mahara-contributors team mailing list archive

Thread
Date

[Bug 1546769] Re: The 'None' auth needs to be locked down more to avoid troubles with multi institutions

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Aaron Wells <1546769@xxxxxxxxxxxxxxxxxx>
Date: Thu, 18 Feb 2016 03:40:15 -0000
Reply-to: Bug 1546769 <1546769@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

On further discussion with Robert, we've agreed that the best thing to
do is simply to remove the "none" authentication method from Mahara core
entirely. So the plan is roughly this:

1. Remove the "auth/none" plugin directory from Mahara
2. Put the auth/none code into a separate git repository, so it can be downloaded and installed separately by sites that actually do want to use it.
3. Put migration code in place, that will find any institutions that have "None" as their only auth method, and set up an Internal auth method for them.
4. Further migration code that finds any users who are set to a "None" auth method, and converts them to an Internal auth method (without a password)
5. A note in the README that indicates that the "none" auth method was removed and that if you're a site that is seriously using it, you should add the plugin back into your site before running the upgrade script, or your users will be migrated from "None" to "Internal"
6. Make sure that the migration code in steps 3 & 4 checks to see if you have, indeed, downloaded and installed the new optional None plugin. And if you have, it doesn't migrate the users, because apparently you actually are using the plugin.
7. And optionally, to provide better support for sites that do the "copy-over" upgrade, make the migration code check to see if you have the *old* version of the "None" plugin present in your site, and if so, disable it.

--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1546769

Title:
The 'None' auth needs to be locked down more to avoid troubles with
multi institutions

Status in Mahara:
In Progress

Bug description:
When there are multiple institutions/tenants on a mahara and one of
the tenants decides to add the 'None' auth method to their institution
it causes havoc for users on all institutions as if they accidentally
enter their login details wrong they get logged in to institution with
'None' set as a new user rather than their normal institution/account.

Things that need to be changed to avoid this problem:

1) When an institution tries to add the 'None' auth option it needs to
check to see if there are any other institutions present and only
allow it if institution count = 1

2) Conversely if the only institution uses 'None' auth then you
shouldn't be allowed to add a new institution until that auth is
removed

3) And when you are able to add "None" you should probably get some
prominent message with "Do you really want to do this? You know, it
means that anybody will be able to log in without any authorization"

Also as part of this change it would be very good to add a ctime (and
maybe userid) field to the auth_instance table to record when one
adds/edits auth details to see when things changed as this human error
can cause big problems for users.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1546769/+subscriptions

References

[Bug 1546769] [NEW] The 'None' auth needs to be locked down more to avoid troubles with multi institutions
From: Robert Lyon, 2016-02-17