Added admin notifications #185

Issue 387: Add metadata header to outage pages

README.md

@@ -1,4 +1,4 @@
-[![ci](https://github.com/catalyst/moodle-auth_outage/actions/workflows/ci.yml/badge.svg?branch=MOODLE_39_STABLE)](https://github.com/catalyst/moodle-auth_outage/actions/workflows/ci.yml?branch=MOODLE_39_STABLE)
+[![ci](https://github.com/catalyst/moodle-auth_outage/actions/workflows/ci.yml/badge.svg?branch=MOODLE_501_STABLE)](https://github.com/catalyst/moodle-auth_outage/actions/workflows/ci.yml?branch=MOODLE_501_STABLE)
 
 # Moodle Outage manager plugin
 - [Moodle Outage manager plugin](#moodle-outage-manager-plugin)
@@ -42,9 +42,10 @@ need to manually add one extra plugin, please check:
 
 Moodle supported branches
 --------
-| Version     | Branch            | PHP  |
-|-------------|-------------------|------|
-| Moodle 3.9+ | MOODLE_39_STABLE  | 7.2+ |
+| Version        | Branch              | PHP  |
+|----------------|---------------------|------|
+| Moodle 5.1     | MOODLE_501_STABLE   | 8.2  |
+| Moodle 3.9-5.0 | MOODLE_39_STABLE    | 7.2+ |
 
 Totara supported branches
 --------

classes/dml/outagedb.php

@@ -84,6 +84,82 @@ class outagedb {
         return new outage($outage);
     }
 
+    /**
+     * Also sends all admins the event as a message
+     *
+     * @param $outage
+     * @param $event
+     */
+    private static function notify($outage, $event) {
+
+        $admins = get_admins();
+
+        foreach ($admins as $admin) {
+            self::notify_user($outage, $event, $admin);
+        }
+
+    }
+
+    /**
+     * Send outage info to one user
+     *
+     * @param $outage outage
+     * @param $event event
+     * @param $to user object
+     */
+    private static function notify_user($outage, $event, $to) {
+
+        global $SITE, $CFG;
+
+        $from = \core_user::get_user($event->userid);
+        if (!$from) {
+            return;
+        }
+        $fields = [
+            'site_shortname'    => $SITE->shortname,
+            'site_fullname'     => $SITE->fullname,
+            'site_wwwroot'      => $CFG->wwwroot,
+
+            'outage_id'         => $outage->id,
+            'outage_title'      => $outage->get_title(),
+            'outage_desc'       => clean_text($outage->get_description(), FORMAT_HTML),
+            'outage_start'      => userdate($outage->starttime, get_string('datetimeformat', 'auth_outage')),
+            'outage_stop'       => userdate($outage->stoptime, get_string('datetimeformat', 'auth_outage')),
+            'outage_duration'   => format_time($outage->get_duration_planned()),
+
+            'event_name'        => $event->get_name(),
+            'event_desc'        => $event->get_description(),
+            'event_link'        => $event->get_url()->out(),
+
+            'from_name'         => fullname($from),
+            'to_name'           => fullname($to),
+            'prefs_link'        => (new \moodle_url('/message/notificationpreferences.php'))->out(),
+
+        ];
+
+        $message = new \core\message\message();
+        $message->component = 'auth_outage';
+        $message->name = 'updatenotify';
+        $message->userto = $to;
+        $message->subject         = get_string('messagesubject', 'auth_outage', $fields);
+        $message->fullmessage     = get_string('messagetext',    'auth_outage', $fields);
+        $message->fullmessagehtml = get_string('messagehtml',    'auth_outage', $fields);
+        $message->fullmessageformat = FORMAT_HTML;
+
+        $threadid = generate_email_messageid('outage' . $outage->id);
+        $message->userfrom = $from;
+        $message->userfrom->customheaders = [
+            "In-Reply-To: $threadid",
+            "References: $threadid",
+            "Thread-Topic: " . $message->subject,
+            "Thread-Index: $threadid",
+        ];
+
+        $message->notification = 1;
+        message_send($message);
+
+    }
+
     /**
      * Saves an outage to the database.
      *
@@ -114,6 +190,7 @@ class outagedb {
             ]);
             $event->add_record_snapshot('auth_outage', (object)(array) $outage);
             $event->trigger();
+            self::notify($outage, $event);
 
             // Create calendar entry.
             calendar::create($outage);
@@ -127,6 +204,7 @@ class outagedb {
 
             $event->add_record_snapshot('auth_outage', (object)(array) $outage);
             $event->trigger();
+            self::notify($outage, $event);
 
             // Remove the createdby field so it does not get updated.
             unset($outage->createdby);
@@ -170,6 +248,7 @@ class outagedb {
 
         $event->add_record_snapshot('auth_outage', $previous);
         $event->trigger();
+        self::notify($outage, $event);
 
         // Delete it and remove from calendar.
         $DB->delete_records('auth_outage', ['id' => $id]);

classes/event/outage_created.php

@@ -28,13 +28,23 @@ use moodle_url;
  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  */
 class outage_created extends base {
+
+    /**
+     * Return localised event name.
+     *
+     * @return string
+     */
+    public static function get_name() {
+        return get_string('eventoutagecreated', 'auth_outage');
+    }
+
     /**
      * Returns non-localised event description with id's for admin use only.
      *
      * @return string
      */
     public function get_description() {
-        return "The user with the id '{$this->userid}' created outage {$this->other['id']} '{$this->other['title']}'";
+        return "The user with the id '{$this->userid}' scheduled outage {$this->other['id']} '{$this->other['title']}'";
     }
 
     /**

classes/event/outage_deleted.php

@@ -28,6 +28,16 @@ use moodle_url;
  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  */
 class outage_deleted extends base {
+
+    /**
+     * Return localised event name.
+     *
+     * @return string
+     */
+    public static function get_name() {
+        return get_string('eventoutagedeleted', 'auth_outage');
+    }
+
     /**
      * Returns non-localised event description with id's for admin use only.
      *

classes/event/outage_updated.php

@@ -28,6 +28,16 @@ use moodle_url;
  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  */
 class outage_updated extends base {
+
+    /**
+     * Return localised event name.
+     *
+     * @return string
+     */
+    public static function get_name() {
+        return get_string('eventoutageupdated', 'auth_outage');
+    }
+
     /**
      * Returns non-localised event description with id's for admin use only.
      *

classes/local/outagelib.php

@@ -56,7 +56,7 @@ class outagelib {
         global $CFG;
         require_once($CFG->libdir . '/filelib.php');
 
-        $curl = new curl();
+        $curl = new curl(['ignoresecurity' => true]);
         $contents = $curl->get($file);
         $info = $curl->get_info();
         if (!empty($info['content_type'])) {
@@ -253,7 +253,7 @@ class outagelib {
      * @param int    $stoptime   Outage stop time.
      * @param string $allowedips List of IPs allowed.
      * @param string|null $accesskey access key, or null if no access key set.
-     * @param string|null $metadata metadata to be added to the outage headers, or null if none.
+     * @param string|null $metadata Metadata to set in headers, or null if none.
      *
      * @return string
      * @throws invalid_parameter_exception
@@ -345,9 +345,17 @@ EOT;
         $search = ['{{STARTTIME}}', '{{STOPTIME}}', '{{USEALLOWEDIPS}}', '{{ALLOWEDIPS}}', '{{USEACCESSKEY}}', '{{ACCESSKEY}}',
             '{{YOURIP}}', '{{COOKIESECURE}}', '{{COOKIEHTTPONLY}}', '{{METADATA}}'];
         // Note that var_export is required because (string) false == '', not 'false'.
-        $replace = [$starttime, $stoptime, var_export(!empty($allowedips), true), $allowedips, var_export(!empty($accesskey), true),
-            $accesskey, getremoteaddr('n/a'), var_export($cookiesecure, true),
-            var_export($cookiehttponly, true), var_export($metadata, true)];
+        $replace = [
+            $starttime,
+            $stoptime,
+            var_export(!empty($allowedips), true),
+            $allowedips,
+            var_export(!empty($accesskey), true),
+            $accesskey,
+            getremoteaddr('n/a'),
+            var_export($cookiesecure, true),
+            var_export($cookiehttponly, true),
+            var_export($metadata, true)];
         return str_replace($search, $replace, $code);
     }
 

db/access.php

@@ -34,4 +34,13 @@ $capabilities = [
             'user' => CAP_ALLOW,
         ],
     ],
+    'auth/outage:updatenotify' => [
+        'captype'       => 'write',
+        'riskbitmask'   => RISK_XSS,
+        'contextlevel'  => CONTEXT_SYSTEM,
+        'archetypes'    => [
+            'manager'   => CAP_ALLOW,
+        ]
+    ],
 ];
+

db/messages.php

@@ -0,0 +1,32 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
+/**
+ * Defines message providers for outage
+ *
+ * @package    auth_outage
+ * @copyright  2020 Brendan Heywood <brendan@catalyst-au.net>
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+
+defined('MOODLE_INTERNAL') || die();
+
+$messageproviders = [
+    'updatenotify' => [
+        'capability'  => 'auth/outage:updatenotify',
+    ]
+];
+

db/upgrade.php

@@ -61,7 +61,7 @@ function xmldb_auth_outage_upgrade($oldversion) {
         upgrade_plugin_savepoint(true, 2024081900, 'auth', 'outage');
     }
 
-    if ($oldversion < 2024081901) {
+    if ($oldversion < 2026011301) {
         // Define field metadata to be added to auth_outage.
         $table = new xmldb_table('auth_outage');
         $field = new xmldb_field('metadata', XMLDB_TYPE_TEXT, null, null, null, null, null, 'accesskey');
@@ -72,10 +72,10 @@ function xmldb_auth_outage_upgrade($oldversion) {
         }
 
         // Outage savepoint reached.
-        upgrade_plugin_savepoint(true, 2024081901, 'auth', 'outage');
+        upgrade_plugin_savepoint(true, 2026011301, 'auth', 'outage');
     }
 
-    if ($oldversion < 2024081902) {
+    if ($oldversion < 2026011302) {
         // Getting the table auth_outage and target field to remove from the table.
         $table = new xmldb_table('auth_outage');
         $field = new xmldb_field('autostart');
@@ -89,7 +89,7 @@ function xmldb_auth_outage_upgrade($oldversion) {
         unset_config('default_autostart', 'auth_outage');
 
         // Outage savepoint reached.
-        upgrade_plugin_savepoint(true, 2024081902, 'auth', 'outage');
+        upgrade_plugin_savepoint(true, 2026011302, 'auth', 'outage');
     }
 
     return true;

edit.php

@@ -28,7 +28,6 @@ use auth_outage\form\outage\edit;
 use auth_outage\local\outage;
 use auth_outage\local\outagelib;
 
-
 require_once(__DIR__ . '/../../config.php');
 require_once($CFG->libdir . '/adminlib.php');
 require_once($CFG->libdir . '/formslib.php');

lang/en/auth_outage.php

@@ -100,6 +100,9 @@ $string['defaultwarningduration'] = 'Warning duration';
 $string['defaultwarningdurationdescription'] = 'Default warning time (in minutes) for outages.';
 $string['description'] = 'Public Description';
 $string['description_help'] = 'A full description of the outage, publicly visible by all users.';
+$string['eventoutagecreated'] = 'Outage scheduled';
+$string['eventoutagedeleted'] = 'Outage cancelled';
+$string['eventoutageupdated'] = 'Outage updated';
 $string['finish'] = 'Finish';
 $string['info15secondsbefore'] = '15 seconds before';
 $string['infoendofoutage'] = 'end of outage';
@@ -121,9 +124,48 @@ $string['messageoutageongoing'] = 'Back online at {$a->stop}.';
 $string['messageoutagewarning'] = 'Shutting down in {{countdown}}';
 $string['metadata'] = 'Outage metadata';
 $string['metadata_help'] = 'Data here will be output in the outage page as a meta tag in the header of the outage page.';
+$string['messageprovider:updatenotify'] = 'Changes to planned outages';
+$string['messagesubject'] = '[{$a->site_shortname}] {$a->event_name} #{$a->outage_id}: {$a->outage_start}';
+$string['messagetext'] = '{$a->event_name}
+
+{$a->site_fullname} ({$a->site_wwwroot})
+
+{$a->event_link}
+
+ID: {$a->outage_id}
+NAME: {$a->outage_title}
+START: {$a->outage_start}
+DURATION: {$a->outage_duration}
+DESCRIPTION:
+{$a->outage_desc}
+
+--
+
+To unsubscribe visit:
+{$a->prefs_link}';
+$string['messagehtml'] = '
+<h3>{$a->event_name}</h3>
+
+<p>{$a->site_fullname} (<a href="{$a->site_wwwroot}">{$a->site_wwwroot}</a>)</p>
+
+<p><a href="{$a->event_link}">{$a->event_link}</a></p>
+
+<h4>Name:</h4>
+<p>{$a->outage_title}</p>
+<h4>Start:</h4>
+<p>{$a->outage_start}</p>
+<h4>Duration:</h4>
+<p>{$a->outage_duration}</p>
+<h4>Description:</h4>
+<p>{$a->outage_desc}</p>
+
+<hr>
+<p>To unsubscribe visit:<br>
+<a href="{$a->prefs_link}">{$a->prefs_link}</a></p>
+';
 $string['na'] = 'n/a';
 $string['notfound'] = 'No outages found.';
-$string['outage:updatenotify'] = '';
+$string['outage:updatenotify'] = 'Receive outage update notifications';
 $string['outage:viewinfo'] = 'View outage info';
 $string['outageclone'] = 'Clone outage';
 $string['outageclonecrumb'] = 'Clone';
@@ -141,6 +183,7 @@ $string['outagefinishwarning'] = 'You are about to mark this outage as finished.
 $string['outageslistfuture'] = 'Planned outages';
 $string['outageslistpast'] = 'Outage history';
 $string['pluginname'] = 'Outage manager';
+$string["privacy:no_data_reason"] = "The Outage authentication plugin does not store any personal data.";
 $string['removeselectors'] = 'Remove selectors';
 $string['removeselectorsdescription'] = 'CSS selectors to remove when rendering a static themed maintenance page. One selector per line.';
 $string['settingssectiondefaults'] = 'Default Outage Parameters';
@@ -172,8 +215,3 @@ $string['warningduration'] = 'Warning duration';
 $string['warningduration_help'] = 'How long before the start of the outage should the warning be displayed.';
 $string['warningdurationerrorinvalid'] = 'Warning duration must be positive.';
 $string['warningreenablemaintenancemode'] = 'Please note that saving this outage will re-enable maintenance mode.<br />Untick "Auto start maintenance mode" if you want to prevent this.';
-
-/*
- * Privacy provider (GDPR)
- */
-$string["privacy:no_data_reason"] = "The Outage authentication plugin does not store any personal data.";

tests/local/cli/waitforit_test.php

@@ -158,7 +158,7 @@ final class waitforit_test extends cli_testcase {
     /**
      * Tests the countdown.
      */
-    public function test_countdown() {
+    public function test_countdown(): void {
         self::setAdminUser();
         $now = time();
         outagedb::save(new outage([
@@ -186,7 +186,7 @@ final class waitforit_test extends cli_testcase {
     /**
      * Tests if the outage changed while waiting.
      */
-    public function test_outagechanged() {
+    public function test_outagechanged(): void {
         self::setAdminUser();
         $now = time();
         $id = outagedb::save(new outage([

tests/local/controllers/maintenance_static_page_test.php

@@ -431,6 +431,39 @@ final class maintenance_static_page_test extends \auth_outage\base_testcase {
         maintenance_static_page_io::file_get_data(200);
     }
 
+    /**
+     * Test file_get_data with curlsecurityblockedhosts.
+     * We will use an external URL to test passing ignoresecurity inside of file_get_data works,
+     * ideally in real code we should only be calling file_get_data with internal URLs.
+     */
+    public function test_file_get_data_curlsecurityblockedhosts(): void {
+        global $CFG, $USER;
+
+        $testhtml = $this->getExternalTestFileUrl('/test.html');
+        $url = new \moodle_url($testhtml);
+        $host = $url->get_host();
+        set_config('curlsecurityblockedhosts', $host); // Blocks $host.
+
+        // Test a regular curl with the default security enabled does in fact get blocked.
+        $curl = new \curl();
+        $contents = $curl->get($testhtml);
+        $expected = $curl->get_security()->get_blocked_url_string();
+        self::assertSame($expected, $contents);
+        self::assertSame(0, $curl->get_errno());
+        if ($CFG->branch >= 403) {
+            self::assertDebuggingCalled(
+                "Blocked $testhtml: The URL is blocked. [user {$USER->id}]",
+                DEBUG_NONE
+            );
+        }
+
+        // Test file_get_data does return the page and isn't blocked by security.
+        $found = maintenance_static_page_io::file_get_data($url->out());
+        $expected = '47250a973d1b88d9445f94db4ef2c97a';
+        self::assertSame($expected, md5($found['contents']));
+        self::assertSame('text/html', $found['mime']);
+    }
+
     /**
      * Test remove css selector.
      */
@@ -550,7 +583,7 @@ final class maintenance_static_page_test extends \auth_outage\base_testcase {
     /**
      * Test meta refresh maximum 5 minutes.
      */
-    public function test_meta_refresh_maximum_5seconds() {
+    public function test_meta_refresh_maximum_5seconds(): void {
         $this->resetAfterTest(true);
         $html = "<!DOCTYPE html>\n" .
                 '<html><head><title>Title</title></head>' .
@@ -560,7 +593,6 @@ final class maintenance_static_page_test extends \auth_outage\base_testcase {
         $page->set_max_refresh_time(5);
         $page->generate();
         $generated = trim(file_get_contents($page->get_io()->get_template_file()));
-        return $generated;
 
         self::assertStringContainsString('<meta http-equiv="refresh" content="5">', $generated);
     }

version.php

@@ -28,9 +28,7 @@
 defined('MOODLE_INTERNAL') || die();
 
 $plugin->component = "auth_outage";
-$plugin->version = 2024081905;                  // The current plugin version (Date: YYYYMMDDXX).
-$plugin->release = 2024081905;                  // Human-readable release information.
-$plugin->requires = 2017111309;                 // 2017111309 = T13, but this really requires 3.9 and higher.
-$plugin->maturity = MATURITY_STABLE;            // Suitable for PRODUCTION environments!
-$plugin->supported = [39, 405];                 // A range of branch numbers of supported moodle versions.
-$plugin->incompatible = 501;
+$plugin->version = 2026011304;          // The current plugin version (Date: YYYYMMDDXX).
+$plugin->release = 2026011304;          // Human-readable release information.
+$plugin->requires = 2025100600;         // Moodle 5.1.
+$plugin->maturity = MATURITY_STABLE;    // Suitable for PRODUCTION environments!

views/info/content.php

@@ -44,14 +44,13 @@ defined('MOODLE_INTERNAL') || die();
     <?php if ($viewbag['admin']) : ?>
         <?php
         $adminlinks = [];
-        foreach (
-            [
+        $params = [
             'startofwarning' => -$viewbag['outage']->get_warning_duration(),
             '15secondsbefore' => -15,
             'start' => 0,
             'endofoutage' => $viewbag['outage']->get_duration_planned() - 1,
-            ] as $title => $delta
-        ) {
+        ];
+        foreach ($params as $title => $delta) {
             $adminlinks[] = html_writer::link(
                 new moodle_url(
                     '/auth/outage/info.php',