Add support for groups. Add support for log extra info: Logins, Change of user systemrole

Author: pitbulk

README.txt

@@ -43,6 +43,10 @@
         $regs = saml_hook_get_course_info($course);
         if ($regs) {
             list($match, $country, $domain, $courseid, $period, $role, $status) = $regs;
+            $group = null;
+            if (isset($regs[7])) {
+                $group = $regs[7];
+            }
 
             if (!empty($courseid)) {
                 foreach ($rolemapping as $shortname => $values) {
@@ -71,6 +75,7 @@
                         'period' => $period,
                         'role' => $mappedrole,
                         'status' => $status,
+                        'group' => $group
                     ];
                     if (!$anycourseactive && $status == 'active') {
                           $anycourseactive = true;

course_and_role_mapping.php

@@ -161,6 +161,7 @@ function saml_hook_post_user_created($user, $saml_attributes = []) {
         4 - period     period of the course
         5 - role       role to be mappend with moodle role
         6 - status     'active' | 'inactive'
+        7 - group      the group inside the course
 
   The auth/saml plugin save those data that will be available
   for the enrol/saml plugin.
@@ -180,6 +181,7 @@ function saml_hook_post_user_created($user, $saml_attributes = []) {
     $regs[4] = $matches[2];   // period
     $regs[5] = $matches[3];   // role
     $regs[6] = $matches[4];   // status
+    $regs[7] = null;          // group
   }
 */
 function saml_hook_get_course_info($course) {
@@ -191,5 +193,14 @@ function saml_hook_get_course_info($course) {
         $regs = $matches;
     }
 
+    // Example retreving course from course_id
+    // because course_id is like:  mat1-t1, mat1-t2 and t1 and t2 are
+    // groups of course mat1
+    // $course_id = $regs[3];
+    // $data = explode("-", $course_id);
+    // if (isset($data[1])) {
+    //    $regs[7] = $data[1];
+    // }
+
     return $regs;
 }

custom_hook.php

@@ -108,6 +108,21 @@ function auth_saml_log_error($msg, $logfile) {
 }
 
 
-function auth_saml_decorate_log($msg) {
-    return $msg = date('D M d H:i:s  Y').' [client '.$_SERVER['REMOTE_ADDR'].'] [error] '.$msg."\r\n";
+function auth_saml_log_info($msg, $logfile) {
+    global $CFG;
+    if (isset($logfile) && !empty($logfile)) {
+        if (substr($logfile, 0) == '/') {
+            $destination = $logfile;
+        } else {
+            $destination = $CFG->dataroot . '/' . $logfile;
+        }
+        $msg = auth_saml_decorate_log($msg, 'info');
+        file_put_contents($destination, $msg, FILE_APPEND);
+    } else {
+        syslog(LOG_INFO, $msg);
+    }
+}
+
+function auth_saml_decorate_log($msg, $level = "error") {
+    return $msg = date('D M d H:i:s  Y').' [client '.$_SERVER['REMOTE_ADDR'].'] ['.$level.'] '.$msg."\r\n";
 }

error.php

@@ -72,7 +72,7 @@
 
         if ($samlparam->dosinglelogout) {
             $as->logout($urltogo);
-            assert("FALSE"); // The previous line issues a redirect.
+            assert(false); // The previous line issues a redirect.
         } else {
             header('Location: '.$urltogo);
             exit();
@@ -235,6 +235,10 @@
         auth_saml_error($err['login'], $CFG->wwwroot.'/auth/saml/login.php', $pluginconfig->samllogfile, true);
     }
 
+    if ($pluginconfig->logextrainfo) {
+        auth_saml_log_info($username.' logged', $pluginconfig->samllogfile);
+    }
+
     // Sync system role.
     $samlroles = null;
     if (isset($pluginconfig->role) && isset($samlattributes[$pluginconfig->role])) {
@@ -261,9 +265,15 @@
             if ($isrole) {
                 // Following calls will not create duplicates.
                 role_assign($role['id'], $user->id, $systemcontext->id, 'auth_saml');
+                if ($pluginconfig->logextrainfo) {
+                    auth_saml_log_info("Systemrole ". $role['shortname']. 'assigned to '.$username, $pluginconfig->samllogfile);
+                }
             } else {
                 // Unassign only if previously assigned by this plugin.
                 role_unassign($role['id'], $user->id, $systemcontext->id, 'auth_saml');
+                if ($pluginconfig->logextrainfo) {
+                    auth_saml_log_info("Systemrole ".$role['shortname']. 'unassigned to '.$username, $pluginconfig->samllogfile);
+                }
             }
         }
     }

index.php

@@ -153,7 +153,10 @@
 $string['auth_saml_error_complete_user_login'] = "Failed to complete user login of {\$a}";
 
 $string['auth_saml_logfile'] = 'Log file path';
-$string['auth_saml_logfile_description'] = 'Set a filename if you want log the SAML plugin errors in a different file that the syslog. (Use an absolute path or Moodle will save this file in the moodledata folder).';
+$string['auth_saml_logfile_description'] = 'Set a filename if you want log the SAML plugin errors in a different file than the syslog. (Use an absolute path or Moodle will save this file in the moodledata folder).';
+
+$string['auth_saml_logextrainfo'] = 'Log extra info';
+$string['auth_saml_logextrainfo_description'] = 'Enable it in order to log extra info like logins actions and user systemrole changes executed by the plugin';
 
 $string['auth_saml_samlhookfile'] = 'Hook file path';
 $string['auth_saml_samlhookfile_description'] = 'Set a path if you want to use a hook file that contain your specific functions. The path can either be absolute or relative to your Moodle root directory.';

lang/en/auth_saml.php

@@ -141,6 +141,9 @@
 $string['auth_saml_logfile'] = 'Ruta del fichero de log del plugin SAML';
 $string['auth_saml_logfile_description'] = 'Establece un nombre de fichero si tu quieres loggear los errores del plugin saml en un fichero diferente que el syslog (Establece una ruta absoluta o Moodle guardará este fichero dentro de la carpeta moodledata)';
 
+$string['auth_saml_logextrainfo'] = 'Registrar información adicional';
+$string['auth_saml_logextrainfo_description'] = 'Habilítalo para registrar en el log información adicional como acciones de log in y modificaciones de roles de sistema del usuario ejecutadas por el plugin.';
+
 $string['auth_saml_samlhookfile'] = 'Ruta del fichero del hook del plugin SAML';
 $string['auth_saml_samlhookfile_description'] = 'Establece la ruta si quieres usar un fichero hook que contiene tus funciones específicas. La ruta puede ser absoluta o relativa al directorio raíz de Moodle.';
 $string['auth_saml_errorbadhook'] = "Incorrect SAML plugin hook file: {\$a}";

lang/es/auth_saml.php

@@ -139,6 +139,9 @@
 $string['auth_saml_logfile'] = 'Ruta del fichero de log del plugin SAML';
 $string['auth_saml_logfile_description'] = 'Establece un nombre de fichero si tu quieres loggear los errores del plugin saml en un fichero diferente que el syslog (Establece una ruta absoluta o Moodle guardará este fichero dentro de la carpeta moodledata)';
 
+$string['auth_saml_logextrainfo'] = 'Registrar información adicional';
+$string['auth_saml_logextrainfo_description'] = 'Habilítalo para registrar en el log información adicional como acciones de log in y modificaciones de roles de sistema del usuario ejecutadas por el plugin.';
+
 $string['auth_saml_samlhookfile'] = 'Ruta del fichero del hook del plugin SAML';
 $string['auth_saml_samlhookfile_description'] = 'Establece la ruta si quieres usar un fichero hook que contiene tus funciones específicas. La ruta puede ser absoluta o relativa al directorio raíz de Moodle.';
 $string['auth_saml_errorbadhook'] = "Incorrect SAML plugin hook file: {\$a}";

lang/es_es/auth_saml.php

@@ -156,6 +156,13 @@ function save_in_saml_config_file() {
     $setting = new admin_setting_configtext($name, $title, $description, $default, PARAM_RAW);
     $settings->add($setting);
 
+    $name = 'auth_saml/logextrainfo';
+    $title = get_string('auth_saml_logextrainfo', 'auth_saml');
+    $description = get_string('auth_saml_logextrainfo_description', 'auth_saml');
+    $default = false;
+    $setting = new admin_setting_configcheckbox($name, $title, $description, $default, true, false);
+    $settings->add($setting);
+
     $name = 'auth_saml/disablejit';
     $title = get_string('auth_saml_disablejit', 'auth_saml');
     $description = get_string('auth_saml_disablejit_description', 'auth_saml');

settings.php

@@ -28,9 +28,9 @@
 
 defined('MOODLE_INTERNAL') || die();
 
-$plugin->version = 2019011501;
+$plugin->version = 2019061301;
 $plugin->requires = 2017111300;
-$plugin->release = 'auth/saml version of 15-01-2019';
-$plugin->maturity = MATURITY_BETA;
+$plugin->release = 'auth/saml version of 13-06-2019';
+$plugin->maturity = MATURITY_STABLE;
 $plugin->cron = 0;
 $plugin->component = 'auth_saml';