Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-40848

Improve verification when connecting to open badges backpack

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.5.1
    • Fix Version/s: 2.5.3
    • Component/s: Badges
    • Labels:
    • Testing Instructions:
      Hide

      Connecting to a backpack

      1. Create an account at http://backpack.openbadges.org/backpack/login.
      2. Login to Moodle
      3. Click My profile settings > Badges > Backpack settings
      4. Click "sign in with your Email"
      5. Enter the email you used in step 1 and sign in.

      What should happen

      The Status should show "Connecting…" then reload and display "Connected". The email address you entered should be displayed under "Email address". Any badge collections in your backpack should be available to import.

      Testing error handling

      • Turn off javascript before visiting the "Backpack settings" page. You should get a message indicating javascript is required.
      • Close the login dialog before completing the login process. You should get an error message.
      • Create a persona account at persona.org but don't link it to a backpack. Then try and connect using that account. You should be able to login but should get an error when it tries to connect.
      • In badges/backpackconnect.php L57 change 'TIMEOUT' to 'TIMEOUT_MS' then try to login. You should get a message indicating your connection attempt failed due to a timeout.
      Show
      Connecting to a backpack Create an account at http://backpack.openbadges.org/backpack/login . Login to Moodle Click My profile settings > Badges > Backpack settings Click "sign in with your Email" Enter the email you used in step 1 and sign in. What should happen The Status should show "Connecting…" then reload and display "Connected". The email address you entered should be displayed under "Email address". Any badge collections in your backpack should be available to import. Testing error handling Turn off javascript before visiting the "Backpack settings" page. You should get a message indicating javascript is required. Close the login dialog before completing the login process. You should get an error message. Create a persona account at persona.org but don't link it to a backpack. Then try and connect using that account. You should be able to login but should get an error when it tries to connect. In badges/backpackconnect.php L57 change 'TIMEOUT' to 'TIMEOUT_MS' then try to login. You should get a message indicating your connection attempt failed due to a timeout.
    • Affected Branches:
      MOODLE_25_STABLE
    • Fixed Branches:
      MOODLE_25_STABLE
    • Pull Master Branch:
      MDL-40848_master

      Description

      Currently when a user connects to a backpack they only need to provide the email address of a backpack owner and the badges will be pulled in and displayed in their profile. There is no confirmation that the backpack belongs to the user.

      To an extent this is a limitation of the badges infrastructure, and since users may use a different email address in their backpack to their Moodle email there is no easy way to check that the user owns the backpack.

      I posted to the open badges forums about it here:

      https://groups.google.com/forum/#!topic/openbadges-dev/fHFvEQCXyYU

      Francois from Mozilla suggested we could validate them using Persona and I even implemented a proof of concept that does work, but it would require the user to sign up for Persona, and have javascript and 3rd party cookies enabled for it to function.

      On the other hand pushing a badge to a backpack already requires all of those things so perhaps it is acceptable?

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Votes:
                  2 Vote for this issue
                  Watchers:
                  7 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Fix Release Date:
                    11/Nov/13