Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-59737

Moodle backups should use a non existent domain when anonymizing users

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.3.1
    • Fix Version/s: 3.2.5, 3.3.2
    • Component/s: Backup
    • Labels:
    • Testing Instructions:
      Hide
      Test 1
      1. Before patch
      2. Create a course with a few activities.
      3. Enrol a user as a student.
      4. Create a backup with with 'users', 'anonymize users' and 'user data' (for all activities) selected.
      5. Restore this course, creating a new course and including the user data.
      6. Restore the course a second time, again creating a new course and including the user data
      7. Upgrade
      8. Restore the backup you created and ensure all is fine, without any complaints about user conflicts. Any activities with user data should still have that data, but the users should all be anonymised versions.
      Test 2
      1. Create a course with a few activities.
      2. Enrol a user as a student.
      3. Create a backup with with 'users', 'anonymize users' and 'user data' (for all activities) selected.
      4. Restore this course, creating a new course and including the user data.
      5. Restore the course a second time, again creating a new course and including the user data and ensure all is fine, without any complaints about user conflicts. Any activities with user data should still have that data, but the users should all be anonymised versions.
      Show
      Test 1 Before patch Create a course with a few activities. Enrol a user as a student. Create a backup with with 'users', 'anonymize users' and 'user data' (for all activities) selected. Restore this course, creating a new course and including the user data. Restore the course a second time, again creating a new course and including the user data Upgrade Restore the backup you created and ensure all is fine, without any complaints about user conflicts. Any activities with user data should still have that data, but the users should all be anonymised versions. Test 2 Create a course with a few activities. Enrol a user as a student. Create a backup with with 'users', 'anonymize users' and 'user data' (for all activities) selected. Restore this course, creating a new course and including the user data. Restore the course a second time, again creating a new course and including the user data and ensure all is fine, without any complaints about user conflicts. Any activities with user data should still have that data, but the users should all be anonymised versions.
    • Affected Branches:
      MOODLE_33_STABLE
    • Fixed Branches:
      MOODLE_32_STABLE, MOODLE_33_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-59737_master

      Description

      Currently it changes the email address to be anonx@doesntexist.com, where x is a numerical counting id.

      doesntexist.com is a real domain and appears to be registered to dyndns (at least from my amateur sleuthing).

      Instead something like anonx@moodle.invalid should be used as it is less likely to ever be a domain as .invalid is reserved by RFC2606 for use as an obvious example of an invalid domain.
      There could be a theoretical attack where the domain owner let the domain expire and a malicious actor picks up the domain and has a catchall email address and attempts to reset passwords for the restored accounts.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  11/Sep/17