Merge pull request #1 from adlnet/moodle-4.4-updates

Moodle 4.4 updates

Author: vbhayden

.dockerignore

@@ -0,0 +1,2 @@
+.git
+update.sh

.gitignore

@@ -0,0 +1,2 @@
+scratch
+update.sh

auth.php

@@ -74,8 +74,7 @@ public function loginpage_hook() {
     private function attempt_jwt_login() {
         global $CFG, $DB;
 
-        $authtoken = null;
-        $authtokenRaw = null;
+        $authHeader = null;
 
         /**
          * Most deployments will be through Apache, at least for ADL, so
@@ -84,7 +83,7 @@ private function attempt_jwt_login() {
         if (function_exists('apache_request_headers')) {
             $headers = apache_request_headers();
             if (isset($headers['Authorization'])) {
-                $authtokenRaw = $headers['Authorization'];
+                $authHeader = $headers['Authorization'];
             }
         }
 
@@ -93,26 +92,21 @@ private function attempt_jwt_login() {
          * will miss the previous check, so we can also check the older syntax
          * if necessary.
          */
-        if (!isset($authtokenRaw)) {
+        if (!isset($authHeader)) {
             if (isset($_SERVER['Authorization'])) {
-                $authtokenRaw = $_SERVER['Authorization'];
+                $authHeader = $_SERVER['Authorization'];
             }
             else if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
-                $authtokenRaw = $_SERVER['HTTP_AUTHORIZATION'];
+                $authHeader = $_SERVER['HTTP_AUTHORIZATION'];
             } 
         }
 
-        if (!isset($authtokenRaw))
+        if (!isset($authHeader))
             return;
 
-        $authtoken = trim(substr($authtokenRaw, 7));
-        $token_parts = explode('.', $authtoken);
-
-        $headerEncoded = $token_parts[0];
-        $payloadEncoded = $token_parts[1];
-        $signatureEncoded = $token_parts[2];
-
-        $payload = $this->parse_jwt_component($payloadEncoded);
+        $payload = $this->parse_jwt_component($authHeader);
+        if (is_null($payload))
+            return;
 
         /**
          * We allow the environment to specify whether to perform an issuer check.
@@ -233,8 +227,8 @@ private function attempt_jwt_login() {
     private function get_expected_username($cert) {
 
         $envEDIPIProperty = getenv("MOODLE_JWT_EDIPI_PROPERTY");
-
         $useEDIPI = $this->has_env_bool("MOODLE_JWT_USE_EDIPI");
+
         $configuredForEDIPI =  $envEDIPIProperty != false;
 
         if ($useEDIPI && $configuredForEDIPI) {
@@ -247,14 +241,17 @@ private function get_expected_username($cert) {
         }
 
         $envCustomProperty = getenv("MOODLE_JWT_USERNAME_PROPERTY");
-        
         $useCustomProperty = $envCustomProperty != false;
-        $hasCustomProperty = property_exists($cert, $envCustomProperty);
-
-        if ($useCustomProperty && $hasCustomProperty) {
-            return $cert->$envCustomProperty;
+        
+        if ($useCustomProperty) {
+            
+            $hasCustomProperty = property_exists($cert, $envCustomProperty);
+            if ($hasCustomProperty) {
+                return $cert->$envCustomProperty;
+            }
         }
 
+
         return $this->get_default_username($cert);
     }
 
@@ -298,11 +295,24 @@ private function get_default_username($cert) {
         return $cert->preferred_username;
     }
 
-    private function parse_jwt_component($encodedStr) {
+    private function parse_jwt_component($authHeader) {
 
-        $decodedStr = $this->decode_base_64($encodedStr);
-        $jsonObj = json_decode($decodedStr);
+        if (strlen($authHeader) < 7)
+            return null;
+
+        $authtoken = trim(substr($authHeader, 7));
+        $token_parts = explode('.', $authtoken);
 
+        if (count($token_parts) != 3)
+            return null;
+    
+        $headerEncoded = $token_parts[0];
+        $payloadEncoded = $token_parts[1];
+        $signatureEncoded = $token_parts[2];
+        
+        $decodedStr = $this->decode_base_64($payloadEncoded);
+        $jsonObj = json_decode($decodedStr);
+    
         return $jsonObj;
     }
 

version.php

@@ -24,6 +24,6 @@
 
 defined('MOODLE_INTERNAL') || die();
 
-$plugin->version   = 2023110900;        // The current plugin version (Date: YYYYMMDDXX).
+$plugin->version   = 2024042600;        // The current plugin version (Date: YYYYMMDDXX).
 $plugin->requires  = 2022111800;        // Requires this Moodle version.
 $plugin->component = 'auth_jwt';       // Full name of the plugin (used for diagnostics)