mahara-contributors team mailing list archive

Thread
Date

[Bug 1771774] Re: No way to bypass externallogin

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Steven <stevens@xxxxxxxxxxxxxxx>
Date: Tue, 19 Mar 2019 00:27:43 -0000
Reply-to: Bug 1771774 <1771774@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Environment tested: Master
Browser tested: Chrome

PRECONDITIONS: 
------------------------ 
1) The following code is enabled in the config.php file 
      $cfg->externallogin = 'http://moodle.example.com/auth/mnet/jump.php?hostwwwroot={wwwroot}&wantsurl={shorturlencoded}';
2) Site admin is not logged in 

TEST STEPS: 
------------------------ 
1) Site admin browse to http://mahara.stevens-lp.dynamic.wgtn.cat-it.co.nz/admin/users/search.php
2) confirm the page will not load "This site can’t be reached moodle.example.com’s server IP address could not be found."
3) Enter the base URL  http://mahara.stevens-lp.dynamic.wgtn.cat-it.co.nz/admin/users/search.php in the address bar and amment it with the following
      a) ?override=true
4) Verify the user is redirected to Mahara login page ✔
5) Verify that the how to is documented in the  config-defaults.php file ✘

NOTE: By entering the code above in the config.php file - it will cause
the error "Site not found" - this represents what would happen if your
authentication server went down. By adding the  override parameter to
the end of the URL , the site admin can still log in to Mahara

Catalyst QA Failed testing ✘

NOTE 
1) Needs further documentation in the config-defaults.php file
2) external override Functionality working as expected

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1771774

Title:
  No way to bypass externallogin

Status in Mahara:
  In Progress

Bug description:
  When the externallogin setting is turned on, it's impossible to fix
  things such as metadata URLs etc which are required for some external
  logins to work.

  It would be good to be able to pass in a special URL parameter to make
  Mahara skip the external login process. Here is a patch which I can
  push up to gerrit once someone confirms that the proposed change is
  useful and that the url parameter is unique enough:

  diff --git a/htdocs/auth/lib.php b/htdocs/auth/lib.php
  index 779d080352..4baf2c7875 100644
  --- a/htdocs/auth/lib.php
  +++ b/htdocs/auth/lib.php
  @@ -1171,7 +1171,7 @@ function auth_draw_login_page($message=null, Pieform $form=null) {
       }
   
       $externallogin = get_config('externallogin');
  -    if ($externallogin) {
  +    if ($externallogin && !isset($_GET['internallogin'])) {
           $externallogin = preg_replace('/{shorturlencoded}/', urlencode(get_relative_script_path()), $externallogin);
           $externallogin = preg_replace('/{wwwroot}/', get_config('wwwroot'), $externallogin);
           redirect($externallogin);

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1771774/+subscriptions

References

[Bug 1771774] [NEW] No way to bypass externallogin
From: bobthevirus, 2018-05-17