[MDL-48873] Wrong redirection when wrong login infos using CAS auth method with multiauth setting - Moodle Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.6.7, 2.7.4, 2.8.2, 2.9
Fix Version/s: 2.7.5, 2.8.3
Component/s: Authentication
Labels:
- ci
- triaged

Affected Branches:
MOODLE_26_STABLE, MOODLE_27_STABLE, MOODLE_28_STABLE, MOODLE_29_STABLE
Fixed Branches:
MOODLE_27_STABLE, MOODLE_28_STABLE
Pull from Repository:
https://github.com/StudiUM/moodle.git
Pull Master Branch:
~~MDL-48873~~_master
Pull Master Diff URL:
https://github.com/StudiUM/moodle/compare/MDL-48873_master
Testing Instructions:
Hide

Prerequisites:

You need to have CAS server (SSO) authentication method enabled with the setting "Multi-authentication" set to "yes"

You need two account. One using CAS authentication method, one using manual authentication method.

You can use our VM on the server, and follow the testing instructions of ~~MDL-40805~~ to setup your moodle/CAS connection.

Testing instructions:

As the manual account, go to login/index.php. You should see the double auth method page.

Go to login/index.php?authCAS=NOCAS You should see the normal authentication page.

Connect with this the manual user but with a wrong password and click login

You should stay on the same login page and see an error message
Connect with this the manual user but with a good password and click login. All should be OK.

Disconnect yourself

Go to login/index.php. You should see the double auth method page.

Connect with the CAS auth method using the CAS user. All should be OK.
Show
Prerequisites: You need to have CAS server (SSO) authentication method enabled with the setting "Multi-authentication" set to "yes" You need two account. One using CAS authentication method, one using manual authentication method. You can use our VM on the server, and follow the testing instructions of MDL-40805 to setup your moodle/CAS connection. Testing instructions: As the manual account, go to login/index.php. You should see the double auth method page. Go to login/index.php?authCAS=NOCAS You should see the normal authentication page. Connect with this the manual user but with a wrong password and click login You should stay on the same login page and see an error message Connect with this the manual user but with a good password and click login. All should be OK. Disconnect yourself Go to login/index.php. You should see the double auth method page. Connect with the CAS auth method using the CAS user. All should be OK.

Description

Prerequisites:

You need to have CAS server (SSO) authentication method enabled with the setting "Multi-authentication" set to "yes"
You need one account using manual authentication method.

To reproduce:

As the manual account, go to login/index.php. You should see the double auth method page.
Go to login/index.php?authCAS=NOCAS You should see the normal authentication page.
Connect with this the manual user but with a wrong password and click login

Expected: stay on the same login page and see an error message
Actual: Redirected on the index.php page with the double authentication message.

Attachments

Activity

People

Assignee:: Gilles-Philippe Leblanc

Reporter:: Gilles-Philippe Leblanc

Peer reviewer:: Simey Lameze

Integrator:: Eloy Lafuente (stronk7)

Tester:: Rajesh Taneja

Participants:: Andrew Lyons, CiBoT, Eloy Lafuente (stronk7), Gilles-Philippe Leblanc, Rajesh Taneja, Simey Lameze

Component watchers:: David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 17/Jan/15 6:27 AM

Updated:: 23/Jan/15 6:31 PM

Resolved:: 23/Jan/15 6:31 PM

Fix Release Date:: 2/Feb/15