[MDL-69095] QR with automatic login works only when https is enabled and we dont check this before setting the default value - Moodle Tracker

XML

Word

Printable

Details

Type: Bug
Status: Waiting for integration review
Priority: Minor
Resolution: Unresolved
Affects Version/s: 3.9
Fix Version/s: None
Component/s: Other
Labels:
- ci
- triaged

Testing Instructions:
Hide

Test default value of "QR code access" in http installations

Do a new local installation from scratch (using the code with the patch) ensuring the site will be under HTTP (insecure)

Go to Site administration > Mobile app and check "Enable web services for mobile services" and then Save changes

Go to Site administration > Mobile app > Mobile authentication and check that:

The "QR code access" setting is set to "QR code with site URL"

In the "QR code access" settings you only see two possible options: 1: "Access via QR code disabled" and 2: "QR code with site URL"

Test Moodle app subscription

Do a new local installation from scratch (using the code with the patch) ensuring the site will be under HTTPS this time

Go to Site administration > Mobile app and check "Enable web services for mobile services" and then Save changes

Go to Site administration > Mobile app > Mobile authentication, find the "QR code access" setting and check that:

Is set to "QR code with autologin"

To test this issue, you need to make a couple of minor code changes in the source code to force your Moodle site to use other site credentials for testing a free subscription

Open this file admin/tool/mobile/classes/api.php

In the get_subscription_information() function do the following changes:

After the global $CFG; line add this line: $CFG->airnotifieraccesskey = 'X'; where X is the Airnotifer access key for the "Free site" you will find in the protected comment bellow.

Replace the $CFG->wwwroot in this line: 'siteurl' => $CFG->wwwroot, with the Site URL value you for the "Free site" will find in the protected comment bellow

Go to Site administration > Mobile app > Moodle subscription and check that:

Under the QR Login Subscription feature you see this message with a red background: "This feature is configured on your site but it is not included in your Moodle app plan. Thus, the setting will have no effect."

Now, go to Site administration > Mobile app > Mobile authentication

Set the "QR code access" field to "QR code with site URL" Save changes

Go to Site administration > Mobile app > Moodle subscription and check that:

You don't see the red message anymore under the QR login section
Show
Test default value of "QR code access" in http installations Do a new local installation from scratch (using the code with the patch) ensuring the site will be under HTTP (insecure) Go to Site administration > Mobile app and check "Enable web services for mobile services" and then Save changes Go to Site administration > Mobile app > Mobile authentication and check that: The "QR code access" setting is set to "QR code with site URL" In the "QR code access" settings you only see two possible options: 1: "Access via QR code disabled" and 2: "QR code with site URL" Test Moodle app subscription Do a new local installation from scratch (using the code with the patch) ensuring the site will be under HTTPS this time Go to Site administration > Mobile app and check "Enable web services for mobile services" and then Save changes Go to Site administration > Mobile app > Mobile authentication, find the "QR code access" setting and check that: Is set to "QR code with autologin" To test this issue, you need to make a couple of minor code changes in the source code to force your Moodle site to use other site credentials for testing a free subscription Open this file admin/tool/mobile/classes/api.php In the get_subscription_information() function do the following changes: After the global $CFG; line add this line: $CFG->airnotifieraccesskey = 'X'; where X is the Airnotifer access key for the "Free site" you will find in the protected comment bellow. Replace the $CFG->wwwroot in this line: 'siteurl' => $CFG->wwwroot, with the Site URL value you for the "Free site" will find in the protected comment bellow Go to Site administration > Mobile app > Moodle subscription and check that: Under the QR Login Subscription feature you see this message with a red background: "This feature is configured on your site but it is not included in your Moodle app plan. Thus, the setting will have no effect." Now, go to Site administration > Mobile app > Mobile authentication Set the "QR code access" field to "QR code with site URL" Save changes Go to Site administration > Mobile app > Moodle subscription and check that: You don't see the red message anymore under the QR login section
Affected Branches:
MOODLE_39_STABLE
Pull from Repository:
git://github.com/jleyva/moodle.git
Pull 3.9 Branch:
MDL-69095-39
Pull 3.9 Diff URL:
https://github.com/jleyva/moodle/compare/d8b0be3eb3...MDL-69095-39
Pull Master Branch:
MDL-69095-master
Pull Master Diff URL:
https://github.com/jleyva/moodle/compare/94fdac9117...MDL-69095-master

Description

The "QR code access" default value is set to "QR code with automatic login" that requires the site to use https, but we don't check if the site is really using https before setting the default value.

Apart from that, it does not clearly indicate that requires https to work so we may have admins confused with this.

And finally, we need to indicate that the setting requires a Pro/Premium subscription plan in both the help message and in the subscription page (if we detect he is trying to use the auto-login version).

Attachments

Activity

People

Assignee:: Juan Leyva

Reporter:: Juan Leyva

Peer reviewer:: Dani Palou

Participants:: Andrew Nicols, CiBoT, Dani Palou, Helen Foster, Juan Leyva

Component watchers:: Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 19/Jun/20 5:08 PM

Updated:: 2 days ago 8:41 AM

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

3h 46m