WIP access key setup

catalyst · Aug 2, 2024 · 00828b5 · 00828b5
1 parent dae83f4
commit 00828b5
Show file tree

Hide file tree

Showing 8 changed files with 61 additions and 3 deletions.
diff --git a/bootstrap.php b/bootstrap.php
@@ -84,6 +84,17 @@
 if (!$allowed) {
     // Call the climaintenance.php which will check for allowed IPs.
     $CFG->dirroot = dirname(dirname(dirname(__FILE__))); // It is not defined yet but the script below needs it.
+
+    // TODO bake these values into the climaintenance page on save.
+    // $sessionoptions = [
+    //     'lifetime' => 0,
+    //     'path' => $CFG->sessioncookiepath,
+    //     'domain' => $CFG->sessioncookiedomain,
+    //     'secure' => $cookiesecure,
+    //     'httponly' => $CFG->cookiehttponly,
+    // ];
+    setcookie('auth_outage_accesskey', '12345', time() + 60, '', '', true, true);
+    global $_COOKIE;
     require($CFG->dataroot.'/climaintenance.php'); // This call may terminate the script here or not.
 }
 

diff --git a/classes/form/outage/edit.php b/classes/form/outage/edit.php
@@ -84,6 +84,12 @@ public function definition() {
         $mform->addElement('static', 'usagehints', '', get_string('textplaceholdershint', 'auth_outage'));
         $mform->addElement('static', 'warningreenablemaintenancemode', '');
 
+        $mform->addElement('advcheckbox', 'useaccesskey', get_string('useaccesskey', 'auth_outage'), get_string('useaccesskey:desc', 'auth_outage'), 0);
+
+        $mform->addElement('text', 'accesskey', get_string('accesskey', 'auth_outage'), '');
+        $mform->setType('accesskey', PARAM_TEXT);
+        $mform->disabledIf('accesskey', 'useaccesskey');
+
         $this->add_action_buttons();
     }
 
@@ -137,6 +143,7 @@ public function get_data() {
             'warntime' => $data->starttime - $data->warningduration,
             'title' => $data->title,
             'description' => $data->description['text'],
+            'accesskey' => $data->useaccesskey ? $data->accesskey : null,
         ];
         return new outage($outagedata);
     }
@@ -160,6 +167,8 @@ public function set_data($outage) {
                 'warningduration' => $outage->get_warning_duration(),
                 'title' => $outage->title,
                 'description' => ['text' => $outage->description, 'format' => '1'],
+                'accesskey' => $outage->accesskey,
+                'useaccesskey' => !empty($outage->accesskey),
             ]);
 
             // If the default_autostart is configured in config, then force autostart to be the default value.

diff --git a/classes/local/outage.php b/classes/local/outage.php
@@ -117,6 +117,11 @@ class outage {
      */
     public $lastmodified = null;
 
+    /**
+     * @var string|null access key, or null if not enabled.
+     */
+    public $accesskey = null;
+
     /**
      * outage constructor.
      * @param stdClass|array|null $data The data for the outage.

diff --git a/classes/local/outagelib.php b/classes/local/outagelib.php
@@ -308,12 +308,25 @@ public static function create_climaintenancephp_code($starttime, $stoptime, $all
         $code = <<<'EOT'
 <?php
 if ((time() >= {{STARTTIME}}) && (time() < {{STOPTIME}})) {
-    define('MOODLE_INTERNAL', true);
+    if (!defined('MOODLE_INTERNAL')) {
+        define('MOODLE_INTERNAL', true);
+    }
     require_once($CFG->dirroot.'/lib/moodlelib.php');
     if (file_exists($CFG->dirroot.'/lib/classes/ip_utils.php')) {
         require_once($CFG->dirroot.'/lib/classes/ip_utils.php');
     }
-    if (!remoteip_in_list('{{ALLOWEDIPS}}')) {
+    // Put access key as a cookie if given. This stops the need to put it as a url param on every request.
+    $urlaccesskey = optional_param('accesskey', null, PARAM_TEXT);
+
+    if (!empty($urlaccesskey)) {
+        // TODO bake httpsecure, etc... in via the actual values.
+        setcookie('auth_outage_accesskey', $urlaccesskey, time() + 86400, '/', '', true, true);
+    }
+
+    $accesskey = $urlaccesskey ?: $_COOKIE['auth_outage_accesskey'];
+
+    // TODO put actual access key val here.
+    if (!remoteip_in_list('{{ALLOWEDIPS}}') && $accesskey != '12345') {
         header($_SERVER['SERVER_PROTOCOL'] . ' 503 Moodle under maintenance');
         header('Status: 503 Moodle under maintenance');
         header('Retry-After: 300');

diff --git a/db/install.xml b/db/install.xml
@@ -17,12 +17,14 @@
         <FIELD NAME="modifiedby" TYPE="int" LENGTH="10" NOTNULL="true" SEQUENCE="false" COMMENT="Who last modified this entry."/>
         <FIELD NAME="lastmodified" TYPE="int" LENGTH="10" NOTNULL="true" SEQUENCE="false" COMMENT="When was this entry last modified."/>
         <FIELD NAME="finished" TYPE="int" LENGTH="10" NOTNULL="false" SEQUENCE="false" COMMENT="Timestamp of when the outage really finished."/>
+        <FIELD NAME="accesskey" TYPE="char" LENGTH="16" NOTNULL="false" SEQUENCE="false" COMMENT="Unique key used to access during outage"/>
       </FIELDS>
       <KEYS>
         <KEY NAME="primary" TYPE="primary" FIELDS="id"/>
       </KEYS>
       <INDEXES>
         <INDEX NAME="start_stop_title" UNIQUE="false" FIELDS="starttime, stoptime, title"/>
+        <INDEX NAME="accesskey" UNIQUE="true" FIELDS="accesskey"/>
       </INDEXES>
     </TABLE>
   </TABLES>

diff --git a/db/upgrade.php b/db/upgrade.php
@@ -47,5 +47,20 @@ function xmldb_auth_outage_upgrade($oldversion) {
         upgrade_plugin_savepoint(true, 2016092200, 'auth', 'outage');
     }
 
+    if ($oldversion < 2024080200) {
+
+        // Define field accesskey to be added to auth_outage.
+        $table = new xmldb_table('auth_outage');
+        $field = new xmldb_field('accesskey', XMLDB_TYPE_CHAR, '16', null, null, null, null, 'finished');
+
+        // Conditionally launch add field accesskey.
+        if (!$dbman->field_exists($table, $field)) {
+            $dbman->add_field($table, $field);
+        }
+
+        // Outage savepoint reached.
+        upgrade_plugin_savepoint(true, 2024080200, 'auth', 'outage');
+    }
+
     return true;
 }
diff --git a/lang/en/auth_outage.php b/lang/en/auth_outage.php
@@ -162,6 +162,9 @@
 $string['warningduration'] = 'Warning duration';
 $string['warningduration_help'] = 'How long before the start of the outage should the warning be displayed.';
 $string['warningreenablemaintenancemode'] = 'Please note that saving this outage will re-enable maintenance mode.<br />Untick "Auto start maintenance mode" if you want to prevent this.';
+$string['accesskey'] = 'Access key';
+$string['useaccesskey'] = 'Use access key';
+$string['useaccesskey:desc'] = 'Allow testers to access site during outage by entering the access key below';
 
 /*
  * Privacy provider (GDPR)

diff --git a/version.php b/version.php
@@ -28,7 +28,7 @@
 defined('MOODLE_INTERNAL') || die();
 
 $plugin->component = "auth_outage";
-$plugin->version = 2024052400;                  // The current plugin version (Date: YYYYMMDDXX).
+$plugin->version = 2024080200;                  // The current plugin version (Date: YYYYMMDDXX).
 $plugin->release = 2024052400;                  // Human-readable release information.
 $plugin->requires = 2017111309;                 // 2017111309 = T13, but this really requires 3.9 and higher.
 $plugin->maturity = MATURITY_STABLE;            // Suitable for PRODUCTION environments!