[MDL-69095] QR with automatic login works only when https is enabled and we dont check this before setting the default value - Moodle Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 3.9, 3.10, 4.0
Fix Version/s: 3.9.2
Component/s: Other
Labels:
- ci
- triaged

Affected Branches:
MOODLE_310_STABLE, MOODLE_39_STABLE, MOODLE_400_STABLE
Fixed Branches:
MOODLE_39_STABLE
Pull from Repository:
git://github.com/jleyva/moodle.git
Pull 3.9 Branch:
~~MDL-69095~~-39
Pull 3.9 Diff URL:
https://github.com/jleyva/moodle/compare/d8b0be3eb3...MDL-69095-39
Pull Master Branch:
~~MDL-69095~~-master
Pull Master Diff URL:
https://github.com/jleyva/moodle/compare/94fdac9117...MDL-69095-master
Testing Instructions:
Hide

Test default value of "QR code access" in http installations

Do a new local installation from scratch (using the code with the patch) ensuring the site will be under HTTP (insecure)

Go to Site administration > Mobile app and check "Enable web services for mobile services" and then Save changes

Go to Site administration > Mobile app > Mobile authentication and check that:

The "QR code access" setting is set to "QR code with site URL"

In the "QR code access" settings you only see two possible options: 1: "Access via QR code disabled" and 2: "QR code with site URL"

Test Moodle app subscription

Do a new local installation from scratch (using the code with the patch) ensuring the site will be under HTTPS this time (can use ngrok https tunnel for that).

Go to Site administration > Mobile app and check "Enable web services for mobile services" and then Save changes

Go to Site administration > Mobile app > Mobile authentication, find the "QR code access" setting and check that:

Is set to "QR code with autologin"

To test this issue, you need to make a couple of minor code changes in the source code to force your Moodle site to use other site credentials for testing a free subscription

Open this file admin/tool/mobile/classes/api.php

In the get_subscription_information() function do the following changes:

After the global $CFG; line add this line: $CFG->airnotifieraccesskey = 'X'; where X is the Airnotifer access key for the "Free site" you will find in the protected comment bellow.

Replace the $CFG->wwwroot in this line: 'siteurl' => $CFG->wwwroot, with the Site URL value you for the "Free site" will find in the protected comment bellow

Go to Site administration > Mobile app > Moodle subscription and check that:

Under the QR Login Subscription feature you see this message with a red background: "This feature is configured on your site but it is not included in your Moodle app plan. Thus, the setting will have no effect."

Now, go to Site administration > Mobile app > Mobile authentication

Set the "QR code access" field to "QR code with site URL" Save changes

Go to Site administration > Mobile app > Moodle subscription and check that:

You don't see the red message anymore under the QR login section
Show
Test default value of "QR code access" in http installations Do a new local installation from scratch (using the code with the patch) ensuring the site will be under HTTP (insecure) Go to Site administration > Mobile app and check "Enable web services for mobile services" and then Save changes Go to Site administration > Mobile app > Mobile authentication and check that: The "QR code access" setting is set to "QR code with site URL" In the "QR code access" settings you only see two possible options: 1: "Access via QR code disabled" and 2: "QR code with site URL" Test Moodle app subscription Do a new local installation from scratch (using the code with the patch) ensuring the site will be under HTTPS this time (can use ngrok https tunnel for that). Go to Site administration > Mobile app and check "Enable web services for mobile services" and then Save changes Go to Site administration > Mobile app > Mobile authentication, find the "QR code access" setting and check that: Is set to "QR code with autologin" To test this issue, you need to make a couple of minor code changes in the source code to force your Moodle site to use other site credentials for testing a free subscription Open this file admin/tool/mobile/classes/api.php In the get_subscription_information() function do the following changes: After the global $CFG; line add this line: $CFG->airnotifieraccesskey = 'X'; where X is the Airnotifer access key for the "Free site" you will find in the protected comment bellow. Replace the $CFG->wwwroot in this line: 'siteurl' => $CFG->wwwroot, with the Site URL value you for the "Free site" will find in the protected comment bellow Go to Site administration > Mobile app > Moodle subscription and check that: Under the QR Login Subscription feature you see this message with a red background: "This feature is configured on your site but it is not included in your Moodle app plan. Thus, the setting will have no effect." Now, go to Site administration > Mobile app > Mobile authentication Set the "QR code access" field to "QR code with site URL" Save changes Go to Site administration > Mobile app > Moodle subscription and check that: You don't see the red message anymore under the QR login section

Description

The "QR code access" default value is set to "QR code with automatic login" that requires the site to use https, but we don't check if the site is really using https before setting the default value.

Apart from that, it does not clearly indicate that requires https to work so we may have admins confused with this.

And finally, we need to indicate that the setting requires a Pro/Premium subscription plan in both the help message and in the subscription page (if we detect he is trying to use the auto-login version).

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

MDL-69095_test2 scenario.jpg
110 kB
19/Aug/20 5:01 PM

Activity

People

Assignee:: Juan Leyva

Reporter:: Juan Leyva

Peer reviewer:: Dani Palou

Integrator:: Eloy Lafuente (stronk7)

Tester:: Pau Ferrer

Participants:: Andrew Lyons, Anna Carissa Sadia, CiBoT, Dani Palou, Eloy Lafuente (stronk7), Helen Foster, Juan Leyva, Pau Ferrer

Component watchers:: Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias, Sujith Haridasan

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 19/Jun/20 5:08 PM

Updated:: 22/Aug/20 3:12 AM

Resolved:: 22/Aug/20 3:12 AM

Fix Release Date:: 14/Sep/20

Time Tracking

Estimated:

Remaining:

Logged:

1d 2h 51m

Details

Test default value of "QR code access" in http installations

Test Moodle app subscription

Description

Attachments

Attachments

Activity

People

Dates

Time Tracking