Merge changes Ic5b8fa93,Id3327939,Ic4292676,Iad1d39a1,I398479c3,Ib5dea8c9

* changes:
  Change webservice config to not have nested Pieforms (Bug #1397128)
  Fix data in service group on creation
  Restricting the institution get members (Bug 1393530)
  Handling webservices validate_password better (Bug 1393530)
  Tidying up the initial code to mahara standards (Bug #1393530)
  Adding the webservices plugin (Bug 1393530)

htdocs/auth/internal/lib.php

@@ -231,7 +231,7 @@ class AuthInternal extends Auth {
      * @param string $salt     The salt we have.
      * @returns int     0 means not validated, 1 means validated, 2 means validated but needs updating
      */
-    private function validate_password($theysent, $wehave, $salt) {
+    protected function validate_password($theysent, $wehave, $salt) {
         $this->must_be_ready();
 
         if ($salt == '*') {

htdocs/auth/webservice/lib.php

+<?php
+/**
+ *
+ * @package    mahara
+ * @subpackage core
+ * @author     Catalyst IT Ltd
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later
+ * @copyright  For copyright information on Mahara, please see the README file distributed with this software.
+ *
+ */
+
+defined('INTERNAL') || die();
+require_once(get_config('docroot') . 'auth/internal/lib.php');
+
+$path = get_config('docroot') . 'webservice/libs/zend';
+set_include_path($path . PATH_SEPARATOR . get_include_path());
+
+require_once(get_config('docroot') . '/webservice/lib.php');
+require_once(get_config('docroot') . 'api/xmlrpc/lib.php');
+
+/**
+ * if the local_right_nav_update doesn't exist, then when can
+ * inject the app token itme in the menu
+ */
+if (!function_exists('local_right_nav_update')) {
+    function local_right_nav_update(&$menu) {
+        $menu = ($menu ? $menu : array());
+        foreach ($menu as $item) {
+            if ($item['path'] == 'settings/apps') {
+                return;
+            }
+        }
+        $menu[]=
+                array(
+                        'path' =>  'settings/apps',
+                        'url' => 'webservice/apptokens.php',
+                        'title' => get_string('apptokens', 'auth.webservice'),
+                        'weight' => 40,
+                        'selected' => false,
+                        'submenu' => array(),
+                );
+    }
+}
+
+/**
+ * The webservice authentication method, which authenticates users against the
+ * Mahara database, but ensures that these users can only be used for webservices
+ */
+class AuthWebservice extends AuthInternal {
+
+    public function __construct($id = null) {
+        $this->has_instance_config = false;
+        $this->type       = 'webservice';
+        if (!empty($id)) {
+            return $this->init($id);
+        }
+        return true;
+    }
+
+    /**
+     * Attempt to authenticate user
+     *
+     * @param object $user     As returned from the usr table
+     * @param string $password The password being used for authentication
+     * @return bool            True/False based on whether the user
+     *                         authenticated successfully
+     * @throws AuthUnknownUserException If the user does not exist
+     */
+    public function authenticate_user_account($user, $password, $from='elsewhere') {
+        // deny from anywhere other than a webservice context
+        if ($from != 'webservice') {
+            return false;
+        }
+        $this->must_be_ready();
+        return $this->validate_password($password, $user->password, $user->salt);
+    }
+
+    /**
+     * Given a password that the user has sent, the password we have for them
+     * and the salt we have, see if the password they sent is correct.
+     *
+     * @param string $theysent The password the user sent
+     * @param string $wehave   The password we have in the database for them
+     * @param string $salt     The salt we have.
+     */
+    protected function validate_password($theysent, $wehave, $salt) {
+        $this->must_be_ready();
+        $validate = parent::validate_password($theysent, $wehave, $salt);
+        return (!empty($validate)) ? true : false;
+    }
+}
+
+/**
+ * Plugin configuration class
+ */
+class PluginAuthWebservice extends PluginAuth {
+
+    public static function has_config() {
+        return true;
+    }
+
+    public static function get_config_options() {
+        redirect('/webservice/admin/index.php');
+    }
+
+    public static function has_instance_config() {
+        return false;
+    }
+
+    public static function get_instance_config_options() {
+        return array();
+    }
+
+    public static function menu_items($smarty=null, $selected=null) {
+        global $SELECTEDSUBNAV, $USER;
+
+        $items = array(
+            'webservice' => array(
+                'path'   => 'webservice',
+                'url'    => 'webservice/admin/index.php',
+                'title'  => get_string('webservices', 'auth.webservice'),
+                'weight' => 10,
+                'selected' => false,
+                'submenu' => array(),
+            ),
+            'webservice/oauthconfig' => array(
+                'path'   => 'webservice/oauthconfig',
+                'url'    => 'webservice/admin/oauthv1sregister.php',
+                'title'  => get_string('oauth', 'auth.webservice'),
+                'weight' => 10,
+                'selected' => false,
+                'submenu' => array(),
+            ),
+            'webservice/logs' => array(
+                'path'   => 'webservice/logs',
+                'url'    => 'webservice/admin/webservicelogs.php',
+                'title'  => get_string('webservicelogs', 'auth.webservice'),
+                'weight' => 20,
+                'selected' => false,
+                'submenu' => array(),
+            ),
+            'webservice/testclient' => array(
+                'path'   => 'webservice/testclient',
+                'url'    => 'webservice/testclient.php',
+                'title'  => get_string('testclient', 'auth.webservice'),
+                'weight' => 30,
+                'selected' => false,
+                'submenu' => array(),
+            ),
+        );
+
+        if ($USER->is_logged_in() && $smarty) {
+            $SELECTEDSUBNAV = ($SELECTEDSUBNAV ? $SELECTEDSUBNAV : array());
+            $items = array_merge($SELECTEDSUBNAV, $items);
+            $apps = false;
+            $SELECTEDSUBNAV = array();
+            foreach ($items as $sub) {
+                $sub['selected'] = ($selected == $sub['path'] ? true : false);
+                $SELECTEDSUBNAV[]= $sub;
+                if ($sub['path'] == 'settings/apps') {
+                    $apps = true;
+                }
+            }
+            if (!$apps) {
+                $SELECTEDSUBNAV[]=
+                    array(
+                        'path' =>  'settings/apps',
+                        'url' => 'webservice/apptokens.php',
+                        'title' => get_string('apptokens', 'auth.webservice'),
+                        'weight' => 40,
+                        'selected' => ($selected == 'settings/apps' ? true : false),
+                        'submenu' => array(),
+                    );
+            }
+            $smarty->assign('SELECTEDSUBNAV', $SELECTEDSUBNAV);
+        }
+        return $items;
+    }
+
+    /*
+    * cron cleanup service for web service logs
+    * set this to go daily at 5 past 1
+    */
+    public static function get_cron() {
+        return array(
+            (object)array(
+                    'callfunction' => 'clean_webservice_logs',
+                    'hour'         => '01',
+                    'minute'       => '05',
+            ),
+        );
+    }
+