Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-60253

SecureToolURL is not used for automatic match, resulting in broken LTI links

    XMLWordPrintable

    Details

    • Database:
      Any
    • Testing Instructions:
      Hide

      Prerequisite - Create a preconfigured tool

      1. Expose your local Moodle instance over the internet using ngrok.
        1. Download and run ngrok

          ./ngrok http 80 --region=au
          

        2. Edit config.php and set "$CFG->wwwroot" using the "Forwarding" HTTP URL shown by ngrok.
      2. Log in as admin
      3. Go to site administration > plugins > activity modules > manage tools
      4. Add https://lti.tools/test/tp.php into the Tool URL input and click “Add”
      5. The tool should load in an iframe. Click on the “registration” button in the iframe.
      6. Select everything in the “enabled capabilities” and “tool services” select boxes and then click “Register tool”
      7. Click “Yes” when it asks for permission to activate the tool
      8. The tool should show up in the “Tools” list. Click on the edit cog on the tool.
      9. Copy the URL in the “Tool URL” section (this is used in the next section)

      Test

      1. Log in as admin
      2. Create a course
      3. Add a new “External tool” activity
        • Set “Preconfigured tool” to “Automatic, based on tool URL”
        • Click “show more”
        • Enter the tool URL (copied from above) in the secure Tool URL, verify the UI shows that a matching tool has been found
        • Save
      4. Click the external tool activity
      5. CONFIRM that the external tool is launched and loads in the iframe
      6. Backup the course and restore it into a new course
      7. Click on the external tool activity in the restored course
      8. CONFIRM that the external tool is launched and loads in the iframe
      Show
      Prerequisite - Create a preconfigured tool Expose your local Moodle instance over the internet using ngrok. Download and run ngrok ./ngrok http 80 --region=au Edit config.php and set " $CFG->wwwroot " using the " Forwarding " HTTP URL shown by ngrok. Log in as admin Go to site administration > plugins > activity modules > manage tools Add https://lti.tools/test/tp.php into the Tool URL input and click “Add” The tool should load in an iframe. Click on the “registration” button in the iframe. Select everything in the “enabled capabilities” and “tool services” select boxes and then click “Register tool” Click “Yes” when it asks for permission to activate the tool The tool should show up in the “Tools” list. Click on the edit cog on the tool. Copy the URL in the “Tool URL” section (this is used in the next section) Test Log in as admin Create a course Add a new “External tool” activity Set “Preconfigured tool” to “Automatic, based on tool URL” Click “show more” Enter the tool URL (copied from above) in the secure Tool URL, verify the UI shows that a matching tool has been found Save Click the external tool activity CONFIRM that the external tool is launched and loads in the iframe Backup the course and restore it into a new course Click on the external tool activity in the restored course CONFIRM that the external tool is launched and loads in the iframe
    • Workaround:
      Hide

      There is none that we could figure out outside of not using https for our tool

      Show
      There is none that we could figure out outside of not using https for our tool
    • Difficulty:
      Easy
    • Affected Branches:
      MOODLE_32_STABLE, MOODLE_33_STABLE, MOODLE_34_STABLE
    • Fixed Branches:
      MOODLE_33_STABLE, MOODLE_34_STABLE
    • Pull from Repository:
    • Pull Master Branch:
       master_MDL-60253

      Description

      When a link is not associated with a Tool Configuration, there will be an attempt do an association by URL match. This association is only looking for toolURL, not secureToolURL. This is a critical issue, in particular as long as MDL-34161 is not addressed as URL match is the only way to have functioning backup for now. The fix is also trivial.

      Here is short video showing the issue (1m40): http://www.claudeonthe.net/moodle/MDL-60253-securetoolurlmatch.mp4

        Attachments

          Activity

            People

            • Votes:
              2 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Fix Release Date:
                15/Jan/18