Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-71801

Upgrade from 3.8 obscures LTI 1.3 public key

    XMLWordPrintable

Details

    • MOODLE_310_STABLE, MOODLE_311_STABLE, MOODLE_39_STABLE
    • MOODLE_311_STABLE
    • MDL-71801-311
    • MDL-71801-master
    • Hide

      After upgrading the site, if an admin is editing a tool definition, they can select "RSA Key" from the "Public key type" select and they will be shown the original key. The tool can be safely saved at this time.

      Show
      After upgrading the site, if an admin is editing a tool definition, they can select "RSA Key" from the "Public key type" select and they will be shown the original key. The tool can be safely saved at this time.
    • Hide
      1. Clone integration repo and install Moodle 3.8 (git checkout 49648fdf30aae0 and then run the installation or if using MDK ""mdk create -t -v 38 -i -r users")
      2. As an admin, go to Site admin > plugins > external tool > manage tools
      3. Click the link "Configure a tool manually"
      4. Set the following:
        • Tool name = "Test tool 1"
        • Tool URL = "https://google.com"
        • LTI Version = "LTI 1.3"
        • Public key = "CAT"
      5. Save
      6. Again click the link "Configure a tool manually"
      7. Set the following:
        • Tool name = "Test tool 2"
        • Tool URL = "https://google.com"
        • LTI Version = "LTI 1.3"
        • Public key = "DOG"
      8. Save
      9. Now, checkout a version of 310/311/master WITHOUT this patch (simulating a site that has upgraded in the past but has not yet been patched)
        Depending on version run either:
        311:

        git checkout 2d82188d899
        

        master:

        git checkout 30b8ad51f4
        

      10. Now, upgrade the site
      11. Login as admin and go to the manage tools page again
      12. Edit "Test tool 2"
      13. You will see "Public key type" set to "Keyset URL" and "Public keyset" will be empty. This is expected.
      14. Don't change anything - just save the form.
      15. Leave "Test tool 1" alone
      16. Now, upgrade to the latest version, which includes the patch:
        Depending on version run either:
        311:

        git checkout MOODLE_311_STABLE
        

        master:

        git checkout master
        

      17. Now, upgrade the site again
      18. Login as admin and go to the manage tools page again
      19. Edit "Test tool 2"
      20. Verify that:
        • "Public key type" is set to "Keyset URL"
        • "Public keyset" is empty
      21. Change "Public key type" to "RSA key"
      22. Verify you see "DOG" in the "Public key" field
      23. Go back to manage tools
      24. Edit "Test tool 1"
      25. Verify that:
        • "Public key type" is set to "RSA Key"
        • "Public key" is set to "CAT"
      Show
      Clone integration repo and install Moodle 3.8 (git checkout 49648fdf30aae0 and then run the installation or if using MDK "" mdk create -t -v 38 -i -r users ") As an admin, go to Site admin > plugins > external tool > manage tools Click the link "Configure a tool manually" Set the following: Tool name = "Test tool 1" Tool URL = "https://google.com" LTI Version = "LTI 1.3" Public key = "CAT" Save Again click the link "Configure a tool manually" Set the following: Tool name = "Test tool 2" Tool URL = "https://google.com" LTI Version = "LTI 1.3" Public key = "DOG" Save Now, checkout a version of 310/311/master WITHOUT this patch (simulating a site that has upgraded in the past but has not yet been patched) Depending on version run either: 311: git checkout 2d82188d899 master: git checkout 30b8ad51f4 Now, upgrade the site Login as admin and go to the manage tools page again Edit "Test tool 2" You will see "Public key type" set to "Keyset URL" and "Public keyset" will be empty. This is expected. Don't change anything - just save the form. Leave "Test tool 1" alone Now, upgrade to the latest version, which includes the patch: Depending on version run either: 311: git checkout MOODLE_311_STABLE master: git checkout master Now, upgrade the site again Login as admin and go to the manage tools page again Edit "Test tool 2" Verify that: "Public key type" is set to "Keyset URL" "Public keyset" is empty Change "Public key type" to "RSA key" Verify you see "DOG" in the "Public key" field Go back to manage tools Edit "Test tool 1" Verify that: "Public key type" is set to "RSA Key" "Public key" is set to "CAT"

    Description

      Upgrading from Moodle 3.8 to a version of Moodle that supports a keyset URL (3.9 onwards) obscures a working key that was previously entered.  To replicate:

      1. In Moodle <=3.8, build an LTI 1.3 integration using a public key.
      2. Upgrade to Moodle 3.9 or 3.10
      3. Edit the tool configuration
        Expected: You can see the previously set Public Key
        Actual: "Public key type" is set to "Keyset URL" and you cannot see the key you had previously set.

      Workaround:
      The original key is not deleted. It's just that the form doesn't have a value for "Public key type" set, so it doesn't show the correct element. To restore the RSA key, after upgrading the site:

      1. Edit the tool
      2. Select "RSA Key" from the "Public key type" select
      3. You will see the original key value now.
      4. Save.

      Attachments

        Issue Links

          Activity

            People

              jaked Jake Dallimore
              sadie_vt Sadie Anderson
              Mathew May Mathew May
              Jun Pataleta Jun Pataleta
              Gladys Basiana Gladys Basiana
              Ilya Tregubov, Kevin Percy, Mathew May, Mihail Geshoski, Shamim Rezaie
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                9/May/22

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 5 hours, 10 minutes
                  5h 10m