Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-72288

Update library and model code to support issuer+clientid uniqueness on registrations

XMLWordPrintable

    • MOODLE_400_STABLE
    • MDL-72288-master
    • Hide

      Testing prerequisites

      1. You need two Moodle sites (localhost is fine) - one called 'platform' and one called 'tool'
      2. In the tool site admin settings:
        • Enable enrol_lti and auth_lti plugins
        • Enable "Allow frame embedding"
      3. In BOTH sites:
        • Go to "Administration > Security > HTTP security" and clear all values from the 'curlsecurityblockedhosts' admin setting and save (to permit localhost-to-localhost calls)

      Testing {issuer, client_id} uniqueness during platform registration

      1. Now, in the tool site, go to "Admin > Plugins > Enrolment plugins > Publish as LTI tool > Tool registration
      2. Generate a new dynamic registation URL by clicking the button
      3. Copy the URL using the copy to clipboard feature
      4. Now, in the platform site, login as admin
      5. Go to "Admin > Plugins > Activities > External tool > Manage tools"
      6. Paste the dynamic registration URL you copied into the text field and click "Add LTI Advantage"
      7. When the page reloads and you see the tool, go back into the tool site tab
      8. Reload the page
      9. Under "Registered Platforms" below, Verify the following:
        • You see a single platform registration entry
        • You see a single deployment for that registration
      10. Now, generate another registration URL above and copy it.
      11. Go back to the platform site tab
      12. In manage tools, enter the URL you just copied into the field and again click "Add LTI Advantage"
      13. You'll be presented with upgrade options, but just select "Register as a new external tool"
      14. When the page reloads and you see the tool, go back into the tool site tab
      15. Reload the page
      16. Under "Registered Platforms" below, Verify the following:
        • You see 2 platform registration entries
        • You see a single deployment for both registrations
        • The details column for the 2 entries has the same issuer, but different client_id values.
      17. Copy the values of client_id and issuer for one of the entries and store them somewhere (doesn't matter which one)
      18. Click "Register a platform"
      19. Enter the values for issuer and client_id - the ones you just copied.
      20. Enter a name and 'http://example.com' for the other URL fields.
      21. Save the form
      22. Verify you see a form validation error on the "Client Id" field, stating that the value of the client_id has already been registered under this issuer
      23. Change the client_id to something else and save
      24. Verify the entry was saved successfully.
      Show
      Testing prerequisites You need two Moodle sites (localhost is fine) - one called 'platform' and one called 'tool' In the tool site admin settings: Enable enrol_lti and auth_lti plugins Enable "Allow frame embedding" In BOTH sites: Go to "Administration > Security > HTTP security" and clear all values from the 'curlsecurityblockedhosts' admin setting and save (to permit localhost-to-localhost calls) Testing {issuer, client_id} uniqueness during platform registration Now, in the tool site, go to "Admin > Plugins > Enrolment plugins > Publish as LTI tool > Tool registration Generate a new dynamic registation URL by clicking the button Copy the URL using the copy to clipboard feature Now, in the platform site, login as admin Go to "Admin > Plugins > Activities > External tool > Manage tools" Paste the dynamic registration URL you copied into the text field and click "Add LTI Advantage" When the page reloads and you see the tool, go back into the tool site tab Reload the page Under "Registered Platforms" below, Verify the following: You see a single platform registration entry You see a single deployment for that registration Now, generate another registration URL above and copy it. Go back to the platform site tab In manage tools, enter the URL you just copied into the field and again click "Add LTI Advantage" You'll be presented with upgrade options, but just select "Register as a new external tool" When the page reloads and you see the tool, go back into the tool site tab Reload the page Under "Registered Platforms" below, Verify the following: You see 2 platform registration entries You see a single deployment for both registrations The details column for the 2 entries has the same issuer, but different client_id values. Copy the values of client_id and issuer for one of the entries and store them somewhere (doesn't matter which one) Click "Register a platform" Enter the values for issuer and client_id - the ones you just copied. Enter a name and 'http://example.com' for the other URL fields. Save the form Verify you see a form validation error on the "Client Id" field, stating that the value of the client_id has already been registered under this issuer Change the client_id to something else and save Verify the entry was saved successfully.
    • 5
    • Navigation push 5, Navigation push 6

      Right now, the library treats each issuer as unique, whereas the spec allows issuer+clientid to be unique. I.e. multiple clients can register from the one issuer/platformid.

      This issue is scoped with making changes to the upstream and to the model (DB schema and any validation code in the model, or in dynamic registration's register.php) to allow registration of several clients under the same issuer for a given tool site.

      This issue should also check whether the dynamic registration flow can be used to add deployments for existing {issuer, clientid} tuples. For example, if I were to use a dynamic registration URL again in another platform context (such as registering the tool in another category, etc) and this result in a new deployment for the same issuer+clientid, would the tool be able to resolve this without trying to create a new registration and failing on the uniqueness clause.

            jaked Jake Dallimore
            jaked Jake Dallimore
            Mihail Geshoski Mihail Geshoski
            Mathew May Mathew May
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 2 days, 1 hour, 1 minute
                2d 1h 1m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.