The 'None' auth needs to be locked down or removed to avoid troubles with multi institutions

Bug #1546769 reported by Robert Lyon on 2016-02-17
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
High
Robert Lyon
16.04
High
Unassigned
16.10
High
Unassigned
17.04
High
Unassigned
17.10
High
Robert Lyon

Bug Description

When there are multiple institutions/tenants on a mahara and one of the tenants decides to add the 'None' auth method to their institution it causes havoc for users on all institutions as if they accidentally enter their login details wrong they get logged in to institution with 'None' set as a new user rather than their normal institution/account.

Things that need to be changed to avoid this problem:

1) When an institution tries to add the 'None' auth option it needs to check to see if there are any other institutions present and only allow it if institution count = 1

2) Conversely if the only institution uses 'None' auth then you shouldn't be allowed to add a new institution until that auth is removed

3) And when you are able to add "None" you should probably get some prominent message with "Do you really want to do this? You know, it means that anybody will be able to log in without any authorization"

Also as part of this change it would be very good to add a ctime (and maybe userid) field to the auth_instance table to record when one adds/edits auth details to see when things changed as this human error can cause big problems for users.

Revision history for this message
Aaron Wells (u-aaronw) wrote :

On further discussion with Robert, we've agreed that the best thing to do is simply to remove the "none" authentication method from Mahara core entirely. So the plan is roughly this:

1. Remove the "auth/none" plugin directory from Mahara
2. Put the auth/none code into a separate git repository, so it can be downloaded and installed separately by sites that actually do want to use it.
3. Put migration code in place, that will find any institutions that have "None" as their only auth method, and set up an Internal auth method for them.
4. Further migration code that finds any users who are set to a "None" auth method, and converts them to an Internal auth method (without a password)
5. A note in the README that indicates that the "none" auth method was removed and that if you're a site that is seriously using it, you should add the plugin back into your site before running the upgrade script, or your users will be migrated from "None" to "Internal"
6. Make sure that the migration code in steps 3 & 4 checks to see if you have, indeed, downloaded and installed the new optional None plugin. And if you have, it doesn't migrate the users, because apparently you actually are using the plugin.
7. And optionally, to provide better support for sites that do the "copy-over" upgrade, make the migration code check to see if you have the *old* version of the "None" plugin present in your site, and if so, disable it.

Revision history for this message
Aaron Wells (u-aaronw) wrote :

Here's a brief discussion of why we decided to get rid of the "None" plugin. The "None" plugin is a kind of null auth plugin. When you type in a username, and any password, the "None" plugin will say that you have successfully authenticated that username. If you set it to auto-create users, it will the auto-provision a user with that username and the last name "McAuthentication".

The code and documentation indicate that this plugin is "meant only for testing". However, in the years we've worked on Mahara, we've never actually used it for testing. Instead, we tend to use the "Internal" auth method for most testing users. Potentially the plugin could be useful for testing code that relates to the auto-provisioning of users. But that would only be useful for Mahara developers, *not* for actual production sites using Mahara. As such, that makes this plugin at best a development tool, and potentially harmful development tools shouldn't be left hanging around in the final distribution for end-users to stumble across.

summary: - The 'None' auth needs to be locked down more to avoid troubles with
- multi institutions
+ The 'None' auth needs to be locked down or removed to avoid troubles
+ with multi institutions
Robert Lyon (robertl-9) on 2016-11-07
Changed in mahara:
milestone: none → 17.04.0
Changed in mahara:
milestone: 17.04.0 → 17.10.0
Robert Lyon (robertl-9) on 2017-09-04
Changed in mahara:
status: In Progress → Confirmed
Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "16.10_STABLE" branch: https://reviews.mahara.org/8022

Revision history for this message
Mahara Bot (dev-mahara) wrote :

Patch for "master" branch: https://reviews.mahara.org/8023

Revision history for this message
Robert Lyon (robertl-9) wrote :

The easiest thing to do is make auth return false if site is in production mode

Changed in mahara:
status: Confirmed → In Progress
Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/8023
Committed: https://git.mahara.org/mahara/mahara/commit/3cc09ae5a9e8f9356946d2bc15164db148572692
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 3cc09ae5a9e8f9356946d2bc15164db148572692
Author: Robert Lyon <email address hidden>
Date: Mon Sep 18 13:46:55 2017 +1200

Bug 1546769: Stop 'none' auth being allowed to work on production site

behatnotneeded

Change-Id: I80432042b06f00f0e84d0bdf2d7327233c4f2ba9
Signed-off-by: Robert Lyon <email address hidden>

Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "17.04_STABLE" branch: https://reviews.mahara.org/8040

Revision history for this message
Mahara Bot (dev-mahara) wrote :

Patch for "16.04_STABLE" branch: https://reviews.mahara.org/8041

Revision history for this message
Mahara Bot (dev-mahara) wrote :

Patch for "15.04_STABLE" branch: https://reviews.mahara.org/8042

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/8040
Committed: https://git.mahara.org/mahara/mahara/commit/a1da6ea10b5f7eb33883b58bcc801922fc1ab8be
Submitter: Robert Lyon (<email address hidden>)
Branch: 17.04_STABLE

commit a1da6ea10b5f7eb33883b58bcc801922fc1ab8be
Author: Robert Lyon <email address hidden>
Date: Mon Sep 18 13:46:55 2017 +1200

Bug 1546769: Stop 'none' auth being allowed to work on production site

behatnotneeded

Change-Id: I80432042b06f00f0e84d0bdf2d7327233c4f2ba9
Signed-off-by: Robert Lyon <email address hidden>
(cherry picked from commit 3cc09ae5a9e8f9356946d2bc15164db148572692)

Revision history for this message
Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/8022
Committed: https://git.mahara.org/mahara/mahara/commit/cb2f9130a09ba83cc90b3070a59c82f85594b68a
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE

commit cb2f9130a09ba83cc90b3070a59c82f85594b68a
Author: Robert Lyon <email address hidden>
Date: Mon Sep 18 13:46:55 2017 +1200

Bug 1546769: Stop 'none' auth being allowed to work on production site

behatnotneeded

Change-Id: I80432042b06f00f0e84d0bdf2d7327233c4f2ba9
Signed-off-by: Robert Lyon <email address hidden>
(cherry picked from commit 3cc09ae5a9e8f9356946d2bc15164db148572692)

Revision history for this message
Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/8041
Committed: https://git.mahara.org/mahara/mahara/commit/84b9c399688f9638a51c462ddfb4447eee91ce2d
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.04_STABLE

commit 84b9c399688f9638a51c462ddfb4447eee91ce2d
Author: Robert Lyon <email address hidden>
Date: Mon Sep 18 13:46:55 2017 +1200

Bug 1546769: Stop 'none' auth being allowed to work on production site

behatnotneeded

Change-Id: I80432042b06f00f0e84d0bdf2d7327233c4f2ba9
Signed-off-by: Robert Lyon <email address hidden>
(cherry picked from commit 3cc09ae5a9e8f9356946d2bc15164db148572692)

tags: added: usermanualupdate
Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "master" branch: https://reviews.mahara.org/8166

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/8166
Committed: https://git.mahara.org/mahara/mahara/commit/836e37d98c5ee1b89594279fcc10056b411b1acb
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 836e37d98c5ee1b89594279fcc10056b411b1acb
Author: Robert Lyon <email address hidden>
Date: Tue Oct 24 07:56:15 2017 +1300

Bug 1546769: Adjusting string for the auth selection for 'none'

behatnotneeded

Change-Id: Ibea0816e9823c0a790564a39fd5b12455aa28339
Signed-off-by: Robert Lyon <email address hidden>

Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "17.10_STABLE" branch: https://reviews.mahara.org/8170

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/8170
Committed: https://git.mahara.org/mahara/mahara/commit/2d601f6610e412868d2bcfe948ee5f9c69e11864
Submitter: Robert Lyon (<email address hidden>)
Branch: 17.10_STABLE

commit 2d601f6610e412868d2bcfe948ee5f9c69e11864
Author: Robert Lyon <email address hidden>
Date: Tue Oct 24 07:56:15 2017 +1300

Bug 1546769: Adjusting string for the auth selection for 'none'

behatnotneeded

Change-Id: Ibea0816e9823c0a790564a39fd5b12455aa28339
Signed-off-by: Robert Lyon <email address hidden>
(cherry picked from commit 836e37d98c5ee1b89594279fcc10056b411b1acb)

Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "17.04_STABLE" branch: https://reviews.mahara.org/8171

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/8171
Committed: https://git.mahara.org/mahara/mahara/commit/54f05eae282ee481adb8745dd45d4b89fb2b6b2e
Submitter: Robert Lyon (<email address hidden>)
Branch: 17.04_STABLE

commit 54f05eae282ee481adb8745dd45d4b89fb2b6b2e
Author: Robert Lyon <email address hidden>
Date: Tue Oct 24 07:56:15 2017 +1300

Bug 1546769: Adjusting string for the auth selection for 'none'

behatnotneeded

Change-Id: Ibea0816e9823c0a790564a39fd5b12455aa28339
Signed-off-by: Robert Lyon <email address hidden>
(cherry picked from commit 836e37d98c5ee1b89594279fcc10056b411b1acb)
(cherry picked from commit 2d601f6610e412868d2bcfe948ee5f9c69e11864)

Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "16.10_STABLE" branch: https://reviews.mahara.org/8172

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/8172
Committed: https://git.mahara.org/mahara/mahara/commit/a732649da051f6d1f0ebb614b1d1b989f189d24a
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE

commit a732649da051f6d1f0ebb614b1d1b989f189d24a
Author: Robert Lyon <email address hidden>
Date: Tue Oct 24 07:56:15 2017 +1300

Bug 1546769: Adjusting string for the auth selection for 'none'

behatnotneeded

Change-Id: Ibea0816e9823c0a790564a39fd5b12455aa28339
Signed-off-by: Robert Lyon <email address hidden>
(cherry picked from commit 836e37d98c5ee1b89594279fcc10056b411b1acb)
(cherry picked from commit 2d601f6610e412868d2bcfe948ee5f9c69e11864)
(cherry picked from commit 54f05eae282ee481adb8745dd45d4b89fb2b6b2e)

Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "16.04_STABLE" branch: https://reviews.mahara.org/8173

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/8173
Committed: https://git.mahara.org/mahara/mahara/commit/fdc23f0b97fd4cf6cbab4e27c530a700e00699bf
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.04_STABLE

commit fdc23f0b97fd4cf6cbab4e27c530a700e00699bf
Author: Robert Lyon <email address hidden>
Date: Tue Oct 24 07:56:15 2017 +1300

Bug 1546769: Adjusting string for the auth selection for 'none'

behatnotneeded

Change-Id: Ibea0816e9823c0a790564a39fd5b12455aa28339
Signed-off-by: Robert Lyon <email address hidden>
(cherry picked from commit 836e37d98c5ee1b89594279fcc10056b411b1acb)
(cherry picked from commit 2d601f6610e412868d2bcfe948ee5f9c69e11864)
(cherry picked from commit 54f05eae282ee481adb8745dd45d4b89fb2b6b2e)
(cherry picked from commit a732649da051f6d1f0ebb614b1d1b989f189d24a)

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers