Commit 210a98b4 authored by Robert Lyon's avatar Robert Lyon
Browse files

Bug 1640308: Adding an auth_instance "active" column



To allow us to easily turn of a 'bad' auth when it is trying to
connect to a third party server but that server is not reachable.

Currently it makes logging in slow as it needs to timeout on that auth
instance before trying the next one.

behatnotneeded

Change-Id: Ieeaeeaeb1bc0aa61ed3faad8f3bf751edd9c1023
Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
parent 17ef60df
......@@ -1533,7 +1533,7 @@ function delete_user($userid) {
// Set authinstance to default internal, otherwise the old authinstance can be blocked from deletion
// by deleted users.
$authinst = get_field('auth_instance', 'id', 'institution', 'mahara', 'authname', 'internal');
$authinst = get_field('auth_instance', 'id', 'institution', 'mahara', 'authname', 'internal', 'active', 1);
if ($authinst) {
$deleterec->authinstance = $authinst;
}
......@@ -2463,6 +2463,9 @@ function create_user($user, $profile=array(), $institution=null, $remoteauth=nul
}
}
$authobj = get_record('auth_instance', 'id', $user->authinstance);
if ($authobj->active == '0') {
throw new InvalidArgumentException("user_create: trying to add user to inactive auth instance {$user->authinstance}");
}
$authinstance = AuthFactory::create($authobj->id);
// For legacy compatibility purposes, we'll also put the remote auth on there if it has been
// specifically requested.
......
......@@ -16,7 +16,7 @@ $config = new stdClass();
// See https://wiki.mahara.org/wiki/Developer_Area/Version_Numbering_Policy
// For upgrades on stable branches, increment the version by one. On master, use the date.
$config->version = 2017011800;
$config->version = 2017012600;
$config->series = '17.04';
$config->release = '17.04dev';
$config->minupgradefrom = 2012080604;
......
......@@ -92,9 +92,9 @@ if (isset($key)) {
}
$registration->lastlogin = db_format_timestamp(time());
$authinstance = get_record('auth_instance', 'institution', $registration->institution, 'authname', $registration->authtype ? $registration->authtype : 'internal');
$authinstance = get_record('auth_instance', 'institution', $registration->institution, 'authname', $registration->authtype ? $registration->authtype : 'internal', 'active', 1);
if (false == $authinstance) {
throw new ConfigException('No ' . ($registration->authtype ? $registration->authtype : 'internal') . ' auth instance for institution');
throw new ConfigException('No ' . ($registration->authtype ? $registration->authtype : 'internal') . ' active auth instance for institution');
}
if (!empty($registration->extra)) {
......
......@@ -524,7 +524,7 @@ class PluginSearchInternal extends PluginSearch {
$data = get_records_sql_assoc('
SELECT ' . $firstcols . ',
u.firstname, u.lastname, u.preferredname, u.username, u.email, u.staff, u.profileicon,
u.lastlogin, u.active, NOT u.suspendedcusr IS NULL as suspended, au.instancename AS authname
u.lastlogin, u.active, NOT u.suspendedcusr IS NULL as suspended, au.instancename AS authname, au.active
FROM {usr} u INNER JOIN {auth_instance} au ON u.authinstance = au.id ' . $join . $where . '
ORDER BY ' . $sort . ', u.id',
$values,
......
......@@ -218,7 +218,7 @@ EOD;
$record['institution'] = 'mahara';
$record['authname'] = 'internal';
}
if (!$auth = get_record('auth_instance', 'institution', $record['institution'], 'authname', $record['authname'])) {
if (!$auth = get_record('auth_instance', 'institution', $record['institution'], 'authname', $record['authname'], 'active', 1)) {
throw new SystemException("The authentication method authname" . $record['authname'] . " for institution '" . $record['institution'] . "' does not exist.");
}
$record['authinstance'] = $auth->id;
......@@ -492,6 +492,7 @@ EOD;
$authinstance = (object)array(
'instancename' => 'internal',
'priority' => 0,
'active' => 1,
'institution' => $newinstitution->name,
'authname' => 'internal',
);
......
......@@ -199,7 +199,7 @@ function webservices_user_token_submit(Pieform $form, $values) {
else {
// just pass the first one for the moment
$service = array_shift($services);
$authinstance = get_record('auth_instance', 'id', $USER->get('authinstance'));
$authinstance = get_record('auth_instance', 'id', $USER->get('authinstance'), 'active', 1);
$token = webservice_generate_token(EXTERNAL_TOKEN_USER, $service, $USER->get('id'), $authinstance->institution, (time() + EXTERNAL_TOKEN_USER_EXPIRES));
$SESSION->add_ok_msg(get_string('token_generated', 'auth.webservice'));
}
......
......@@ -397,11 +397,12 @@ function webservice_provider_enabled_submit(Pieform $form, $values) {
// reload/upgrade the web services configuration
if ($enabled) {
// ensure that we have a webservice auth_instance
$authinstance = get_record('auth_instance', 'institution', 'mahara', 'authname', 'webservice');
$authinstance = get_record('auth_instance', 'institution', 'mahara', 'authname', 'webservice', 'active', 1);
if (empty($authinstance)) {
$authinstance = (object)array(
'instancename' => 'webservice',
'priority' => 2,
'active' => 1,
'institution' => 'mahara',
'authname' => 'webservice',
);
......
......@@ -435,8 +435,8 @@ function webservices_user_token_submit(Pieform $form, $values) {
$SESSION->add_error_msg(get_string('noservices', 'auth.webservice'));
}
else {
// just pass the first one for the moment
$authinstance = get_record('auth_instance', 'id', $USER->get('authinstance'));
// just pass the first active one for the moment
$authinstance = get_record('auth_instance', 'id', $USER->get('authinstance'), 'active', 1);
$token = webservice_generate_token(
EXTERNAL_TOKEN_USER,
$service,
......
......@@ -173,7 +173,7 @@ class mahara_group_external extends external_api {
}
else {
// Make sure auth is valid
if (!$authinstance = get_record('auth_instance', 'id', $dbuser->authinstance)) {
if (!$authinstance = get_record('auth_instance', 'id', $dbuser->authinstance, 'active', 1)) {
throw new WebserviceInvalidParameterException(get_string('invalidauthtype', 'auth.webservice', $dbuser->authinstance));
}
// check the institution is allowed
......@@ -465,7 +465,7 @@ class mahara_group_external extends external_api {
}
else {
// Make sure auth is valid
if (!$authinstance = get_record('auth_instance', 'id', $dbuser->authinstance)) {
if (!$authinstance = get_record('auth_instance', 'id', $dbuser->authinstance, 'active', 1)) {
throw new WebserviceInvalidParameterException('update_groups | ' . get_string('invalidauthtype', 'auth.webservice', $dbuser->authinstance));
}
// check the institution is allowed
......@@ -624,7 +624,7 @@ class mahara_group_external extends external_api {
}
else {
// Make sure auth is valid
if (!$authinstance = get_record('auth_instance', 'id', $dbuser->authinstance)) {
if (!$authinstance = get_record('auth_instance', 'id', $dbuser->authinstance, 'active', 1)) {
throw new WebserviceInvalidParameterException('update_group_members | ' . get_string('invalidauthtype', 'auth.webservice', $dbuser->authinstance));
}
// check the institution is allowed
......
......@@ -113,7 +113,7 @@ class mahara_institution_external extends external_api {
foreach ($params['users'] as $user) {
$dbuser = self::checkuser($user);
// Make sure auth is valid
if (!$authinstance = get_record('auth_instance', 'id', $dbuser->authinstance)) {
if (!$authinstance = get_record('auth_instance', 'id', $dbuser->authinstance, 'active', 1)) {
throw new WebserviceInvalidParameterException(get_string('invalidauthtype', 'auth.webservice', $dbuser->authinstance));
}
// check the institution is allowed
......@@ -192,7 +192,7 @@ class mahara_institution_external extends external_api {
$dbuser = self::checkuser($user);
// Make sure auth is valid
if (!$authinstance = get_record('auth_instance', 'id', $dbuser->authinstance)) {
if (!$authinstance = get_record('auth_instance', 'id', $dbuser->authinstance, 'active', 1)) {
throw new WebserviceInvalidParameterException('invite_members | ' . get_string('invalidauthtype', 'auth.webservice', $dbuser->authinstance));
}
// check the institution is allowed
......@@ -271,7 +271,7 @@ class mahara_institution_external extends external_api {
$dbuser = self::checkuser($user);
// Make sure auth is valid
if (!$authinstance = get_record('auth_instance', 'id', $dbuser->authinstance)) {
if (!$authinstance = get_record('auth_instance', 'id', $dbuser->authinstance, 'active', 1)) {
throw new WebserviceInvalidParameterException('remove_members | ' . get_string('invalidauthtype', 'auth.webservice', $dbuser->authinstance));
}
......@@ -344,7 +344,7 @@ class mahara_institution_external extends external_api {
$dbuser = self::checkuser($user);
// Make sure auth is valid
if (!$authinstance = get_record('auth_instance', 'id', $dbuser->authinstance)) {
if (!$authinstance = get_record('auth_instance', 'id', $dbuser->authinstance, 'active', 1)) {
throw new WebserviceInvalidParameterException('decline_members | ' . get_string('invalidauthtype', 'auth.webservice', $dbuser->authinstance));
}
......
......@@ -130,7 +130,7 @@ class mahara_user_external extends external_api {
// only institutions for the web service user token
if ($WEBSERVICE_INSTITUTION == $institution) {
// now find the user by remote
$instance_id = get_field('auth_instance', 'id', 'instancename', $authtype, 'institution', $WEBSERVICE_INSTITUTION);
$instance_id = get_field('auth_instance', 'id', 'instancename', $authtype, 'institution', $WEBSERVICE_INSTITUTION, 'active', 1);
log_debug('in autologin_redirect: auth_instance id: '.$instance_id);
if ($instance_id) {
$user_id = get_field('auth_remote_user', 'localusr', 'remoteusername', $params['ext_user_username'], 'authinstance', $instance_id);
......
......@@ -110,7 +110,7 @@ class mahara_view_external extends external_api {
$id = $dbuser->id;
}
else if (isset($user['remoteuser'])) {
$dbinstances = get_records_array('auth_instance', 'institution', $WEBSERVICE_INSTITUTION);
$dbinstances = get_records_array('auth_instance', 'institution', $WEBSERVICE_INSTITUTION, 'active', 1);
$dbuser = false;
foreach ($dbinstances as $dbinstance) {
$user_factory = new User;
......@@ -182,7 +182,7 @@ class mahara_view_external extends external_api {
continue;
}
$auth_instance = get_record('auth_instance', 'id', $user->authinstance);
$auth_instance = get_record('auth_instance', 'id', $user->authinstance, 'active', 1);
$USER->reanimate($user->id, $user->authinstance);
require_once('view.php');
$data = View::view_search((isset($u['query']) ? $u['query'] : null), null, (object) array('owner' => $USER->get('id')), null, null, 0, true, null, null, true);
......@@ -218,12 +218,12 @@ class mahara_view_external extends external_api {
}
$userarray['institution'] = $auth_instance->institution;
$userarray['auths'] = array();
$auths = get_records_sql_array('SELECT aru.remoteusername AS remoteusername, ai.authname AS authname FROM {auth_remote_user} aru
$auths = get_records_sql_array('SELECT aru.remoteusername AS remoteusername, ai.authname AS authname, ai.active FROM {auth_remote_user} aru
INNER JOIN {auth_instance} ai ON aru.authinstance = ai.id
WHERE ai.institution = ? AND aru.localusr = ?', array($WEBSERVICE_INSTITUTION, $user->id));
if ($auths) {
foreach ($auths as $auth) {
$userarray['auths'][]= array('auth' => $auth->authname, 'remoteuser' => $auth->remoteusername);
$userarray['auths'][]= array('auth' => $auth->authname, 'remoteuser' => $auth->remoteusername, 'active' => $auth->active);
}
}
......
......@@ -149,7 +149,7 @@ function mahara_external_atom_returns() {
function webservice_validate_user($dbuser) {
global $SESSION;
if (!empty($dbuser)) {
$auth_instance = get_record('auth_instance', 'id', $dbuser->authinstance);
$auth_instance = get_record('auth_instance', 'id', $dbuser->authinstance, 'active', 1);
if ($auth_instance->authname == 'webservice') {
$memberships = count_records('usr_institution', 'usr', $dbuser->id);
if ($memberships == 0) {
......@@ -946,7 +946,7 @@ abstract class webservice_server implements webservice_server_interface {
throw new WebserviceAccessException(get_string('wrongusernamepassword', 'auth.webservice'));
}
// determine the internal auth instance
$auth_instance = get_record('auth_instance', 'institution', $ext_user->institution, 'authname', 'webservice');
$auth_instance = get_record('auth_instance', 'institution', $ext_user->institution, 'authname', 'webservice', 'active', 1);
if (empty($auth_instance)) {
throw new WebserviceAccessException(get_string('wrongusernamepassword', 'auth.webservice'));
}
......@@ -974,7 +974,7 @@ abstract class webservice_server implements webservice_server_interface {
// check user is member of configured OAuth institution
$institutions = array_keys(load_user_institutions($this->oauth_token_details['user_id']));
$auth_instance = get_record('auth_instance', 'id', $user->authinstance);
$auth_instance = get_record('auth_instance', 'id', $user->authinstance, 'active', 1);
$institutions[]= $auth_instance->institution;
if (!in_array($this->oauth_token_details['institution'], $institutions)) {
throw new WebserviceAccessException(get_string('institutiondenied', 'auth.webservice'));
......
......@@ -416,7 +416,7 @@ function testclient_submit(Pieform $form, $values) {
redirect('/webservice/testclient.php?' . implode('&', $params));
}
// determine the internal auth instance
$auth_instance = get_record('auth_instance', 'institution', $ext_user->institution, 'authname', 'webservice');
$auth_instance = get_record('auth_instance', 'institution', $ext_user->institution, 'authname', 'webservice', 'active', 1);
if (empty($auth_instance)) {
$SESSION->add_error_msg(get_string('invaliduser', 'auth.webservice', $values['wsusername']));
redirect('/webservice/testclient.php?' . implode('&', $params));
......
......@@ -100,10 +100,15 @@ class WebServiceTestBase extends MaharaUnitTest {
// clean out first
$this->tearDown();
if (!$authinstance = get_record('auth_instance', 'institution', 'mahara', 'authname', 'webservice')) {
if ($authinstance = get_record('auth_instance', 'institution', 'mahara', 'authname', 'webservice')) {
// make sure it is active
update_record('auth_instance', array('active' => 1), array('id' => $authinstance->id));
}
else {
$authinstance = new stdClass();
$authinstance->instancename = 'webservice';
$authinstance->institution = 'mahara';
$authinstance->active = 1;
$authinstance->authname = 'webservice';
$lastinstance = get_records_array('auth_instance', 'institution', 'mahara', 'priority DESC', '*', '0', '1');
if ($lastinstance == false) {
......@@ -236,6 +241,7 @@ class WebServiceTestBase extends MaharaUnitTest {
$authinstance = (object)array(
'instancename' => 'internal',
'priority' => 0,
'active' => 1,
'institution' => $newinstitution->name,
'authname' => 'internal',
);
......
......@@ -63,7 +63,7 @@ class WebServiceUserTest extends WebServiceTestBase {
$dbusers = get_records_sql_array('SELECT u.id AS id FROM {usr} u
INNER JOIN {auth_instance} ai ON u.authinstance = ai.id
WHERE u.deleted = 0 AND ai.institution = \'mahara\'', array());
WHERE u.deleted = 0 AND ai.institution = \'mahara\' AND ai.active = 1', array());
$users_in = array();
foreach ($dbusers as $dbuser) {
if ($dbuser->id == 0) continue;
......@@ -90,7 +90,7 @@ class WebServiceUserTest extends WebServiceTestBase {
$function = 'mahara_user_get_users';
$dbusers = get_records_sql_array('SELECT u.id AS id FROM {usr} u
INNER JOIN {auth_instance} ai ON u.authinstance = ai.id
WHERE u.deleted = 0 AND ai.institution = \'mahara\'', array());
WHERE u.deleted = 0 AND ai.institution = \'mahara\' AND ai.active = 1', array());
$userids = array();
foreach ($dbusers as $dbuser) {
if ($dbuser->id == 0) continue;
......@@ -194,7 +194,7 @@ class WebServiceUserTest extends WebServiceTestBase {
function mahara_user_delete_users($client) {
//Set test data
//a full user: user1
if (!$authinstance = get_record('auth_instance', 'institution', 'mahara', 'authname', 'webservice')) {
if (!$authinstance = get_record('auth_instance', 'institution', 'mahara', 'authname', 'webservice', 'active', 1)) {
throw new WebserviceInvalidParameterException('Invalid authentication type: mahara/webservce');
}
$institution = new Institution($authinstance->institution);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment