Uploaded image for project: 'Moodle app'
  1. Moodle app
  2. MOBILE-3013

Allow to SSO from external apps via the Custom URL Scheme API

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide

      This issue should be tested both in Android and iOS.

       Test Token and Link URLs aren't broken

      1. Install the app in the device and login in a site with SSO in a system browser. Check that you're able to authenticate fine.
      2. Now login in a site with SSO in an embedded browser. Check that you're able to authenticate fine.
      3. Login in master site.
      4. Now open a browser, login in master site too and go to MM Dev Course > Links to capture > Links to launch the app from browser (old way)
      5. Click the link "Custom URL Scheme to this site and course". Check that the app is opened with the MM Dev Testing course and the "Links to capture" section.

      Test Root URLs

      1. Install the app in the device and login in master site if you don't have it stored yet. Make sure you only have 1 account of master site in the device.
      2. Logout from master site and login in another site that isn't moodle.org (e.g. mobile36).
      3. Open a browser and login in master site too.
      4. In browser, open MM Dev Testing > Links to capture > Links to launch the app from browser (old way)
      5. Open the link "Custom URL Scheme to this site in the app". Check that the app is opened and you're redirected to the master site.
      6. Go back to browser and click the same link. Check that the app is opened and nothing else happens, you're still in master site.
      7. Go back to browser and click "Custom URL Scheme to this site with an invalid URL in the app". Check that the app is opened and it displays an error saying there is no action for that link.
      8. Go back to browser and click "Custom URL Scheme to moodle.org/a/fake/url in the app". Check that you see an error saying that it cannot connect and you should verify that the URL is correct.
      9. Go back to browser and click "Custom URL Scheme to moodle.org in the app". Check that you see a confirm modal.
      10. Click Ok. Check that you're sent to the credentials page to login in moodle.org.
      11. In the app, login in mobile master again and go to MM Dev Testing > Links to capture.
      12. Click "This site root URL" at the start of the section. Check that the site is opened in browser.
      13. In the app, now click "moodle.org" at the start of the section. Check that moodle.org is opened in browser.
      14. In the app, now open the URL activity "https://mobilemaster.moodledemo.net" at the end of the section. Check that the site is opened in browser.
      15. In the app, now open the URL activity "moodle.org" at the end of the section. Check that moodle.org is opened in browser.
      16. In the app, logout from the site and add the site moodle.org.
      17. Logout and go back to Master site > MM Dev Testing > Links to capture.
      18. Click "moodle.org" link at the start of the section. Check that moodle.org is opened in the app.
      19. Logout and go back to Master site > MM Dev Testing > Links to capture.
      20. Now open the URL activity "moodle.org" at the end of the section. Check that moodle.org is opened in the app.
      21. Add another account from master site in the app, so you have 2 different accounts stored.
      22. While being logged in with any of the accounts, go to browser and click the link "Custom URL Scheme to this site in the app". Check that the app is opened and nothing else happens.
      23. Logout in the app, go to browser and click the link "Custom URL Scheme to this site in the app". Check that the app is opened and you're sent to a page to choose the site to use.
      24. Select the site you prefer. Check you're logged in to that site.

      Test new way to handle custom URL schemes

      1. Install the app in the device and delete all the master sites stored if you have any.
      2. Open a browser and login in master site.
      3. In browser, open MM Dev Testing > Links to capture (open the section via the side left menu) > Links to launch the app from browser (new way)
      4. All the links you need to click in the following steps are the ones below the title "URLs with protocol".
      5. Open the link "Link to this site, no username, no token, no redirect". Check that the app is opened and you're sent to the credentials page with the master site URL fixed.
      6. Enter a username and password and login. Check that you're authenticated and sent to the dashboard page.
      7. Logout and delete the stored site.
      8. Open the browser again and now click "Link to this site, username u1, no token, no redirect". Check that the app is opened and you're sent to the credentials page with the master site URL fixed and the username "u1" already typed in the username field.
      9. Go back (don't authenticate), open the browser again and now click "Link to this site, no username, no token, redirect to course". Check that the app is opened and you're sent to the credentials page with the master site URL fixed.
      10. Enter a username and password and login. Check that you're authenticated and sent to the MM Dev course and the "Links to capture" section.
      11. Without logout, open the browser again and now click "Link to this site, no username, token from studentjuan, no redirect". Check that the app is opened and you're sent to the dashboard page.
      12. Click the "More" tab and check that you're authenticated as studentjuan.
      13. Open the browser again and click the same link: "Link to this site, no username, token from studentjuan, no redirect". Check that the app is opened and nothing else happens, you're still authenticated as studentjuan.
      14. Open the browser again and click the link "Link to this site, username u1, no token, redirect to course". Check that the app is opened and you're sent to the credentials page with the master site URL fixed and the username "u1" already typed in the username field.
      15. Enter the password for u1 and login. Check that you're authenticated and sent to the MM Dev course and the "Links to capture" section.
      16. Logout and login again with studentjuan.
      17. Open the browser again and click the same link again: "Link to this site, username u1, no token, redirect to course". Check that the app is opened and, after confirming, you're sent to the MM Dev Course and the "Links to capture" section. Check that you're authenticated as u1.
      18. Logout and delete the studentjuan account from the device.
      19. Open the browser again and click the link "Link to this site, no username, token from studentjuan, redirect to course". Check that the app is opened and you're sent to the MM Dev Course and the "Links to capture" section. Check that you're authenticated as studentjuan.
      20. Logout (don't delete the site).
      21. Open the browser again and click the link "Link to this site, username u1, token from studentjuan, redirect to course". Check that the app is opened and you're sent to the MM Dev Course and the "Links to capture" section. Check that you're authenticated as studentjuan (the token param has more priority than the username param).
      22. Logout (don't delete the site).
      23. Open the browser again and click the link "Link to this site, no username, no token, redirect to course". Check that the app is opened and you're sent to a page to choose the site to use.
      24. Select the site you prefer. Check that you're sent to the MM Dev Course and the "Links to capture" section. Check that you're authenticated as the user you selected.
      25. Now you can repeat any of the tests above but using the URLs under the title "URLs without protocol". IMO there's no need to test them all again (I did it), just pick the one(s) you prefer.
      26. Now you can repeat any of the tests above but using the URLs under the title "URLs with protocol and relative redirect". IMO there's no need to test them all again (I did it), just pick the one(s) you prefer.
      27. Now you can repeat any of the tests above but using the URLs under the title "URLs without protocol and relative redirect". IMO there's no need to test them all again (I did it), just pick the one(s) you prefer.
      Show
      This issue should be tested both in Android and iOS.   Test Token and Link URLs aren't broken Install the app in the device and login in a site with SSO in a system browser. Check that you're able to authenticate fine. Now login in a site with SSO in an embedded browser. Check that you're able to authenticate fine. Login in master site. Now open a browser, login in master site too and go to MM Dev Course > Links to capture > Links to launch the app from browser ( old way) Click the link "Custom URL Scheme to this site and course". Check that the app is opened with the MM Dev Testing course and the "Links to capture" section. Test Root URLs Install the app in the device and login in master site if you don't have it stored yet. Make sure you only have 1 account of master site in the device. Logout from master site and login in another site that isn't moodle.org (e.g. mobile36). Open a browser and login in master site too. In browser, open MM Dev Testing > Links to capture > Links to launch the app from browser ( old way) Open the link "Custom URL Scheme to this site in the app". Check that the app is opened and you're redirected to the master site. Go back to browser and click the same link. Check that the app is opened and nothing else happens, you're still in master site. Go back to browser and click "Custom URL Scheme to this site with an invalid URL in the app". Check that the app is opened and it displays an error saying there is no action for that link. Go back to browser and click "Custom URL Scheme to moodle.org/a/fake/url in the app". Check that you see an error saying that it cannot connect and you should verify that the URL is correct. Go back to browser and click "Custom URL Scheme to moodle.org in the app". Check that you see a confirm modal. Click Ok. Check that you're sent to the credentials page to login in moodle.org. In the app, login in mobile master again and go to MM Dev Testing > Links to capture. Click "This site root URL" at the start of the section. Check that the site is opened in browser. In the app, now click "moodle.org" at the start of the section. Check that moodle.org is opened in browser. In the app, now open the URL activity "https://mobilemaster.moodledemo.net" at the end of the section. Check that the site is opened in browser. In the app, now open the URL activity "moodle.org" at the end of the section. Check that moodle.org is opened in browser. In the app, logout from the site and add the site moodle.org. Logout and go back to Master site > MM Dev Testing > Links to capture. Click "moodle.org" link at the start of the section. Check that moodle.org is opened in the app. Logout and go back to Master site > MM Dev Testing > Links to capture. Now open the URL activity "moodle.org" at the end of the section. Check that moodle.org is opened in the app. Add another account from master site in the app, so you have 2 different accounts stored. While being logged in with any of the accounts, go to browser and click the link "Custom URL Scheme to this site in the app". Check that the app is opened and nothing else happens. Logout in the app, go to browser and click the link "Custom URL Scheme to this site in the app". Check that the app is opened and you're sent to a page to choose the site to use. Select the site you prefer. Check you're logged in to that site. Test new way to handle custom URL schemes Install the app in the device and delete all the master sites stored if you have any. Open a browser and login in master site. In browser, open MM Dev Testing > Links to capture (open the section via the side left menu) > Links to launch the app from browser ( new way) All the links you need to click in the following steps are the ones below the title "URLs with protocol". Open the link "Link to this site, no username, no token, no redirect". Check that the app is opened and you're sent to the credentials page with the master site URL fixed. Enter a username and password and login. Check that you're authenticated and sent to the dashboard page. Logout and delete the stored site. Open the browser again and now click "Link to this site, username u1, no token, no redirect". Check that the app is opened and you're sent to the credentials page with the master site URL fixed and the username "u1" already typed in the username field. Go back (don't authenticate), open the browser again and now click "Link to this site, no username, no token, redirect to course". Check that the app is opened and you're sent to the credentials page with the master site URL fixed. Enter a username and password and login. Check that you're authenticated and sent to the MM Dev course and the "Links to capture" section. Without logout, open the browser again and now click "Link to this site, no username, token from studentjuan, no redirect". Check that the app is opened and you're sent to the dashboard page. Click the "More" tab and check that you're authenticated as studentjuan. Open the browser again and click the same link: "Link to this site, no username, token from studentjuan, no redirect". Check that the app is opened and nothing else happens, you're still authenticated as studentjuan. Open the browser again and click the link "Link to this site, username u1, no token, redirect to course". Check that the app is opened and you're sent to the credentials page with the master site URL fixed and the username "u1" already typed in the username field. Enter the password for u1 and login. Check that you're authenticated and sent to the MM Dev course and the "Links to capture" section. Logout and login again with studentjuan. Open the browser again and click the same link again: "Link to this site, username u1, no token, redirect to course". Check that the app is opened and, after confirming, you're sent to the MM Dev Course and the "Links to capture" section. Check that you're authenticated as u1. Logout and delete the studentjuan account from the device. Open the browser again and click the link "Link to this site, no username, token from studentjuan, redirect to course". Check that the app is opened and you're sent to the MM Dev Course and the "Links to capture" section. Check that you're authenticated as studentjuan. Logout (don't delete the site). Open the browser again and click the link "Link to this site, username u1, token from studentjuan, redirect to course". Check that the app is opened and you're sent to the MM Dev Course and the "Links to capture" section. Check that you're authenticated as studentjuan (the token param has more priority than the username param). Logout (don't delete the site). Open the browser again and click the link "Link to this site, no username, no token, redirect to course". Check that the app is opened and you're sent to a page to choose the site to use. Select the site you prefer. Check that you're sent to the MM Dev Course and the "Links to capture" section. Check that you're authenticated as the user you selected. Now you can repeat any of the tests above but using the URLs under the title "URLs without protocol". IMO there's no need to test them all again (I did it), just pick the one(s) you prefer. Now you can repeat any of the tests above but using the URLs under the title "URLs with protocol and relative redirect". IMO there's no need to test them all again (I did it), just pick the one(s) you prefer. Now you can repeat any of the tests above but using the URLs under the title "URLs without protocol and relative redirect". IMO there's no need to test them all again (I did it), just pick the one(s) you prefer.
    • Affected Branches:
      MOODLE_36_STABLE
    • Fixed Branches:
      MOODLE_37_STABLE
    • Sprint:
      Moodle App 3.7.0

      Description

      Right now it is possible to launch the app an auto-login the user in the app via the admin/tool/mobile/launch.php browser script that generates a custom URL like:
      moodlemobile://token=SOMETHING

      but we need to enable the same from apps (not just the browser). Those apps should be able to launch a URL including the user token and the page they want to redirect them

      Those apps could be SIS apps that can obtain the Moodle user web service token via a custom Web Service or similar.

      I propose something like this (just an example):
      moodlemobile://login=TOKEN@https://moodle.org

      and we may have to enable to pass also the Private Token (so we can enable auto-login app->browser):
      moodlemobile://login=TOKEN:PRIVATETOKEN@https://moodle.org

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                dpalou Dani Palou
                Reporter:
                jleyva Juan Leyva
                Peer reviewer:
                Pau Ferrer
                Integrator:
                Juan Leyva
                Tester:
                Pau Ferrer
                Participants:
                Component watchers:
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  7/Jun/19