Moodle
  1. Moodle
  2. MDL-27036

Improve AICC HACP Handling so that direct login isn't required

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.0.2
    • Fix Version/s: 2.2
    • Component/s: SCORM
    • Labels:
    • Environment:
      N/A
    • Database:
      Any
    • Testing Instructions:
      Hide

      NOTE TO TESTER - your TEST site must be publicly externally accessible - not an internal test install eg localhost/192.168.x.x the external AICC HACP package makes a call back to your install.

      Also - this package only allows a single attempt per user, so if you previously tested this you will need to use a different user to confirm it works.

      Under Admin > Plugins > Activity Modules > SCORM
      make sure the following settings are made:
      Enable AICC HACP = yes
      Create a new SCORM in your site using the package attached to this bug: "MOODLE-AICC-01_20110330.zip"

      Enter the SCORM - if the AICC package displays your username firstname/lastname and gives you a login link - the first part of this patch has worked correctly. Without this patch in place, the AICC HACP package will display an error stating that the lms hasn't given it the right info. Then answer the questions, exit the AICC package completely by returning to the course homepage then return to check if Moodle has registered a grade for the attempt.

      Show
      NOTE TO TESTER - your TEST site must be publicly externally accessible - not an internal test install eg localhost/192.168.x.x the external AICC HACP package makes a call back to your install. Also - this package only allows a single attempt per user, so if you previously tested this you will need to use a different user to confirm it works. Under Admin > Plugins > Activity Modules > SCORM make sure the following settings are made: Enable AICC HACP = yes Create a new SCORM in your site using the package attached to this bug: "MOODLE-AICC-01_20110330.zip" Enter the SCORM - if the AICC package displays your username firstname/lastname and gives you a login link - the first part of this patch has worked correctly. Without this patch in place, the AICC HACP package will display an error stating that the lms hasn't given it the right info. Then answer the questions, exit the AICC package completely by returning to the course homepage then return to check if Moodle has registered a grade for the attempt.
    • Affected Branches:
      MOODLE_20_STABLE
    • Fixed Branches:
      MOODLE_22_STABLE
    • Pull Master Branch:
      master_MDL-27036
    • Rank:
      16785

      Description

      When launching an AICC HACP package activity from Moodle, the content server makes a "GetParam" callback to the Moodle-provided callback URL to get the student's name and other data. Moodle incorrectly returns the HTML for the login page and doesn't allow the callback to occur.

      The callback URL leads to the "aicc.php" script. This script clearly calls the "require_login()" function. It also requires $SESSION data.

      The whole point of AICC HACP communication is to allow the content server to call the callback URL to communicate with the LMS. The AICC standard, to my knowledge, doesn't say anything about logging into the LMS to communicate via HACP.

      If you could remove the "require_login()" and "$SESSION" requirement in the code, I'm thinking AICC HACP would work. But, perhaps there is more to it than that.

      Attached is an AICC package that integrates with my product (Testcraft assessment software). The server hosting the content is publicly available. If you need further packages, let me know.

        Issue Links

          Activity

          Hide
          Dan Marsden added a comment -

          This isn't really an issue with Moodle. It's an improvement in the security of Modern browsers preventing the sharing of information cross-domain. There are a lot of posts in the SCORM forum about this - some recent ones from Matteo, some older ones from Claude Ostyn from scorm.com

          I've spent a lot of time thinking about this - even the possibility of adding an admin setting that allows people to disable the checks - but I couldn't see a way of doing this in a secure manner that didn't affect the integrity of Moodle.

          If we removed the login checks it would be extremely easy for someone malicious to interact with Moodle via HACP causing all sorts of weird behaviour and really don't think this is something we should support out of the box. - But I'm open to feedback on this - especially if anyone has a clever way of minimising the risk to Moodle.

          Don't forget - you'll need to convince both myself and Petr Skoda (Moodle's Security Engineer) that the change is safe.

          Show
          Dan Marsden added a comment - This isn't really an issue with Moodle. It's an improvement in the security of Modern browsers preventing the sharing of information cross-domain. There are a lot of posts in the SCORM forum about this - some recent ones from Matteo, some older ones from Claude Ostyn from scorm.com I've spent a lot of time thinking about this - even the possibility of adding an admin setting that allows people to disable the checks - but I couldn't see a way of doing this in a secure manner that didn't affect the integrity of Moodle. If we removed the login checks it would be extremely easy for someone malicious to interact with Moodle via HACP causing all sorts of weird behaviour and really don't think this is something we should support out of the box. - But I'm open to feedback on this - especially if anyone has a clever way of minimising the risk to Moodle. Don't forget - you'll need to convince both myself and Petr Skoda (Moodle's Security Engineer) that the change is safe.
          Hide
          Matteo Scaramuccia added a comment -

          Hi all,
          besides basic security issues the logic inside the Moodle state machine necessarily requires some knowledge about the user context.

          Everything is easily resolved by using a Reverse Proxy, even within the server hosting Moodle.
          Apache should be your friend:

          1. httpd.conf:
            ...
            LoadModule proxy_module      modules/mod_proxy.so
            LoadModule proxy_http_module modules/mod_proxy_http.so
            ...
            ProxyRequests Off
            ProxyPreserveHost Off
            ProxyPass /testcraft.com https://secure.testcraft.com
            ProxyPassReverse /testcraft.com https://secure.testcraft.com
            ...
            SetEnvIf Cookie "MoodleSession=([^;]+)" FromMoodle=1
            <Proxy *>
                Order Deny,Allow
                Deny from all
                Allow from env=FromMoodle 
            </Proxy>
            ...
            
          2. Publish a new version of the descriptors changing any ref in the original *.au file, from:
            https://secure.testcraft.com/*
            

            in:

            /testcraft.com/*
            

          Never had the time to test it... but it should work.

          HTH,
          Matteo

          Show
          Matteo Scaramuccia added a comment - Hi all, besides basic security issues the logic inside the Moodle state machine necessarily requires some knowledge about the user context. Everything is easily resolved by using a Reverse Proxy, even within the server hosting Moodle. Apache should be your friend: httpd.conf: ... LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so ... ProxyRequests Off ProxyPreserveHost Off ProxyPass /testcraft.com https: //secure.testcraft.com ProxyPassReverse /testcraft.com https: //secure.testcraft.com ... SetEnvIf Cookie "MoodleSession=([^;]+)" FromMoodle=1 <Proxy *> Order Deny,Allow Deny from all Allow from env=FromMoodle </Proxy> ... Publish a new version of the descriptors changing any ref in the original *.au file, from: https: //secure.testcraft.com/* in: /testcraft.com/* Never had the time to test it... but it should work. HTH, Matteo
          Hide
          Rob Dugre added a comment -

          I can say that our Testcraft product is successfully integrating with all other major LMS providers (Saba, SumTotal, etc) via AICC HACP and a login is not required for any of them. I think this is because each other LMS issues a unique (and rather long) AICC Session ID, which is used in the callback. I'm not sure how the Session ID is calculated in these systems, but it wouldn't surprise me if it was an hash of the user credentials with some other unique LMS session value(s) mixed in.

          I believe if the AICC Session ID from Moodle was a hash of numerous values that could be re-calculated and compared upon a callback that would be secure.

          To my knowledge, the whole reason most companies integrate with AICC HACP is to get around the SCORM cross-domain issue. It would be a shame if Moodle couldn't also provide this same functionality.

          Show
          Rob Dugre added a comment - I can say that our Testcraft product is successfully integrating with all other major LMS providers (Saba, SumTotal, etc) via AICC HACP and a login is not required for any of them. I think this is because each other LMS issues a unique (and rather long) AICC Session ID, which is used in the callback. I'm not sure how the Session ID is calculated in these systems, but it wouldn't surprise me if it was an hash of the user credentials with some other unique LMS session value(s) mixed in. I believe if the AICC Session ID from Moodle was a hash of numerous values that could be re-calculated and compared upon a callback that would be secure. To my knowledge, the whole reason most companies integrate with AICC HACP is to get around the SCORM cross-domain issue. It would be a shame if Moodle couldn't also provide this same functionality.
          Hide
          Rob Dugre added a comment -

          Matteo: I am actually running Moodle on a Windows box with IIS as the Web server. So your solution isn't going to work for me. There may be an IIS equivalent, but I'm not interested in going down that path.

          I am a developer of Testcraft, and we are trying to integrate with Moodle, so our customers can have a good experience with both products. As I mentioned above, our product works flawlessly with other LMS systems via AICC HACP (even in cross-domain situations). We are just hoping for the same from Moodle.

          Show
          Rob Dugre added a comment - Matteo: I am actually running Moodle on a Windows box with IIS as the Web server. So your solution isn't going to work for me. There may be an IIS equivalent, but I'm not interested in going down that path. I am a developer of Testcraft, and we are trying to integrate with Moodle, so our customers can have a good experience with both products. As I mentioned above, our product works flawlessly with other LMS systems via AICC HACP (even in cross-domain situations). We are just hoping for the same from Moodle.
          Hide
          Matteo Scaramuccia added a comment -

          Hi Rob,
          I take your point:

          1. I'm not a (core) Moodle developer but I know a little the AICC/SCORM activity code: I'm pretty sure your request will require major changes due to the nature of the checks on both context and user profile data. Maybe it could be a viable option if some funding will be available for such a feature;
          2. IIS7 with ARR module installed should provide reverse proxy functionality.

          HTH,
          Matteo

          Show
          Matteo Scaramuccia added a comment - Hi Rob, I take your point: I'm not a (core) Moodle developer but I know a little the AICC/SCORM activity code: I'm pretty sure your request will require major changes due to the nature of the checks on both context and user profile data. Maybe it could be a viable option if some funding will be available for such a feature; IIS7 with ARR module installed should provide reverse proxy functionality. HTH, Matteo
          Hide
          Dan Marsden added a comment -

          passing a unique Sessionid sounds like a possible solution.... unfortunately I don't have time to work on this - but I'm open to reviewing a patch

          Show
          Dan Marsden added a comment - passing a unique Sessionid sounds like a possible solution.... unfortunately I don't have time to work on this - but I'm open to reviewing a patch
          Hide
          Rob Dugre added a comment -

          Unfortunately, I'm not a PHP developer... my world is ASP.NET. My company MAY be interested in funding this change, but we would need to know the costs up-front. Is there someone available that could take a look at this project?

          Show
          Rob Dugre added a comment - Unfortunately, I'm not a PHP developer... my world is ASP.NET. My company MAY be interested in funding this change, but we would need to know the costs up-front. Is there someone available that could take a look at this project?
          Hide
          Dan Marsden added a comment -

          sure - bounce me an e-mail - dan@catalyst.net.nz and I'll see if we can throw a quote together.

          thanks,

          Show
          Dan Marsden added a comment - sure - bounce me an e-mail - dan@catalyst.net.nz and I'll see if we can throw a quote together. thanks,
          Hide
          Dan Marsden added a comment -

          Just e-mailed Rob with a plan of attack - adding it here for future reference as well:

          We would need to create a new Table that stored a unique session key when a user loaded an AICC package in Moodle - it would pass this session key across via the aicc_sid param in the url - which seems to be passed back to Moodle from the external site via the "session_id" param. The session key would be tied to a specific user and AICC Package in Moodle.

          Moodle would check to see if that session key exists within the new table (and that it hasn't expired via a specific timetoexpire setting) - it would then allow the standard putparam/getparam/ExitAU commands without requiring login.

          This code could land in Moodle 2.1 - Unfortunately DB schema changes like a new table cannot be added to Stable releases.
          To enable cross-domain AICC packages using this method - the site admin for a Moodle course would need to enable this via a setting on the admin > plugins > activities > SCORM settings page - I think it would probably be disabled by default.

          Show
          Dan Marsden added a comment - Just e-mailed Rob with a plan of attack - adding it here for future reference as well: We would need to create a new Table that stored a unique session key when a user loaded an AICC package in Moodle - it would pass this session key across via the aicc_sid param in the url - which seems to be passed back to Moodle from the external site via the "session_id" param. The session key would be tied to a specific user and AICC Package in Moodle. Moodle would check to see if that session key exists within the new table (and that it hasn't expired via a specific timetoexpire setting) - it would then allow the standard putparam/getparam/ExitAU commands without requiring login. This code could land in Moodle 2.1 - Unfortunately DB schema changes like a new table cannot be added to Stable releases. To enable cross-domain AICC packages using this method - the site admin for a Moodle course would need to enable this via a setting on the admin > plugins > activities > SCORM settings page - I think it would probably be disabled by default.
          Hide
          Matteo Scaramuccia added a comment -

          Hi Dan,
          the new table needs to keep track of:

          1. hacp_session_id used for the SESSION ID (which the content is obliged to use as per spec): garbaging required, based on record related timecreated and timemodified;
          2. hacp_user_id, to identify the user represented by that key;
          3. some values under the global $SESSION, which will be not available because the PHP session cookie will be not exposed to the external caller, being on a domain different from that whose domain has been used to scope the session cookie.

          Shortly:

          1. the table needs to implement the concept of a token representing an identity plus some values.
          2. the (new) logic to optionally use the token and its values to let the AICC HACP state machine works as expected regarding with session values.

          HTH,
          Matteo

          Show
          Matteo Scaramuccia added a comment - Hi Dan, the new table needs to keep track of: hacp_session_id used for the SESSION ID (which the content is obliged to use as per spec): garbaging required, based on record related timecreated and timemodified ; hacp_user_id , to identify the user represented by that key; some values under the global $SESSION , which will be not available because the PHP session cookie will be not exposed to the external caller, being on a domain different from that whose domain has been used to scope the session cookie. Shortly: the table needs to implement the concept of a token representing an identity plus some values. the (new) logic to optionally use the token and its values to let the AICC HACP state machine works as expected regarding with session values. HTH, Matteo
          Hide
          Dan Marsden added a comment -

          yep - that was pretty much my plan - although I hadn't planned on having a timemodified and a timecreated field - just one timemodified. - I suppose we could have 2 seperate timeout values to invalidate the session - one based on timecreated and the other based on timemodified... although we might be able to make do with one.

          Show
          Dan Marsden added a comment - yep - that was pretty much my plan - although I hadn't planned on having a timemodified and a timecreated field - just one timemodified. - I suppose we could have 2 seperate timeout values to invalidate the session - one based on timecreated and the other based on timemodified... although we might be able to make do with one.
          Hide
          Matteo Scaramuccia added a comment -

          By having both the values - being timecreated evaluated on creating the token at every AU launch and timemodified updated every time we'll have a regular hit on mod/scorm/aicc.php - we'll have another opportunity (together with the official Total_Time) to measure the time spent by the user on that package i.e. based on an evaluation given by the content activity through the AICC HACP communication => timemodified==last_content_activity - timecreated==launch_time. I've a possible scenario in my mind so keep the two values in designing the table, if possible .

          BTW, I'm available to <contribute to>/<test> it when the code will be available.

          Matteo

          Show
          Matteo Scaramuccia added a comment - By having both the values - being timecreated evaluated on creating the token at every AU launch and timemodified updated every time we'll have a regular hit on mod/scorm/aicc.php - we'll have another opportunity (together with the official Total_Time ) to measure the time spent by the user on that package i.e. based on an evaluation given by the content activity through the AICC HACP communication => timemodified==last_content_activity - timecreated==launch_time . I've a possible scenario in my mind so keep the two values in designing the table, if possible . BTW, I'm available to <contribute to>/<test> it when the code will be available. Matteo
          Hide
          Dan Marsden added a comment -

          hmm - don't really like the idea of this new table being used to measure time spent - The records will only exist in the table if the site admin has enabled external AICC packages (will be disabled by default)

          If this is needed we could add some more Standard Moodle Log entries to allow more reliable reporting.

          Show
          Dan Marsden added a comment - hmm - don't really like the idea of this new table being used to measure time spent - The records will only exist in the table if the site admin has enabled external AICC packages (will be disabled by default) If this is needed we could add some more Standard Moodle Log entries to allow more reliable reporting.
          Hide
          Matteo Scaramuccia added a comment -

          Correct... but in case of content issues it could be used as a valid (and fast, compared with the big size of mdl_log) alternative to check (not report) - i.e. for content debugging purposes - the integrity of what the content is telling to the platform... a metric/approach already used in the past. Shortly, the requirement is not having a new measure of the time but having the possibility to solve rare (but time consuming) disputes on content issues regarding with time.

          BTW, having 2 timestamp fields for the token is just a suggestion based on my past experience (I've given some reasons above for my proposing both of them ) and... yes it will be something available just for external AICC HACP packages, a new feature that will be presumably be the root of some headache in case of "unindentified/generic" Customers' troubles.

          Real - i.e. regardless what the content tells to the platform using session time, accumulated on total time only in case of a formal end of the communication - time spent by the user on viewing AICC/SCORM packages is a good/interesting matter but I don't want this enh to focus on it since it requires more analysis.

          HTH,
          Matteo

          Show
          Matteo Scaramuccia added a comment - Correct... but in case of content issues it could be used as a valid (and fast, compared with the big size of mdl_log ) alternative to check ( not report) - i.e. for content debugging purposes - the integrity of what the content is telling to the platform... a metric/approach already used in the past. Shortly, the requirement is not having a new measure of the time but having the possibility to solve rare (but time consuming) disputes on content issues regarding with time. BTW, having 2 timestamp fields for the token is just a suggestion based on my past experience (I've given some reasons above for my proposing both of them ) and... yes it will be something available just for external AICC HACP packages, a new feature that will be presumably be the root of some headache in case of "unindentified/generic" Customers' troubles. Real - i.e. regardless what the content tells to the platform using session time, accumulated on total time only in case of a formal end of the communication - time spent by the user on viewing AICC/SCORM packages is a good/interesting matter but I don't want this enh to focus on it since it requires more analysis. HTH, Matteo
          Hide
          Dan Marsden added a comment -

          Just to keep this issue up to date - Rob is unable to fund the work on this but we'll keep the tracker issue open as it would be good to do at some point.

          Show
          Dan Marsden added a comment - Just to keep this issue up to date - Rob is unable to fund the work on this but we'll keep the tracker issue open as it would be good to do at some point.
          Hide
          Urs Hunkler added a comment -

          Matteo I tried your http.conf proposal without success.

          One issue is that the SCORM package/Moodle roots links like "/testcraft.com" to the plugin loader. I solved this by patching the URL checking code to allow the proxied local path.

          With this hack the content loading procedure is started but verification still fails. With a traffic watching tool I don't see any cookies added to the aicc.php response.

          I added two lines to the config to add the cookie:

          ...
          SetEnvIf Cookie "MoodleSession=([^;]+)" MoodleCookie=$1
          ...
          Header add Set-Cookie "MoodleSession=%

          {MoodleCookie}

          e; path=/" env=FromMoodle
          ...

          After that I see the cookie listed in the response - but the process still fails. When I debug aicc.php no COOKIEs are present.

          Do you have any idea what may go wrong?

          Show
          Urs Hunkler added a comment - Matteo I tried your http.conf proposal without success. One issue is that the SCORM package/Moodle roots links like "/testcraft.com" to the plugin loader. I solved this by patching the URL checking code to allow the proxied local path. With this hack the content loading procedure is started but verification still fails. With a traffic watching tool I don't see any cookies added to the aicc.php response. I added two lines to the config to add the cookie: ... SetEnvIf Cookie "MoodleSession=( [^;] +)" MoodleCookie=$1 ... Header add Set-Cookie "MoodleSession=% {MoodleCookie} e; path=/" env=FromMoodle ... After that I see the cookie listed in the response - but the process still fails. When I debug aicc.php no COOKIEs are present. Do you have any idea what may go wrong?
          Hide
          Dan Marsden added a comment -

          Hi Urs - I'm going to be working on this either over the weekend or early next week - I'm hoping to have a patch ready before next weeks integration review so I can get this into master at least. I'm pretty sure the changes will need a db level change so we may only be able to get this into master but I will also provide a patch for 2.1

          Show
          Dan Marsden added a comment - Hi Urs - I'm going to be working on this either over the weekend or early next week - I'm hoping to have a patch ready before next weeks integration review so I can get this into master at least. I'm pretty sure the changes will need a db level change so we may only be able to get this into master but I will also provide a patch for 2.1
          Hide
          Dan Marsden added a comment -

          attaching link to my first attempt at this - I haven't tested this yet with a real AICC package - keep an eye on the git branch for updates.

          Show
          Dan Marsden added a comment - attaching link to my first attempt at this - I haven't tested this yet with a real AICC package - keep an eye on the git branch for updates.
          Hide
          Dan Marsden added a comment -

          note: the above patch doesn't include the $SESSION stuff - I'd quite like to change that a bit and store it somewhere else.

          Show
          Dan Marsden added a comment - note: the above patch doesn't include the $SESSION stuff - I'd quite like to change that a bit and store it somewhere else.
          Hide
          Dan Marsden added a comment -

          NOTE TO INTEGRATOR - this new table doesn't require backup/restore as it is really just a "temp" table used to keep an active "login"/"session" for the user - we don't delete the data straight away as it is useful for debugging - it's deleted via the cron script.

          Show
          Dan Marsden added a comment - NOTE TO INTEGRATOR - this new table doesn't require backup/restore as it is really just a "temp" table used to keep an active "login"/"session" for the user - we don't delete the data straight away as it is useful for debugging - it's deleted via the cron script.
          Hide
          Dan Marsden added a comment -

          Note to watchers - you may also be interested in the patch in MDL-30146 attached to this bug - it allows you to enter the direct url to an AICC HACP instead of having to create a zip - Thanks to piers for developing the initial 1.9 patch.

          Show
          Dan Marsden added a comment - Note to watchers - you may also be interested in the patch in MDL-30146 attached to this bug - it allows you to enter the direct url to an AICC HACP instead of having to create a zip - Thanks to piers for developing the initial 1.9 patch.
          Hide
          Matteo Scaramuccia added a comment -

          @Dan: hey man, it looks great! Thanks also for the timemodified field
          @Urs: if you agree, I'll put some efforts in my spare time first to help Dan's coding/debugging. BTW I'll try to write down here also a working Apache conf, regardless the great enh that Dan has just pushed

          I think Moodle has been actually improved in deliverying AICC contents: "external packages" and "direct url" will simplify Customers' life!

          Keep up the good work, Dan!

          Show
          Matteo Scaramuccia added a comment - @Dan: hey man, it looks great! Thanks also for the timemodified field @Urs: if you agree, I'll put some efforts in my spare time first to help Dan's coding/debugging. BTW I'll try to write down here also a working Apache conf, regardless the great enh that Dan has just pushed I think Moodle has been actually improved in deliverying AICC contents: "external packages" and "direct url" will simplify Customers' life! Keep up the good work, Dan!
          Hide
          Matteo Scaramuccia added a comment -

          I've quickly looked at the code i.e. not tested with a running session.
          It seems to me we could have a security issue when using AICC with external content deploy, moodlelib.php::random_string() create a generic random string not linked with the user actually involved with the delivery of the content. This means that, opposite to the obviously strongest confirm_sesskey() used with the local packages, it is possible to inject tracking data. My first suggestion is to add an id as field in {{

          {scorm_aicc_session}

          }} evaluated by hashing some fields, e.g.:

          hacpsessionid = MD5(userid + scormid + hacpsession + timecreated)

          and let the code check against this hacpsessionid and not the "internal" hacpsession. Note that we cannot also use the Client IP address 'cause of sometimes users are NATted with more the one IP public address.

          A comestic note:

          $string['allowtypeaicchacp'] = 'Enable AICC HACP'

          AICC HACP is the name of the protocol used by the Content to communicate with the Platform, i.e. it is actually implemented in Moodle. I suggest to move it to something that highlights the changing in the way AICC HACP is implemented:

          1. Current AICC HACP implementation: it requires the package to be locally deployed in Moodle, it requires a valid Moodle Session
          2. New optional AICC HACP implementaion: it allows the package to be remotely deployed, it doesn't require a valid Moodle Session and uses a database table to store the required information.

          Proposal, something like: 'Enable AICC HACP' => 'Bind AICC HACP session to database: it allows AICC Contents to be remotely deployed'

          HTH,
          Matteo

          Show
          Matteo Scaramuccia added a comment - I've quickly looked at the code i.e. not tested with a running session. It seems to me we could have a security issue when using AICC with external content deploy, moodlelib.php::random_string() create a generic random string not linked with the user actually involved with the delivery of the content. This means that, opposite to the obviously strongest confirm_sesskey() used with the local packages, it is possible to inject tracking data. My first suggestion is to add an id as field in {{ {scorm_aicc_session} }} evaluated by hashing some fields, e.g.: hacpsessionid = MD5(userid + scormid + hacpsession + timecreated) and let the code check against this hacpsessionid and not the "internal" hacpsession . Note that we cannot also use the Client IP address 'cause of sometimes users are NATted with more the one IP public address. A comestic note: $string['allowtypeaicchacp'] = 'Enable AICC HACP' AICC HACP is the name of the protocol used by the Content to communicate with the Platform, i.e. it is actually implemented in Moodle. I suggest to move it to something that highlights the changing in the way AICC HACP is implemented: Current AICC HACP implementation: it requires the package to be locally deployed in Moodle, it requires a valid Moodle Session New optional AICC HACP implementaion: it allows the package to be remotely deployed, it doesn't require a valid Moodle Session and uses a database table to store the required information. Proposal, something like: 'Enable AICC HACP' => 'Bind AICC HACP session to database: it allows AICC Contents to be remotely deployed' HTH, Matteo
          Hide
          Dan Marsden added a comment -

          Thanks Matteo - yeah - I was initially thinking about using some form of combination hash but the when the postback to aicc.php is made the only piece of information passed back that we can use (at the moment) is the sessionid.

          I was thinking about modifying the postback url from aicc.php to something like aicc.php?userid=X but didn't have the time to verify if this would work correctly in all cases - then aicc.php could check both userid and the sessionid at the same time to make a 2 factor authentication check.

          but.. - it's hard to see how converting this to a hash makes much difference - it's still a "unique" string being passed and the ability for someone to guess that hash is the same as it is to guess a random string - although we could make the random string longer from 10 to 20 - the session also expires (default is set to 30min) - so the ability to "Guess" a current hash should be difficult - when it hits the aicc.php page we don't know the scormid/userid/timecreated until we obtain that based on the hash (unless we pass all that information across in the postback url - but this would need more testing which I don't have a lot of time for)

          Show
          Dan Marsden added a comment - Thanks Matteo - yeah - I was initially thinking about using some form of combination hash but the when the postback to aicc.php is made the only piece of information passed back that we can use (at the moment) is the sessionid. I was thinking about modifying the postback url from aicc.php to something like aicc.php?userid=X but didn't have the time to verify if this would work correctly in all cases - then aicc.php could check both userid and the sessionid at the same time to make a 2 factor authentication check. but.. - it's hard to see how converting this to a hash makes much difference - it's still a "unique" string being passed and the ability for someone to guess that hash is the same as it is to guess a random string - although we could make the random string longer from 10 to 20 - the session also expires (default is set to 30min) - so the ability to "Guess" a current hash should be difficult - when it hits the aicc.php page we don't know the scormid/userid/timecreated until we obtain that based on the hash (unless we pass all that information across in the postback url - but this would need more testing which I don't have a lot of time for)
          Hide
          Urs Hunkler added a comment -

          Matteo, getting external AICC packages working has top priority.

          A working apache configuration would be helpful - may come in handy in other places.

          Show
          Urs Hunkler added a comment - Matteo, getting external AICC packages working has top priority. A working apache configuration would be helpful - may come in handy in other places.
          Hide
          Matteo Scaramuccia added a comment -

          Shame on Matteo! Sorry Dan, I was in a hurry and don't see that my long comment missed the goal, i.e. almost unuseful .
          BTW, we cannot add Client IP Address, we should try to think at opening a Session putting the aicc_sid into it: it will preserve the communication even if the User will change his IP Address (cookie based) and no one we'll be able to open a (Moodle? Plain PHP?) Session with the same aicc_sid. BUT... don't trust me right now: need a bit of time and focused brain to be really helpful

          Show
          Matteo Scaramuccia added a comment - Shame on Matteo! Sorry Dan, I was in a hurry and don't see that my long comment missed the goal, i.e. almost unuseful . BTW, we cannot add Client IP Address, we should try to think at opening a Session putting the aicc_sid into it: it will preserve the communication even if the User will change his IP Address (cookie based) and no one we'll be able to open a (Moodle? Plain PHP?) Session with the same aicc_sid . BUT... don't trust me right now: need a bit of time and focused brain to be really helpful
          Hide
          Dan Marsden added a comment -

          no worries - in any case I've increased the random number to 20 chars.

          big point to note here - the AICC SID doesn't allow a normal Moodle session - it just allows the external server to post a "message" back to Moodle with grade/tracks information - it doesn't allow the external system to do anything else but interact directly with aicc.php - it doesn't log the user in or allow access to any other components in Moodle

          So workflow:
          Moodle generates a unique random 20 char "key" - passes that to the external AICC package. This key expires within 30min of it's last use. (configurable by admin) - the external AICC posts a "message" back to moodle to get username/firstname or lastname (no other user fields are available) and allows it to post back a grade for that user and other tracking information about the user.
          Don't let the naming of vars here like sid/hacpsession fool you - this is not a normal session, it's just a standard "anonymous" http call - we use the sid to recognise what this request is for.

          The only other data that is available via aicc.php is to allow the AICC package to insert and retrieve data from the scorm_scoes_track table.

          Show
          Dan Marsden added a comment - no worries - in any case I've increased the random number to 20 chars. big point to note here - the AICC SID doesn't allow a normal Moodle session - it just allows the external server to post a "message" back to Moodle with grade/tracks information - it doesn't allow the external system to do anything else but interact directly with aicc.php - it doesn't log the user in or allow access to any other components in Moodle So workflow: Moodle generates a unique random 20 char "key" - passes that to the external AICC package. This key expires within 30min of it's last use. (configurable by admin) - the external AICC posts a "message" back to moodle to get username/firstname or lastname (no other user fields are available) and allows it to post back a grade for that user and other tracking information about the user. Don't let the naming of vars here like sid/hacpsession fool you - this is not a normal session, it's just a standard "anonymous" http call - we use the sid to recognise what this request is for. The only other data that is available via aicc.php is to allow the AICC package to insert and retrieve data from the scorm_scoes_track table.
          Hide
          Eloy Lafuente (stronk7) added a comment -

          This has been integrated, thanks everybody. I think this is a really cool feature to execute external packages in a lovely way.

          One silly question... (perhaps that is already checked) wouldn't it be great, somehow, to check if the HACP requests come from the same computer where the AICC package is available/deployed? That would reduce the chances of guessing by brute-attack or so, isn't it?

          Show
          Eloy Lafuente (stronk7) added a comment - This has been integrated, thanks everybody. I think this is a really cool feature to execute external packages in a lovely way. One silly question... (perhaps that is already checked) wouldn't it be great, somehow, to check if the HACP requests come from the same computer where the AICC package is available/deployed? That would reduce the chances of guessing by brute-attack or so, isn't it?
          Hide
          Dan Marsden added a comment -

          thanks Eloy - I don't think checking the ip will work because the incoming ip might be different if they use a proxy for outgoing traffic?

          Show
          Dan Marsden added a comment - thanks Eloy - I don't think checking the ip will work because the incoming ip might be different if they use a proxy for outgoing traffic?
          Hide
          Ankit Agarwal added a comment -

          Works as stated
          I did get
          "You have already completed this assessment the number of times allowed."
          But thats just the pack I guess.
          Passing
          Thanks

          Show
          Ankit Agarwal added a comment - Works as stated I did get "You have already completed this assessment the number of times allowed." But thats just the pack I guess. Passing Thanks
          Hide
          Sam Hemelryk added a comment -

          Reopening quickly as Dan picked up a regression and has pushed a commit for it on the original branch.
          This will be back to testing phase shortly.

          Show
          Sam Hemelryk added a comment - Reopening quickly as Dan picked up a regression and has pushed a commit for it on the original branch. This will be back to testing phase shortly.
          Hide
          Sam Hemelryk added a comment -

          Ok up for testing again - Dan can you please give us instructions specific to testing the regression so that the tester doesn't have to go through everything again?

          Show
          Sam Hemelryk added a comment - Ok up for testing again - Dan can you please give us instructions specific to testing the regression so that the tester doesn't have to go through everything again?
          Hide
          Dan Marsden added a comment -

          thanks Sam - problem was that aicc could "get" data but not "push data" eg score etc.

          • have updated testing instructions - please test full AICC package and check to make sure tracking information is returned from the AICC package
          Show
          Dan Marsden added a comment - thanks Sam - problem was that aicc could "get" data but not "push data" eg score etc. have updated testing instructions - please test full AICC package and check to make sure tracking information is returned from the AICC package
          Hide
          Dan Marsden added a comment -

          test instructions updated to be a bit more specific - thanks Sam.

          Show
          Dan Marsden added a comment - test instructions updated to be a bit more specific - thanks Sam.
          Hide
          Ankit Agarwal added a comment -

          will be testing this asap qa.moodle gots updated with the changes...that is in approx an hour or so.
          Thanks

          Show
          Ankit Agarwal added a comment - will be testing this asap qa.moodle gots updated with the changes...that is in approx an hour or so. Thanks
          Hide
          Eloy Lafuente (stronk7) added a comment -

          Yes, you got this finally upstream, just in time for Moodle 2.2beta. Congrats and thanks!

          Ciao

          Show
          Eloy Lafuente (stronk7) added a comment - Yes, you got this finally upstream, just in time for Moodle 2.2beta. Congrats and thanks! Ciao
          Hide
          Dan Marsden added a comment -

          I've just knocked up a 1.9 backport of this fix here that is completely untested - I haven't even installed it on a 1.9 site to check if it works:
          https://github.com/danmarsden/moodle/compare/MOODLE_19_STABLE...m19_MDL-27036

          if anyone does - let me know if and if you needed to make any changes to the code to make it work!

          thanks!

          Show
          Dan Marsden added a comment - I've just knocked up a 1.9 backport of this fix here that is completely untested - I haven't even installed it on a 1.9 site to check if it works: https://github.com/danmarsden/moodle/compare/MOODLE_19_STABLE...m19_MDL-27036 if anyone does - let me know if and if you needed to make any changes to the code to make it work! thanks!

            People

            • Votes:
              3 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: