Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-67053

Allow bypassing alternateloginurl config setting with a URL param

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Development in progress
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 3.6.6, 3.7, 3.8
    • Fix Version/s: None
    • Component/s: Authentication
    • Testing Instructions:
      Hide

      Setup

      1. Set an alternateloginurl in the config.php or in the database

      php admin/cli/cfg.php --name=alternateloginurl --set='https://google.com'

      Testing

      1. Try to access site/login/index.php.
      2. Confirm: Make sure that it redirects to alternateloginurl
      3. Add '?redirect=0' and try again i.e  site/login/index.php?redirect=0
      4. Confirm: Make sure that it doesn't redirect and loads the login page
      5. Submit credentials which will fail
      6. Confirm: you end up back at the login page again, not the alternate login page

       

      Show
      Setup Set an alternateloginurl in the config.php or in the database php admin/cli/cfg.php --name=alternateloginurl --set='https://google.com' Testing Try to access site/login/index.php. Confirm: Make sure that it redirects to alternateloginurl Add '?redirect=0' and try again i.e  site/login/index.php?redirect=0 Confirm: Make sure that it doesn't redirect and loads the login page Submit credentials which will fail Confirm: you end up back at the login page again, not the alternate login page  
    • Affected Branches:
      MOODLE_36_STABLE, MOODLE_37_STABLE, MOODLE_38_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-67053-master_allow_bypassing_alternateurl

      Description

      To authenticate in moodle, it is often useful to redirect and authenticate on a 3rd party page, following the authentication flow from "3rd party auth plugins" https://docs.moodle.org/dev/Authentication_plugins#Overview_of_Moodle_authentication_process

      Some auth plugins do this already. There is an automatic redirect, but you can insert a param in the URL to see the manual login form: https://github.com/catalyst/moodle-auth_saml2/blob/master/auth.php#L352

      At the moment, every auth plugin needs to reimplement this URL param logic for redirection. This is probably basic functionality that should always apply to redirects away from the login/index.php page, and for alternateloginurl as well.

       

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              gmrsagar Sagar Ghimire
              Reporter:
              kristianr Kristian Ringer
              Peer reviewer:
              Brendan Heywood
              Participants:
              Component watchers:
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated: