Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-73558

Change password URLs and external authentication

    XMLWordPrintable

Details

    • Improvement
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • 4.0
    • None
    • Authentication
    • None
    • MOODLE_400_STABLE

    Description

      The implementation of MDL-66776 will expose Moodle's change password functionality to users who haven't previously interacted with it much, or at all. For those of us who use external authentication systems such as LDAP or CAS we've never had to worry about those values.

      Consider this scenario:

      • Site uses LDAP for authentication
      • Site does not allow users to change their password within Moodle, so "Use standard page for changing password" is set to "No". The "Password-change URL" is empty. "Forgotten password URL" in "Manage authentication" is set to an external system that manages credentials.

      In this scenario, you would probably want the Forgotten password URL returned, but what you'll get is a link to the user preferences page (I've included flowcharts explaining the workflow as I understand it). This is why:

      • Moodle returns the user preference link by default.
      • Moodle checks with the auth plugin if it can change the password. In the case of LDAP, it says yes if "Use standard page for changing password" is set to "Yes" or "Password-change URL" isn't empty. Otherwise, it returns false.
      • On false, Moodle uses the preference link.

      If the administrator sets the Password-change URL to the external system, then nothing is returned at all, because the having determined that the password can be changed, change_password_url() returns NULL if "Use standard page for changing password" is empty.

      I think the workflow for new login notifications should include the Forgotten password URL.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              cfulton Charles Fulton
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Sujith Haridasan
              Votes:
              6 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated: