← Back to team overview

mahara-contributors team mailing list archive

  1. mahara-contributors team
  2. Mailing list archive
  3. Message #36143

[Bug 1598974] [NEW] Mahara as MNet IDP breaks because of longer session ids

  Thread PreviousDate PreviousThread Next 
Public bug reported:

When you use Mahara as the MNet identity provider, it tries to store the
user's session id in the "sso_session.sessionid" database column. This
column is 40 characters, because we were previously using SHA-1 based
sessionids, which are 40 characters. When we switched to SHA-256, the
sessionids expanded to 64 characters, which causes it to crash.

To replicate:

1. Set up MNet between Moodle and Mahara, with Mahara as the identity provider.
2. Log in to Mahara.
3. In the sideblock, click on the link to roam over to Moodle

Expected result: You roam over to Moodle
Actual result: It crashes with this error message:

[WAR] d8 (lib/errors.php:796) Failed to get a recordset: postgres8 error: [-1: ERROR:  value too long for type character varying(40)] in EXECUTE("INSERT INTO "sso_session" ("userid", "instanceid", "username", "useragent", "token", "confirmtimeout", "expires", "sessionid") VALUES (?, ?, ?, ?, ?, ?, ?, ?)")
Command was: INSERT INTO "sso_session" ("userid", "instanceid", "username", "useragent", "token", "confirmtimeout", "expires", "sessionid") VALUES (?, ?, ?, ?, ?, ?, ?, ?) and values was (userid:1,instanceid:2,username:admin,useragent:3628ed27e34fdc54e674d6a3b4a24c71208a600d,token:9d1b2dcf6adf3ab284b3940113ef76f0513eca93,confirmtimeout:1467678764,expires:1467765149,sessionid:a63792d82ed3538d731018873581817c7214a7ea94e4379316161a0b8c773a7c)
Call stack (most recent first):

    log_message("Failed to get a recordset: postgres8 error: [-1: E...", 8, true, true) at /home/aaronw/www/mahara/htdocs/lib/errors.php:95
    log_warn("Failed to get a recordset: postgres8 error: [-1: E...") at /home/aaronw/www/mahara/htdocs/lib/errors.php:796
    SQLException->__construct("Failed to get a recordset: postgres8 error: [-1: E...") at /home/aaronw/www/mahara/htdocs/lib/dml.php:1088
    insert_record("sso_session", object(stdClass)) at /home/aaronw/www/mahara/htdocs/api/xmlrpc/lib.php:93
    start_jump_session(object(Peer), "2", "") at /home/aaronw/www/mahara/htdocs/auth/xmlrpc/jump.php:53

** Affects: mahara
     Importance: Medium
         Status: In Progress


** Tags: mnet

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1598974

Title:
  Mahara as MNet IDP breaks because of longer session ids

Status in Mahara:
  In Progress

Bug description:
  When you use Mahara as the MNet identity provider, it tries to store
  the user's session id in the "sso_session.sessionid" database column.
  This column is 40 characters, because we were previously using SHA-1
  based sessionids, which are 40 characters. When we switched to
  SHA-256, the sessionids expanded to 64 characters, which causes it to
  crash.

  To replicate:

  1. Set up MNet between Moodle and Mahara, with Mahara as the identity provider.
  2. Log in to Mahara.
  3. In the sideblock, click on the link to roam over to Moodle

  Expected result: You roam over to Moodle
  Actual result: It crashes with this error message:

  [WAR] d8 (lib/errors.php:796) Failed to get a recordset: postgres8 error: [-1: ERROR:  value too long for type character varying(40)] in EXECUTE("INSERT INTO "sso_session" ("userid", "instanceid", "username", "useragent", "token", "confirmtimeout", "expires", "sessionid") VALUES (?, ?, ?, ?, ?, ?, ?, ?)")
  Command was: INSERT INTO "sso_session" ("userid", "instanceid", "username", "useragent", "token", "confirmtimeout", "expires", "sessionid") VALUES (?, ?, ?, ?, ?, ?, ?, ?) and values was (userid:1,instanceid:2,username:admin,useragent:3628ed27e34fdc54e674d6a3b4a24c71208a600d,token:9d1b2dcf6adf3ab284b3940113ef76f0513eca93,confirmtimeout:1467678764,expires:1467765149,sessionid:a63792d82ed3538d731018873581817c7214a7ea94e4379316161a0b8c773a7c)
  Call stack (most recent first):

      log_message("Failed to get a recordset: postgres8 error: [-1: E...", 8, true, true) at /home/aaronw/www/mahara/htdocs/lib/errors.php:95
      log_warn("Failed to get a recordset: postgres8 error: [-1: E...") at /home/aaronw/www/mahara/htdocs/lib/errors.php:796
      SQLException->__construct("Failed to get a recordset: postgres8 error: [-1: E...") at /home/aaronw/www/mahara/htdocs/lib/dml.php:1088
      insert_record("sso_session", object(stdClass)) at /home/aaronw/www/mahara/htdocs/api/xmlrpc/lib.php:93
      start_jump_session(object(Peer), "2", "") at /home/aaronw/www/mahara/htdocs/auth/xmlrpc/jump.php:53

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1598974/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next