Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 4.3.x will end 7 October 2024 (12 months).
  • Bug fixes for security issues in 4.3.x will end 21 April 2025 (18 months).
  • PHP version: minimum PHP 8.0.0 Note: minimum PHP version has increased since Moodle 4.1. PHP 8.2.x is supported too.

Differences Between: [Versions 310 and 403] [Versions 311 and 403] [Versions 39 and 403] [Versions 400 and 403]

   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  /**
  17   * Privacy class for requesting user data for auth_oauth2.
  18   *
  19   * @package    auth_oauth2
  20   * @copyright  2018 Carlos Escobedo <carlos@moodle.com>
  21   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  22   */
  23  namespace auth_oauth2\privacy;
  24  
  25  defined('MOODLE_INTERNAL') || die();
  26  
  27  use core_privacy\local\metadata\collection;
  28  use core_privacy\local\request\contextlist;
  29  use core_privacy\local\request\approved_contextlist;
  30  use core_privacy\local\request\transform;
  31  use core_privacy\local\request\writer;
  32  use core_privacy\local\request\userlist;
  33  use core_privacy\local\request\approved_userlist;
  34  
  35  /**
  36   * Privacy provider for auth_oauth2
  37   *
  38   * @package    auth_oauth2
  39   * @copyright  2018 Carlos Escobedo <carlos@moodle.com>
  40   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  41   */
  42  class provider implements
  43      \core_privacy\local\metadata\provider,
  44      \core_privacy\local\request\core_userlist_provider,
  45      \core_privacy\local\request\plugin\provider {
  46  
  47      /**
  48       * Get information about the user data stored by this plugin.
  49       *
  50       * @param  collection $collection An object for storing metadata.
  51       * @return collection The metadata.
  52       */
  53      public static function get_metadata(collection $collection) : collection {
  54          $authfields = [
  55              'timecreated' => 'privacy:metadata:auth_oauth2:timecreated',
  56              'timemodified' => 'privacy:metadata:auth_oauth2:timemodified',
  57              'usermodified' => 'privacy:metadata:auth_oauth2:usermodified',
  58              'userid' => 'privacy:metadata:auth_oauth2:userid',
  59              'issuerid' => 'privacy:metadata:auth_oauth2:issuerid',
  60              'username' => 'privacy:metadata:auth_oauth2:username',
  61              'email' => 'privacy:metadata:auth_oauth2:email',
  62              'confirmtoken' => 'privacy:metadata:auth_oauth2:confirmtoken',
  63              'confirmtokenexpires' => 'privacy:metadata:auth_oauth2:confirmtokenexpires'
  64          ];
  65  
  66          $collection->add_database_table('auth_oauth2_linked_login', $authfields, 'privacy:metadata:auth_oauth2:tableexplanation');
  67  
  68          // Regarding this block, we are unable to export or purge this data, as
  69          // it would damage the oauth2 data across the whole site.
  70          foreach ([
  71              'oauth2_endpoint',
  72              'oauth2_user_field_mapping',
  73              'oauth2_access_token',
  74              'oauth2_system_account',
  75          ] as $tablename) {
  76              $collection->add_database_table($tablename, [
  77                  'usermodified' => 'privacy:metadata:auth_oauth2:usermodified',
  78              ], 'privacy:metadata:auth_oauth2:tableexplanation');
  79          }
  80  
  81          $collection->link_subsystem('core_auth', 'privacy:metadata:auth_oauth2:authsubsystem');
  82  
  83          return $collection;
  84      }
  85  
  86      /**
  87       * Return all contexts for this userid. In this situation the user context.
  88       *
  89       * @param  int $userid The user ID.
  90       * @return contextlist The list of context IDs.
  91       */
  92      public static function get_contexts_for_userid(int $userid) : contextlist {
  93          $sql = "SELECT ctx.id
  94                    FROM {auth_oauth2_linked_login} ao
  95                    JOIN {context} ctx ON ctx.instanceid = ao.userid AND ctx.contextlevel = :contextlevel
  96                   WHERE ao.userid = :userid";
  97          $params = ['userid' => $userid, 'contextlevel' => CONTEXT_USER];
  98          $contextlist = new contextlist();
  99          $contextlist->add_from_sql($sql, $params);
 100  
 101          return $contextlist;
 102      }
 103  
 104      /**
 105       * Get the list of users within a specific context.
 106       *
 107       * @param userlist $userlist The userlist containing the list of users who have data in this context/plugin combination.
 108       */
 109      public static function get_users_in_context(userlist $userlist) {
 110          $context = $userlist->get_context();
 111  
 112          if (!$context instanceof \context_user) {
 113              return;
 114          }
 115  
 116          $sql = "SELECT userid
 117                    FROM {auth_oauth2_linked_login}
 118                   WHERE userid = ?";
 119          $params = [$context->instanceid];
 120          $userlist->add_from_sql('userid', $sql, $params);
 121      }
 122  
 123      /**
 124       * Export all oauth2 information for the list of contexts and this user.
 125       *
 126       * @param  approved_contextlist $contextlist The list of approved contexts for a user.
 127       */
 128      public static function export_user_data(approved_contextlist $contextlist) {
 129          global $DB;
 130  
 131          // Export oauth2 linked accounts.
 132          $context = \context_user::instance($contextlist->get_user()->id);
 133          $sql = "SELECT ll.id, ll.username, ll.email, ll.timecreated, ll.timemodified, oi.name as issuername
 134                  FROM {auth_oauth2_linked_login} ll JOIN {oauth2_issuer} oi ON oi.id = ll.issuerid
 135                  WHERE ll.userid = :userid";
 136          if ($oauth2accounts = $DB->get_records_sql($sql, ['userid' => $contextlist->get_user()->id])) {
 137              foreach ($oauth2accounts as $oauth2account) {
 138                  $data = (object)[
 139                      'timecreated' => transform::datetime($oauth2account->timecreated),
 140                      'timemodified' => transform::datetime($oauth2account->timemodified),
 141                      'issuerid' => $oauth2account->issuername,
 142                      'username' => $oauth2account->username,
 143                      'email' => $oauth2account->email
 144                  ];
 145                  writer::with_context($context)->export_data([
 146                          get_string('privacy:metadata:auth_oauth2', 'auth_oauth2'),
 147                          $oauth2account->issuername
 148                      ], $data);
 149              }
 150          }
 151      }
 152  
 153      /**
 154       * Delete all user data for this context.
 155       *
 156       * @param  \context $context The context to delete data for.
 157       */
 158      public static function delete_data_for_all_users_in_context(\context $context) {
 159          if ($context->contextlevel != CONTEXT_USER) {
 160              return;
 161          }
 162          static::delete_user_data($context->instanceid);
 163      }
 164  
 165      /**
 166       * Delete multiple users within a single context.
 167       *
 168       * @param approved_userlist $userlist The approved context and user information to delete information for.
 169       */
 170      public static function delete_data_for_users(approved_userlist $userlist) {
 171          $context = $userlist->get_context();
 172  
 173          if ($context instanceof \context_user) {
 174              static::delete_user_data($context->instanceid);
 175          }
 176      }
 177  
 178      /**
 179       * Delete all user data for this user only.
 180       *
 181       * @param  approved_contextlist $contextlist The list of approved contexts for a user.
 182       */
 183      public static function delete_data_for_user(approved_contextlist $contextlist) {
 184          if (empty($contextlist->count())) {
 185              return;
 186          }
 187          $userid = $contextlist->get_user()->id;
 188          foreach ($contextlist->get_contexts() as $context) {
 189              if ($context->contextlevel != CONTEXT_USER) {
 190                  continue;
 191              }
 192              if ($context->instanceid == $userid) {
 193                  // Because we only use user contexts the instance ID is the user ID.
 194                  static::delete_user_data($context->instanceid);
 195              }
 196          }
 197      }
 198  
 199      /**
 200       * This does the deletion of user data for the auth_oauth2.
 201       *
 202       * @param  int $userid The user ID
 203       */
 204      protected static function delete_user_data(int $userid) {
 205          global $DB;
 206  
 207          // Because we only use user contexts the instance ID is the user ID.
 208          $DB->delete_records('auth_oauth2_linked_login', ['userid' => $userid]);
 209      }
 210  }