If an existing session is active at the time of launch, that user id
appears in the user_updated log. This log should show the launching user
updating their own record, not someone else. To resolve this, auth the
user before making any record updates so that the event gets the correct
user id.
If an existing session is active at the time of launch, that user id
appears in the user_created log, incorrectly (it should be system/0).
This patch makes sure that any existing session is terminated before
creation of a new user during launches.
When receiving data from the LTI launch, or service call, only update
the user record when we know something has changed. This prevents the
creation of many \core\event\user_updated events.
This isn't required and generates excess events. The only thing update
does, other than update the user fields, is to update the picture, but
in this case, that's unset in membership-based auths anyway, so it's
entirely safe to remove this.
Three modes are initially introduced here, for use by dependent code:
1. Automatic - where accounts will be automatically created for users
2. Prompt new or existing - where the user can choose to use an existing
account or have a new account created for them.
3. Prompt existing only - where users must link an existing account.
This change also adds linked logins, for use with provisioning.