Details
-
Bug
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
3.9.11
-
None
-
None
-
MOODLE_39_STABLE
Description
Perhaps I will now learn this is the expected behavior, but if mnethostid is set to 0 for a user, they can login if they are a manual user but not if they are an Oauth2 user. We do not have multiple Moodle sites – just using Oauth2 SSO. Presumably it shouldn't be zero, but I was using some plugins that left it at the default, which seems to be zero.
I have traced this to the get_user_by_email function in lib/classes/user.php which starts with if(empty($mnethostid)) – PHP considers a value of 0 to be empty. Again, apologies if this is the expected behavior and if 0 doesn't belong.
I happen to have it set so that new Oauth2 users cannot self-register, so the error received is "The login attempt failed. Reason: An account with your email address could not be found." (Separately, it would be super helpful for troubleshooting if this message included the e-mail address that was tried – I can give some reasons if necessary.) In fact, there is an account with their e-mail address (just mnethostid is 0). I'm a little concerned based on reading the code that if we had self-registration on this would try to create another account. We are using Google SSO for login.
Apologies if this is fixed in later versions but I couldn't find anything by searching the tracker. I am on 3.8.5+ but have verified the same code exists in 3.9.11. Also, first report – apologies for making lots of mistakes.