Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-48873

Wrong redirection when wrong login infos using CAS auth method with multiauth setting

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.6.7, 2.7.4, 2.8.2, 2.9
    • Fix Version/s: 2.7.5, 2.8.3
    • Component/s: Authentication
    • Labels:
    • Testing Instructions:
      Hide

      Prerequisites:

      • You need to have CAS server (SSO) authentication method enabled with the setting "Multi-authentication" set to "yes"
      • You need two account. One using CAS authentication method, one using manual authentication method.
      • You can use our VM on the server, and follow the testing instructions of MDL-40805 to setup your moodle/CAS connection.

      Testing instructions:

      • As the manual account, go to login/index.php. You should see the double auth method page.
      • Go to login/index.php?authCAS=NOCAS You should see the normal authentication page.
      • Connect with this the manual user but with a wrong password and click login
      • You should stay on the same login page and see an error message
        Connect with this the manual user but with a good password and click login. All should be OK.
      • Disconnect yourself
      • Go to login/index.php. You should see the double auth method page.
      • Connect with the CAS auth method using the CAS user. All should be OK.
      Show
      Prerequisites: You need to have CAS server (SSO) authentication method enabled with the setting "Multi-authentication" set to "yes" You need two account. One using CAS authentication method, one using manual authentication method. You can use our VM on the server, and follow the testing instructions of MDL-40805 to setup your moodle/CAS connection. Testing instructions: As the manual account, go to login/index.php. You should see the double auth method page. Go to login/index.php?authCAS=NOCAS You should see the normal authentication page. Connect with this the manual user but with a wrong password and click login You should stay on the same login page and see an error message Connect with this the manual user but with a good password and click login. All should be OK. Disconnect yourself Go to login/index.php. You should see the double auth method page. Connect with the CAS auth method using the CAS user. All should be OK.
    • Affected Branches:
      MOODLE_26_STABLE, MOODLE_27_STABLE, MOODLE_28_STABLE, MOODLE_29_STABLE
    • Fixed Branches:
      MOODLE_27_STABLE, MOODLE_28_STABLE
    • Pull Master Branch:
      MDL-48873_master

      Description

      Prerequisites:

      • You need to have CAS server (SSO) authentication method enabled with the setting "Multi-authentication" set to "yes"
      • You need one account using manual authentication method.

      To reproduce:

      • As the manual account, go to login/index.php. You should see the double auth method page.
      • Go to login/index.php?authCAS=NOCAS You should see the normal authentication page.
      • Connect with this the manual user but with a wrong password and click login

      Expected: stay on the same login page and see an error message
      Actual: Redirected on the index.php page with the double authentication message.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Fix Release Date:
                2/Feb/15