Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-69002

Backpack authenticate check called too regularly for admin

XMLWordPrintable

    • MOODLE_37_STABLE, MOODLE_38_STABLE, MOODLE_39_STABLE
    • MOODLE_37_STABLE, MOODLE_38_STABLE
    • MDL-69002-master
    • Hide

      Requirements

      • Badgr US account.

      Setup [ONLY MASTER]

      1. Login as admin.
      2. Access to "Site administration / Badges / Manage backpacks".
      3. Click the "Add a new backpack" button and create a backpack with the following information:
      4. Save changes.

      Testing scenario 1: Verification is done only in the backpack testing settings page

      1. Login as admin.
      2. Access to "Site administration / Badges / Manage backpacks".
      3. Check no error "Could not connect to backpack" is displayed below the "List of backpacks" table.
      4. Check a "gear" icon is displayed in the "Actions" column for the "https://badgr.io" backpack. instead of the text "Edit settings".
      5. Check a "tick" icon is displayed in the "Actions" column for the "https://badgr.io" backpack.
      6. Check no "tick" icon is displayed in the "Actions" column for the other backpack (https://backpack.openbadges.org.badgr.io  for Moodle 3.7 and 3.8 and https://dc.imsglobal.org for master).
      7. Click the "Test settings" icon in the "Actions" column for the "https://badgr.io" backpack.
      8. Check an error is displayed with the "Could not connect to backpack" text
      9. Go to "Site administration / Badges / Backpack settings".
      10. Check no error "Could not connect to backpack" is displayed below the settings.

       

      Testing scenario 2: Validation is working when badge issuer credentials are correct

      1. Login as admin.
      2. Go to "Site administration / Badges / Badges settings".
      3. Fill in the "Badge issuer email address" field with the email address of the Badgr account.
      4. Access to "Site administration / Badges / Manage backpacks".
      5. Click the "Test settings" icon in the "Actions" column for the "https://badgr.io" backpack.
      6. Check an error is displayed with the following texts:
        • Could not connect to backpack.
        • Invalid credentials given.
      7. Click the "Manage backpacks" breadcrumb link.
      8. Click the "Edit settings" icon in the "Actions" column for the "https://badgr.io" backpack.
      9. Set the "Badge issuer password" to the proper one for the Badgr email account defined in #3.
      10. Save changes.
      11. Click the "Test settings" icon in the "Actions" column for the "https://badgr.io" backpack.
      12. Check the following string is displayed: "Backpack connection successfully established".

       

      Show
      Requirements Badgr US account. Setup [ONLY MASTER] Login as admin. Access to "Site administration / Badges / Manage backpacks". Click the "Add a new backpack" button and create a backpack with the following information: Backpack API URL: https://dc.imsglobal.org/obchost/ims/ob/v2p1 Backpack URL: https://dc.imsglobal.org API version supported: OBv2.1 oAuth 2 services: None Save changes. Testing scenario 1: Verification is done only in the backpack testing settings page Login as admin. Access to "Site administration / Badges / Manage backpacks". Check no error "Could not connect to backpack" is displayed below the "List of backpacks" table. Check a "gear" icon is displayed in the "Actions" column for the "https://badgr.io" backpack. instead of the text "Edit settings". Check a "tick" icon is displayed in the "Actions" column for the "https://badgr.io" backpack. Check no "tick" icon is displayed in the "Actions" column for the other backpack ( https://backpack.openbadges.org.badgr.io   for Moodle 3.7 and 3.8 and https://dc.imsglobal.org  for master). Click the "Test settings" icon in the "Actions" column for the "https://badgr.io" backpack. Check an error is displayed with the "Could not connect to backpack" text Go to "Site administration / Badges / Backpack settings". Check no error "Could not connect to backpack" is displayed below the settings.   Testing scenario 2: Validation is working when badge issuer credentials are correct Login as admin. Go to "Site administration / Badges / Badges settings". Fill in the "Badge issuer email address" field with the email address of the Badgr account. Access to "Site administration / Badges / Manage backpacks". Click the "Test settings" icon in the "Actions" column for the "https://badgr.io" backpack. Check an error is displayed with the following texts: Could not connect to backpack. Invalid credentials given. Click the "Manage backpacks" breadcrumb link. Click the "Edit settings" icon in the "Actions" column for the "https://badgr.io" backpack. Set the "Badge issuer password" to the proper one for the Badgr email account defined in #3. Save changes. Click the "Test settings" icon in the "Actions" column for the "https://badgr.io" backpack. Check  the following string is displayed: "Backpack connection successfully established".  
    • Moppies Kanban

      marina has reported a major performance regression with 39 over 38 for administrators.

      I've tracked it down to the Badges v2 API.

      When logged in as an administrator, or any user to manage badges, every inclusion of the admin/settings/badges.php file (i.e. when building the site admin tree) triggers a call to badges_verify_site_backpack() which attempts to authenticate against badgr.io.

      Ideally we should only do this periodically, and cache the result (success/fail).

      Not only are we killing our performance, we're also DOSing badgr.io.

      This is the current output:

      stdClass Object
      (
          [expires] => 3600
          [error_description] => Too many login attempts. Please wait and try again.
          [error] => login attempts throttled
      )
      

      In addition we're trying to authenticate without providing a username or password anyway so it will never succeed.
      The site backpack does not even allow me to enter any issuer credentials except for password.

      I think that we should not even be making this call at all at all.

        1. Screenshot_2.png
          Screenshot_2.png
          91 kB
        2. Screenshot_1.png
          Screenshot_1.png
          147 kB
        3. callgraph.png
          callgraph.png
          1.33 MB

            sarjona Sara Arjona (@sarjona)
            dobedobedoh Andrew Lyons
            Carlos Escobedo Carlos Escobedo
            Andrew Lyons Andrew Lyons
            Janelle Barcega Janelle Barcega
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - 0 minutes
                0m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 day, 4 hours, 10 minutes
                1d 4h 10m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.