Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-65459

Logging: Missed two points relying on non-JSON log format

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.7
    • Fix Version/s: 3.7
    • Component/s: Logging
    • Labels:
    • Testing Instructions:
      Hide

      You must have a server where email works. Or use mailcatcher solution.

      1. In admin, turn on the 'notifyloginfailures' option, setting it to send email to yourself.
      2. Using another browser, or after logging out, attempt to log in 10 times in a row using an incorrect username (one that does not match a Moodle user, for example 'frogfrog')
      3. Wait for the 'Send failed login notifications' scheduled task to run, or run it from the web (@ admin/tool/task/scheduledtasks.php) or cli (with php admin/tool/task/cli/schedule_task.php --execute='\core\task\send_failed_login_notifications_task') - if you run it, be aware it has an annoying limit so it won't check more than once per hour.
        • It should show a message like 'Emailing admins about 12 failed login attempts'.
        • The email should correctly list the fake username you used for each request, like this: 'Wednesday, 1 May 2019, 12:08 PM, IP: x.x.x.x, User: frogfrog, User full name: Unknown user'

      If this fix failed, there might be a fatal error running the task, or it would not include the username.

      Show
      You must have a server where email works. Or use mailcatcher solution. In admin, turn on the 'notifyloginfailures' option, setting it to send email to yourself. Using another browser, or after logging out, attempt to log in 10 times in a row using an incorrect username (one that does not match a Moodle user, for example 'frogfrog') Wait for the 'Send failed login notifications' scheduled task to run, or run it from the web (@ admin/tool/task/scheduledtasks.php) or cli (with php admin/tool/task/cli/schedule_task.php --execute='\core\task\send_failed_login_notifications_task' ) - if you run it, be aware it has an annoying limit so it won't check more than once per hour. It should show a message like 'Emailing admins about 12 failed login attempts'. The email should correctly list the fake username you used for each request, like this: 'Wednesday, 1 May 2019, 12:08 PM, IP: x.x.x.x, User: frogfrog, User full name: Unknown user' If this fix failed, there might be a fatal error running the task, or it would not include the username.
    • Affected Branches:
      MOODLE_37_STABLE
    • Fixed Branches:
      MOODLE_37_STABLE
    • Pull Master Branch:
      MDL-65459-master

      Description

      I happened to do a different type of code search (searched for regex 'unser.*->other') and found two places which were still relying on the log 'other' field being PHP-serialised. These are:

      1. Somewhere in privacy helper (I am not sure what this one does!)
      2. When sending out email about failed logins

      Note: I didn't work out a way to test the privacy helper one, it seems only to occur in an unexpected case. I wrote a test script for the other one though, and the fix is straightforward and identical both places...

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  20/May/19

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 35 minutes
                  35m