Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-59511

Can't connect a system account to OAuth 2 services that do not provide email in userinfo

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide

      To obtain a userinfo "endpoint" that does not provide an email address, you can use fake_userinfo.json.

      Existing site

      1. Perform an upgrade.
      2. Confirm email field of the table {prefix}oauth2_system_account does not have NOT_NULL restriction .
      3. Add an issuer whose userinfo endpoint will not provide an email address (e.g. with a fake userinfo endpoint, see above).
      4. Verify that you can connect a system account and that its username is shown in the issuers table.
      5. Add an issuer that does provide an email address in userinfo.
      6. Verify that you can connect a system account to that issuer and that both username and email address show up in the issuers table.

      Fresh site

      1. Install a new Moodle.
      2. Make sure the email field in {prefix}oauth2_system_account does not have a NOT NULL restriction.
      Show
      To obtain a userinfo "endpoint" that does not provide an email address, you can use  fake_userinfo.json . Existing site Perform an upgrade. Confirm email field of the table {prefix}oauth2_system_account does not have NOT_NULL restriction . Add an issuer whose userinfo endpoint will not provide an email address (e.g. with a fake userinfo endpoint, see above). Verify that you can connect a system account and that its username is shown in the issuers table. Add an issuer that does provide an email address in userinfo. Verify that you can connect a system account to that issuer and that both username and email address show up in the issuers table. Fresh site Install a new Moodle. Make sure the email field in {prefix}oauth2_system_account does not have a NOT NULL restriction.
    • Affected Branches:
      MOODLE_33_STABLE, MOODLE_34_STABLE
    • Fixed Branches:
      MOODLE_33_STABLE
    • Pull Master Branch:
      MDL-59511-master-oauthsysmail

      Description

      Currently, both fields "username" and "email" are marked NOT NULL in lib/db/install.xml (https://github.com/moodle/moodle/blob/350700bf8b509f5269b0fefd34fec0d3d5393c99/lib/db/install.xml#L3519). However, there are OAuth 2 providers that do not require an email adress for their user accounts, which therefore cannot provide a reliable value in the corresponding field of a userinfo_endpoint. Both ownCloud and Nextcloud allow users to provide an email address, but this is not enforced e.g. when accounts are created by an admin manually (Try for yourself: Instant trial on https://demo.nextcloud.com/#short-term; Log in as admin//admin, click the Settings cog > Users and add a new user).

      (Partly related: Both services do not (yet) provide a userinfo endpoint, so I currently have to mock it – but as soon as they do, the email might not always be part of it  )

      I suggest that the email field can be NULL-able. I don't know of any services that do not provide a username, so that one can remain NOT NULL imo.

        Attachments

        1. 0001-bad-patch-allow-email-to-be-omitted-in-userinfo-resp.patch
          3 kB
          Jan Dageförde
        2. culprit.png
          24 kB
          Jan Dageförde
        3. fake_userinfo.json
          0.0 kB
          Jan Dageförde

          Issue Links

            Activity

              People

              Assignee:
              jan.dagefoerde Jan Dageförde
              Reporter:
              jan.dagefoerde Jan Dageförde
              Peer reviewer:
              Simey Lameze
              Integrator:
              David Monllaó
              Tester:
              Jake Dallimore
              Participants:
              Component watchers:
              Andrew Nicols, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze, Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias
              Votes:
              8 Vote for this issue
              Watchers:
              12 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                11/Sep/17