Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-63677

Random redirection during policy agreement and signup

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide

      Setup

      1. Log in as Admin.
      2. Access to 'Site administration > Privacy Settings' and enable 'Digital age of consent verification'.
      3. Set 'Self registration' = 'Email-based self-registration' from 'Site administration > Plugins > Authentication > Manage authentication'.
      4. Access to 'Site administration > Privacy and policies > Policy settings' and set 'Policies (tool_policy)' as 'Site policy hander'.
      5. Create 2 policies and set them as active.
      6. Logout as Admin.

      Testing scenario

      1. In the 'Home' page, follow the 'Log in' link.
      2. Click on 'Create new account' button.
      3. The 'Age and location verification' page should be displayed. Fill out the form and make sure you the user is not a digital minor:
        • 'What is your age?' = 30
        • 'In which country do you live?' = Austria
        • Click 'Proceed'
      4. Read the first policy and click the next button.
      5. Read the second policy and click the next button.
      6. Stay in the consent page without accepting them.
      7. In a different browser
        1. In the 'Home' page, follow the 'Log in' link.
        2. Click on 'Create new account' button.
        3. The 'Age and location verification' page should be displayed. Fill out the form and make sure you the user is not a digital minor:
          • 'What is your age?' = 30
          • 'In which country do you live?' = Austria
          • Click 'Proceed'
        4. Read the first policy and click the next button.
        5. Read the second policy and click the next button.
        6. Accept the policies and click the next button.
        7. The signup page should be displayed; fill out the form and press "Create my new account".
        8. After account creation, go back to 'Home' page
        9. Follow the 'Log in' link.
        10. In the Login page, click on 'Create new account'.
          • CHECK you're redirected to the 'Age and location verification' page.
        11. Come back to the previous browser.
        12. Accept the policies and click the next button.
          • CHECK you're redirected to the signup page. 
      8. Switch back to the first browser.
      9. Accept the policies and click the next button.
      10. CHECK you're redirected to the signup page.
      Show
      Setup Log in as Admin. Access to 'Site administration > Privacy Settings' and enable 'Digital age of consent verification'. Set 'Self registration' = 'Email-based self-registration' from 'Site administration > Plugins > Authentication > Manage authentication'. Access to 'Site administration > Privacy and policies > Policy settings' and set 'Policies (tool_policy)' as 'Site policy hander'. Create 2 policies and set them as active. Logout as Admin. Testing scenario In the 'Home' page, follow the 'Log in' link. Click on 'Create new account' button. The 'Age and location verification' page should be displayed. Fill out the form and make sure you the user is not a digital minor: 'What is your age?' = 30 'In which country do you live?' = Austria Click 'Proceed' Read the first policy and click the next button. Read the second policy and click the next button. Stay in the consent page without accepting them. In a different browser In the 'Home' page, follow the 'Log in' link. Click on 'Create new account' button. The 'Age and location verification' page should be displayed. Fill out the form and make sure you the user is not a digital minor: 'What is your age?' = 30 'In which country do you live?' = Austria Click 'Proceed' Read the first policy and click the next button. Read the second policy and click the next button. Accept the policies and click the next button. The signup page should be displayed; fill out the form and press "Create my new account". After account creation, go back to 'Home' page Follow the 'Log in' link. In the Login page, click on 'Create new account'. CHECK you're redirected to the 'Age and location verification' page. Come back to the previous browser. Accept the policies and click the next button. CHECK you're redirected to the signup page.  Switch back to the first browser. Accept the policies and click the next button. CHECK you're redirected to the signup page.
    • Affected Branches:
      MOODLE_35_STABLE, MOODLE_36_STABLE, MOODLE_37_STABLE
    • Fixed Branches:
      MOODLE_35_STABLE, MOODLE_36_STABLE
    • Pull from Repository:
    • Pull 3.5 Branch:
    • Pull 3.6 Branch:
    • Pull Master Branch:
      MDL-63677-master

      Description

      We were finding that when multiple users were attempting to create an account with the new tool_policy plugin enabled, they would be bounced, seemingly at random, back to the front page or initial policy page and often unable to create a new account.

      You can test this by having two users try to create accounts via email authentication with policies enabled. User 1 goes through the policy agreement process, consents, and waits on the signup page. User 2 then goes through to the consent page (the page with the checkboxes to consent to all the policies). User 1 then submits their signup page. When User 2 clicks next, they will be taken back to the front page instead of the signup page.

      It looks like the presignup cache is being being cleared on the 'createduser' event - any user. This removes the policy viewed/accepted states for EVERY session, causing the redirection.

      I have a PR at https://github.com/saylordotorg/moodle/pull/1 that appears to fix the issue - multiple users are able to sign up and the full policy flow is restored if a user creates an account (ignores the confirmation email and doesn't log in) and tries to create a new account again during the same session.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                2 Vote for this issue
                Watchers:
                10 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  11/Mar/19

                  Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 hour
                  1h