From d6dea66af7208f1a294f5cd79b36798f8330079d Mon Sep 17 00:00:00 2001
From: Christian Abila <christian.abila@edaktik.at>
Date: Mon, 28 Jul 2025 09:35:40 +0200
Subject: [PATCH 1/2] use new \core\context\system class

---
 auth/oidc/binding_username_claim.php             | 3 ++-
 auth/oidc/change_binding_username_claim_tool.php | 3 ++-
 auth/oidc/classes/event/action_failed.php        | 4 +++-
 auth/oidc/classes/event/user_authed.php          | 4 +++-
 auth/oidc/classes/event/user_connected.php       | 4 +++-
 auth/oidc/classes/event/user_created.php         | 4 +++-
 auth/oidc/classes/event/user_disconnected.php    | 4 +++-
 auth/oidc/classes/event/user_loggedin.php        | 4 +++-
 auth/oidc/classes/event/user_rename_attempt.php  | 4 ++--
 auth/oidc/classes/loginflow/base.php             | 3 ++-
 auth/oidc/cleanupoidctokens.php                  | 4 +++-
 auth/oidc/lib.php                                | 3 ++-
 auth/oidc/logout.php                             | 4 +++-
 auth/oidc/manageapplication.php                  | 3 ++-
 auth/oidc/tests/privacy_provider_test.php        | 5 +++--
 auth/oidc/ucp.php                                | 4 +++-
 16 files changed, 42 insertions(+), 18 deletions(-)

diff --git a/auth/oidc/binding_username_claim.php b/auth/oidc/binding_username_claim.php
index dcb2a1da3..a8b091fbf 100644
--- a/auth/oidc/binding_username_claim.php
+++ b/auth/oidc/binding_username_claim.php
@@ -24,6 +24,7 @@
  */
 
 use auth_oidc\form\binding_username_claim;
+use core\context\system;
 
 require_once(dirname(__FILE__) . '/../../config.php');
 require_once($CFG->libdir . '/adminlib.php');
@@ -33,7 +34,7 @@
 
 $url = new moodle_url('/auth/oidc/binding_username_claim.php');
 $PAGE->set_url($url);
-$PAGE->set_context(context_system::instance());
+$PAGE->set_context(system::instance());
 $PAGE->set_pagelayout('admin');
 $PAGE->set_heading(get_string('settings_page_binding_username_claim', 'auth_oidc'));
 $PAGE->set_title(get_string('settings_page_binding_username_claim', 'auth_oidc'));
diff --git a/auth/oidc/change_binding_username_claim_tool.php b/auth/oidc/change_binding_username_claim_tool.php
index 491f75209..182095a0b 100644
--- a/auth/oidc/change_binding_username_claim_tool.php
+++ b/auth/oidc/change_binding_username_claim_tool.php
@@ -27,6 +27,7 @@
 use auth_oidc\form\change_binding_username_claim_tool_form2;
 use auth_oidc\preview;
 use auth_oidc\process;
+use core\context\system;
 
 require_once(dirname(__FILE__) . '/../../config.php');
 require_once($CFG->libdir . '/adminlib.php');
@@ -36,7 +37,7 @@
 
 $url = new moodle_url('/auth/oidc/change_binding_username_claim_tool.php');
 $PAGE->set_url($url);
-$PAGE->set_context(context_system::instance());
+$PAGE->set_context(system::instance());
 $PAGE->set_pagelayout('admin');
 $PAGE->set_heading(get_string('settings_page_change_binding_username_claim_tool', 'auth_oidc'));
 $PAGE->set_title(get_string('settings_page_change_binding_username_claim_tool', 'auth_oidc'));
diff --git a/auth/oidc/classes/event/action_failed.php b/auth/oidc/classes/event/action_failed.php
index ff99cb06e..1c5a7ef64 100644
--- a/auth/oidc/classes/event/action_failed.php
+++ b/auth/oidc/classes/event/action_failed.php
@@ -25,6 +25,8 @@
 
 namespace auth_oidc\event;
 
+use core\context\system;
+
 /**
  * Event fired whenever we need to record a debug message.
  */
@@ -53,7 +55,7 @@ public function get_description() {
      * @return void
      */
     protected function init() {
-        $this->context = \context_system::instance();
+        $this->context = system::instance();
         $this->data['crud'] = 'r';
         $this->data['edulevel'] = self::LEVEL_OTHER;
     }
diff --git a/auth/oidc/classes/event/user_authed.php b/auth/oidc/classes/event/user_authed.php
index 97bf2a825..013171a7c 100644
--- a/auth/oidc/classes/event/user_authed.php
+++ b/auth/oidc/classes/event/user_authed.php
@@ -25,6 +25,8 @@
 
 namespace auth_oidc\event;
 
+use core\context\system;
+
 /**
  * Event fired when a user authenticated with OIDC, but does not log in.
  */
@@ -53,7 +55,7 @@ public function get_description() {
      * @return void
      */
     protected function init() {
-        $this->context = \context_system::instance();
+        $this->context = system::instance();
         $this->data['crud'] = 'r';
         $this->data['edulevel'] = self::LEVEL_OTHER;
     }
diff --git a/auth/oidc/classes/event/user_connected.php b/auth/oidc/classes/event/user_connected.php
index 3f543a996..0818c1faf 100644
--- a/auth/oidc/classes/event/user_connected.php
+++ b/auth/oidc/classes/event/user_connected.php
@@ -25,6 +25,8 @@
 
 namespace auth_oidc\event;
 
+use core\context\system;
+
 /**
  * Fired when a user connects to OpenID Connect.
  */
@@ -53,7 +55,7 @@ public function get_description() {
      * @return void
      */
     protected function init() {
-        $this->context = \context_system::instance();
+        $this->context = system::instance();
         $this->data['crud'] = 'r';
         $this->data['edulevel'] = self::LEVEL_OTHER;
         $this->data['objecttable'] = 'user';
diff --git a/auth/oidc/classes/event/user_created.php b/auth/oidc/classes/event/user_created.php
index 74c8626da..fd03e5f6a 100644
--- a/auth/oidc/classes/event/user_created.php
+++ b/auth/oidc/classes/event/user_created.php
@@ -25,6 +25,8 @@
 
 namespace auth_oidc\event;
 
+use core\context\system;
+
 /**
  * Event fired when OIDC creates a new user.
  */
@@ -53,7 +55,7 @@ public function get_description() {
      * @return void
      */
     protected function init() {
-        $this->context = \context_system::instance();
+        $this->context = system::instance();
         $this->data['crud'] = 'c';
         $this->data['edulevel'] = self::LEVEL_OTHER;
         $this->data['objecttable'] = 'user';
diff --git a/auth/oidc/classes/event/user_disconnected.php b/auth/oidc/classes/event/user_disconnected.php
index 5fe9ce37d..fadc97cd9 100644
--- a/auth/oidc/classes/event/user_disconnected.php
+++ b/auth/oidc/classes/event/user_disconnected.php
@@ -25,6 +25,8 @@
 
 namespace auth_oidc\event;
 
+use core\context\system;
+
 /**
  * Fired when a user disconnects from OpenID Connect.
  */
@@ -53,7 +55,7 @@ public function get_description() {
      * @return void
      */
     protected function init() {
-        $this->context = \context_system::instance();
+        $this->context = system::instance();
         $this->data['crud'] = 'r';
         $this->data['edulevel'] = self::LEVEL_OTHER;
         $this->data['objecttable'] = 'user';
diff --git a/auth/oidc/classes/event/user_loggedin.php b/auth/oidc/classes/event/user_loggedin.php
index 1c5c0342a..a02f85edd 100644
--- a/auth/oidc/classes/event/user_loggedin.php
+++ b/auth/oidc/classes/event/user_loggedin.php
@@ -25,6 +25,8 @@
 
 namespace auth_oidc\event;
 
+use core\context\system;
+
 /**
  * Fired when a user uses OIDC to log in.
  */
@@ -53,7 +55,7 @@ public function get_description() {
      * @return void
      */
     protected function init() {
-        $this->context = \context_system::instance();
+        $this->context = system::instance();
         $this->data['crud'] = 'r';
         $this->data['edulevel'] = self::LEVEL_OTHER;
         $this->data['objecttable'] = 'user';
diff --git a/auth/oidc/classes/event/user_rename_attempt.php b/auth/oidc/classes/event/user_rename_attempt.php
index 86bb7971f..9fa044267 100644
--- a/auth/oidc/classes/event/user_rename_attempt.php
+++ b/auth/oidc/classes/event/user_rename_attempt.php
@@ -25,7 +25,7 @@
 
 namespace auth_oidc\event;
 
-use context_system;
+use core\context\system;
 use core\event\base;
 
 /**
@@ -56,7 +56,7 @@ public function get_description() {
      * @return void
      */
     protected function init() {
-        $this->context = context_system::instance();
+        $this->context = system::instance();
         $this->data['crud'] = 'u';
         $this->data['edulevel'] = self::LEVEL_OTHER;
         $this->data['objecttable'] = 'user';
diff --git a/auth/oidc/classes/loginflow/base.php b/auth/oidc/classes/loginflow/base.php
index 219c6d437..aff3bb394 100644
--- a/auth/oidc/classes/loginflow/base.php
+++ b/auth/oidc/classes/loginflow/base.php
@@ -29,6 +29,7 @@
 use auth_oidc\jwt;
 use auth_oidc\oidcclient;
 use auth_oidc\utils;
+use core\context\system;
 use core_user;
 use moodle_exception;
 use stdClass;
@@ -388,7 +389,7 @@ public function disconnect($justremovetokens = false, $donotremovetokens = false
             global $OUTPUT, $PAGE;
             require_once($CFG->dirroot.'/user/lib.php');
             $PAGE->set_url($selfurl->out());
-            $PAGE->set_context(\context_system::instance());
+            $PAGE->set_context(system::instance());
             $PAGE->set_pagelayout('standard');
             $USER->editing = false;
 
diff --git a/auth/oidc/cleanupoidctokens.php b/auth/oidc/cleanupoidctokens.php
index 3d1a28453..eaef19bfa 100644
--- a/auth/oidc/cleanupoidctokens.php
+++ b/auth/oidc/cleanupoidctokens.php
@@ -23,13 +23,15 @@
  * @copyright (C) 2014 onwards Microsoft, Inc. (http://microsoft.com/)
  */
 
+use core\context\system;
+
 require_once(__DIR__ . '/../../config.php');
 require_once($CFG->libdir . '/adminlib.php');
 require_once($CFG->dirroot . '/auth/oidc/lib.php');
 
 require_login();
 
-$context = context_system::instance();
+$context = system::instance();
 $pageurl = new moodle_url('/auth/oidc/cleanupoidctokens.php');
 
 admin_externalpage_setup('auth_oidc_cleanup_oidc_tokens');
diff --git a/auth/oidc/lib.php b/auth/oidc/lib.php
index 482060daa..9a225ddca 100644
--- a/auth/oidc/lib.php
+++ b/auth/oidc/lib.php
@@ -26,6 +26,7 @@
 
 use auth_oidc\jwt;
 use auth_oidc\utils;
+use core\context\system;
 
 // IdP types.
 /**
@@ -94,7 +95,7 @@ function auth_oidc_initialize_customicon($filefullname) {
     global $CFG;
 
     $file = get_config('auth_oidc', 'customicon');
-    $systemcontext = \context_system::instance();
+    $systemcontext = system::instance();
     $fullpath = "/{$systemcontext->id}/auth_oidc/customicon/0{$file}";
 
     $fs = get_file_storage();
diff --git a/auth/oidc/logout.php b/auth/oidc/logout.php
index a652f788f..5aa46ae28 100644
--- a/auth/oidc/logout.php
+++ b/auth/oidc/logout.php
@@ -24,10 +24,12 @@
  */
 
 // phpcs:ignore moodle.Files.RequireLogin.Missing
+use core\context\system;
+
 require_once(__DIR__ . '/../../config.php');
 
 $PAGE->set_url('/auth/oidc/logout.php');
-$PAGE->set_context(context_system::instance());
+$PAGE->set_context(system::instance());
 
 $sid = optional_param('sid', '', PARAM_TEXT);
 
diff --git a/auth/oidc/manageapplication.php b/auth/oidc/manageapplication.php
index 401b88813..a34f39e86 100644
--- a/auth/oidc/manageapplication.php
+++ b/auth/oidc/manageapplication.php
@@ -24,6 +24,7 @@
  */
 
 use auth_oidc\form\application;
+use core\context\system;
 
 require_once(dirname(__FILE__) . '/../../config.php');
 require_once($CFG->libdir . '/adminlib.php');
@@ -33,7 +34,7 @@
 
 $url = new moodle_url('/auth/oidc/manageapplication.php');
 $PAGE->set_url($url);
-$PAGE->set_context(context_system::instance());
+$PAGE->set_context(system::instance());
 $PAGE->set_pagelayout('admin');
 $PAGE->set_heading(get_string('settings_page_application', 'auth_oidc'));
 $PAGE->set_title(get_string('settings_page_application', 'auth_oidc'));
diff --git a/auth/oidc/tests/privacy_provider_test.php b/auth/oidc/tests/privacy_provider_test.php
index 6a3989c2d..0acf42e86 100644
--- a/auth/oidc/tests/privacy_provider_test.php
+++ b/auth/oidc/tests/privacy_provider_test.php
@@ -26,6 +26,7 @@
 namespace auth_oidc;
 
 use auth_oidc\privacy\provider;
+use core\context\system;
 
 /**
  * Privacy test for auth_oidc
@@ -98,7 +99,7 @@ public function test_get_users_in_context(): void {
         $this->assertEquals($expected, $actual);
 
         // The list of users for system context should not return any users.
-        $userlist = new \core_privacy\local\request\userlist(\context_system::instance(), $component);
+        $userlist = new \core_privacy\local\request\userlist(system::instance(), $component);
         provider::get_users_in_context($userlist);
         $this->assertCount(0, $userlist);
     }
@@ -257,7 +258,7 @@ public function test_delete_data_for_users(): void {
         $this->assertCount(1, $userlist2);
 
         // User data should be only removed in the user context.
-        $systemcontext = \context_system::instance();
+        $systemcontext = system::instance();
         // Add userlist2 to the approved user list in the system context.
         $approvedlist = new \core_privacy\local\request\approved_userlist($systemcontext, $component, $userlist2->get_userids());
         // Delete user1 data using delete_data_for_user.
diff --git a/auth/oidc/ucp.php b/auth/oidc/ucp.php
index 5d5d701e1..40df97549 100644
--- a/auth/oidc/ucp.php
+++ b/auth/oidc/ucp.php
@@ -23,6 +23,8 @@
  * @copyright (C) 2014 onwards Microsoft, Inc. (http://microsoft.com/)
  */
 
+use core\context\system;
+
 require_once(__DIR__.'/../../config.php');
 require_once(__DIR__.'/auth.php');
 require_once(__DIR__.'/lib.php');
@@ -60,7 +62,7 @@
 } else {
     $PAGE->set_url('/auth/oidc/ucp.php');
     $usercontext = \context_user::instance($USER->id);
-    $PAGE->set_context(\context_system::instance());
+    $PAGE->set_context(system::instance());
     $PAGE->set_pagelayout('standard');
     $USER->editing = false;
     $authconfig = get_config('auth_oidc');

From 41c8c849339e0106d397ebae1234e643140dec19 Mon Sep 17 00:00:00 2001
From: Christian Abila <christian.abila@edaktik.at>
Date: Mon, 28 Jul 2025 09:39:26 +0200
Subject: [PATCH 2/2] use new \core\context\user class

---
 auth/oidc/classes/privacy/provider.php    |  7 ++++---
 auth/oidc/lib.php                         | 13 +++++++------
 auth/oidc/tests/privacy_provider_test.php | 15 ++++++++-------
 auth/oidc/ucp.php                         |  3 ++-
 4 files changed, 21 insertions(+), 17 deletions(-)

diff --git a/auth/oidc/classes/privacy/provider.php b/auth/oidc/classes/privacy/provider.php
index 4a6beb724..41aa76623 100644
--- a/auth/oidc/classes/privacy/provider.php
+++ b/auth/oidc/classes/privacy/provider.php
@@ -27,6 +27,7 @@
 
 defined('MOODLE_INTERNAL') || die();
 
+use core\context\user;
 use core_privacy\local\metadata\collection;
 use core_privacy\local\request\contextlist;
 use core_privacy\local\request\approved_contextlist;
@@ -127,7 +128,7 @@ public static function get_contexts_for_userid(int $userid): contextlist {
     public static function get_users_in_context(\core_privacy\local\request\userlist $userlist) {
         $context = $userlist->get_context();
 
-        if (!$context instanceof \context_user) {
+        if (!$context instanceof user) {
             return;
         }
 
@@ -161,7 +162,7 @@ public static function get_users_in_context(\core_privacy\local\request\userlist
     public static function export_user_data(approved_contextlist $contextlist) {
         global $DB;
         $user = $contextlist->get_user();
-        $context = \context_user::instance($contextlist->get_user()->id);
+        $context = user::instance($contextlist->get_user()->id);
         $tables = static::get_table_user_map($user);
         foreach ($tables as $table => $filterparams) {
             $records = $DB->get_recordset($table, $filterparams);
@@ -235,7 +236,7 @@ private static function delete_user_data(int $userid) {
     public static function delete_data_for_users(\core_privacy\local\request\approved_userlist $userlist) {
         $context = $userlist->get_context();
         // Because we only use user contexts the instance ID is the user ID.
-        if ($context instanceof \context_user) {
+        if ($context instanceof user) {
             self::delete_user_data($context->instanceid);
         }
     }
diff --git a/auth/oidc/lib.php b/auth/oidc/lib.php
index 9a225ddca..3b06bfc9e 100644
--- a/auth/oidc/lib.php
+++ b/auth/oidc/lib.php
@@ -27,6 +27,7 @@
 use auth_oidc\jwt;
 use auth_oidc\utils;
 use core\context\system;
+use core\context\user;
 
 // IdP types.
 /**
@@ -135,24 +136,24 @@ function auth_oidc_connectioncapability($userid, $mode = 'connect', $require = f
     if ($require) {
         // If requiring the capability and user has manageconnection than checking connect and disconnect is not needed.
         $check = 'require_capability';
-        if (has_capability('auth/oidc:manageconnection', \context_user::instance($userid), $userid)) {
+        if (has_capability('auth/oidc:manageconnection', user::instance($userid), $userid)) {
             return true;
         }
-    } else if ($check('auth/oidc:manageconnection', \context_user::instance($userid), $userid)) {
+    } else if ($check('auth/oidc:manageconnection', user::instance($userid), $userid)) {
         return true;
     }
 
     $result = false;
     switch ($mode) {
         case "connect":
-            $result = $check('auth/oidc:manageconnectionconnect', \context_user::instance($userid), $userid);
+            $result = $check('auth/oidc:manageconnectionconnect', user::instance($userid), $userid);
             break;
         case "disconnect":
-            $result = $check('auth/oidc:manageconnectiondisconnect', \context_user::instance($userid), $userid);
+            $result = $check('auth/oidc:manageconnectiondisconnect', user::instance($userid), $userid);
             break;
         case "both":
-            $result = $check('auth/oidc:manageconnectionconnect', \context_user::instance($userid), $userid);
-            $result = $result && $check('auth/oidc:manageconnectiondisconnect', \context_user::instance($userid), $userid);
+            $result = $check('auth/oidc:manageconnectionconnect', user::instance($userid), $userid);
+            $result = $result && $check('auth/oidc:manageconnectiondisconnect', user::instance($userid), $userid);
     }
     if ($require) {
         return true;
diff --git a/auth/oidc/tests/privacy_provider_test.php b/auth/oidc/tests/privacy_provider_test.php
index 0acf42e86..a2e1224d9 100644
--- a/auth/oidc/tests/privacy_provider_test.php
+++ b/auth/oidc/tests/privacy_provider_test.php
@@ -27,6 +27,7 @@
 
 use auth_oidc\privacy\provider;
 use core\context\system;
+use core\context\user;
 
 /**
  * Privacy test for auth_oidc
@@ -65,7 +66,7 @@ public function test_get_contexts_for_userid(): void {
         $this->assertCount(1, $contextlist);
 
         // Check that a context is returned and is the expected context.
-        $usercontext = \context_user::instance($user->id);
+        $usercontext = user::instance($user->id);
         $this->assertEquals($usercontext->id, $contextlist->get_contextids()[0]);
     }
 
@@ -80,7 +81,7 @@ public function test_get_users_in_context(): void {
         $component = 'auth_oidc';
         // Create a user.
         $user = $this->getDataGenerator()->create_user();
-        $usercontext = \context_user::instance($user->id);
+        $usercontext = user::instance($user->id);
 
         // The list of users should not return anything yet (related data still haven't been created).
         $userlist = new \core_privacy\local\request\userlist($usercontext, $component);
@@ -115,7 +116,7 @@ public function test_export_user_data(): void {
         $tokenrecord = self::create_token($user->id);
         $prevloginrecord = self::create_prevlogin($user->id);
 
-        $usercontext = \context_user::instance($user->id);
+        $usercontext = user::instance($user->id);
 
         $writer = \core_privacy\local\request\writer::with_context($usercontext);
         $this->assertFalse($writer->has_any_data());
@@ -150,7 +151,7 @@ public function test_delete_data_for_all_users_in_context(): void {
         $user1 = $this->getDataGenerator()->create_user();
         self::create_token($user1->id);
         self::create_prevlogin($user1->id);
-        $user1context = \context_user::instance($user1->id);
+        $user1context = user::instance($user1->id);
 
         $user2 = $this->getDataGenerator()->create_user();
         self::create_token($user2->id);
@@ -183,7 +184,7 @@ public function test_delete_data_for_user(): void {
         $user1 = $this->getDataGenerator()->create_user();
         self::create_token($user1->id);
         self::create_prevlogin($user1->id);
-        $user1context = \context_user::instance($user1->id);
+        $user1context = user::instance($user1->id);
 
         $user2 = $this->getDataGenerator()->create_user();
         self::create_token($user2->id);
@@ -216,13 +217,13 @@ public function test_delete_data_for_users(): void {
         $component = 'auth_oidc';
         // Create user1.
         $user1 = $this->getDataGenerator()->create_user();
-        $usercontext1 = \context_user::instance($user1->id);
+        $usercontext1 = user::instance($user1->id);
         self::create_token($user1->id);
         self::create_prevlogin($user1->id);
 
         // Create user2.
         $user2 = $this->getDataGenerator()->create_user();
-        $usercontext2 = \context_user::instance($user2->id);
+        $usercontext2 = user::instance($user2->id);
         self::create_token($user2->id);
         self::create_prevlogin($user2->id);
 
diff --git a/auth/oidc/ucp.php b/auth/oidc/ucp.php
index 40df97549..cde4b1632 100644
--- a/auth/oidc/ucp.php
+++ b/auth/oidc/ucp.php
@@ -24,6 +24,7 @@
  */
 
 use core\context\system;
+use core\context\user;
 
 require_once(__DIR__.'/../../config.php');
 require_once(__DIR__.'/auth.php');
@@ -61,7 +62,7 @@
     }
 } else {
     $PAGE->set_url('/auth/oidc/ucp.php');
-    $usercontext = \context_user::instance($USER->id);
+    $usercontext = user::instance($USER->id);
     $PAGE->set_context(system::instance());
     $PAGE->set_pagelayout('standard');
     $USER->editing = false;