mahara-contributors team mailing list archive

Thread
Date

[Bug 1348024] A change has been merged

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Mahara Bot <1348024@xxxxxxxxxxxxxxxxxx>
Date: Thu, 16 Apr 2015 01:34:26 -0000
Reply-to: Bug 1348024 <1348024@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://reviews.mahara.org/3508
Committed: http://gitorious.org/mahara/mahara/commit/de21ad32e9dc795caed654f27e1bc9a92e37cc3b
Submitter: Aaron Wells (aaronw@xxxxxxxxxxxxxxx)
Branch:    master

commit de21ad32e9dc795caed654f27e1bc9a92e37cc3b
Author: Robert Lyon <robertl@xxxxxxxxxxxxxxx>
Date:   Fri Jul 25 10:21:48 2014 +1200

Getting suspended institutions to keep their user out. (Bug 1348024)

Users who are logged in on the suspended institution's auth method
are logged out.

Change-Id: I10e1dec465a4363a076e92f4d90ec663ff8a822e
Signed-off-by: Robert Lyon <robertl@xxxxxxxxxxxxxxx>

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1348024

Title:
  users can stay logged into suspended institution

Status in Mahara ePortfolio:
  In Progress
Status in Mahara 1.10 series:
  In Progress
Status in Mahara 1.8 series:
  Confirmed
Status in Mahara 1.9 series:
  Confirmed
Status in Mahara 15.04 series:
  In Progress
Status in Mahara 15.10 series:
  In Progress

Bug description:
  If a user does not use their own institution's auth method then user
  only belonging to a suspended institution can still log in.

  Scenario: 
  - Create an institution called 'testone' with the auth method internal mahara
  - Add a user to it (so that the user is only in this institution and no others)
  - Update the user auth method to be another internal one
  - suspend the institution
  - log out and  then in as user - can get in because the auth method is paired to 'mahara' institution

  Another problem:

  Same as above but have the user using the institutions auth method
  - this time one gets a warning about the institution being suspended, which is good
  but also gets the top menu and is actually logged in/can navigate about.

  What needs to be done:

  1) when an institution is suspended make sure all users that only
  belong to this institution have a valid usr.authinstance value and if
  they don't give them one.

  2) when they are trying to log in to their suspended institution
  actually deny them properly.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1348024/+subscriptions