Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-40848

Improve verification when connecting to open badges backpack

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.5.1
    • Fix Version/s: 2.5.3
    • Component/s: Badges
    • Labels:
    • Testing Instructions:
      Hide

      Connecting to a backpack

      1. Create an account at http://backpack.openbadges.org/backpack/login.
      2. Login to Moodle
      3. Click My profile settings > Badges > Backpack settings
      4. Click "sign in with your Email"
      5. Enter the email you used in step 1 and sign in.

      What should happen

      The Status should show "Connecting…" then reload and display "Connected". The email address you entered should be displayed under "Email address". Any badge collections in your backpack should be available to import.

      Testing error handling

      • Turn off javascript before visiting the "Backpack settings" page. You should get a message indicating javascript is required.
      • Close the login dialog before completing the login process. You should get an error message.
      • Create a persona account at persona.org but don't link it to a backpack. Then try and connect using that account. You should be able to login but should get an error when it tries to connect.
      • In badges/backpackconnect.php L57 change 'TIMEOUT' to 'TIMEOUT_MS' then try to login. You should get a message indicating your connection attempt failed due to a timeout.
      Show
      Connecting to a backpack Create an account at http://backpack.openbadges.org/backpack/login . Login to Moodle Click My profile settings > Badges > Backpack settings Click "sign in with your Email" Enter the email you used in step 1 and sign in. What should happen The Status should show "Connecting…" then reload and display "Connected". The email address you entered should be displayed under "Email address". Any badge collections in your backpack should be available to import. Testing error handling Turn off javascript before visiting the "Backpack settings" page. You should get a message indicating javascript is required. Close the login dialog before completing the login process. You should get an error message. Create a persona account at persona.org but don't link it to a backpack. Then try and connect using that account. You should be able to login but should get an error when it tries to connect. In badges/backpackconnect.php L57 change 'TIMEOUT' to 'TIMEOUT_MS' then try to login. You should get a message indicating your connection attempt failed due to a timeout.
    • Affected Branches:
      MOODLE_25_STABLE
    • Fixed Branches:
      MOODLE_25_STABLE
    • Pull Master Branch:
      MDL-40848_master

      Description

      Currently when a user connects to a backpack they only need to provide the email address of a backpack owner and the badges will be pulled in and displayed in their profile. There is no confirmation that the backpack belongs to the user.

      To an extent this is a limitation of the badges infrastructure, and since users may use a different email address in their backpack to their Moodle email there is no easy way to check that the user owns the backpack.

      I posted to the open badges forums about it here:

      https://groups.google.com/forum/#!topic/openbadges-dev/fHFvEQCXyYU

      Francois from Mozilla suggested we could validate them using Persona and I even implemented a proof of concept that does work, but it would require the user to sign up for Persona, and have javascript and 3rd party cookies enabled for it to function.

      On the other hand pushing a badge to a backpack already requires all of those things so perhaps it is acceptable?

        Attachments

        1. master_MDL-40848_v1.patch
          265 kB
        2. master_MDL-40848_v2.patch
          265 kB
        3. MDL-40848_proof_of_concept.patch
          3 kB
        4. persona_sign_in_black.png
          persona_sign_in_black.png
          3 kB
        5. persona login UI.png
          persona login UI.png
          102 kB

          Issue Links

            Activity

              People

              Assignee:
              simoncoggins Simon Coggins
              Reporter:
              simoncoggins Simon Coggins
              Peer reviewer:
              Dan Poltawski
              Integrator:
              Sam Hemelryk
              Tester:
              Mark Nelson
              Participants:
              Component watchers:
              Yuliya Bozhko, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Ilya Tregubov, Sara Arjona (@sarjona)
              Votes:
              2 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                11/Nov/13