Mahara

LTI Integration - non-admin user in 'No institution' unable to login

  1. Series 17.04
  2. Bug #1716541
Bug #1716541 reported by Robert Lyon
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
Fix Released
High
Robert Lyon
Mahara 17.10.0
17.04
Fix Released
High
Robert Lyon
Mahara 17.04.4
17.10
Fix Released
High
Robert Lyon
Mahara 17.10.0

Bug Description

We do a check:

if (!$is_site_admin) {
  // check user is member of configured OAuth institution
  $institutions = array_keys(load_user_institutions($userid));
  if (!in_array($WEBSERVICE_INSTITUTION, $institutions)) {
  ... throw error and stop them logging in ...
  }
}

The problem begins when we check what institutions they are in

 load_user_institutions($userid);

This only returns an array of institutions if the user is in 1 or more true institutions.
If they are not in a true institution they are in the 'No institution' (mahara) one.

We have already got a $userid from earlier in code so we know a user exists we just need to test them against the $WEBSERVICE_INSTITUTION so in the case they are in no institution the $WEBSERVICE_INSTITUTION should equal 'mahara' and if so log them in and if not stop them.

Robert Lyon (robertl-9)
Changed in mahara:
importance: Undecided → High
milestone: none → 17.10.0
Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "master" branch: https://reviews.mahara.org/8009

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/8009
Committed: https://git.mahara.org/mahara/mahara/commit/f8002f1eb31c223480070985abdd46cd9cdd1472
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit f8002f1eb31c223480070985abdd46cd9cdd1472
Author: Robert Lyon <email address hidden>
Date: Tue Sep 12 13:15:05 2017 +1200

Bug 1716541: Allowing the check of 'mahara' institution for LTI login

behatnotneeded

Change-Id: I35b138d579156f032688178d3d4ed391555fe155
Signed-off-by: Robert Lyon <email address hidden>

Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "17.04_STABLE" branch: https://reviews.mahara.org/8018

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/8018
Committed: https://git.mahara.org/mahara/mahara/commit/402b88e1eefb04af4ec02076de9967796e46cde5
Submitter: Robert Lyon (<email address hidden>)
Branch: 17.04_STABLE

commit 402b88e1eefb04af4ec02076de9967796e46cde5
Author: Robert Lyon <email address hidden>
Date: Tue Sep 12 13:15:05 2017 +1200

Bug 1716541: Allowing the check of 'mahara' institution for LTI login

behatnotneeded

Change-Id: I35b138d579156f032688178d3d4ed391555fe155
Signed-off-by: Robert Lyon <email address hidden>
(cherry picked from commit f8002f1eb31c223480070985abdd46cd9cdd1472)

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.