LTI Integration - non-admin user in 'No institution' unable to login

Bug #1716541 reported by Robert Lyon on 2017-09-12
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
Status tracked in 17.10
17.04
High
Robert Lyon
17.10
High
Robert Lyon

Bug Description

We do a check:

if (!$is_site_admin) {
  // check user is member of configured OAuth institution
  $institutions = array_keys(load_user_institutions($userid));
  if (!in_array($WEBSERVICE_INSTITUTION, $institutions)) {
  ... throw error and stop them logging in ...
  }
}

The problem begins when we check what institutions they are in

 load_user_institutions($userid);

This only returns an array of institutions if the user is in 1 or more true institutions.
If they are not in a true institution they are in the 'No institution' (mahara) one.

We have already got a $userid from earlier in code so we know a user exists we just need to test them against the $WEBSERVICE_INSTITUTION so in the case they are in no institution the $WEBSERVICE_INSTITUTION should equal 'mahara' and if so log them in and if not stop them.

Robert Lyon (robertl-9) on 2017-09-12
Changed in mahara:
importance: Undecided → High
milestone: none → 17.10.0

Reviewed: https://reviews.mahara.org/8009
Committed: https://git.mahara.org/mahara/mahara/commit/f8002f1eb31c223480070985abdd46cd9cdd1472
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit f8002f1eb31c223480070985abdd46cd9cdd1472
Author: Robert Lyon <email address hidden>
Date: Tue Sep 12 13:15:05 2017 +1200

Bug 1716541: Allowing the check of 'mahara' institution for LTI login

behatnotneeded

Change-Id: I35b138d579156f032688178d3d4ed391555fe155
Signed-off-by: Robert Lyon <email address hidden>

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers