Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-40818

Calendar export reports "Invalid authentication" instead of requesting user login

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.5.1, 2.9, 3.2.3, 3.3, 3.4
    • Fix Version/s: 3.2.4, 3.3.1
    • Component/s: Calendar
    • Labels:
    • Testing Instructions:
      Hide
      Setup
      1. Make sure guest login is on.
      2. Create a course C1 which does not allow guest access (take note of its course ID). Optionally, add some course events.
      3. Create a course C2 which allows guest access (take note of its course ID). Optionally, add some course events.
      4. Create a student s1.
      5. Enrol s1 to C1.
      Note

      Test on each of the following pages:

      • calendar/event.php
      • calendar/export.php
      • calendar/managesubscriptions.php
      • calendar/view.php
      Site calendar
      1. Make sure you are not logged in.
      2. Enter the calendar page's URL into the browser's address bar.
        • Confirm that your are redirected to the login page.
      3. Login as guest.
        • Confirm that you are redirected to the appropriate calendar page in the site level.
      4. Enter the calendar page's URL into the browser's address bar.
      5. Login as s1.
        • Confirm that you are redirected to the appropriate calendar page in the site level.
      Course calendar
      1. Make sure you are not logged in.
      2. Enter the calendar page's URL into the browser's address bar. This time, add a nonexistent course ID to the URL parameter (e.g. calendar/event.php?course=[COURSEID]).
        • Confirm that you get an error about the nonexistent course.
      3. Enter the calendar page's URL into the browser's address bar. This time, add C1's course ID to the URL parameter.
        • Confirm that your are redirected to the login page.
      4. Login as a guest.
        • Confirm that your are redirected to the C1's enrolment options page with a message saying that "Guests cannot access this course. Please log in."
      5. Login as s1.
        • Confirm that you are redirected to the appropriate calendar page in C1's context.
      6. Enter the calendar page's URL into the browser's address bar. This time, add C2's course ID to the URL parameter.
      7. Login as a guest
        • Confirm that you are redirected to the appropriate calendar page in C2's context. (You might not be able to see/export the related calendar events for C2 though since only enrolled students can see the course's calendar events)
      Show
      Setup Make sure guest login is on. Create a course C1 which does not allow guest access (take note of its course ID). Optionally, add some course events. Create a course C2 which allows guest access (take note of its course ID). Optionally, add some course events. Create a student s1. Enrol s1 to C1. Note Test on each of the following pages: calendar/event.php calendar/export.php calendar/managesubscriptions.php calendar/view.php Site calendar Make sure you are not logged in. Enter the calendar page's URL into the browser's address bar. Confirm that your are redirected to the login page. Login as guest. Confirm that you are redirected to the appropriate calendar page in the site level. Enter the calendar page's URL into the browser's address bar. Login as s1. Confirm that you are redirected to the appropriate calendar page in the site level. Course calendar Make sure you are not logged in. Enter the calendar page's URL into the browser's address bar. This time, add a nonexistent course ID to the URL parameter (e.g. calendar/event.php?course= [COURSEID] ). Confirm that you get an error about the nonexistent course. Enter the calendar page's URL into the browser's address bar. This time, add C1's course ID to the URL parameter. Confirm that your are redirected to the login page. Login as a guest. Confirm that your are redirected to the C1's enrolment options page with a message saying that " Guests cannot access this course. Please log in. " Login as s1. Confirm that you are redirected to the appropriate calendar page in C1's context. Enter the calendar page's URL into the browser's address bar. This time, add C2's course ID to the URL parameter. Login as a guest Confirm that you are redirected to the appropriate calendar page in C2's context. (You might not be able to see/export the related calendar events for C2 though since only enrolled students can see the course's calendar events)
    • Affected Branches:
      MOODLE_25_STABLE, MOODLE_29_STABLE, MOODLE_32_STABLE, MOODLE_33_STABLE, MOODLE_34_STABLE
    • Fixed Branches:
      MOODLE_32_STABLE, MOODLE_33_STABLE
    • Pull Master Branch:
      MDL-40818-master

      Description

      It is possible for a non logged-in user to access the calendar export page ([moodle root]/calendar/export.php).

      When the user tries to export the calendar, or retrieve the calendar URL, Moodle returns the error "invalid authentication" (on an otherwise empty page) instead of requesting the user login.

      Steps to reproduce

      1. Ensure you are not logged in to the Moodle site (not even with guest access)
      2. Navigate to the calendar export page ([moodle root]/calendar/export.php)
      3. Select "Export"

      Expected outcome

      • Redirected to a login form, before being returned to the export page; or
      • A better error message in a standard Moodle page.

      Actual outcome

      • Otherwise empty page, with the error text "invalid authentication"

        Attachments

          Activity

            People

            • Votes:
              2 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Fix Release Date:
                10/Jul/17