in local/o365/classes/feature/usersync/main.php [1291:1388]
protected function sync_existing_user($syncoptions, $aaduserdata, $existinguser, $exactmatch) {
global $DB;
$photoexpire = get_config('local_o365', 'photoexpire');
if (empty($photoexpire) || !is_numeric($photoexpire)) {
$photoexpire = 24;
}
$photoexpiresec = $photoexpire * 3600;
$userobjectid = (unified::is_configured()) ? $aaduserdata['id'] : $aaduserdata['objectId'];
// Check for user GUID changes.
// There shouldn't be multiple token records, but just in case.
$oidctokenrecords = $DB->get_records('auth_oidc_token',
['userid' => $existinguser->muserid, 'oidcusername' => $existinguser->username]);
foreach ($oidctokenrecords as $oidctokenrecord) {
if ($oidctokenrecord->oidcuniqid != $userobjectid) {
$DB->delete_records('auth_oidc_token', ['id' => $oidctokenrecord->id]);
$this->mtrace('Deleted auth_oidc token due to conflicts.');
}
}
if ($localo365objectrecord = $DB->get_record('local_o365_objects', ['id' => $existinguser->objectid])) {
if ($localo365objectrecord->objectid != $userobjectid) {
$localo365objectrecord->objectid = $userobjectid;
$DB->update_record('local_o365_objects', $localo365objectrecord);
$this->mtrace('Updated user object ID in local_o365_object record.');
}
}
// Assign user to app if not already assigned.
if (isset($syncoptions['appassign'])) {
if (empty($existinguser->assigned)) {
try {
if (!empty($existinguser->muserid) && !empty($userobjectid)) {
$this->assign_user($existinguser->muserid, $userobjectid);
}
} catch (\Exception $e) {
$this->mtrace('Could not assign user "'.$aaduserdata['userPrincipalName'].'" Reason: '.$e->getMessage());
}
}
}
// Perform photo sync.
if (isset($syncoptions['photosync'])) {
if (empty($existinguser->photoupdated) || ($existinguser->photoupdated + $photoexpiresec) < time()) {
try {
if (!PHPUNIT_TEST) {
$this->assign_photo($existinguser->muserid, $aaduserdata['upnlower']);
}
} catch (\Exception $e) {
$this->mtrace('Could not assign profile photo to user "' . $aaduserdata['userPrincipalName'] . '" Reason: ' .
$e->getMessage());
}
}
}
// Perform timezone sync.
if (isset($syncoptions['tzsync'])) {
try {
if (!PHPUNIT_TEST) {
$this->sync_timezone($existinguser->muserid, $aaduserdata['upnlower']);
}
} catch (\Exception $e) {
$this->mtrace('Could not sync timezone for user "' . $aaduserdata['userPrincipalName'] . '" Reason: ' .
$e->getMessage());
}
}
// Sync disabled status.
if (isset($syncoptions['disabledsync'])) {
if (isset($aaduserdata['accountEnabled'])) {
if ($aaduserdata['accountEnabled']) {
if ($existinguser->suspended == 1) {
$completeexistinguser = \core_user::get_user($existinguser->muserid);
$completeexistinguser->suspended = 0;
user_update_user($completeexistinguser, false);
}
} else {
if ($existinguser->suspended == 0) {
$completeexistinguser = \core_user::get_user($existinguser->muserid);
$completeexistinguser->suspended = 1;
user_update_user($completeexistinguser, false);
}
}
}
}
// Match user if needed.
if ($existinguser->auth !== 'oidc') {
$this->mtrace('Found a user in Azure AD that seems to match a user in Moodle');
$this->mtrace(sprintf('moodle username: %s, aad upn: %s', $existinguser->username, $aaduserdata['upnlower']));
return $this->sync_users_matchuser($syncoptions, $aaduserdata, $existinguser, $exactmatch);
} else {
$this->mtrace('The user is already using OpenID for authentication.');
return true;
}
}