Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-51889

Guest enrol password policies not always observed

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide
      Test 1 (master and 3.0 only)
      1. Ensure you have a password policy on your site ('Site administration' > 'Security' > 'Site policies').
      2. Visit the settings for the guest enrolment plugin ('Site administration' > 'Plugins' > 'Enrolments' > 'Guest access') and ensure 'usepasswordpolicy' and 'requirepassword' are disabled (may want to keep this in another tab as you will be visiting this page again).
      3. Visit the 'Enrolment methods' page for a course ('Course administration' > 'Users' > 'Enrolment methods').
      4. Add a 'Guest access' enrolment instance (if there currently is one delete it first).
      5. Set 'Allow guest access' to 'Yes' and the password '123' and ensure you can save successfully.
      6. Disable it via the eye icon on the 'Enrolment methods' page.
      7. Check that you can re-enable it via the eye icon.
      8. Visit the settings for the guest enrolment plugin and enable 'usepasswordpolicy' and ensure 'requirepassword' is disabled.
      9. Edit the 'Guest access' instance and set 'Allow guest access' to 'Yes' and leave the 'Password' as '123' (they should already be set to those values) and ensure you can save successfully.
      10. Disable it via the eye icon on the 'Enrolment methods' page.
      11. Check that you can not re-enable the guest instance via the eye icon.
      12. Edit the 'Guest access' instance and set 'Allow guest access' to 'Yes' and leave the 'Password' as '123' (the password should already be set to that value).
      13. Confirm that you get a warning saying the password does not meet the password policy.
      14. Set the password to empty.
      15. Ensure you can save the form.
      16. Disable it via the eye icon on the 'Enrolment methods' page.
      17. Check that you can re-enable it via the eye icon.
      18. Re-visit the settings for the guest enrolment plugin and enable 'requirepassword'.
      19. Edit the 'Guest access' instance and set 'Allow guest' to 'Yes' and leave the 'Password' empty (they should already be like that) and ensure you can save successfully.
      20. Disable it via the eye icon on the 'Enrolment methods' page.
      21. Check that you can not enable guest access via the eye icon.
      22. Edit the guest enrolment instance.
      23. Set 'Allow guest access' to 'Yes' and try to save without a password entered.
      24. Confirm that you get a warning saying the password is required.
      25. Enter a password that does not match the password policy.
      26. Confirm that you get a warning saying the password does not meet the password policy.
      27. Enter a password that does fit it and confirm you can save successfully.
      28. Edit the 'Guest access' instance.
      29. Set the 'Allow guest access' to 'No' and confirm that you can set the 'Password' to a password that does not meet the criteria and save successfully.
      30. Edit the 'Guest access' instance.
      31. Set the 'Allow guest access' to 'No' and confirm that you can set the 'Password' to empty and save successfully.
      Test 2 (2.9 only)
      1. Ensure you have a password policy on your site.
      2. Visit the settings for the guest enrolment plugin and ensure 'usepasswordpolicy' and 'requirepassword' are disabled (may want to keep this in another tab as you will be visiting this page again).
      3. Create a new course and set 'Allow guest access' to 'Yes' and add the password '123' - check there are no warnings.
      4. Visit the 'Enrolment methods' page for the course (may want to keep this in another tab as you will be visiting this page again).
      5. Disable the guest enrolment instance via the eye icon on the 'Enrolment methods' page.
      6. Check that you can re-enable it via the eye icon.
      7. Visit the settings for the guest enrolment plugin and enable 'usepasswordpolicy' and ensure 'requirepassword' is disabled.
      8. Edit the course and set 'Allow guest access' to 'Yes' and leave the 'Password' as '123' (they should already be set to those values) and ensure you can save successfully.
      9. Visit the 'Enrolment methods' page for the course.
      10. Disable it via the eye icon on the 'Enrolment methods' page.
      11. Check that you can not re-enable the guest instance via the eye icon.
      12. Visit the course settings and set 'Allow guest access' to 'Yes' and leave the password as it is.
      13. Check that when you save the form you are told the password does not meet the criteria.
      14. Set the password to empty.
      15. Check that you can now save it.
      16. Disable it via the eye icon on the 'Enrolment methods' page.
      17. Check that you can re-enable it via the eye icon.
      18. Visit the settings for the guest enrolment plugin and enable 'requirepassword'.
      19. Edit the course and set 'Allow guest access' to 'Yes' and leave the 'Password' empty (they should already be set to those values) and ensure you can save successfully.
      20. Visit the 'Enrolment methods' page for the course.
      21. Disable it via the eye icon on the 'Enrolment methods' page.
      22. Check that you can not re-enable the guest instance via the eye icon.
      23. Visit the settings page for the course and confirm that when you try to save the course with 'Allow guest access' set to 'Yes' and the password as empty you get a warning saying the password is required.
      24. Enter a password that does not match the password policy.
      25. Confirm that you get a warning saying the password does not meet the password policy.
      26. Enter a password that does fit it and confirm you can save successfully.
      27. Edit the course.
      28. Set the 'Password' to a password that does not meet the criteria and then set 'Allow guest access' to 'No' (have to do this after otherwise password field gets disabled) and save successfully.
      29. Edit the course.
      30. Set the 'Password' to empty and then set 'Allow guest access' to 'No' (have to do this after otherwise password field gets disabled) and save successfully.
      Show
      Test 1 (master and 3.0 only) Ensure you have a password policy on your site ('Site administration' > 'Security' > 'Site policies'). Visit the settings for the guest enrolment plugin ('Site administration' > 'Plugins' > 'Enrolments' > 'Guest access') and ensure 'usepasswordpolicy' and 'requirepassword' are disabled (may want to keep this in another tab as you will be visiting this page again). Visit the 'Enrolment methods' page for a course ('Course administration' > 'Users' > 'Enrolment methods'). Add a 'Guest access' enrolment instance (if there currently is one delete it first). Set 'Allow guest access' to 'Yes' and the password '123' and ensure you can save successfully. Disable it via the eye icon on the 'Enrolment methods' page. Check that you can re-enable it via the eye icon. Visit the settings for the guest enrolment plugin and enable 'usepasswordpolicy' and ensure 'requirepassword' is disabled. Edit the 'Guest access' instance and set 'Allow guest access' to 'Yes' and leave the 'Password' as '123' (they should already be set to those values) and ensure you can save successfully. Disable it via the eye icon on the 'Enrolment methods' page. Check that you can not re-enable the guest instance via the eye icon. Edit the 'Guest access' instance and set 'Allow guest access' to 'Yes' and leave the 'Password' as '123' (the password should already be set to that value). Confirm that you get a warning saying the password does not meet the password policy. Set the password to empty. Ensure you can save the form. Disable it via the eye icon on the 'Enrolment methods' page. Check that you can re-enable it via the eye icon. Re-visit the settings for the guest enrolment plugin and enable 'requirepassword'. Edit the 'Guest access' instance and set 'Allow guest' to 'Yes' and leave the 'Password' empty (they should already be like that) and ensure you can save successfully. Disable it via the eye icon on the 'Enrolment methods' page. Check that you can not enable guest access via the eye icon. Edit the guest enrolment instance. Set 'Allow guest access' to 'Yes' and try to save without a password entered. Confirm that you get a warning saying the password is required. Enter a password that does not match the password policy. Confirm that you get a warning saying the password does not meet the password policy. Enter a password that does fit it and confirm you can save successfully. Edit the 'Guest access' instance. Set the 'Allow guest access' to 'No' and confirm that you can set the 'Password' to a password that does not meet the criteria and save successfully. Edit the 'Guest access' instance. Set the 'Allow guest access' to 'No' and confirm that you can set the 'Password' to empty and save successfully. Test 2 (2.9 only) Ensure you have a password policy on your site. Visit the settings for the guest enrolment plugin and ensure 'usepasswordpolicy' and 'requirepassword' are disabled (may want to keep this in another tab as you will be visiting this page again). Create a new course and set 'Allow guest access' to 'Yes' and add the password '123' - check there are no warnings. Visit the 'Enrolment methods' page for the course (may want to keep this in another tab as you will be visiting this page again). Disable the guest enrolment instance via the eye icon on the 'Enrolment methods' page. Check that you can re-enable it via the eye icon. Visit the settings for the guest enrolment plugin and enable 'usepasswordpolicy' and ensure 'requirepassword' is disabled. Edit the course and set 'Allow guest access' to 'Yes' and leave the 'Password' as '123' (they should already be set to those values) and ensure you can save successfully. Visit the 'Enrolment methods' page for the course. Disable it via the eye icon on the 'Enrolment methods' page. Check that you can not re-enable the guest instance via the eye icon. Visit the course settings and set 'Allow guest access' to 'Yes' and leave the password as it is. Check that when you save the form you are told the password does not meet the criteria. Set the password to empty. Check that you can now save it. Disable it via the eye icon on the 'Enrolment methods' page. Check that you can re-enable it via the eye icon. Visit the settings for the guest enrolment plugin and enable 'requirepassword'. Edit the course and set 'Allow guest access' to 'Yes' and leave the 'Password' empty (they should already be set to those values) and ensure you can save successfully. Visit the 'Enrolment methods' page for the course. Disable it via the eye icon on the 'Enrolment methods' page. Check that you can not re-enable the guest instance via the eye icon. Visit the settings page for the course and confirm that when you try to save the course with 'Allow guest access' set to 'Yes' and the password as empty you get a warning saying the password is required. Enter a password that does not match the password policy. Confirm that you get a warning saying the password does not meet the password policy. Enter a password that does fit it and confirm you can save successfully. Edit the course. Set the 'Password' to a password that does not meet the criteria and then set 'Allow guest access' to 'No' (have to do this after otherwise password field gets disabled) and save successfully. Edit the course. Set the 'Password' to empty and then set 'Allow guest access' to 'No' (have to do this after otherwise password field gets disabled) and save successfully.
    • Affected Branches:
      MOODLE_30_STABLE
    • Fixed Branches:
      MOODLE_29_STABLE, MOODLE_30_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-51889_master

      Description

      Testing MDL-30674 came to this workaround allowing you to bypass the password policy when enabling guest enrolment instances. Maybe the same applies to other plugins too (and to older branches of them):

      • In admin settings, for guest enrolment plugin, enable both requirepassword and usepasswordpolicy.
      • Go to any course and enable guest enrolments editing it and fulfilling the password policy.
      • Edit it again, set allow to NO and change the password to "1234" (not fulfilling the policy). Policy is not checked.
      • Enable it from the eye. Done, you've a course with a password not observing the policy.

      For your consideration, ciao

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  11/Jan/16