Uploaded image for project: 'Moodle app'
  1. Moodle app
  2. MOBILE-2996

Logout + SSO: User is able to override the stored site

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Done
    • Affects Version/s: 3.6.1
    • Fix Version/s: 3.7.0
    • Component/s: Authentication
    • Labels:
    • Testing Instructions:
      Hide

      This issue should be tested in all OS, including desktop.

      1. Configure a site to use authentication via embedded browser and force logout (proto 31 is already configured at the time this is written).
      2. In the app, login with a certain user in that site (let's call him u1).
      3. Open any course and download an activity. Please remember which one you have downloaded.
      4. Go to More tab and logout.
      5. In the sites page, click the user you just added (u1). An embedded browser should be opened.
      6. In that embedded browser, enter another user credentials (let's call him u2) and login. Check that the browser is closed and you're authenticated with u2 (you can verify it in the More tab).
      7. Logout again. Check that you have both users stored in the app.
      8. Click u1 again and, in the embedded browser, now enter the user u1 credentials.
      9. Open the same course as in step 3, enable download options and check that the activity is still downloaded.
      10. Logout again. Check that you have both users stored in the app and u1 wasn't duplicated.
      Show
      This issue should be tested in all OS, including desktop. Configure a site to use authentication via embedded browser and force logout (proto 31 is already configured at the time this is written). In the app, login with a certain user in that site (let's call him u1). Open any course and download an activity. Please remember which one you have downloaded. Go to More tab and logout. In the sites page, click the user you just added (u1). An embedded browser should be opened. In that embedded browser, enter another user credentials (let's call him u2) and login. Check that the browser is closed and you're authenticated with u2 (you can verify it in the More tab). Logout again. Check that you have both users stored in the app. Click u1 again and, in the embedded browser, now enter the user u1 credentials. Open the same course as in step 3, enable download options and check that the activity is still downloaded. Logout again. Check that you have both users stored in the app and u1 wasn't duplicated.
    • Affected Branches:
      MOODLE_36_STABLE
    • Fixed Branches:
      MOODLE_37_STABLE
    • Sprint:
      Moodle App 3.7.0

      Description

      How to reproduce:

      1. Configure a site to use SSO in an embedded window and "force logout".
      2. In the app, login with a certain user (let's call it u1).
      3. Logout and try to login again with u1. An embedded browser should be opened.
      4. Enter the credentials of another user (let's call it u2). The app will override the u1 user with the u2 data.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Fix Release Date:
                7/Jun/19