Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-34426

Port Google/Facebook Oauth2 plugin into core

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 2.4
    • Fix Version/s: None
    • Component/s: Authentication
    • Labels:
    • Testing Instructions:
      Hide

      For the test instructions to work with Google API, you'll need to map a "valid" domain name to 127.0.0.1 (i.e. in /etc/hosts 127.0.0.1 validtestdomain.com). Use a fresh site. You should have only one user, the administrator.

      0) Add a "geoipfile" file to your Moodle site (Admin > Location > Location settings)

      1) You need to setup and enable all the providers (Google, Facebook). Visit each Oauth2 authentication plugin settings page (Administration > Plugins > Authentication). The instruction in their settings page MUST be clear enough for you to setup everything. Tick all checkbox settings.

      2) Check that Google/Facebook buttons are displayed on the login page.

      3) Your administrator's email/Google's email/Facebook's email must all be different. Login with Google. A page asks if you already have an account. Click on "Create a new account". You should be logged in as a new user. Go to your profile page and check that names, emails, and location are filled in. Logout. Login with the same provider. You are directly connected as the new user.

      4) Login with Facebook. A page asks if you already have an account. Use the "Log me first" section of the page, login as the administrator. You are connected as admin. Logout. Facebook should now log you as admin.

      5) In your database, in the table mdl_user_idps, delete the Google row. Change your administrator's email address to match the Google one. Connect with Google. You should be logged-in as administrator.

      6) Delete the facebook user. Delete the facebook row from mdl_user_idps. Create a user with the same email's as Facebook. Mark the user as unconfirmed in the mdl_users table. Try to loggin with Facebook. You should see an error message saying that you need to confirm your email first.

      7) In your database, in the table mdl_user_idps, delete the Google row. Confirm the previous user and login with the manual authentication. Go to My profile Settings > Authentication. Check that no provider is linked to your account. Click on Google. Check that Google is now indicated as linked. Logout. Login with Google. You are connected.

      8) Login with the administrator. Go to My profile Settings > Authentication. Check that your account is not linked to Google. Click on Google. Logout. Login with Google check that you are logged in as the administrator. Logout. Login with the manual user previously created in 6). Go to My profile Settings > Authentication. Check that you are not linked with Google anymore.

      9) In the Google Oauth2 plugins settings there is a "Create user" feature. It MUST be clear what is this function about. Test it. When a user is not allowed to create a user, then you should arrive on a page asking to login first if the settings "Confirm unmatched email" is on. If the settings "Confirm unmatched email" is off, then the user should be automatically created.

      10) Set denyemailaddresses moodle option to gmail.com. Try to login with Google. You should not be able. Then in Google Oauth2 settings, select bypass email addresses. Check that you can now login.

      Show
      For the test instructions to work with Google API, you'll need to map a "valid" domain name to 127.0.0.1 (i.e. in /etc/hosts 127.0.0.1 validtestdomain.com). Use a fresh site. You should have only one user, the administrator. 0) Add a "geoipfile" file to your Moodle site (Admin > Location > Location settings) 1) You need to setup and enable all the providers (Google, Facebook). Visit each Oauth2 authentication plugin settings page (Administration > Plugins > Authentication). The instruction in their settings page MUST be clear enough for you to setup everything. Tick all checkbox settings. 2) Check that Google/Facebook buttons are displayed on the login page. 3) Your administrator's email/Google's email/Facebook's email must all be different. Login with Google. A page asks if you already have an account. Click on "Create a new account". You should be logged in as a new user. Go to your profile page and check that names, emails, and location are filled in. Logout. Login with the same provider. You are directly connected as the new user. 4) Login with Facebook. A page asks if you already have an account. Use the "Log me first" section of the page, login as the administrator. You are connected as admin. Logout. Facebook should now log you as admin. 5) In your database, in the table mdl_user_idps, delete the Google row. Change your administrator's email address to match the Google one. Connect with Google. You should be logged-in as administrator. 6) Delete the facebook user. Delete the facebook row from mdl_user_idps. Create a user with the same email's as Facebook. Mark the user as unconfirmed in the mdl_users table. Try to loggin with Facebook. You should see an error message saying that you need to confirm your email first. 7) In your database, in the table mdl_user_idps, delete the Google row. Confirm the previous user and login with the manual authentication. Go to My profile Settings > Authentication. Check that no provider is linked to your account. Click on Google. Check that Google is now indicated as linked. Logout. Login with Google. You are connected. 8) Login with the administrator. Go to My profile Settings > Authentication. Check that your account is not linked to Google. Click on Google. Logout. Login with Google check that you are logged in as the administrator. Logout. Login with the manual user previously created in 6). Go to My profile Settings > Authentication. Check that you are not linked with Google anymore. 9) In the Google Oauth2 plugins settings there is a "Create user" feature. It MUST be clear what is this function about. Test it. When a user is not allowed to create a user, then you should arrive on a page asking to login first if the settings "Confirm unmatched email" is on. If the settings "Confirm unmatched email" is off, then the user should be automatically created. 10) Set denyemailaddresses moodle option to gmail.com. Try to login with Google. You should not be able. Then in Google Oauth2 settings, select bypass email addresses. Check that you can now login.
    • Affected Branches:
      MOODLE_24_STABLE
    • Pull Master Branch:
      MDL-34426-wip7
    • Story Points:
      20

      Attachments

        Issue Links

          Activity

            People

            • Votes:
              25 Vote for this issue
              Watchers:
              33 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: