Reviewed: https://reviews.mahara.org/12128 Committed: https://git.mahara.org/mahara/mahara/commit/ec27a6d715c0d015c94e3ec3d0bada974886bbb8 Submitter: Robert Lyon ([email protected]) Branch: main
commit ec27a6d715c0d015c94e3ec3d0bada974886bbb8 Author: Robert Lyon <[email protected]> Date: Wed Sep 15 17:31:33 2021 +1200 Bug 1943772: LTI not setting the auth_remote_user value correctly On first login when auth method has a parent auth method that also sets the auth_remote_user table Change-Id: I22bd1110e34bb3e605b990724ce99cb1a6ccd3cb Signed-off-by: Robert Lyon <[email protected]> -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: mahara-contributors https://bugs.launchpad.net/bugs/1943772 Title: Potential LTI duplicating accounts with parent auth Status in Mahara: Fix Committed Status in Mahara 20.10 series: Confirmed Status in Mahara 21.04 series: Confirmed Status in Mahara 21.10 series: Confirmed Status in Mahara 22.04 series: Fix Committed Bug description: There is a problem in module_lti_launch.php when using SAML as parent auth If a person does not exist they are created via create_user() function and this function will check if the auth method they are created with needs a remote username and if so adds a row to the "auth_remote_user" table too. Then module_lti_launch.php creates a row in "auth_remote_user" table for the parent auth (SAML) if the auth method has a parent auth. So we end up with 2 rows But the problem is when we have a parent auth (SAML) as the parent we pass in the parent authinstance id to be the one saved in "usr" table. So we end up with both the rows being connected to the parent auth because we pass in the parent authinstance id when creating the person. When we then login again via LTI it finds the person by email and updates the "auth_remote_user" table but this time adds the row correctly with the LTI authinstance id. So we end up with 3 rows - but we should only have two. what we should do is if the LTI auth instance has a parent auth and that parent auth allows adding to remote table add that one first, via create_user(), then add the one for LTI To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1943772/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
