Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-59511

Can't connect a system account to OAuth 2 services that do not provide email in userinfo

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide

      To obtain a userinfo "endpoint" that does not provide an email address, you can use fake_userinfo.json.

      Existing site

      1. Perform an upgrade.
      2. Confirm email field of the table {prefix}oauth2_system_account does not have NOT_NULL restriction .
      3. Add an issuer whose userinfo endpoint will not provide an email address (e.g. with a fake userinfo endpoint, see above).
      4. Verify that you can connect a system account and that its username is shown in the issuers table.
      5. Add an issuer that does provide an email address in userinfo.
      6. Verify that you can connect a system account to that issuer and that both username and email address show up in the issuers table.

      Fresh site

      1. Install a new Moodle.
      2. Make sure the email field in {prefix}oauth2_system_account does not have a NOT NULL restriction.
      Show
      To obtain a userinfo "endpoint" that does not provide an email address, you can use  fake_userinfo.json . Existing site Perform an upgrade. Confirm email field of the table {prefix}oauth2_system_account does not have NOT_NULL restriction . Add an issuer whose userinfo endpoint will not provide an email address (e.g. with a fake userinfo endpoint, see above). Verify that you can connect a system account and that its username is shown in the issuers table. Add an issuer that does provide an email address in userinfo. Verify that you can connect a system account to that issuer and that both username and email address show up in the issuers table. Fresh site Install a new Moodle. Make sure the email field in {prefix}oauth2_system_account does not have a NOT NULL restriction.
    • Affected Branches:
      MOODLE_33_STABLE, MOODLE_34_STABLE
    • Fixed Branches:
      MOODLE_33_STABLE
    • Pull Master Branch:
      MDL-59511-master-oauthsysmail

      Description

      Currently, both fields "username" and "email" are marked NOT NULL in lib/db/install.xml (https://github.com/moodle/moodle/blob/350700bf8b509f5269b0fefd34fec0d3d5393c99/lib/db/install.xml#L3519). However, there are OAuth 2 providers that do not require an email adress for their user accounts, which therefore cannot provide a reliable value in the corresponding field of a userinfo_endpoint. Both ownCloud and Nextcloud allow users to provide an email address, but this is not enforced e.g. when accounts are created by an admin manually (Try for yourself: Instant trial on https://demo.nextcloud.com/#short-term; Log in as admin//admin, click the Settings cog > Users and add a new user).

      (Partly related: Both services do not (yet) provide a userinfo endpoint, so I currently have to mock it – but as soon as they do, the email might not always be part of it  )

      I suggest that the email field can be NULL-able. I don't know of any services that do not provide a username, so that one can remain NOT NULL imo.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                8 Vote for this issue
                Watchers:
                12 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  11/Sep/17