Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-58439

Admin pages login as guest and then throw Access denied error (should prompt for login) require_admin()

    XMLWordPrintable

Details

    • MOODLE_31_STABLE, MOODLE_32_STABLE, MOODLE_33_STABLE, MOODLE_37_STABLE
    • MOODLE_38_STABLE
    • MDL-58439-admin-no-guest
    • Hide
      1. Enable auto-login guest (Site administration > Users > Permissions > User policies - Auto-login guests).
      2. Now visit each of these admin pages. You should be prompted to login and not get an access issue:
        • admin/search.php
        • admin/plugins.php
        • admin/qbehaviours.php
        • admin/qtypes.php
        • admin/roles/manage.php
        • admin/roles/usersroles.php?userid=2&courseid=2 (This will redirect you to enrol in the course and not to login) You will also be logged in as a guest and will need to log in as a user and then log out to get back to the original logged out state)
        • admin/tasklogs.php
        • admin/timezone.php
        • admin/tool/monitor/managerules.php
        • admin/tool/oauth2/issuers.php
        • admin/tool/task/scheduledtasks.php
      Show
      Enable auto-login guest (Site administration > Users > Permissions > User policies - Auto-login guests). Now visit each of these admin pages. You should be prompted to login and not get an access issue: admin/search.php admin/plugins.php admin/qbehaviours.php admin/qtypes.php admin/roles/manage.php admin/roles/usersroles.php?userid=2&courseid=2 (This will redirect you to enrol in the course and not to login) You will also be logged in as a guest and will need to log in as a user and then log out to get back to the original logged out state) admin/tasklogs.php admin/timezone.php admin/tool/monitor/managerules.php admin/tool/oauth2/issuers.php admin/tool/task/scheduledtasks.php

    Description

      If you are not logged in and you deep link to almost any admin page, then instead of getting prompted to login, you instead get automatically logged in as a guest and then get an error. With debugging on it looks like this:

       
      Access denied

      More information about this error
      ×Debug info:
      Error code: accessdenied
      ×Stack trace: * line 496 of /lib/setuplib.php: moodle_exception thrown

      • line 7655 of /lib/adminlib.php: call to print_error()
      • line 12 of /admin/auth_config.php: call to admin_externalpage_setup()
         

      These should instead just send you directly to the login page as everyone would expect.

      Attachments

        Issue Links

          caused a regression

          Bug - A problem which impairs or prevents Moodle from functioning correctly. MDL-67523 For non-admin user the site administration categories are displayed as links that show errors

          • Minor - Minor loss of function where workaround is possible
          • Closed
          has been marked as being related by

          Improvement - An enhancement to an existing Moodle feature. MDL-66172 Add require_recent_login() for higher security pages

          • Minor - Minor loss of function where workaround is possible
          • Development in progress

          Activity

            People

              brendanheywood Brendan Heywood
              brendanheywood Brendan Heywood
              Dmitrii Metelkin Dmitrii Metelkin
              Adrian Greeve Adrian Greeve
              Anna Carissa Sadia Anna Carissa Sadia
              Votes:
              1 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                18/Nov/19

                Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 hour, 45 minutes
                  1h 45m