Mahara as MNet IDP breaks because of longer session ids

Bug #1598974 reported by Aaron Wells on 2016-07-05
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
Medium
Unassigned
15.04
Medium
Unassigned
15.10
Medium
Unassigned
16.04
Medium
Unassigned
16.10
Medium
Unassigned

Bug Description

When you use Mahara as the MNet identity provider, it tries to store the user's session id in the "sso_session.sessionid" database column. This column is 40 characters, because we were previously using SHA-1 based sessionids, which are 40 characters. When we switched to SHA-256, the sessionids expanded to 64 characters, which causes it to crash.

To replicate:

1. Set up MNet between Moodle and Mahara, with Mahara as the identity provider.
2. Log in to Mahara.
3. In the sideblock, click on the link to roam over to Moodle

Expected result: You roam over to Moodle
Actual result: It crashes with this error message:

[WAR] d8 (lib/errors.php:796) Failed to get a recordset: postgres8 error: [-1: ERROR: value too long for type character varying(40)] in EXECUTE("INSERT INTO "sso_session" ("userid", "instanceid", "username", "useragent", "token", "confirmtimeout", "expires", "sessionid") VALUES (?, ?, ?, ?, ?, ?, ?, ?)")
Command was: INSERT INTO "sso_session" ("userid", "instanceid", "username", "useragent", "token", "confirmtimeout", "expires", "sessionid") VALUES (?, ?, ?, ?, ?, ?, ?, ?) and values was (userid:1,instanceid:2,username:admin,useragent:3628ed27e34fdc54e674d6a3b4a24c71208a600d,token:9d1b2dcf6adf3ab284b3940113ef76f0513eca93,confirmtimeout:1467678764,expires:1467765149,sessionid:a63792d82ed3538d731018873581817c7214a7ea94e4379316161a0b8c773a7c)
Call stack (most recent first):

    log_message("Failed to get a recordset: postgres8 error: [-1: E...", 8, true, true) at /home/aaronw/www/mahara/htdocs/lib/errors.php:95
    log_warn("Failed to get a recordset: postgres8 error: [-1: E...") at /home/aaronw/www/mahara/htdocs/lib/errors.php:796
    SQLException->__construct("Failed to get a recordset: postgres8 error: [-1: E...") at /home/aaronw/www/mahara/htdocs/lib/dml.php:1088
    insert_record("sso_session", object(stdClass)) at /home/aaronw/www/mahara/htdocs/api/xmlrpc/lib.php:93
    start_jump_session(object(Peer), "2", "") at /home/aaronw/www/mahara/htdocs/auth/xmlrpc/jump.php:53

Reviewed: https://reviews.mahara.org/6649
Committed: https://git.mahara.org/mahara/mahara/commit/6232e77c9dc5587ff0e1bef0444d1cf61970761d
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 6232e77c9dc5587ff0e1bef0444d1cf61970761d
Author: Aaron Wells <email address hidden>
Date: Tue Jul 5 12:52:17 2016 +1200

Bug 1598974: Update sso_session to handle SHA-256 session ids

Change-Id: I8ec8c26eb7bc8458e125aa0cc7ab0790657708a8
behatnotneeded: Can't test mnet in behat

Mahara Bot (dev-mahara) wrote :

Patch for "15.10_STABLE" branch: https://reviews.mahara.org/6656

Mahara Bot (dev-mahara) wrote :

Patch for "15.04_STABLE" branch: https://reviews.mahara.org/6657

Reviewed: https://reviews.mahara.org/6657
Committed: https://git.mahara.org/mahara/mahara/commit/8190728fba8e718e287a6750161bd34902f1deb2
Submitter: Robert Lyon (<email address hidden>)
Branch: 15.04_STABLE

commit 8190728fba8e718e287a6750161bd34902f1deb2
Author: Aaron Wells <email address hidden>
Date: Tue Jul 5 12:52:17 2016 +1200

Bug 1598974: Update sso_session to handle SHA-256 session ids

Change-Id: I8ec8c26eb7bc8458e125aa0cc7ab0790657708a8
behatnotneeded: Can't test mnet in behat

Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/6656
Committed: https://git.mahara.org/mahara/mahara/commit/36eb9aa64f9aed74b7789b095cf0d7e513400120
Submitter: Robert Lyon (<email address hidden>)
Branch: 15.10_STABLE

commit 36eb9aa64f9aed74b7789b095cf0d7e513400120
Author: Aaron Wells <email address hidden>
Date: Tue Jul 5 12:52:17 2016 +1200

Bug 1598974: Update sso_session to handle SHA-256 session ids

Change-Id: I8ec8c26eb7bc8458e125aa0cc7ab0790657708a8
behatnotneeded: Can't test mnet in behat

Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/6655
Committed: https://git.mahara.org/mahara/mahara/commit/d31db21623dac3b00b5eabd34ebdfcaed730aa1b
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.04_STABLE

commit d31db21623dac3b00b5eabd34ebdfcaed730aa1b
Author: Aaron Wells <email address hidden>
Date: Tue Jul 5 12:52:17 2016 +1200

Bug 1598974: Update sso_session to handle SHA-256 session ids

Change-Id: I8ec8c26eb7bc8458e125aa0cc7ab0790657708a8
behatnotneeded: Can't test mnet in behat

Robert Lyon (robertl-9) on 2016-10-21
Changed in mahara:
milestone: 16.10.0 → none
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers