Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-61671

Admin mobile certificate check can return errors on valid certificate

    XMLWordPrintable

Details

    • MOODLE_311_STABLE, MOODLE_34_STABLE
    • MOODLE_311_STABLE
    • MDL-61671-311
    • MDL-61671-master
    • Hide

      The only way to test this is by doing some code changes to point to existing sites that have some certificate issues (reported to us via our support system)

      Please, check the restricted comment to see the list of sites and expected errors for when testing.

      1. As a site admin, open this page:
        • Master: admin/settings.php?section=optionalsubsystems
        • 311: admin/settings.php?section=mobilesettings
      2. Make sure "Enable web services for mobile devices" is ticked
      3. Once that page is opened, apply this code change:
        • File admin/tool/mobile/classes/api.php
        • Function get_potential_config_issues()
        • Before the if (is_https()) { check, add a new line changing the wwwroot:

          $CFG->wwwroot = "URL_SITE_TO_TEST";

          where URL_SITE_TO_TEST is each of the sites to be tetsted

      4. Reload the page indicated in point 1 and check that:
      5. Confirm that you see the expected error for the site right below the "Enable web services for mobile devices " section
        • Note: Ignore the following warnings if they're shown:
          • Display debug messages (debugdisplay) is enabled. It should be disabled.
          • Mobile notifications are not enabled. They should be enabled in Notification settings.
      Show
      The only way to test this is by doing some code changes to point to existing sites that have some certificate issues (reported to us via our support system) Please, check the restricted comment to see the list of sites and expected errors for when testing. As a site admin, open this page: Master: admin/settings.php?section=optionalsubsystems 311: admin/settings.php?section=mobilesettings Make sure " Enable web services for mobile devices " is ticked Once that page is opened, apply this code change: File admin/tool/mobile/classes/api.php Function get_potential_config_issues() Before the if (is_https()) { check, add a new line changing the wwwroot: $CFG->wwwroot = "URL_SITE_TO_TEST"; where URL_SITE_TO_TEST is each of the sites to be tetsted Reload the page indicated in point 1 and check that: Confirm that you see the expected error for the site right below the "Enable web services for mobile devices " section Note: Ignore the following warnings if they're shown: Display debug messages (debugdisplay) is enabled. It should be disabled. Mobile notifications are not enabled. They should be enabled in Notification settings.

    Description

      The certificate checking in the admin mobile settings report (admin/settings.php?section=mobilesettings) is not checking if the properties actually exist.
      As a result warnings like "It seems that the HTTPS certificate for the site has expired." are shown even with a valid certificate .

      A good sample is the start and end date:

      if (strtotime($cert['Start date']) > $timenow)
      if (strtotime($cert['Expire date']) < $timenow)

      If I change this code to

      if (strtotime($cert['Start Date']) > $timenow)
      if (strtotime($cert['Expire Date']) < $timenow)

      my warnings are gone.

      Every property should be checked using the property_exists function.

      Attachments

        1. MDL-61671_master_1.png
          MDL-61671_master_1.png
          161 kB
        2. MDL-61671_master_2.png
          MDL-61671_master_2.png
          143 kB
        3. MDL-61671_master_3.png
          MDL-61671_master_3.png
          158 kB
        4. MDL-61671_master_4.png
          MDL-61671_master_4.png
          160 kB
        5. MDL-61671_master_5.png
          MDL-61671_master_5.png
          157 kB
        6. MDL-61671_master_6.png
          MDL-61671_master_6.png
          166 kB
        7. MDL-61671_master_7.png
          MDL-61671_master_7.png
          166 kB

        Issue Links

          Activity

            People

              jleyva Juan Leyva
              rdebleu Renaat Debleu
              Dani Palou Dani Palou
              Jun Pataleta Jun Pataleta
              Angelia Dela Cruz Angelia Dela Cruz
              Andrew Lyons, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze, Stevani Andolo
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                17/Jan/22

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 5 hours, 10 minutes
                  5h 10m