Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-59012

Unable to confirm linked login - required parameter (username) was missing

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide

      Testing difficulty: semi-hard, requires custom server with public URL and emailing working, OAuth2 SSO configured and ability to check raw SMTP email contents.

      Test 1 - confirming a new account

      1. Set up a server with OAuth2 authentication enabled (e.g. allow auth via Google)
      2. Do NOT prevent account creation when authenticating (authpreventaccountcreation)
      3. Attempt to register as a new user via OAuth2
      4. TEST: Check the new account confirmation email. It consists of two mimeparts - one text/plain and one text/html. Make sure that the plain text part has the confirmation URL without & and only the html part has the URL encoded.

      Test 2 - confirming the linked login

      1. Set up a server with OAuth2 authentication enabled (e.g. allow auth via Google)
      2. Prevent account creation when authenticating (authpreventaccountcreation)
      3. Register a new user manually, set her/his email address to the one you want to use for SSO
      4. Log in as the new user via normal Moodle password, do NOT link anything yet
      5. Log out
      6. On the login screen, attempt to log in via OAuth2 SSO
      7. TEST: Check the linked login confirmation email. It consists of two mimeparts - one text/plain and one text/html. Make sure that the plain text part has the confirmation URL without & and only the html part has the URL encoded.
      Show
      Testing difficulty: semi-hard, requires custom server with public URL and emailing working, OAuth2 SSO configured and ability to check raw SMTP email contents. Test 1 - confirming a new account Set up a server with OAuth2 authentication enabled (e.g. allow auth via Google) Do NOT prevent account creation when authenticating (authpreventaccountcreation) Attempt to register as a new user via OAuth2 TEST: Check the new account confirmation email. It consists of two mimeparts - one text/plain and one text/html. Make sure that the plain text part has the confirmation URL without & and only the html part has the URL encoded. Test 2 - confirming the linked login Set up a server with OAuth2 authentication enabled (e.g. allow auth via Google) Prevent account creation when authenticating (authpreventaccountcreation) Register a new user manually, set her/his email address to the one you want to use for SSO Log in as the new user via normal Moodle password, do NOT link anything yet Log out On the login screen, attempt to log in via OAuth2 SSO TEST: Check the linked login confirmation email. It consists of two mimeparts - one text/plain and one text/html. Make sure that the plain text part has the confirmation URL without & and only the html part has the URL encoded.
    • Affected Branches:
      MOODLE_33_STABLE
    • Fixed Branches:
      MOODLE_33_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-59012-master-linkurl

      Description

      The OAuth2 link login confirmation email contains invalid confirm URL. When clicking on it, an error is raised:

      A required parameter (username) was missing
      

      The URL in the email has the ampersand escaped in the query parameters, e.g.:

      https://moodle.site.com/auth/oauth2/confirm-linkedlogin.php?token=blahblah&userid=27&username=foobar%40gmail.com&issuerid=4
      

      which is invalid in plain text emails.

        Attachments

          Activity

            People

            Assignee:
            mudrd8mz David Mudrák (@mudrd8mz)
            Reporter:
            mudrd8mz David Mudrák (@mudrd8mz)
            Peer reviewer:
            Ankit Agarwal
            Integrator:
            Jun Pataleta
            Tester:
            Andrew Nicols
            Participants:
            Component watchers:
            Andrew Nicols, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze, Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Fix Release Date:
              10/Jul/17