Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-62493

Policy plugin problem when Guests attempt Create Account

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 3.4.2
    • Fix Version/s: 3.5.1
    • Component/s: Privacy
    • Labels:
    • Testing Instructions:
      Hide

      Simple use-cases are covered by behat. Here is a tricky one that checks that redirection works and user is redirected back where he started from

      1. As admin: Enable tool_policy as $CFG->sitepolicyhandler
      2. Create some policies
      3. Enable self-authentication
      4. Create a course (without guest access) and a user (or use existing user who did not yet agree to policies)
      5. Log out and click on a course name
      6. You will be redirected to the login page
      7. Log in as a guest
      8. You will see a message that you can't enrol in a course
      9. Click "Continue" and then "Create new account"
      10. Make sure policies are displayed, do not agree to them
      11. Click on "Log in" in the top right corner
      12. Login as a user
      13. You will be displayed policies again
      14. Agree to them
      15. Make sure you are redirected to the course page
      16. Log out
      17. Again, click on the course name
      18. Login as the same user
      19. Make sure you are on the course page
      Show
      Simple use-cases are covered by behat. Here is a tricky one that checks that redirection works and user is redirected back where he started from As admin: Enable tool_policy as $CFG->sitepolicyhandler Create some policies Enable self-authentication Create a course (without guest access) and a user (or use existing user who did not yet agree to policies) Log out and click on a course name You will be redirected to the login page Log in as a guest You will see a message that you can't enrol in a course Click "Continue" and then "Create new account" Make sure policies are displayed, do not agree to them Click on "Log in" in the top right corner Login as a user You will be displayed policies again Agree to them Make sure you are redirected to the course page Log out Again, click on the course name Login as the same user Make sure you are on the course page
    • Affected Branches:
      MOODLE_34_STABLE
    • Fixed Branches:
      MOODLE_35_STABLE
    • Epic Link:
    • Pull 3.5 Branch:
      wip-MDL-62493-35
    • Pull Master Branch:
      wip-MDL-62493-master
    • Sprint:
      Privacy Sprint 1

      Description

      We are using the tool_policy plugin on our site where we have some Guest accessible courses and found a problem when a student using Guest Access tried to Create an Account.

      When students enter guest accessible course their status changes from "Not logged in" to "Logged in a Guest" and when they click a link to the Create Account (signup) page they get a message like like the one below. Unfortunately, even if they leave the browser this recurs when they return even if they go direct to Create account.

      The reason for this based on some testing I have done is that the MoodleSession cookie means they come back in with Guest status based on the persisting record in mdl_sessions (if they use a different browser and go in directly to Create Account ... then it works).

      I can understand why a Guest cannot agree the policies but since this is blocking their access to Create and Account this is a problem.

      We need to fix this as we are losing some new accounts that people wanted to create.  We are reluctant to turn-off the Policy plugin because it is exactly what we need for the GDPR deadline next week and we would have a security/compliance issue in that case.

      A fix or advice on where we might be able to patch this in short term would be very welcome - thanks.

        Attachments

        1. error.docx
          283 kB
        2. screenshot-1.png
          screenshot-1.png
          14 kB
        3. screenshot-2.png
          screenshot-2.png
          134 kB
        4. Screenshot 2018-05-17 21.59.43.png
          Screenshot 2018-05-17 21.59.43.png
          45 kB

          Issue Links

            Activity

              People

              • Votes:
                1 Vote for this issue
                Watchers:
                10 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  9/Jul/18

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 36 minutes
                  36m