Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-82328

OAuth2 authentication constructor causes exceptions when loading profile fields

XMLWordPrintable

    • MOODLE_403_STABLE, MOODLE_404_STABLE
    • MOODLE_403_STABLE, MOODLE_404_STABLE
    • MDL-82328-403
    • MDL-82328-404
    • Hide
      1. Log in as admin
      2. Navigate to Users > Accounts > User profile fields in site administration
      3. Create a new Drop-down menu profile field
        • Fill in the form
        • Ensure Menu options contains a couple of entries
      4. Navigate to Plugins > Filters > Manage filters in site administration
      5. Set MathJax filter to Apply to: Content and headings
      6. Navigate to Plugins > Authentication > Manage authentication in site administration
      7. Enable the OAuth 2 plugin
      8. Navigate to site home
      9. At this point we need the session to expire, edit lib/classes/session/manager.php
      10. Around line 452, change the value of $maxlifetime like so: 

        // Verify timeout first.
        		 
        $maxlifetime = 2;//$CFG->sessiontimeout;

      11. Reload site homepage
      12. Confirm there is no exception
      Show
      Log in as admin Navigate to Users > Accounts > User profile fields in site administration Create a new Drop-down menu profile field Fill in the form Ensure Menu options contains a couple of entries Navigate to Plugins > Filters > Manage filters in site administration Set MathJax filter to Apply to: Content and headings Navigate to Plugins > Authentication > Manage authentication in site administration Enable the OAuth 2 plugin Navigate to site home At this point we need the session to expire, edit lib/classes/session/manager.php Around line 452, change the value of $maxlifetime like so: // Verify timeout first. $maxlifetime = 2;//$CFG->sessiontimeout; Reload site homepage Confirm there is no exception

      Under specific circumstances that only davidcarrillo could ever invent (each morning), it's possible that when a user session expires, we get a consistent exception shown on the page and the site becomes unusable

      The specific combination of settings required are as follows:

      1. There exists a custom user profile field of type Menu
      2. The MathJax filter is set to filter "Content and headings"
      3. The OAuth2 authentication module is enabled

      In the above scenario, when a user session expires then we get the following warning on the screen:

      Warning: Attempt to read property "requires" on null in /var/www/html/filter/mathjaxloader/filter.php on line 83

      Along with the following exception:

      Error
      		 
      Exception - Call to a member function should_create_one_time_item_now() on null
      		 
      Debug info:
      		 
      Error code: generalexceptionmessage
      		 
      Stack trace:
      		 
       
      		 
          line 83 of /filter/mathjaxloader/filter.php: Error thrown
      		 
          line 275 of /lib/filterlib.php: call to filter_mathjaxloader->setup()
      		 
          line 114 of /lib/classes/formatting.php: call to filter_manager->setup_page_for_filters()
      		 
          line 759 of /lib/weblib.php: call to core\formatting->format_string()
      		 
          line 64 of /user/profile/field/menu/field.class.php: call to format_string()
      		 
          line 637 of /user/profile/lib.php: call to profile_field_menu->__construct()
      		 
          line 663 of /user/profile/lib.php: call to profile_get_user_field()
      		 
          line 845 of /user/profile/lib.php: call to profile_get_user_fields_with_data()
      		 
          line 616 of /lib/authlib.php: call to profile_get_custom_fields()
      		 
          line 66 of /auth/oauth2/classes/auth.php: call to auth_plugin_base->get_custom_user_profile_fields()
      		 
          line 3261 of /lib/moodlelib.php: call to auth_oauth2\auth->__construct()
      		 
          line 463 of /lib/classes/session/manager.php: call to get_auth_plugin()
      		 
          line 172 of /lib/classes/session/manager.php: call to core\session\manager::initialise_user_session()
      		 
          line 144 of /lib/classes/session/manager.php: call to core\session\manager::start_session()
      		 
          line 897 of /lib/setup.php: call to core\session\manager::start()
      		 
          line 55 of /config.php: call to require_once()
      		 
          line 30 of /index.php: call to require_once()

      The stacktrace is interesting, because there is a lot happening there. Ultimately the problem is because the OAuth2 constructor tries to pre-empt user profile field loading instead of only doing so when actually required. This is a regression caused by MDL-61789

      Running the following will indicate how every other authentication does the same:

      $ git grep "\->get_custom_user_profile_fields" auth/

      Trying to set the class property in the constructor is also a pointless premature optimisation because the method implementation already does exactly that in order to cache the result

        1. MDL-82328.png
          217 kB
          Ron Carl Alfon Yu

            pholden Paul Holden
            pholden Paul Holden
            David Carrillo David Carrillo
            Huong Nguyen Huong Nguyen
            Ron Carl Alfon Yu Ron Carl Alfon Yu
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 hour, 34 minutes
                1h 34m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.