mahara-contributors team mailing list archive

Thread
Date

[Bug 1943772] A change has been merged

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Mahara Bot <1943772@xxxxxxxxxxxxxxxxxx>
Date: Fri, 28 Oct 2022 01:21:34 -0000
Reply-to: Bug 1943772 <1943772@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Reviewed:  https://reviews.mahara.org/c/mahara/+/13288
Committed: https://git.mahara.org/mahara/mahara/commit/72f6dc73d1d55f095c11e59fb4b8879e2eb21f47
Submitter: "Robert Lyon <robertl@xxxxxxxxxxxxxxx>"
Branch:    22.10_DEV

commit 72f6dc73d1d55f095c11e59fb4b8879e2eb21f47
Author: Robert Lyon <robertl@xxxxxxxxxxxxxxx>
Date:   Tue Sep 13 08:49:49 2022 +1200

Bug 1989388: Allow 'lis_person_sourcedid' to be recorded as a
remoteusername

And record it as remoteusername to the parentauth
This is because moodle can send the moodle ID as remoteauth name not
the username from the remote IdP that ties everything together

Also tidy up LTI_Advantage to be like LTI
- See Bug 1943772, commit ec27a6d715c0d015c94e3ec3d0bada974886bbb8

Change-Id: Icbc3bc4511d9cb3b1fb12103f76f5d67539224e3
Signed-off-by: Robert Lyon <robertl@xxxxxxxxxxxxxxx>
(cherry picked from commit 97447a21ffc7165af0f7075c2e49cca8d51447d9)

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: mahara-contributors
https://bugs.launchpad.net/bugs/1943772

Title:
  Potential LTI duplicating accounts with parent auth

Status in Mahara:
  Fix Released
Status in Mahara 20.10 series:
  Fix Released
Status in Mahara 21.04 series:
  Fix Released
Status in Mahara 21.10 series:
  Fix Released
Status in Mahara 22.04 series:
  Fix Released

Bug description:
  There is a problem in module_lti_launch.php when using SAML as parent
  auth

  If a person does not exist they are created via create_user() function
  and this function will check if the auth method they are created with
  needs a remote username and if so adds a row to the "auth_remote_user"
  table too.

  Then module_lti_launch.php creates a row in "auth_remote_user" table
  for the parent auth (SAML) if the auth method has a parent auth.

  So we end up with 2 rows

  But the problem is when we have a parent auth (SAML) as the parent we pass in the parent authinstance id to be the one saved in "usr" table.
  So we end up with both the rows being connected to the parent auth because we pass in the parent authinstance id when creating the person.

  When we then login again via LTI it finds the person by email and
  updates the "auth_remote_user" table but this time adds the row
  correctly with the LTI authinstance id.

  So we end up with 3 rows - but we should only have two.

  
  what we should do is if the LTI auth instance has a parent auth and that parent auth allows adding to remote table add that one first, via create_user(), then add the one for LTI

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1943772/+subscriptions

References

[Bug 1943772] [NEW] Potential LTI duplicating accounts with parent auth
From: Robert Lyon, 2021-09-16