Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-69002

Backpack authenticate check called too regularly for admin

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide

      Requirements

      • Badgr US account.

      Setup [ONLY MASTER]

      1. Login as admin.
      2. Access to "Site administration / Badges / Manage backpacks".
      3. Click the "Add a new backpack" button and create a backpack with the following information:
      4. Save changes.

      Testing scenario 1: Verification is done only in the backpack testing settings page

      1. Login as admin.
      2. Access to "Site administration / Badges / Manage backpacks".
      3. Check no error "Could not connect to backpack" is displayed below the "List of backpacks" table.
      4. Check a "gear" icon is displayed in the "Actions" column for the "https://badgr.io" backpack. instead of the text "Edit settings".
      5. Check a "tick" icon is displayed in the "Actions" column for the "https://badgr.io" backpack.
      6. Check no "tick" icon is displayed in the "Actions" column for the other backpack (https://backpack.openbadges.org.badgr.io  for Moodle 3.7 and 3.8 and https://dc.imsglobal.org for master).
      7. Click the "Test settings" icon in the "Actions" column for the "https://badgr.io" backpack.
      8. Check an error is displayed with the "Could not connect to backpack" text
      9. Go to "Site administration / Badges / Backpack settings".
      10. Check no error "Could not connect to backpack" is displayed below the settings.

       

      Testing scenario 2: Validation is working when badge issuer credentials are correct

      1. Login as admin.
      2. Go to "Site administration / Badges / Badges settings".
      3. Fill in the "Badge issuer email address" field with the email address of the Badgr account.
      4. Access to "Site administration / Badges / Manage backpacks".
      5. Click the "Test settings" icon in the "Actions" column for the "https://badgr.io" backpack.
      6. Check an error is displayed with the following texts:
        • Could not connect to backpack.
        • Invalid credentials given.
      7. Click the "Manage backpacks" breadcrumb link.
      8. Click the "Edit settings" icon in the "Actions" column for the "https://badgr.io" backpack.
      9. Set the "Badge issuer password" to the proper one for the Badgr email account defined in #3.
      10. Save changes.
      11. Click the "Test settings" icon in the "Actions" column for the "https://badgr.io" backpack.
      12. Check the following string is displayed: "Backpack connection successfully established".

       

      Show
      Requirements Badgr US account. Setup [ONLY MASTER] Login as admin. Access to "Site administration / Badges / Manage backpacks". Click the "Add a new backpack" button and create a backpack with the following information: Backpack API URL: https://dc.imsglobal.org/obchost/ims/ob/v2p1 Backpack URL: https://dc.imsglobal.org API version supported: OBv2.1 oAuth 2 services: None Save changes. Testing scenario 1: Verification is done only in the backpack testing settings page Login as admin. Access to "Site administration / Badges / Manage backpacks". Check no error "Could not connect to backpack" is displayed below the "List of backpacks" table. Check a "gear" icon is displayed in the "Actions" column for the "https://badgr.io" backpack. instead of the text "Edit settings". Check a "tick" icon is displayed in the "Actions" column for the "https://badgr.io" backpack. Check no "tick" icon is displayed in the "Actions" column for the other backpack ( https://backpack.openbadges.org.badgr.io   for Moodle 3.7 and 3.8 and https://dc.imsglobal.org  for master). Click the "Test settings" icon in the "Actions" column for the "https://badgr.io" backpack. Check an error is displayed with the "Could not connect to backpack" text Go to "Site administration / Badges / Backpack settings". Check no error "Could not connect to backpack" is displayed below the settings.   Testing scenario 2: Validation is working when badge issuer credentials are correct Login as admin. Go to "Site administration / Badges / Badges settings". Fill in the "Badge issuer email address" field with the email address of the Badgr account. Access to "Site administration / Badges / Manage backpacks". Click the "Test settings" icon in the "Actions" column for the "https://badgr.io" backpack. Check an error is displayed with the following texts: Could not connect to backpack. Invalid credentials given. Click the "Manage backpacks" breadcrumb link. Click the "Edit settings" icon in the "Actions" column for the "https://badgr.io" backpack. Set the "Badge issuer password" to the proper one for the Badgr email account defined in #3. Save changes. Click the "Test settings" icon in the "Actions" column for the "https://badgr.io" backpack. Check  the following string is displayed: "Backpack connection successfully established".  
    • Affected Branches:
      MOODLE_37_STABLE, MOODLE_38_STABLE, MOODLE_39_STABLE
    • Fixed Branches:
      MOODLE_37_STABLE, MOODLE_38_STABLE
    • Pull from Repository:
    • Pull 3.8 Branch:
    • Pull Master Branch:
      MDL-69002-master
    • Sprint:
      Moppies Kanban

      Description

      Marina Glancy has reported a major performance regression with 39 over 38 for administrators.

      I've tracked it down to the Badges v2 API.

      When logged in as an administrator, or any user to manage badges, every inclusion of the admin/settings/badges.php file (i.e. when building the site admin tree) triggers a call to badges_verify_site_backpack() which attempts to authenticate against badgr.io.

      Ideally we should only do this periodically, and cache the result (success/fail).

      Not only are we killing our performance, we're also DOSing badgr.io.

      This is the current output:

      stdClass Object
      (
          [expires] => 3600
          [error_description] => Too many login attempts. Please wait and try again.
          [error] => login attempts throttled
      )
      

      In addition we're trying to authenticate without providing a username or password anyway so it will never succeed.
      The site backpack does not even allow me to enter any issuer credentials except for password.

      I think that we should not even be making this call at all at all.

        Attachments

        1. callgraph.png
          callgraph.png
          1.33 MB
        2. Screenshot_1.png
          Screenshot_1.png
          147 kB
        3. Screenshot_2.png
          Screenshot_2.png
          91 kB

          Issue Links

            Activity

              People

              Assignee:
              sarjona Sara Arjona (@sarjona)
              Reporter:
              dobedobedoh Andrew Nicols
              Peer reviewer:
              Carlos Escobedo
              Integrator:
              Andrew Nicols
              Tester:
              Janelle Barcega
              Participants:
              Component watchers:
              Yuliya Bozhko, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona), Matteo Scaramuccia, Andrew Nicols, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                13/Jul/20

                  Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 day, 4 hours, 10 minutes
                  1d 4h 10m