Mahara

LDAP account set up should not require internal password to be set

  1. Series 19.10
  2. Bug #1818901
Bug #1818901 reported by Kristina Hoeppner
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Mahara
Fix Released
High
Unassigned
Mahara 19.04.1
19.04
Fix Released
High
Unassigned
Mahara 19.04.1
19.10
Fix Released
High
Unassigned
Mahara 19.10.0

Bug Description

Reported at https://mahara.org/interaction/forum/topic.php?id=7827&offset=0&limit=10#post33568

When an LDAP user tries to log in via Mahara Mobile, they can't as Mahara requires an internal Mahara password to be set even though it will then be ignored as LDAP is used (see error message below).

When LDAP accounts are set up, they should not require an internal Mahara password as it will be ignored since LDAP is going to be used.

Report:

My environment:
 Mahara 18.10
 mobile app 1.4.1

1. Authentication plugin
 The institution has LDAP authentication plugin and Internal auth.

2. Add user from
a user is added by admin from "Adimn menu" -> Users -> Add user

The password can be anythin here, because users use LDAP password on login time.

3. Login
Though the new user can login from Web interface, hi can not login by mobile app. At this time, I found server logs below.

----
AH01071: Got error 'PHP message: [WAR] 38
(snip)
WebserviceException->__construct("passwordchangerequired", "The user needs to reset their password. They must ...", 403) at /path/to/mahara/module/mobileapi/json/token.php:121\nPHP message: \nPHP message: [WAR] 38 (module/mobileapi/json/token.php:118) passwordchangerequired : The user needs to reset their password. They must log in to the site through a web browser to do this.\nPHP message: Call stack (most recent first):\nPHP message: * log_message("passwordchangerequired : (snip)
----

Though the mobile app does not show error messeges, Mahara server seems to be requesting user to change password.

3. change password
By admin, change authentication plugin from LDAP to Internal, and change password once. the password can be anythin. The password has to be change once. Then return authentication plugin from Internal to LDAP.

4. Login from mobile app
We can login from mobile app.

5. Othre solution
Admin can add user by CSV "Adimn menu" -> Users -> "Add user by CSV". At that time, Turn off the option "Force password change" option. Then users do not be required to chage password at first login, so mobile app can login.

Tags: auth
Revision history for this message
Robert Lyon (robertl-9) wrote :

This is also a problem with user created with SAML external auth as well - we shouldn't set the passwordchange flag for these users

Revision history for this message
Robert Lyon (robertl-9) wrote :

Hmm, the LDAP auth doesn't set the 'passwordchange' flag at all - so I think the LDAP problem stems from the following:

1) User in Mahara had 'internal' auth as primary auth source and LDAP as secondary
2) On upgrade for step at 2018031900 we added new password policy where we set the 'passwordchange' flag for all users that had 'internal' as primary auth

So now users are prompted to change their password

Whereas SAML / XMLRPC do set the 'passwordchange' flag on user creation when they don't need to
- so I fix up for those first

Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "master" branch: https://reviews.mahara.org/10012

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/10012
Committed: https://git.mahara.org/mahara/mahara/commit/6fd8ebb5a5741b8c842d8eea6f800eacdb963e27
Submitter: Cecilia Vela Gurovic (<email address hidden>)
Branch: master

commit 6fd8ebb5a5741b8c842d8eea6f800eacdb963e27
Author: Robert Lyon <email address hidden>
Date: Wed May 15 08:46:36 2019 +1200

Bug 1818901: User creation via SAML / XMLRPC not set passwordchange

As we shouldn't prompt user to change it if the SSO in and we have a
process if they switch from external to internal auth

Also update the DB for users on external auth and set their
passwordchange to 0

behatnotneeded

Change-Id: I79676b0502620128f873e7fb2f97644c30798cfe
Signed-off-by: Robert Lyon <email address hidden>

Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "19.04_STABLE" branch: https://reviews.mahara.org/10196

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/10196
Committed: https://git.mahara.org/mahara/mahara/commit/c8dea746c6e707209f3e17fbfd2315d447961a3e
Submitter: Cecilia Vela Gurovic (<email address hidden>)
Branch: 19.04_STABLE

commit c8dea746c6e707209f3e17fbfd2315d447961a3e
Author: Robert Lyon <email address hidden>
Date: Wed May 15 08:46:36 2019 +1200

Bug 1818901: User creation via SAML / XMLRPC not set passwordchange

As we shouldn't prompt user to change it if the SSO in and we have a
process if they switch from external to internal auth

Also update the DB for users on external auth and set their
passwordchange to 0

behatnotneeded

Change-Id: I79676b0502620128f873e7fb2f97644c30798cfe
Signed-off-by: Robert Lyon <email address hidden>

Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "master" branch: https://reviews.mahara.org/10219

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/10219
Committed: https://git.mahara.org/mahara/mahara/commit/4148ee3b6476e8281bde4a1fd3f0bfc8d801ca6f
Submitter: Cecilia Vela Gurovic (<email address hidden>)
Branch: master

commit 4148ee3b6476e8281bde4a1fd3f0bfc8d801ca6f
Author: Cecilia Vela Gurovic <email address hidden>
Date: Tue Jul 23 11:16:19 2019 +1200

Bug 1818901: mysql upgrade fix - User creation not set passwordchange

behatnotneede

Change-Id: Ifabbb291391e60caa57d5d2421ad41402a70a6f7

Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "19.04_STABLE" branch: https://reviews.mahara.org/10220

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/10220
Committed: https://git.mahara.org/mahara/mahara/commit/78c63f4c804e0ba93be0d4fc95dcdc7c7a31c5af
Submitter: Cecilia Vela Gurovic (<email address hidden>)
Branch: 19.04_STABLE

commit 78c63f4c804e0ba93be0d4fc95dcdc7c7a31c5af
Author: Cecilia Vela Gurovic <email address hidden>
Date: Tue Jul 23 11:16:19 2019 +1200

Bug 1818901: mysql upgrade fix - User creation not set passwordchange

behatnotneede

Change-Id: Ifabbb291391e60caa57d5d2421ad41402a70a6f7
(cherry picked from commit 4148ee3b6476e8281bde4a1fd3f0bfc8d801ca6f)

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.