MDL-79520 core: upgrade step to update existing Clever issuers to OIDC

This change is an upgrade step which: - Updates endpoints to the new endpoints - Updates user field mappings so they map the new OIDC userinfo fields - Updates the issuer's baseurl
snake · Sep 29, 2023 · bed60e3 · bed60e3
1 parent e2ea631
commit bed60e3
Show file tree

Hide file tree

Showing 2 changed files with 83 additions and 1 deletion.
diff --git a/lib/db/upgrade.php b/lib/db/upgrade.php
@@ -3601,5 +3601,87 @@ function xmldb_main_upgrade($oldversion) {
         upgrade_main_savepoint(true, 2023091300.03);
     }
 
+    if ($oldversion < 2023092600.01) {
+        // A [name => url] map of new OIDC endpoints to be updated/created.
+        $endpointuris = [
+            'authorization_endpoint' => 'https://clever.com/oauth/authorize',
+            'token_endpoint' => 'https://clever.com/oauth/tokens',
+            'userinfo_endpoint' => 'https://api.clever.com/userinfo',
+            'jwks_uri' => 'https://clever.com/oauth/certs',
+        ];
+
+        // A [internalfield => externalfield] map of new OIDC-based user field mappings to be updated/created.
+        $userfieldmappings = [
+            'idnumber' => 'sub',
+            'firstname' => 'given_name',
+            'lastname' => 'family_name',
+            'email' => 'email',
+        ];
+
+        $admin = get_admin();
+        $adminid = $admin ? $admin->id : '0';
+
+        $cleverservices = $DB->get_records('oauth2_issuer', ['servicetype' => 'clever']);
+        foreach ($cleverservices as $cleverservice) {
+            $time = time();
+
+            // Insert/update the new endpoints.
+            foreach ($endpointuris as $endpointname => $endpointuri) {
+                $endpoint = ['issuerid' => $cleverservice->id, 'name' => $endpointname];
+                $endpointid = $DB->get_field('oauth2_endpoint', 'id', $endpoint);
+
+                if ($endpointid) {
+                    $endpoint = array_merge($endpoint, [
+                        'id' => $endpointid,
+                        'url' => $endpointuri,
+                        'timemodified' => $time,
+                        'usermodified' => $adminid,
+                    ]);
+                    $DB->update_record('oauth2_endpoint', $endpoint);
+                } else {
+                    $endpoint = array_merge($endpoint, [
+                        'url' => $endpointuri,
+                        'timecreated' => $time,
+                        'timemodified' => $time,
+                        'usermodified' => $adminid,
+                    ]);
+                    $DB->insert_record('oauth2_endpoint', $endpoint);
+                }
+            }
+
+            // Insert/update new user field mappings.
+            foreach ($userfieldmappings as $internalfieldname => $externalfieldname) {
+                $fieldmap = ['issuerid' => $cleverservice->id, 'internalfield' => $internalfieldname];
+                $fieldmapid = $DB->get_field('oauth2_user_field_mapping', 'id', $fieldmap);
+
+                if ($fieldmapid) {
+                    $fieldmap = array_merge($fieldmap, [
+                        'id' => $fieldmapid,
+                        'externalfield' => $externalfieldname,
+                        'timemodified' => $time,
+                        'usermodified' => $adminid,
+                    ]);
+                    $DB->update_record('oauth2_user_field_mapping', $fieldmap);
+                } else {
+                    $fieldmap = array_merge($fieldmap, [
+                        'externalfield' => $externalfieldname,
+                        'timecreated' => $time,
+                        'timemodified' => $time,
+                        'usermodified' => $adminid,
+                    ]);
+                    $DB->insert_record('oauth2_user_field_mapping', $fieldmap);
+                }
+            }
+
+            // Update the baseurl for the issuer.
+            $cleverservice->baseurl = 'https://clever.com';
+            $cleverservice->timemodified = $time;
+            $cleverservice->usermodified = $adminid;
+            $DB->update_record('oauth2_issuer', $cleverservice);
+        }
+
+        upgrade_main_savepoint(true, 2023092600.01);
+    }
+
     return true;
 }
diff --git a/version.php b/version.php
@@ -29,7 +29,7 @@
 
 defined('MOODLE_INTERNAL') || die();
 
-$version  = 2023092600.00;              // YYYYMMDD      = weekly release date of this DEV branch.
+$version  = 2023092600.01;              // YYYYMMDD      = weekly release date of this DEV branch.
                                         //         RR    = release increments - 00 in DEV branches.
                                         //           .XX = incremental changes.
 $release  = '4.3beta (Build: 20230926)'; // Human-friendly version name