Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-61716

Filtering names of additional claims on alphanumext when using OAuth2 authentication

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide
      • create an OAuth2 service instance
      • go to user field mappings and create a new mapping for this service
      • for external field name use URLs, OIDs or UUIDs as values
      • save this mapping
      • make sure, that the entered value stays the same after save and no special characters like "./:_-" etc are stripped
      • try to insert some html in the external field name
      • make sure that error is raised, that no html can be inserted into this field
      Show
      create an OAuth2 service instance go to user field mappings and create a new mapping for this service for external field name use URLs, OIDs or UUIDs as values save this mapping make sure, that the entered value stays the same after save and no special characters like "./:_-" etc are stripped try to insert some html in the external field name make sure that error is raised, that no html can be inserted into this field
    • Affected Branches:
      MOODLE_33_STABLE, MOODLE_34_STABLE, MOODLE_35_STABLE
    • Fixed Branches:
      MOODLE_33_STABLE, MOODLE_34_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-61716-master

      Description

      When Moodle requests additional scopes in oauth2 authentication, userinfo field names from these non standard scopes can have a variety of different formats to ensure uniqueness. ie:

      {"sub": "blah@gmail.com", ...
      "http://example.com/unique_id": "unique_id_at_example.com"}
      

      When trying to map second field to moodle internal field, this is stripped based on an alphanumext regex in admin/tool/oauth2/userfieldmappings.php

      The field ends up as 

      httpexamplecomunique_id

      and should be

      http://example.com/unique_id

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Fix Release Date:
                17/May/18

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 2 hours
                2h