Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-58439

Admin pages login as guest and then throw Access denied error (should prompt for login) require_admin()

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide
      1. Enable auto-login guest (Site administration > Users > Permissions > User policies - Auto-login guests).
      2. Now visit each of these admin pages. You should be prompted to login and not get an access issue:
        • admin/search.php
        • admin/plugins.php
        • admin/qbehaviours.php
        • admin/qtypes.php
        • admin/roles/manage.php
        • admin/roles/usersroles.php?userid=2&courseid=2 (This will redirect you to enrol in the course and not to login) You will also be logged in as a guest and will need to log in as a user and then log out to get back to the original logged out state)
        • admin/tasklogs.php
        • admin/timezone.php
        • admin/tool/monitor/managerules.php
        • admin/tool/oauth2/issuers.php
        • admin/tool/task/scheduledtasks.php
      Show
      Enable auto-login guest (Site administration > Users > Permissions > User policies - Auto-login guests). Now visit each of these admin pages. You should be prompted to login and not get an access issue: admin/search.php admin/plugins.php admin/qbehaviours.php admin/qtypes.php admin/roles/manage.php admin/roles/usersroles.php?userid=2&courseid=2 (This will redirect you to enrol in the course and not to login) You will also be logged in as a guest and will need to log in as a user and then log out to get back to the original logged out state) admin/tasklogs.php admin/timezone.php admin/tool/monitor/managerules.php admin/tool/oauth2/issuers.php admin/tool/task/scheduledtasks.php
    • Affected Branches:
      MOODLE_31_STABLE, MOODLE_32_STABLE, MOODLE_33_STABLE, MOODLE_37_STABLE
    • Fixed Branches:
      MOODLE_38_STABLE
    • Pull Master Branch:
      MDL-58439-admin-no-guest

      Description

      If you are not logged in and you deep link to almost any admin page, then instead of getting prompted to login, you instead get automatically logged in as a guest and then get an error. With debugging on it looks like this:

       
      Access denied

      More information about this error
      ×Debug info:
      Error code: accessdenied
      ×Stack trace: * line 496 of /lib/setuplib.php: moodle_exception thrown

      • line 7655 of /lib/adminlib.php: call to print_error()
      • line 12 of /admin/auth_config.php: call to admin_externalpage_setup()
         

      These should instead just send you directly to the login page as everyone would expect.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              brendanheywood Brendan Heywood
              Reporter:
              brendanheywood Brendan Heywood
              Peer reviewer:
              Dmitrii Metelkin
              Integrator:
              Adrian Greeve
              Tester:
              Anna Carissa Sadia
              Participants:
              Component watchers:
              Andrew Nicols, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona)
              Votes:
              1 Vote for this issue
              Watchers:
              9 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                18/Nov/19

                  Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 hour, 45 minutes
                  1h 45m