Bypass externallogin

Bug #1771774 reported by bobthevirus on 2018-05-17
This bug affects 1 person
Affects Status Importance Assigned to Milestone

Bug Description

When the externallogin setting is turned on, it's impossible to fix things such as metadata URLs etc which are required for some external logins to work.

It would be good to be able to pass in a special URL parameter to make Mahara skip the external login process. Here is a patch which I can push up to gerrit once someone confirms that the proposed change is useful and that the url parameter is unique enough:

diff --git a/htdocs/auth/lib.php b/htdocs/auth/lib.php
index 779d080352..4baf2c7875 100644
--- a/htdocs/auth/lib.php
+++ b/htdocs/auth/lib.php
@@ -1171,7 +1171,7 @@ function auth_draw_login_page($message=null, Pieform $form=null) {

     $externallogin = get_config('externallogin');
- if ($externallogin) {
+ if ($externallogin && !isset($_GET['internallogin'])) {
         $externallogin = preg_replace('/{shorturlencoded}/', urlencode(get_relative_script_path()), $externallogin);
         $externallogin = preg_replace('/{wwwroot}/', get_config('wwwroot'), $externallogin);

Sorry for the late reply but I've got to this bug report now and have added you patch for review



Changed in mahara:
status: New → In Progress
importance: Undecided → Low
milestone: none → 19.04.0
Steven (stevens-q) wrote :

Environment tested: Master
Browser tested: Chrome

1) The following code is enabled in the config.php file
      $cfg->externallogin = '{wwwroot}&wantsurl={shorturlencoded}';
2) Site admin is not logged in

1) Site admin browse to
2) confirm the page will not load "This site can’t be reached’s server IP address could not be found."
3) Enter the base URL in the address bar and amment it with the following
      a) ?override=true
4) Verify the user is redirected to Mahara login page ✔
5) Verify that the how to is documented in the config-defaults.php file ✘

NOTE: By entering the code above in the config.php file - it will cause the error "Site not found" - this represents what would happen if your authentication server went down. By adding the override parameter to the end of the URL , the site admin can still log in to Mahara

Catalyst QA Failed testing ✘

1) Needs further documentation in the config-defaults.php file
2) external override Functionality working as expected

Steven (stevens-q) wrote :

Bug Fixed - Documentation has been added ✔

Catalyst QA Approved ✔

Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit c2ef805b6c7523802bb8777f4a0ce60aa65f4540
Author: bobthevirus <email address hidden>
Date: Wed Jan 30 14:55:51 2019 +1300

Bug 1771774: Allow override of externallogin redirect

When trying to hit a non homepage page where login is required


Change-Id: Ia52dff12c16dd58304bbe9251723311e3b18325e
Signed-off-by: Robert Lyon <email address hidden>

Robert Lyon (robertl-9) on 2019-03-22
Changed in mahara:
status: In Progress → Fix Committed
Changed in mahara:
importance: Low → Wishlist
tags: added: nominatedfeature
removed: wishlist
summary: - No way to bypass externallogin
+ Bypass externallogin
Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers