ÿØÿà JFIF    ÿÛ „  ( %"1!%)+...383,7(-.+  -+++--++++---+-+-----+---------------+---+-++7-----ÿÀ  ß â" ÿÄ     ÿÄ H    !1AQaq"‘¡2B±ÁÑð#R“Ò Tbr‚²á3csƒ’ÂñDS¢³$CÿÄ   ÿÄ %  !1AQa"23‘ÿÚ   ? ôÿ ¨pŸªáÿ —åYõõ\?àÒü©ŠÄï¨pŸªáÿ —åYõõ\?àÓü©ŠÄá 0Ÿªáÿ Ÿå[úƒ ú®ði~TÁbqÐ8OÕpÿ ƒOò¤Oè`–RÂáœá™êi€ßÉ< FtŸI“öÌ8úDf´°å}“¾œ6  öFá°y¥jñÇh†ˆ¢ã/ÃÐ:ªcÈ "Y¡ðÑl>ÿ ”ÏËte:qž\oäŠe÷󲍷˜HT4&ÿ ÓÐü6ö®¿øþßèô Ÿ•7Ñi’•j|“ñì>b…þS?*Óôÿ ÓÐü*h¥£ír¶ü UãSç‚Ÿ[AÐaè[ûª•õ&õj?†Éö+EzP—WeÒírJFt ‘BŒ†Ï‡%#tE Øz ¥OÛ«!1›üä±Í™%ºÍãö]°î(–:@<‹ŒÊö×òÆt¦ãº+‡¦%ÌÁ²h´OƒJŒtMÜ>ÀÜÊw3Y´•牋4ǍýʏTì>œú=Íwhyë,¾Ôò×õ¿ßÊa»«þˆѪQ|%6ž™A õ%:øj<>É—ÿ Å_ˆCbõ¥š±ý¯Ýƒï…¶|RëócÍf溪“t.СøTÿ *Ä¿-{†çàczůŽ_–^XþŒ±miB[X±d 1,é”zEù»& î9gœf™9Ð'.;—™i}!ôšåîqêÛ٤ёý£½ÆA–àôe"A$˝Úsäÿ ÷Û #°xŸëí(l »ý3—¥5m! rt`†0~'j2(]S¦¦kv,ÚÇ l¦øJA£Šƒ J3E8ÙiŽ:cÉžúeZ°€¯\®kÖ(79«Ž:¯X”¾³Š&¡* ….‰Ž(ÜíŸ2¥ª‡×Hi²TF¤ò[¨íÈRëÉ䢍mgÑ.Ÿ<öäS0í„ǹÁU´f#Vß;Õ–…P@3ío<ä-±»Ž.L|kªÀê›fÂ6@»eu‚|ÓaÞÆŸ…¨ááå>åŠ?cKü6ùTÍÆ”†sĤÚ;H2RÚ†õ\Ö·Ÿn'¾ ñ#ºI¤Å´%çÁ­‚â7›‹qT3Iï¨ÖÚ5I7Ë!ÅOóŸ¶øÝñØôת¦$Tcö‘[«Ö³šÒ';Aþ ¸èíg A2Z"i¸vdÄ÷.iõ®§)¿]¤À†–‡É&ä{V¶iŽ”.Ó×Õÿ û?h¬Mt–íª[ÿ Ñÿ ÌV(í}=ibÔ¡›¥¢±b Lô¥‡piη_Z<‡z§èŒ)iÖwiÇ 2hÙ3·=’d÷8éŽ1¦¸c¤µ€7›7Ø ð\á)} ¹fËí›pAÃL%âc2 í§æQz¿;T8sæ°qø)QFMð‰XŒÂ±N¢aF¨…8¯!U  Z©RÊ ÖPVÄÀÍin™Ì-GˆªÅËŠ›•zË}º±ŽÍFò¹}Uw×#ä5B¤{î}Ð<ÙD é©¤&‡ïDbàÁôMÁ.. namespace core\oauth2\discovery; use curl; use stdClass; use moodle_exception; use core\oauth2\issuer; use core\oauth2\endpoint; /** * Class for provider discovery definition, to allow services easily discover and process information. * This abstract class is called from core\oauth2\api when discovery points need to be updated. * * @package core * @since Moodle 3.11 * @copyright 2021 Sara Arjona (sara@moodle.com) * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later */ abstract class base_definition { /** * Get the URL for the discovery manifest. * * @param issuer $issuer The OAuth issuer the endpoints should be discovered for. * @return string The URL of the discovery file, containing the endpoints. */ public abstract static function get_discovery_endpoint_url(issuer $issuer): string; /** * Process the discovery information and create endpoints defined with the expected format. * * @param issuer $issuer The OAuth issuer the endpoints should be discovered for. * @param stdClass $info The discovery information, with the endpoints to process and create. * @return void */ protected abstract static function process_configuration_json(issuer $issuer, stdClass $info): void; /** * Process how to map user field information. * * @param issuer $issuer The OAuth issuer the endpoints should be discovered for. * @return void */ protected abstract static function create_field_mappings(issuer $issuer): void; /** * Self-register the issuer if the 'registration' endpoint exists and client id and secret aren't defined. * * @param issuer $issuer The OAuth issuer to register. * @return void */ protected abstract static function register(issuer $issuer): void; /** * Create endpoints for this issuer. * * @param issuer $issuer Issuer the endpoints should be created for. * @return issuer */ public static function create_endpoints(issuer $issuer): issuer { static::discover_endpoints($issuer); return $issuer; } /** * If the discovery endpoint exists for this issuer, try and determine the list of valid endpoints. * * @param issuer $issuer * @return int The number of discovered services. */ public static function discover_endpoints($issuer): int { // Early return if baseurl is empty. if (empty($issuer->get('baseurl'))) { return 0; } // Get the discovery URL and check if it has changed. $creatediscoveryendpoint = false; $url = $issuer->get_endpoint_url('discovery'); $providerurl = static::get_discovery_endpoint_url($issuer); if (!$url || $url != $providerurl) { $url = $providerurl; $creatediscoveryendpoint = true; } // Remove the existing endpoints before starting discovery. foreach (endpoint::get_records(['issuerid' => $issuer->get('id')]) as $endpoint) { // Discovery endpoint will be removed only if it will be created later, once we confirm it's working as expected. if ($creatediscoveryendpoint || $endpoint->get('name') != 'discovery_endpoint') { $endpoint->delete(); } } // Early return if discovery URL is empty. if (empty($url)) { return 0; } $curl = new curl(); if (!$json = $curl->get($url)) { $msg = 'Could not discover end points for identity issuer: ' . $issuer->get('name') . " [URL: $url]"; throw new moodle_exception($msg); } if ($msg = $curl->error) { throw new moodle_exception('Could not discover service endpoints: ' . $msg); } $info = json_decode($json); if (empty($info)) { $msg = 'Could not discover end points for identity issuer: ' . $issuer->get('name') . " [URL: $url]"; throw new moodle_exception($msg); } if ($creatediscoveryendpoint) { // Create the discovery endpoint (because it didn't exist and the URL exists and is returning some valid JSON content). static::create_discovery_endpoint($issuer, $url); } static::process_configuration_json($issuer, $info); static::create_field_mappings($issuer); static::register($issuer); return endpoint::count_records(['issuerid' => $issuer->get('id')]); } /** * Helper method to create discovery endpoint. * * @param issuer $issuer Issuer the endpoints should be created for. * @param string $url Discovery endpoint URL. * @return endpoint The endpoint created. * * @throws \core\invalid_persistent_exception */ protected static function create_discovery_endpoint(issuer $issuer, string $url): endpoint { $record = (object) [ 'issuerid' => $issuer->get('id'), 'name' => 'discovery_endpoint', 'url' => $url, ]; $endpoint = new endpoint(0, $record); $endpoint->create(); return $endpoint; } }