Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-82328

OAuth2 authentication constructor causes exceptions when loading profile fields

XMLWordPrintable

    • MOODLE_403_STABLE, MOODLE_404_STABLE
    • MOODLE_403_STABLE, MOODLE_404_STABLE
    • MDL-82328-403
    • MDL-82328-404
    • Hide
      1. Log in as admin
      2. Navigate to Users > Accounts > User profile fields in site administration
      3. Create a new Drop-down menu profile field
        • Fill in the form
        • Ensure Menu options contains a couple of entries
      4. Navigate to Plugins > Filters > Manage filters in site administration
      5. Set MathJax filter to Apply to: Content and headings
      6. Navigate to Plugins > Authentication > Manage authentication in site administration
      7. Enable the OAuth 2 plugin
      8. Navigate to site home
      9. At this point we need the session to expire, edit lib/classes/session/manager.php
      10. Around line 452, change the value of $maxlifetime like so:

        // Verify timeout first.
        $maxlifetime = 2;//$CFG->sessiontimeout;
        

      11. Reload site homepage
      12. Confirm there is no exception
      Show
      Log in as admin Navigate to Users > Accounts > User profile fields in site administration Create a new Drop-down menu profile field Fill in the form Ensure Menu options contains a couple of entries Navigate to Plugins > Filters > Manage filters in site administration Set MathJax filter to Apply to: Content and headings Navigate to Plugins > Authentication > Manage authentication in site administration Enable the OAuth 2 plugin Navigate to site home At this point we need the session to expire, edit lib/classes/session/manager.php Around line 452, change the value of $maxlifetime like so: // Verify timeout first. $maxlifetime = 2;//$CFG->sessiontimeout; Reload site homepage Confirm there is no exception

      Under specific circumstances that only davidcarrillo could ever invent (each morning), it's possible that when a user session expires, we get a consistent exception shown on the page and the site becomes unusable

      The specific combination of settings required are as follows:

      1. There exists a custom user profile field of type Menu
      2. The MathJax filter is set to filter "Content and headings"
      3. The OAuth2 authentication module is enabled

      In the above scenario, when a user session expires then we get the following warning on the screen:

      Warning: Attempt to read property "requires" on null in /var/www/html/filter/mathjaxloader/filter.php on line 83
      

      Along with the following exception:

      Error
      Exception - Call to a member function should_create_one_time_item_now() on null
      Debug info:
      Error code: generalexceptionmessage
      Stack trace:
       
          line 83 of /filter/mathjaxloader/filter.php: Error thrown
          line 275 of /lib/filterlib.php: call to filter_mathjaxloader->setup()
          line 114 of /lib/classes/formatting.php: call to filter_manager->setup_page_for_filters()
          line 759 of /lib/weblib.php: call to core\formatting->format_string()
          line 64 of /user/profile/field/menu/field.class.php: call to format_string()
          line 637 of /user/profile/lib.php: call to profile_field_menu->__construct()
          line 663 of /user/profile/lib.php: call to profile_get_user_field()
          line 845 of /user/profile/lib.php: call to profile_get_user_fields_with_data()
          line 616 of /lib/authlib.php: call to profile_get_custom_fields()
          line 66 of /auth/oauth2/classes/auth.php: call to auth_plugin_base->get_custom_user_profile_fields()
          line 3261 of /lib/moodlelib.php: call to auth_oauth2\auth->__construct()
          line 463 of /lib/classes/session/manager.php: call to get_auth_plugin()
          line 172 of /lib/classes/session/manager.php: call to core\session\manager::initialise_user_session()
          line 144 of /lib/classes/session/manager.php: call to core\session\manager::start_session()
          line 897 of /lib/setup.php: call to core\session\manager::start()
          line 55 of /config.php: call to require_once()
          line 30 of /index.php: call to require_once()
      

      The stacktrace is interesting, because there is a lot happening there. Ultimately the problem is because the OAuth2 constructor tries to pre-empt user profile field loading instead of only doing so when actually required. This is a regression caused by MDL-61789

      Running the following will indicate how every other authentication does the same:

      $ git grep "\->get_custom_user_profile_fields" auth/
      

      Trying to set the class property in the constructor is also a pointless premature optimisation because the method implementation already does exactly that in order to cache the result

            pholden Paul Holden
            pholden Paul Holden
            David Carrillo David Carrillo
            Huong Nguyen Huong Nguyen
            Ron Carl Alfon Yu Ron Carl Alfon Yu
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 hour, 34 minutes
                1h 34m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.