MDL-72188 quizaccess_seb: Auto redirect should only happen from where config key is checked.

Author: andrewmadden

mod/quiz/accessrule/seb/classes/access_manager.php

@@ -370,4 +370,34 @@ public function clear_session_access(): void {
         global $SESSION;
         unset($SESSION->quizaccess_seb_access[$this->quiz->get_cmid()]);
     }
+
+    /**
+     * Redirect to SEB config link. This will force Safe Exam Browser to be reconfigured.
+     */
+    public function redirect_to_seb_config_link() {
+        global $PAGE;
+
+        $seblink = \quizaccess_seb\link_generator::get_link($this->quiz->get_cmid(), true, is_https());
+        $PAGE->requires->js_amd_inline("document.location.replace('" . $seblink . "')");
+    }
+
+    /**
+     * Check if we need to redirect to SEB config link.
+     * @param bool $checkheaders Flag for whether the config key header should be checked. This should be true when not
+     * using the new SEB JS API.
+     *
+     * @return bool
+     */
+    public function should_redirect_to_seb_config_link(bool $checkheaders = false) : bool {
+        // If $checkheaders is true, we check if there is an existing config key header. If there is none, we assume that
+        // the SEB application is not using header verification so auto redirect should not proceed.
+        $headercheck = true;
+        if ($checkheaders) {
+            $headercheck = !is_null($this->get_received_config_key());
+        }
+
+        return $this->is_using_seb()
+                && get_config('quizaccess_seb', 'autoreconfigureseb')
+                && $headercheck;
+    }
 }

mod/quiz/accessrule/seb/classes/external/validate_quiz_access.php

@@ -98,6 +98,10 @@ public static function execute(string $cmid, string $url, ?string $configkey = n
 
         // Check if there is a valid config key.
         if (!$accessmanager->validate_config_key($configkey, $url)) {
+            if ($accessmanager->should_redirect_to_seb_config_link()) {
+                $accessmanager->redirect_to_seb_config_link();
+            }
+
             access_prevented::create_strict($accessmanager, get_string('invalid_config_key', 'quizaccess_seb'),
                     $configkey, $browserexamkey)->trigger();
             return ['valid' => false];

mod/quiz/accessrule/seb/rule.php

@@ -309,8 +309,8 @@ public function prevent_access() {
         }
 
         if (!$this->accessmanager->validate_config_key()) {
-            if ($this->should_redirect_to_seb_config_link()) {
-                $this->redirect_to_seb_config_link();
+            if ($this->accessmanager->should_redirect_to_seb_config_link(true)) {
+                $this->accessmanager->redirect_to_seb_config_link();
             }
 
             access_prevented::create_strict($this->accessmanager, $this->get_reason_text('invalid_config_key'))->trigger();
@@ -594,23 +594,4 @@ private function get_seb_download_url() : string {
     private function should_display_download_seb_link() : bool {
         return !empty($this->quiz->seb_showsebdownloadlink);
     }
-
-    /**
-     * Redirect to SEB config link. This will force Safe Exam Browser to be reconfigured.
-     */
-    private function redirect_to_seb_config_link() {
-        global $PAGE;
-
-        $seblink = \quizaccess_seb\link_generator::get_link($this->quiz->cmid, true, is_https());
-        $PAGE->requires->js_amd_inline("document.location.replace('" . $seblink . "')");
-    }
-
-    /**
-     * Check if we need to redirect to SEB config link.
-     * @return bool
-     */
-    private function should_redirect_to_seb_config_link() : bool {
-        return $this->accessmanager->is_using_seb() && get_config('quizaccess_seb', 'autoreconfigureseb');
-    }
-
 }

mod/quiz/accessrule/seb/tests/access_manager_test.php

@@ -576,4 +576,45 @@ public function test_clear_session_access() {
 
         $this->assertTrue(empty($SESSION->quizaccess_seb_access[$this->quiz->cmid]));
     }
+
+    /**
+     * Test we can decide if need to redirect to SEB config link.
+     */
+    public function test_should_redirect_to_seb_config_link_without_checking_header() {
+        $this->quiz = $this->create_test_quiz($this->course, settings_provider::USE_SEB_CONFIG_MANUALLY);
+        $accessmanager = $this->get_access_manager();
+
+        set_config('autoreconfigureseb', '0', 'quizaccess_seb');
+        $_SERVER['HTTP_USER_AGENT'] = 'TEST';
+        $this->assertFalse($accessmanager->should_redirect_to_seb_config_link());
+
+        set_config('autoreconfigureseb', '0', 'quizaccess_seb');
+        $_SERVER['HTTP_USER_AGENT'] = 'SEB';
+        $this->assertFalse($accessmanager->should_redirect_to_seb_config_link());
+
+        set_config('autoreconfigureseb', '1', 'quizaccess_seb');
+        $_SERVER['HTTP_USER_AGENT'] = 'TEST';
+        $this->assertFalse($accessmanager->should_redirect_to_seb_config_link());
+
+        set_config('autoreconfigureseb', '1', 'quizaccess_seb');
+        $_SERVER['HTTP_USER_AGENT'] = 'SEB';
+        $this->assertTrue($accessmanager->should_redirect_to_seb_config_link());
+    }
+
+    /**
+     * Test we can decide if need to redirect to SEB config link when also checking for config key header.
+     */
+    public function test_should_redirect_to_seb_config_link_with_checking_header() {
+        $this->quiz = $this->create_test_quiz($this->course, settings_provider::USE_SEB_CONFIG_MANUALLY);
+        $accessmanager = $this->get_access_manager();
+
+        set_config('autoreconfigureseb', '1', 'quizaccess_seb');
+        $_SERVER['HTTP_USER_AGENT'] = 'SEB';
+        $this->assertFalse($accessmanager->should_redirect_to_seb_config_link(true));
+
+        set_config('autoreconfigureseb', '1', 'quizaccess_seb');
+        $_SERVER['HTTP_USER_AGENT'] = 'SEB';
+        $_SERVER['HTTP_X_SAFEEXAMBROWSER_CONFIGKEYHASH'] = hash('sha256', 'configkey');
+        $this->assertTrue($accessmanager->should_redirect_to_seb_config_link(true));
+    }
 }

mod/quiz/accessrule/seb/tests/rule_test.php

@@ -1265,34 +1265,6 @@ public function test_blocks_display_after_attempt_finished() {
         $this->assertFalse($property->getValue($PAGE->blocks));
     }
 
-    /**
-     * Test we can decide if need to redirect to SEB config link.
-     */
-    public function test_should_redirect_to_seb_config_link() {
-        $this->setAdminUser();
-        $this->quiz = $this->create_test_quiz($this->course, settings_provider::USE_SEB_CONFIG_MANUALLY);
-
-        $reflection = new \ReflectionClass('quizaccess_seb');
-        $method = $reflection->getMethod('should_redirect_to_seb_config_link');
-        $method->setAccessible(true);
-
-        set_config('autoreconfigureseb', '0', 'quizaccess_seb');
-        $_SERVER['HTTP_USER_AGENT'] = 'TEST';
-        $this->assertFalse($method->invoke($this->make_rule()));
-
-        set_config('autoreconfigureseb', '0', 'quizaccess_seb');
-        $_SERVER['HTTP_USER_AGENT'] = 'SEB';
-        $this->assertFalse($method->invoke($this->make_rule()));
-
-        set_config('autoreconfigureseb', '1', 'quizaccess_seb');
-        $_SERVER['HTTP_USER_AGENT'] = 'TEST';
-        $this->assertFalse($method->invoke($this->make_rule()));
-
-        set_config('autoreconfigureseb', '1', 'quizaccess_seb');
-        $_SERVER['HTTP_USER_AGENT'] = 'SEB';
-        $this->assertTrue($method->invoke($this->make_rule()));
-    }
-
     /**
      * Test cleanup when quiz is completed.
      */