Potential LTI duplicating accounts with parent auth

Bug #1943772 reported by Robert Lyon
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
Status tracked in 22.04
20.10
High
Unassigned
21.04
High
Robert Lyon
21.10
High
Robert Lyon
22.04
High
Unassigned

Bug Description

There is a problem in module_lti_launch.php when using SAML as parent auth

If a person does not exist they are created via create_user() function and this function will check if the auth method they are created with needs a remote username and if so adds a row to the "auth_remote_user" table too.

Then module_lti_launch.php creates a row in "auth_remote_user" table for the parent auth (SAML) if the auth method has a parent auth.

So we end up with 2 rows

But the problem is when we have a parent auth (SAML) as the parent we pass in the parent authinstance id to be the one saved in "usr" table.
So we end up with both the rows being connected to the parent auth because we pass in the parent authinstance id when creating the person.

When we then login again via LTI it finds the person by email and updates the "auth_remote_user" table but this time adds the row correctly with the LTI authinstance id.

So we end up with 3 rows - but we should only have two.

what we should do is if the LTI auth instance has a parent auth and that parent auth allows adding to remote table add that one first, via create_user(), then add the one for LTI

Revision history for this message
Robert Lyon (robertl-9) wrote :
description: updated
Changed in mahara:
milestone: none → 21.10.0
assignee: nobody → Robert Lyon (robertl-9)
importance: Undecided → High
status: New → In Progress
Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "main" branch: https://reviews.mahara.org/12128

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/12128
Committed: https://git.mahara.org/mahara/mahara/commit/ec27a6d715c0d015c94e3ec3d0bada974886bbb8
Submitter: Robert Lyon (<email address hidden>)
Branch: main

commit ec27a6d715c0d015c94e3ec3d0bada974886bbb8
Author: Robert Lyon <email address hidden>
Date: Wed Sep 15 17:31:33 2021 +1200

Bug 1943772: LTI not setting the auth_remote_user value correctly

On first login when auth method has a parent auth method that also
sets the auth_remote_user table

Change-Id: I22bd1110e34bb3e605b990724ce99cb1a6ccd3cb
Signed-off-by: Robert Lyon <email address hidden>

Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "21.10_DEV" branch: https://reviews.mahara.org/12361

Revision history for this message
Mahara Bot (dev-mahara) wrote :

Patch for "21.04_DEV" branch: https://reviews.mahara.org/12362

Revision history for this message
Mahara Bot (dev-mahara) wrote :

Patch for "20.10_DEV" branch: https://reviews.mahara.org/12363

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/12362
Committed: https://git.mahara.org/mahara/mahara/commit/845a99d509e814b28120c45c3560f80f1001d7ee
Submitter: Robert Lyon (<email address hidden>)
Branch: 21.04_DEV

commit 845a99d509e814b28120c45c3560f80f1001d7ee
Author: Robert Lyon <email address hidden>
Date: Wed Sep 15 17:31:33 2021 +1200

Bug 1943772: LTI not setting the auth_remote_user value correctly

On first login when auth method has a parent auth method that also
sets the auth_remote_user table

Change-Id: I22bd1110e34bb3e605b990724ce99cb1a6ccd3cb
Signed-off-by: Robert Lyon <email address hidden>
(cherry picked from commit ec27a6d715c0d015c94e3ec3d0bada974886bbb8)

Revision history for this message
Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/12361
Committed: https://git.mahara.org/mahara/mahara/commit/80adffa9c10aba4d605a8d66890c2836bf01cb7f
Submitter: Robert Lyon (<email address hidden>)
Branch: 21.10_DEV

commit 80adffa9c10aba4d605a8d66890c2836bf01cb7f
Author: Robert Lyon <email address hidden>
Date: Wed Sep 15 17:31:33 2021 +1200

Bug 1943772: LTI not setting the auth_remote_user value correctly

On first login when auth method has a parent auth method that also
sets the auth_remote_user table

Change-Id: I22bd1110e34bb3e605b990724ce99cb1a6ccd3cb
Signed-off-by: Robert Lyon <email address hidden>
(cherry picked from commit ec27a6d715c0d015c94e3ec3d0bada974886bbb8)

Revision history for this message
Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/12363
Committed: https://git.mahara.org/mahara/mahara/commit/a3747ab45e4bc91c218e94269fa60ef243e03950
Submitter: Robert Lyon (<email address hidden>)
Branch: 20.10_DEV

commit a3747ab45e4bc91c218e94269fa60ef243e03950
Author: Robert Lyon <email address hidden>
Date: Wed Sep 15 17:31:33 2021 +1200

Bug 1943772: LTI not setting the auth_remote_user value correctly

On first login when auth method has a parent auth method that also
sets the auth_remote_user table

Change-Id: I22bd1110e34bb3e605b990724ce99cb1a6ccd3cb
Signed-off-by: Robert Lyon <email address hidden>
(cherry picked from commit ec27a6d715c0d015c94e3ec3d0bada974886bbb8)

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers