Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-66582

"auth_logo" in auth_cas and auth_shibboleth throw an invalidresponse exception when calling "tool_mobile_get_public_config"

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.7.1, 3.7.2
    • Fix Version/s: 3.6.7, 3.7.3
    • Component/s: Authentication
    • Labels:
    • Testing Instructions:
      Hide
      Prerequisites
      1. CAS setup (3.7 and master only)
        1. Run the CAS docker image:

          docker run --rm --name cas -p 8443:8443 -dt moodlehq/moodle-docker-cas:v5.2.2-0

        2. Log in as admin
        3. Go to Site administration -> Plugins -> Manage authentication
        4. Enable "CAS Server (SSO)"
        5. Click on the "Settings" link for the CAS authentication.
        6. Enter the following settings:
          • Hostname: localhost
          • Port: 8443
          • Base URI: cas/
          • Multi Auth: Yes
        7. Save the changes
      2. Dummy Shibboleth setup
        1. Go back to the "Manage authentication" admin page.
        2. Enable the "Shibboleth" authentication plugin.
        3. Click on the "Settings" link for the Shibboleth authentication.
        4. Enter any dummy value into the "Username" field.
        5. Save the changes.
      3. Error log monitoring. On a terminal, execute the tail command to monitor the Apache error log. E.g. "tail -f /var/log/apache2/error.log"
      No logos
      1. Open another terminal window and execute this curl request, replacing the site url with yours.

        curl '[YOUR_MOODLE_URL]/lib/ajax/service.php' --data-binary '[{"index":0,"methodname":"tool_mobile_get_public_config","args":{}}]' | python -m "json.tool"
        

      2. Confirm that:
        • In the CURL response you see an "identityproviders" array containing information about the CAS (3.7 and master only) and Shibboleth authentication identity providers with the following fields and values set:
            Shibboleth CAS
          iconurl empty empty
          name Shibboleth Login CAS
          URL [YOUR_MOODLE_URL]/auth/shibboleth/index.php [YOUR_MOODLE_URL]/login/index.php?authCAS=CAS"
      3. Open a different browser session and go to the login page.
      4. Confirm that Shibboleth and CAS (3.7 and master only) login buttons are shown on the login page.
      5. Confirm that login buttons are rendered without any logos, especially any broken pictures.
      6. Check your error log.
      7. Confirm that you don't see a "filenotfound" error log entry.
      With logos
      1. Back on the admin's browser window, edit the settings for the Shibboleth authentication.
      2. Upload an image for the "Authentication method logo" field.
      3. Save the changes.
      4. Do the same for the "CAS server (SSO)" authentication method and save the changes
      5. Run the curl request again on the terminal.
      6. Confirm that:
        • In the CURL response you see an "identityproviders" array containing information about the CAS (3.7 and master only) and Shibboleth authentication identity providers with the following fields and values set:
            Shibboleth CAS
          iconurl The URL to the authentication method logo The URL to the authentication method logo
          name Shibboleth Login CAS
          URL [YOUR_MOODLE_URL]/auth/shibboleth/index.php [YOUR_MOODLE_URL]/login/index.php?authCAS=CAS"
      7. Open a different browser session and go to the login page.
      8. Confirm that Shibboleth and CAS (3.7 and master only) login buttons are shown on the login page.
      9. Confirm that login buttons are rendered with the correct logos.
      10. Check your error log.
      11. Confirm that you don't see a "filenotfound" error log entry.
      Show
      Prerequisites CAS setup (3.7 and master only) Run the CAS docker image: docker run --rm --name cas -p 8443:8443 -dt moodlehq/moodle-docker-cas:v5.2.2-0 Log in as admin Go to Site administration -> Plugins -> Manage authentication Enable "CAS Server (SSO)" Click on the " Settings " link for the CAS authentication. Enter the following settings: Hostname: localhost Port: 8443 Base URI: cas/ Multi Auth: Yes Save the changes Dummy Shibboleth setup Go back to the " Manage authentication " admin page. Enable the " Shibboleth " authentication plugin. Click on the " Settings " link for the Shibboleth authentication. Enter any dummy value into the " Username " field. Save the changes. Error log monitoring. On a terminal, execute the tail command to monitor the Apache error log. E.g. " tail -f /var/log/apache2/error.log " No logos Open another terminal window and execute this curl request, replacing the site url with yours. curl '[YOUR_MOODLE_URL]/lib/ajax/service.php' --data-binary '[{"index":0,"methodname":"tool_mobile_get_public_config","args":{}}]' | python -m "json.tool" Confirm that: In the CURL response you see an " identityproviders " array containing information about the CAS (3.7 and master only) and Shibboleth authentication identity providers with the following fields and values set:   Shibboleth CAS iconurl empty empty name Shibboleth Login CAS URL [YOUR_MOODLE_URL] /auth/shibboleth/index.php [YOUR_MOODLE_URL] /login/index.php?authCAS=CAS" Open a different browser session and go to the login page. Confirm that Shibboleth and CAS (3.7 and master only) login buttons are shown on the login page. Confirm that login buttons are rendered without any logos, especially any broken pictures. Check your error log. Confirm that you don't see a " filenotfound " error log entry. With logos Back on the admin's browser window, edit the settings for the Shibboleth authentication. Upload an image for the " Authentication method logo " field. Save the changes. Do the same for the " CAS server (SSO) " authentication method and save the changes Run the curl request again on the terminal. Confirm that: In the CURL response you see an " identityproviders " array containing information about the CAS (3.7 and master only) and Shibboleth authentication identity providers with the following fields and values set:   Shibboleth CAS iconurl The URL to the authentication method logo The URL to the authentication method logo name Shibboleth Login CAS URL [YOUR_MOODLE_URL] /auth/shibboleth/index.php [YOUR_MOODLE_URL] /login/index.php?authCAS=CAS" Open a different browser session and go to the login page. Confirm that Shibboleth and CAS (3.7 and master only) login buttons are shown on the login page. Confirm that login buttons are rendered with the correct logos. Check your error log. Confirm that you don't see a " filenotfound " error log entry.
    • Affected Branches:
      MOODLE_37_STABLE
    • Fixed Branches:
      MOODLE_36_STABLE, MOODLE_37_STABLE
    • Pull from Repository:
    • Pull 3.7 Branch:
    • Pull Master Branch:
      MDL-66582-master

      Description

      This minor bug did break the login process of our Android and Windows Store mobile apps (not tested on iOS).

      When not using the auth_logo in CAS or Shibboleth authentication plugins, the standard /login/index.php page displays a broken icon on Firefox (see the attached "auth_logo_noimg_ff.png").

      On the other hand, when using an auth_logo in the CAS or Shibboleth plugin, the "tool_mobile_get_public_config" in /lib/ajax/service.php do throw an "invalidresponse" exception. Effectively preventing any user to connect to our server through the Android or Windows Store app.

      A small curl script demonstrates this situation :

      curl -s -H "Accept: application/json" -X POST --data-raw '[{"index":0,"methodname":"tool_mobile_get_public_config","args":[]}]' "http://my.moodle.com/lib/ajax/service.php?info=tool_mobile_get_public_config"
      

      Expected (truncated) output :

      [
        {
          "error": false,
          "data": {
            "wwwroot": "http://my.moodle.com",
            "httpswwwroot": "http://my.moodle.com",
            "identityproviders": [
              {
                "name": "CAS",
                "iconurl": "http://my.moodle.com/pluginfile.php/1/auth_cas/logo/",
                "url": "http://my.moodle.com/login/index.php?authCAS=CAS"
              }
            ]
          }
        }
      ]
      

      Got the following error :

      [
        {
          "error": true,
          "exception": {
            "message": "Invalid response value detected",
            "errorcode": "invalidresponse",
            "backtrace": "* line 442 of /lib/externallib.php: invalid_response_exception thrown\n* line 250 of /lib/externallib.php: call to external_api::clean_returnvalue()\n* line 59 of /lib/ajax/service.php: call to external_api::call_external_function()\n",
            "link": "http://my.moodle.com/",
            "moreinfourl": "https://docs.moodle.org/37/fr/error/debug/invalidresponse",
            "debuginfo": "identityproviders => Invalid response value detected: iconurl => Invalid response value detected: Invalid external api response: the value is \"http://my.moodle.com/pluginfile.php/1/auth_cas/logo//moodle_d.png\" of PHP type \"string\", the server was expecting \"url\" type\nError code: invalidresponse"
          }
        }
      ]
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              jleyva Juan Leyva
              Reporter:
              jdobbelstein Johan Dobbelstein
              Peer reviewer:
              Pau Ferrer
              Integrator:
              Jun Pataleta
              Tester:
              Gladys Basiana
              Participants:
              Component watchers:
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias
              Votes:
              12 Vote for this issue
              Watchers:
              14 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                11/Nov/19

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 4 hours, 30 minutes
                  4h 30m