Uploaded image for project: 'Moodle app'
  1. Moodle app
  2. MOBILE-2996

Logout + SSO: User is able to override the stored site

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Minor Minor
    • 3.7.0
    • 3.6.1
    • Authentication
    • Hide

      This issue should be tested in all OS, including desktop.

      1. Configure a site to use authentication via embedded browser and force logout (proto 31 is already configured at the time this is written).
      2. In the app, login with a certain user in that site (let's call him u1).
      3. Open any course and download an activity. Please remember which one you have downloaded.
      4. Go to More tab and logout.
      5. In the sites page, click the user you just added (u1). An embedded browser should be opened.
      6. In that embedded browser, enter another user credentials (let's call him u2) and login. Check that the browser is closed and you're authenticated with u2 (you can verify it in the More tab).
      7. Logout again. Check that you have both users stored in the app.
      8. Click u1 again and, in the embedded browser, now enter the user u1 credentials.
      9. Open the same course as in step 3, enable download options and check that the activity is still downloaded.
      10. Logout again. Check that you have both users stored in the app and u1 wasn't duplicated.
      Show
      This issue should be tested in all OS, including desktop. Configure a site to use authentication via embedded browser and force logout (proto 31 is already configured at the time this is written). In the app, login with a certain user in that site (let's call him u1). Open any course and download an activity. Please remember which one you have downloaded. Go to More tab and logout. In the sites page, click the user you just added (u1). An embedded browser should be opened. In that embedded browser, enter another user credentials (let's call him u2) and login. Check that the browser is closed and you're authenticated with u2 (you can verify it in the More tab). Logout again. Check that you have both users stored in the app. Click u1 again and, in the embedded browser, now enter the user u1 credentials. Open the same course as in step 3, enable download options and check that the activity is still downloaded. Logout again. Check that you have both users stored in the app and u1 wasn't duplicated.
    • MOODLE_36_STABLE
    • MOODLE_37_STABLE
    • Moodle App 3.7.0

      How to reproduce:

      1. Configure a site to use SSO in an embedded window and "force logout".
      2. In the app, login with a certain user (let's call it u1).
      3. Logout and try to login again with u1. An embedded browser should be opened.
      4. Enter the credentials of another user (let's call it u2). The app will override the u1 user with the u2 data.

            dpalou Dani Palou
            dpalou Dani Palou
            Albert Gasset Albert Gasset
            Juan Leyva Juan Leyva
            Isabel Renedo Rouco Isabel Renedo Rouco
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.