Moodle
  1. Moodle
  2. MDL-34101

Bypass external authentication when user doesn't exist in Moodle yet and "account creation when authenticating" is disabled

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 2.2.3
    • Fix Version/s: 2.4
    • Component/s: Authentication
    • Labels:
      None
    • Testing Instructions:
      Hide

      1/ enable "prevent account creation" in general auth settings
      2/ verify error log after login with non-existent username - "Unknown user, can not create new accounts" expected
      3/ disable "prevent account creation" in general auth settings
      4 / verify error log after login with non-existent username - "Failed login" expected

      Show
      1/ enable "prevent account creation" in general auth settings 2/ verify error log after login with non-existent username - "Unknown user, can not create new accounts" expected 3/ disable "prevent account creation" in general auth settings 4 / verify error log after login with non-existent username - "Failed login" expected
    • Affected Branches:
      MOODLE_22_STABLE
    • Fixed Branches:
      MOODLE_24_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      w28_MDL-34101_m24_newaccountprev
    • Rank:
      42412

      Description

      When using Moodle there is always an account created no matter what the authentication method when it is enabled.

      Currently we are using manual accounts and are working on setting up LDAP. We currently have "account creation when authenticating" disabled so that users cannot create accounts by authenticating through LDAP while we are setting up and testing. We have rolled out Active Directory logins in some other systems in which the students use. So they think they can come to Moodle and login.

      The issue is if a user doesn't have a manual account yet and tries to login with their Active Directory credentials(which are correct) and the LDAP setup is incorrect they get an LDAP bind error. Now since they don't have an account yet and account creation is disabled it shouldn't even try to authenticate with any external auth.

      I've made some changes to the lib/moodlelib.php that if the user doesn't exist and the "account creation when authenticating" is disabled then it doesn't even check for authentication.

        Activity

        Hide
        Petr Škoda added a comment -

        I am a bit confused by "When using Moodle there is always an account created no matter what the authentication method when it is enabled.", user account is not created if $CFG->authpreventaccountcreation is set if I read the code correctly.

        I agree that we should not try any authentication when user does not exist and creation is prevented, working on a patch.

        Show
        Petr Škoda added a comment - I am a bit confused by "When using Moodle there is always an account created no matter what the authentication method when it is enabled.", user account is not created if $CFG->authpreventaccountcreation is set if I read the code correctly. I agree that we should not try any authentication when user does not exist and creation is prevented, working on a patch.
        Hide
        Petr Škoda added a comment -

        To integrators: I have fixed one small issue in fist commit in the submitted branch, authenticate_user_login() is supposed to work with local accounts only

        James: thanks for the report, please review/test the patch if you find some time. I hope it does what you requested, if not please try to explain it again.

        Show
        Petr Škoda added a comment - To integrators: I have fixed one small issue in fist commit in the submitted branch, authenticate_user_login() is supposed to work with local accounts only James: thanks for the report, please review/test the patch if you find some time. I hope it does what you requested, if not please try to explain it again.
        Hide
        Dan Poltawski added a comment -

        Taking integration held issues out of integration (whilst we are keeping master and 23_STABLE in sync).

        Show
        Dan Poltawski added a comment - Taking integration held issues out of integration (whilst we are keeping master and 23_STABLE in sync).
        Hide
        James Henestofel added a comment -

        Sorry about the confusion.

        I was just trying to say the for a user to even use Moodle the account must exist in the Moodle database when using external auth and that auth method is enabled.

        I've done some testing and it seems to work fine.

        Show
        James Henestofel added a comment - Sorry about the confusion. I was just trying to say the for a user to even use Moodle the account must exist in the Moodle database when using external auth and that auth method is enabled. I've done some testing and it seems to work fine.
        Hide
        Petr Škoda added a comment -

        Thanks for the explanation and confirmation.

        Show
        Petr Škoda added a comment - Thanks for the explanation and confirmation.
        Hide
        Sam Hemelryk added a comment -

        Thanks Petr - this has been integrated now

        Show
        Sam Hemelryk added a comment - Thanks Petr - this has been integrated now
        Hide
        Adrian Greeve added a comment -

        Tested in master and master integration.
        I checked the error logs and the different error messages were displayed depending on the setting.
        All working as expected.
        Test passed

        Show
        Adrian Greeve added a comment - Tested in master and master integration. I checked the error logs and the different error messages were displayed depending on the setting. All working as expected. Test passed
        Hide
        Dan Poltawski added a comment -

        Congratulations!

        You've made it into the weekly release!

        Thanks for your contribution - here are some random drummers to keep you inspired for the next week!
        http://www.youtube.com/watch?v=_QhpHUmVCmY

        Show
        Dan Poltawski added a comment - Congratulations! You've made it into the weekly release! Thanks for your contribution - here are some random drummers to keep you inspired for the next week! http://www.youtube.com/watch?v=_QhpHUmVCmY

          People

          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: