 throw new coding_exception('Missing LTI launch credentials.'); 48 } 49 if (empty($SESSION->auth_lti->returnurl)) { 50 throw new coding_exception('Missing return URL.'); 51 } 52 53 if ($newaccount) { 54 require_sesskey(); 55 $launchdata = $SESSION->auth_lti->launchdata; 56 $returnurl = $SESSION->auth_lti->returnurl; 57 unset($SESSION->auth_lti); 58 59 if (!empty($CFG->authpreventaccountcreation)) { 60 // If 'authpreventaccountcreation' is enabled, the option to create a new account isn't presented to users in the form. 61 // This just ensures no action is taken were the 'newaccount' value to be present in the submitted data. 62 63 // Trigger login failed event. 64 $failurereason = AUTH_LOGIN_UNAUTHORISED; 65 $event = user_login_failed::create(['other' => ['reason' => $failurereason]]); 66 $event->trigger(); 67 68 // Site settings prevent creating new accounts. 69 $errormsg = get_string('cannotcreateaccounts', 'auth_lti'); 70 $SESSION->loginerrormsg = $errormsg; 71 redirect(new moodle_url('/login/index.php')); 72 } else { 73 // Create a new account and link it, logging the user in. 74 $auth = get_auth_plugin('lti'); 75 $newuser = $auth->find_or_create_user_from_launch($launchdata, true); 76 complete_user_login($newuser); 77 78 $PAGE->set_context(context_system::instance()); 79 $PAGE->set_url(new moodle_url('/auth/lti/login.php')); 80 $PAGE->set_pagelayout('popup'); 81 $renderer = $PAGE->get_renderer('auth_lti'); 82 echo $OUTPUT->header(); 83 echo $renderer->render_account_binding_complete( 84 new notification(get_string('accountcreatedsuccess', 'auth_lti'), notification::NOTIFY_SUCCESS, false), 85 $returnurl 86 ); 87 echo $OUTPUT->footer(); 88 exit(); 89 } 90 } else if ($existingaccount) { 91 // Only when authenticated can an account be bound, allowing the user to continue to the original launch action. 92 require_login(null, false); 93 require_sesskey(); 94 $launchdata = $SESSION->auth_lti->launchdata; 95 $returnurl = $SESSION->auth_lti->returnurl; 96 unset($SESSION->auth_lti); 97 98 global $USER; 99 $auth = get_auth_plugin('lti'); 100 $auth->create_user_binding($launchdata['iss'], $launchdata['sub'], $USER->id); 101 102 $PAGE->set_context(context_system::instance()); 103 $PAGE->set_url(new moodle_url('/auth/lti/login.php')); 104 $PAGE->set_pagelayout('popup'); 105 $renderer = $PAGE->get_renderer('auth_lti'); 106 echo $OUTPUT->header(); 107 echo $renderer->render_account_binding_complete( 108 new notification(get_string('accountlinkedsuccess', 'auth_lti'), notification::NOTIFY_SUCCESS, false), 109 $returnurl 110 ); 111 echo $OUTPUT->footer(); 112 exit(); 113 } 114 115 // Render the relevant account provisioning page, based on the provisioningmode set in the calling code. 116 $PAGE->set_context(context_system::instance()); 117 $PAGE->set_url(new moodle_url('/auth/lti/login.php')); 118 $PAGE->set_pagelayout('popup'); 119 $renderer = $PAGE->get_renderer('auth_lti'); 120 121 echo $OUTPUT->header(); 122 require_once($CFG->dirroot . '/auth/lti/auth.php'); 123 echo $renderer->render_account_binding_options_page($SESSION->auth_lti->provisioningmode); 124 echo $OUTPUT->footer();
title
Description
Body
title
Description
Body
title
Description
Body
title
Body