diff --git a/plugin/azure_active_directory/src/AzureActiveDirectory.php b/plugin/azure_active_directory/src/AzureActiveDirectory.php index 75fd178206..788ba8b3bb 100644 --- a/plugin/azure_active_directory/src/AzureActiveDirectory.php +++ b/plugin/azure_active_directory/src/AzureActiveDirectory.php @@ -1,6 +1,7 @@ getExistingUserVerificationOrder(); $extraFieldValue = new ExtraFieldValue('user'); @@ -176,7 +176,7 @@ class AzureActiveDirectory extends Plugin ), 3 => $extraFieldValue->get_item_id_from_field_variable_and_field_value( AzureActiveDirectory::EXTRA_FIELD_AZURE_UID, - $azureUserData['objectId'] + $azureUserData[$azureUidKey] ), ]; @@ -188,4 +188,108 @@ class AzureActiveDirectory extends Plugin return null; } + + /** + * @throws Exception + */ + public function registerUser( + AccessTokenInterface $token, + Azure $provider, + array $azureUserInfo, + string $apiGroupsRef = 'me/memberOf', + string $objectIdKey = 'objectId', + string $azureUidKey = 'objectId' + ) { + if (empty($azureUserInfo)) { + throw new Exception('Groups info not found.'); + } + + $userId = $this->getUserIdByVerificationOrder($azureUserInfo, $azureUidKey); + + if (empty($userId)) { + // If we didn't find the user + if ($this->get(self::SETTING_PROVISION_USERS) === 'true') { + [$userRole, $isAdmin] = $this->getUserRoleAndCheckIsAdmin( + $token, + $provider, + $apiGroupsRef, + $objectIdKey + ); + + $phone = null; + + if (isset($azureUserInfo['telephoneNumber'])) { + $phone = $azureUserInfo['telephoneNumber']; + } elseif (isset($azureUserInfo['businessPhones'][0])) { + $phone = $azureUserInfo['businessPhones'][0]; + } elseif (isset($azureUserInfo['mobilePhone'])) { + $phone = $azureUserInfo['mobilePhone']; + } + + // If the option is set to create users, create it + $userId = UserManager::create_user( + $azureUserInfo['givenName'], + $azureUserInfo['surname'], + $userRole, + $azureUserInfo['mail'], + $azureUserInfo['userPrincipalName'], + '', + null, + null, + $phone, + null, + 'azure', + null, + ($azureUserInfo['accountEnabled'] ? 1 : 0), + null, + [ + 'extra_'.self::EXTRA_FIELD_ORGANISATION_EMAIL => $azureUserInfo['mail'], + 'extra_'.self::EXTRA_FIELD_AZURE_ID => $azureUserInfo['mailNickname'], + 'extra_'.self::EXTRA_FIELD_AZURE_UID => $azureUserInfo[$azureUidKey], + ], + null, + null, + $isAdmin + ); + if (!$userId) { + throw new Exception(get_lang('UserNotAdded').' '.$azureUserInfo['userPrincipalName']); + } + } else { + throw new Exception('User not found when checking the extra fields from '.$azureUserInfo['mail'].' or '.$azureUserInfo['mailNickname'].' or '.$azureUserInfo[$azureUidKey].'.'); + } + } + + return $userId; + } + + private function getUserRoleAndCheckIsAdmin( + AccessTokenInterface $token, + Azure $provider = null, + string $apiRef = 'me/memberOf', + string $objectIdKey = 'objectId' + ): array { + $provider = $provider ?: $this->getProvider(); + + $groups = $provider->get($apiRef, $token); + + // If any specific group ID has been defined for a specific role, use that + // ID to give the user the right role + $givenAdminGroup = $this->get(self::SETTING_GROUP_ID_ADMIN); + $givenSessionAdminGroup = $this->get(self::SETTING_GROUP_ID_SESSION_ADMIN); + $givenTeacherGroup = $this->get(self::SETTING_GROUP_ID_TEACHER); + $userRole = STUDENT; + $isAdmin = false; + foreach ($groups as $group) { + if ($givenAdminGroup == $group[$objectIdKey]) { + $userRole = COURSEMANAGER; + $isAdmin = true; + } elseif ($givenSessionAdminGroup == $group[$objectIdKey]) { + $userRole = SESSIONADMIN; + } elseif ($userRole != SESSIONADMIN && $givenTeacherGroup == $group[$objectIdKey]) { + $userRole = COURSEMANAGER; + } + } + + return [$userRole, $isAdmin]; + } } diff --git a/plugin/azure_active_directory/src/callback.php b/plugin/azure_active_directory/src/callback.php index cb76aca6b1..09d0b363d6 100644 --- a/plugin/azure_active_directory/src/callback.php +++ b/plugin/azure_active_directory/src/callback.php @@ -85,69 +85,11 @@ try { throw new Exception('The id field is empty in Azure AD and is needed to set the unique Azure ID for this user.'); } - $userId = $plugin->getUserIdByVerificationOrder($me); - - if (empty($userId)) { - // If we didn't find the user - if ($plugin->get(AzureActiveDirectory::SETTING_PROVISION_USERS) === 'true') { - // Get groups info, if any - $groups = $provider->get('me/memberOf', $token); - if (empty($me)) { - throw new Exception('Groups info not found.'); - } - // If any specific group ID has been defined for a specific role, use that - // ID to give the user the right role - $givenAdminGroup = $plugin->get(AzureActiveDirectory::SETTING_GROUP_ID_ADMIN); - $givenSessionAdminGroup = $plugin->get(AzureActiveDirectory::SETTING_GROUP_ID_SESSION_ADMIN); - $givenTeacherGroup = $plugin->get(AzureActiveDirectory::SETTING_GROUP_ID_TEACHER); - $userRole = STUDENT; - $isAdmin = false; - foreach ($groups as $group) { - if ($isAdmin) { - break; - } - if ($givenAdminGroup == $group['objectId']) { - $userRole = COURSEMANAGER; - $isAdmin = true; - } elseif (!$isAdmin && $givenSessionAdminGroup == $group['objectId']) { - $userRole = SESSIONADMIN; - } elseif (!$isAdmin && $userRole != SESSIONADMIN && $givenTeacherGroup == $group['objectId']) { - $userRole = COURSEMANAGER; - } - } - - // If the option is set to create users, create it - $userId = UserManager::create_user( - $me['givenName'], - $me['surname'], - $userRole, - $me['mail'], - $me['mailNickname'], - '', - null, - null, - $me['telephoneNumber'], - null, - 'azure', - null, - ($me['accountEnabled'] ? 1 : 0), - null, - [ - 'extra_'.AzureActiveDirectory::EXTRA_FIELD_ORGANISATION_EMAIL => $me['mail'], - 'extra_'.AzureActiveDirectory::EXTRA_FIELD_AZURE_ID => $me['mailNickname'], - 'extra_'.AzureActiveDirectory::EXTRA_FIELD_AZURE_UID => $me['id'], - ], - null, - null, - $isAdmin - ); - if (!$userId) { - throw new Exception(get_lang('UserNotAdded').' '.$me['mailNickname']); - } - } else { - throw new Exception('User not found when checking the extra fields from '.$me['mail'].' or '.$me['mailNickname'].' or '.$me['id'].'.'); - } - } + $userId = $plugin->registerUser( + $token, + $provider, + $me + ); $userInfo = api_get_user_info($userId);