Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-34101

Bypass external authentication when user doesn't exist in Moodle yet and "account creation when authenticating" is disabled

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.2.3
    • Fix Version/s: 2.4
    • Component/s: Authentication
    • Labels:
      None
    • Testing Instructions:
      Hide

      1/ enable "prevent account creation" in general auth settings
      2/ verify error log after login with non-existent username - "Unknown user, can not create new accounts" expected
      3/ disable "prevent account creation" in general auth settings
      4 / verify error log after login with non-existent username - "Failed login" expected

      Show
      1/ enable "prevent account creation" in general auth settings 2/ verify error log after login with non-existent username - "Unknown user, can not create new accounts" expected 3/ disable "prevent account creation" in general auth settings 4 / verify error log after login with non-existent username - "Failed login" expected
    • Affected Branches:
      MOODLE_22_STABLE
    • Fixed Branches:
      MOODLE_24_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      w28_MDL-34101_m24_newaccountprev

      Description

      When using Moodle there is always an account created no matter what the authentication method when it is enabled.

      Currently we are using manual accounts and are working on setting up LDAP. We currently have "account creation when authenticating" disabled so that users cannot create accounts by authenticating through LDAP while we are setting up and testing. We have rolled out Active Directory logins in some other systems in which the students use. So they think they can come to Moodle and login.

      The issue is if a user doesn't have a manual account yet and tries to login with their Active Directory credentials(which are correct) and the LDAP setup is incorrect they get an LDAP bind error. Now since they don't have an account yet and account creation is disabled it shouldn't even try to authenticate with any external auth.

      I've made some changes to the lib/moodlelib.php that if the user doesn't exist and the "account creation when authenticating" is disabled then it doesn't even check for authentication.

        Gliffy Diagrams

          Activity

          Hide
          skodak Petr Skoda added a comment -

          I am a bit confused by "When using Moodle there is always an account created no matter what the authentication method when it is enabled.", user account is not created if $CFG->authpreventaccountcreation is set if I read the code correctly.

          I agree that we should not try any authentication when user does not exist and creation is prevented, working on a patch.

          Show
          skodak Petr Skoda added a comment - I am a bit confused by "When using Moodle there is always an account created no matter what the authentication method when it is enabled.", user account is not created if $CFG->authpreventaccountcreation is set if I read the code correctly. I agree that we should not try any authentication when user does not exist and creation is prevented, working on a patch.
          Hide
          skodak Petr Skoda added a comment -

          To integrators: I have fixed one small issue in fist commit in the submitted branch, authenticate_user_login() is supposed to work with local accounts only

          James: thanks for the report, please review/test the patch if you find some time. I hope it does what you requested, if not please try to explain it again.

          Show
          skodak Petr Skoda added a comment - To integrators: I have fixed one small issue in fist commit in the submitted branch, authenticate_user_login() is supposed to work with local accounts only James: thanks for the report, please review/test the patch if you find some time. I hope it does what you requested, if not please try to explain it again.
          Hide
          poltawski Dan Poltawski added a comment -

          Taking integration held issues out of integration (whilst we are keeping master and 23_STABLE in sync).

          Show
          poltawski Dan Poltawski added a comment - Taking integration held issues out of integration (whilst we are keeping master and 23_STABLE in sync).
          Hide
          henestofelj James Henestofel added a comment -

          Sorry about the confusion.

          I was just trying to say the for a user to even use Moodle the account must exist in the Moodle database when using external auth and that auth method is enabled.

          I've done some testing and it seems to work fine.

          Show
          henestofelj James Henestofel added a comment - Sorry about the confusion. I was just trying to say the for a user to even use Moodle the account must exist in the Moodle database when using external auth and that auth method is enabled. I've done some testing and it seems to work fine.
          Hide
          skodak Petr Skoda added a comment -

          Thanks for the explanation and confirmation.

          Show
          skodak Petr Skoda added a comment - Thanks for the explanation and confirmation.
          Hide
          samhemelryk Sam Hemelryk added a comment -

          Thanks Petr - this has been integrated now

          Show
          samhemelryk Sam Hemelryk added a comment - Thanks Petr - this has been integrated now
          Hide
          abgreeve Adrian Greeve added a comment -

          Tested in master and master integration.
          I checked the error logs and the different error messages were displayed depending on the setting.
          All working as expected.
          Test passed

          Show
          abgreeve Adrian Greeve added a comment - Tested in master and master integration. I checked the error logs and the different error messages were displayed depending on the setting. All working as expected. Test passed
          Hide
          poltawski Dan Poltawski added a comment -

          Congratulations!

          You've made it into the weekly release!

          Thanks for your contribution - here are some random drummers to keep you inspired for the next week!
          http://www.youtube.com/watch?v=_QhpHUmVCmY

          Show
          poltawski Dan Poltawski added a comment - Congratulations! You've made it into the weekly release! Thanks for your contribution - here are some random drummers to keep you inspired for the next week! http://www.youtube.com/watch?v=_QhpHUmVCmY

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Fix Release Date:
                3/Dec/12