ownCloud Repository

From MoodleDocs
Revision as of 14:22, 29 January 2018 by Jan Dageförde (talk | contribs) (Changes to ocs_endpoint and userinfo_endpoint.)

General

This plugin enables Moodle users to have direct access to their private files from ownCloud in the Moodle file picker and the URL resource module, enabling to upload files into Moodle directly from their ownCloud, without having to download it to their local machine first.


Is your institution using multiple ownCloud servers? Don't worry, a Moodle administrator can connect multiple ownCloud servers that are then presented separately to the users. Tech-savvy users are not able to add their own ownCloud servers, though, so the Moodle admin is always in control which servers are connected.

Are you using Nextcloud? ownCloud and Nextcloud share the same history. As a consequence, they work quite similar. This repository was developed with ownCloud in mind, but it actually works with Nextcloud as well (with some limitations, see Nextcloud Limitations).

Installation

This plugin requires configuration in ownCloud (add Moodle as an allowed client) as well as in Moodle (add ownCloud servers to which users will be able to connect). Fair warning: The configuration might become very technical. We collect a list of known problems and hints at their resolution below.

Add Moodle as a client to ownCloud

Prerequisites: Current ownCloud installation (Recommended: Version 10+) with enabled HTTPS and the ownCloud app.

Log in as an administrator. Go to Settings ► User authentication and add your Moodle installation as a client:

Name Redirection URI
Your Moodle name Your Moodle URL + /admin/oauth2callback.php

For example, if your users reach Moodle at https://moodle.example.com, your redirection URI would be https://moodle.example.com/admin/oauth2callback.php. The name can be chosen freely, but note that it will presented to ownCloud users, so the name should be self-explanatory to them.

After adding the client, the table displays a corresponding Client Identifier and a secret. Those will be required for the configuration in Moodle, so keep them at hand. For example, if your users reach Moodle at https://moodle.example.com, your redirection URI would be https://moodle.example.com/admin/oauth2callback.php. The name can be chosen freely, but note that it will presented to ownCloud users, so the name should be self-explanatory to them. After adding the client, the table displays a corresponding Client Identifier and a secret. Those will be required for the configuration in Moodle, so keep them at hand.

Install this plugin to Moodle

Copy the content of this repository to repository/owncloud. No additional settings are displayed to the admin when installing the plugin. However, when the repository is enabled, the admin has to select an issuer which defines the ownCloud server. The next steps describe how the necessary issuer is created in Moodle's central OAuth 2 services settings. Afterwards, an ownCloud repository instance is created using that issuer.

Create OAuth 2 Issuer

You need to configure Moodle so that it knows how to talk to your ownCloud server. For this, a so-called OAuth 2 issuer has to be registered in the admin menu Site administration ► Server ► OAuth 2 services. There, select Create custom service. Choose the name freely; it will only be shown to you. Enter ClientID and Secret from the ownCloud settings of Add Moodle as a client to ownCloud. Enable the "Authenticate token requests via HTTP headers" checkbox (if present). As Service base URL, enter the full URL to your ownCloud installation, including a custom port (if any). For example, if the ownCloud installation is at https://owncloud.example.com:8000/oc/, then this is the base URL. Ignore the other settings and click Save changes. Afterwards, your issuer is listed in a table. There, click Configure endpoints to configure the services that we want to use, as ownCloud does not support auto discovery. For the ownCloud Repository plugin four endpoints have to be registered that are ownCloud-specific:

Endpoint name Endpoint URL
token_endpoint Base URL + /index.php/apps/oauth2/api/v1/token
authorization_endpoint Base URL + /index.php/apps/oauth2/authorize
webdav_endpoint Base URL + /remote.php/webdav/
ocs_endpoint Base URL + /ocs/v1.php/apps/files_sharing/api/v1/shares?format=xml
userinfo_endpoint Base URL + /ocs/v2.php/cloud/user?format=json

Given the Base URL example above, an exemplary token_endpoint URL is https://owncloud.example.com:8000/oc/index.php/apps/oauth2/api/v1/token . Return to the issuer overview and click on Configure user field mappings. Enter the following mappings:

External field name Internal field name
ocs-data-email email
ocs-data-id username

This is sufficient to use the ownCloud repository! For further information on configuring OAuth 2 clients visit the Moodle documentation on OAuth 2 and the Developer documentation on OAuth 2.

Create a repository instance

Now that the ownCloud issuer is configured, it can be associated with an instance of the repository. Go to the repository settings Site administration ► Plugins ► Repositories ► Manage repositories and enable the ownCloud respository (Enabled and visible). When asked for special user permissions, do not check any boxes. As they may not configure OAuth 2 issuers, these permissions are not that useful. Then, open the Settings of the ownCloud repository and click Create a repository instance. Enter a name that will be displayed to Moodle users and select the configured issuer. A text underneath the select box tells you which issuers are suited for use with this repository. If your issuer does not show up, double-check the issuer settings; particularly all URLs (base URL and endpoints) and the names of the endpoints.

Configuration Menu

Afterwards, everything is configured and ready to go! Let's see what this looks like for your users:

Usage

The repository is available in all activities where the file picker is used. However, course admins can disable it in the Course Administration ► Repositories menu. In the file picker a login button is displayed (assuming that the user is not authenticated yet):

File Picker Login

When the button is clicked a pop-up window or a new tab is opened and the user will be requested to login at the ownCloud instance and authorise access from Moodle. If authorisation is granted, the user sees a tabular listing of the files available:

File Picker Listing

Here the user can select files, reload the content and logout. The settings button is only displayed to admins, who will be redirected to the repository settings.

Nextcloud Limitations

So far (2017), Nextcloud and ownCloud share the same API, so the Plugin generally works well with both. Nevertheless, Nextcloud has a limitation that prevents the use of file links. That means, files can only be uploaded from Nextcloud from Moodle, but you cannot use the alternative, i.e. creating a file link, because the Nextcloud server will block you from doing so.

This is documented in https://github.com/nextcloud/server/issues/5694 and we hope that the Nextcloud team will resolve this issue soon. Once it is, there will be nothing to do from the Moodle side – it will just work. :)

Troubleshooting

Installing and configuring this plugin is a very technical endeavour, given that making two machines speak to each other is a very technical topic. If something goes wrong, it may be hard to find out the root cause. Nevertheless, we have been able to resolve most issues and, once the plugin is installed and configured correctly, it runs smoothly and very stable. The following is a list of issues that were encountered during configuration, and hints at how to proceed.

I cannot connect a system account
The system account is not used by the repository. You don't need to worry about being unable to connect a system account.
Authentication seems to have succeeded, but the filepicker shows "There are no files"
The Apache server that hosts your ownCloud may be misconfigured. Its Apache logs may show a 401 error as well if you try to see the files in Moodle. Please have a look at the comments following https://github.com/learnweb/moodle-repository_owncloud/issues/26#issuecomment-343521986 to get ideas on how to solve this.

Please add to this list if you were able to solve another issue, this will help others greatly! Thanks!

Acknowledgement

This plugin was originally created by Information Systems students in the project seminar sciebo@Learnweb at the University of Münster in 2016/17. See their github page for an archive(!) of their great work. They also created the OAuth 2 interface for ownCloud (featured on heise Security (German)); otherwise all this wouldn't have been possible. Learnweb (University of Münster) is maintaining the Moodle plugins since 2017.