Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-52017

Self enrol password policies not always observed

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 2.8.8, 2.9
    • 2.9.4, 3.0.2
    • Enrolments
    • MOODLE_28_STABLE, MOODLE_29_STABLE
    • MOODLE_29_STABLE, MOODLE_30_STABLE
    • MDL-52017_master
    • Hide
      1. Ensure you have a password policy on your site ('Site administration' > 'Security' > 'Site policies').
      2. Visit the settings for the self enrolment plugin ('Site administration' > 'Plugins' > 'Enrolments' > 'Self enrolment') and ensure 'usepasswordpolicy' and 'requirepassword' are disabled (may want to keep this in another tab as you will be visiting this page again).
      3. Visit the 'Enrolment methods' page for a course ('Course administration' > 'Users' > 'Enrolment methods').
      4. Add a 'Self enrolment' instance (if there currently is one delete it first).
      5. Set the 'Enrolment key' to '123'.
      6. Check that you can add it.
      7. Disable it via the eye icon on the 'Enrolment methods' page.
      8. Check that you can re-enable it via the eye icon.
      9. Visit the settings for the self enrolment plugin and enable 'usepasswordpolicy' and ensure 'requirepassword' is disabled.
      10. Edit the 'Self enrolment' instance and set 'Allow existing enrolments' to 'Yes' and leave the 'Enrolment key' as '123' (they should already be like that) and ensure you can save successfully.
      11. Disable it via the eye icon on the 'Enrolment methods' page.
      12. Check that you can not re-enable the self enrolment instance via the eye icon.
      13. Edit the 'Self enrolment' instance and set 'Allow existing enrolments' to 'Yes' and leave the 'Enrolment key' as '123'.
      14. Confirm that you get a warning saying the enrolment key does not meet the password policy.
      15. Set the 'Enrolment key' value to empty and ensure you can save the form.
      16. Disable it via the eye icon on the 'Enrolment methods' page.
      17. Check that you can re-enable it via the eye icon.
      18. Re-visit the settings for the self enrolment plugin and enable 'requirepassword'.
      19. Edit the 'Self enrolment' instance and set 'Allow existing enrolments' to 'Yes' and leave the 'Enrolment key' empty (they should already be like that) and ensure you can save successfully.
      20. Re-visit the 'Enrolment methods' page for the course.
      21. Disable it via the eye icon on the 'Enrolment methods' page.
      22. Check that you can not enable the self enrolment instance via the eye icon.
      23. Edit the self enrolment instance.
      24. Set 'Allow existing enrolments' to 'Yes' and try to save without an 'Enrolment key' entered.
      25. Confirm that you get a warning saying the enrolment key is required.
      26. Enter an enrolment key that does not match the password policy.
      27. Confirm that you get a warning saying the enrolment key does not meet the password policy.
      28. Enter an enrolment key that does fit it and confirm you can save successfully.
      29. Edit the self enrolment instance.
      30. Set the 'Allow existing enrolments' to 'No' and confirm that you can set the 'Enrolment key' to a password that does not meet the criteria and save successfully.
      31. Edit the self enrolment instance.
      32. Set the 'Allow existing enrolments' to 'No' and confirm that you can set the 'Enrolment key' to empty and save successfully.
      Show
      Ensure you have a password policy on your site ('Site administration' > 'Security' > 'Site policies'). Visit the settings for the self enrolment plugin ('Site administration' > 'Plugins' > 'Enrolments' > 'Self enrolment') and ensure 'usepasswordpolicy' and 'requirepassword' are disabled (may want to keep this in another tab as you will be visiting this page again). Visit the 'Enrolment methods' page for a course ('Course administration' > 'Users' > 'Enrolment methods'). Add a 'Self enrolment' instance (if there currently is one delete it first). Set the 'Enrolment key' to '123'. Check that you can add it. Disable it via the eye icon on the 'Enrolment methods' page. Check that you can re-enable it via the eye icon. Visit the settings for the self enrolment plugin and enable 'usepasswordpolicy' and ensure 'requirepassword' is disabled. Edit the 'Self enrolment' instance and set 'Allow existing enrolments' to 'Yes' and leave the 'Enrolment key' as '123' (they should already be like that) and ensure you can save successfully. Disable it via the eye icon on the 'Enrolment methods' page. Check that you can not re-enable the self enrolment instance via the eye icon. Edit the 'Self enrolment' instance and set 'Allow existing enrolments' to 'Yes' and leave the 'Enrolment key' as '123'. Confirm that you get a warning saying the enrolment key does not meet the password policy. Set the 'Enrolment key' value to empty and ensure you can save the form. Disable it via the eye icon on the 'Enrolment methods' page. Check that you can re-enable it via the eye icon. Re-visit the settings for the self enrolment plugin and enable 'requirepassword'. Edit the 'Self enrolment' instance and set 'Allow existing enrolments' to 'Yes' and leave the 'Enrolment key' empty (they should already be like that) and ensure you can save successfully. Re-visit the 'Enrolment methods' page for the course. Disable it via the eye icon on the 'Enrolment methods' page. Check that you can not enable the self enrolment instance via the eye icon. Edit the self enrolment instance. Set 'Allow existing enrolments' to 'Yes' and try to save without an 'Enrolment key' entered. Confirm that you get a warning saying the enrolment key is required. Enter an enrolment key that does not match the password policy. Confirm that you get a warning saying the enrolment key does not meet the password policy. Enter an enrolment key that does fit it and confirm you can save successfully. Edit the self enrolment instance. Set the 'Allow existing enrolments' to 'No' and confirm that you can set the 'Enrolment key' to a password that does not meet the criteria and save successfully. Edit the self enrolment instance. Set the 'Allow existing enrolments' to 'No' and confirm that you can set the 'Enrolment key' to empty and save successfully.

    Description

      1. Visit 'Site administration' -> 'Security' -> 'Site policies' and enable 'passwordpolicy'.
      2. In admin settings for the self enrolment plugin enable both requirepassword and usepasswordpolicy.
      3. Go to any course and enable self enrolments.
      4. Edit the enrolment pugin settings and fulfill the password policy.
      5. Disable the self enrolment plugin via the 'Enrolment methods' page.
      6. Edit it again and change the password to "1234" (not fulfilling the policy). Policy is not checked.
      7. Enable it again. Done, you've a course with a password not observing the policy.

      Attachments

        Issue Links

          Discovered while testing

          Bug - A problem which impairs or prevents Moodle from functioning correctly. MDL-51889 Guest enrol password policies not always observed

          • Major - Major loss of function, incorrect output
          • Closed
          has been marked as being related by

          Bug - A problem which impairs or prevents Moodle from functioning correctly. MDL-39352 Group settings - enrolment key does not comply password policy

          • Minor - Minor loss of function where workaround is possible
          • Closed

          Activity

            People

              markn Mark Nelson
              markn Mark Nelson
              cameron1729 cameron1729
              David Monllaó David Monllaó
              Rajesh Taneja Rajesh Taneja
              David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                11/Jan/16