[Mahara-contributors] [Bug 1546769] Re: The 'None' auth needs to be locked down or removed to avoid troubles with multi institutions
** Changed in: mahara/17.04 Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1546769 Title: The 'None' auth needs to be locked down or removed to avoid troubles with multi institutions Status in Mahara: Fix Released Status in Mahara 16.04 series: Fix Released Status in Mahara 16.10 series: Fix Released Status in Mahara 17.04 series: Fix Released Status in Mahara 17.10 series: Fix Released Bug description: When there are multiple institutions/tenants on a mahara and one of the tenants decides to add the 'None' auth method to their institution it causes havoc for users on all institutions as if they accidentally enter their login details wrong they get logged in to institution with 'None' set as a new user rather than their normal institution/account. Things that need to be changed to avoid this problem: 1) When an institution tries to add the 'None' auth option it needs to check to see if there are any other institutions present and only allow it if institution count = 1 2) Conversely if the only institution uses 'None' auth then you shouldn't be allowed to add a new institution until that auth is removed 3) And when you are able to add "None" you should probably get some prominent message with "Do you really want to do this? You know, it means that anybody will be able to log in without any authorization" Also as part of this change it would be very good to add a ctime (and maybe userid) field to the auth_instance table to record when one adds/edits auth details to see when things changed as this human error can cause big problems for users. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1546769/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1546769] Re: The 'None' auth needs to be locked down or removed to avoid troubles with multi institutions
** Changed in: mahara/16.10 Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1546769 Title: The 'None' auth needs to be locked down or removed to avoid troubles with multi institutions Status in Mahara: Fix Released Status in Mahara 16.04 series: Fix Released Status in Mahara 16.10 series: Fix Released Status in Mahara 17.04 series: Fix Committed Status in Mahara 17.10 series: Fix Released Bug description: When there are multiple institutions/tenants on a mahara and one of the tenants decides to add the 'None' auth method to their institution it causes havoc for users on all institutions as if they accidentally enter their login details wrong they get logged in to institution with 'None' set as a new user rather than their normal institution/account. Things that need to be changed to avoid this problem: 1) When an institution tries to add the 'None' auth option it needs to check to see if there are any other institutions present and only allow it if institution count = 1 2) Conversely if the only institution uses 'None' auth then you shouldn't be allowed to add a new institution until that auth is removed 3) And when you are able to add "None" you should probably get some prominent message with "Do you really want to do this? You know, it means that anybody will be able to log in without any authorization" Also as part of this change it would be very good to add a ctime (and maybe userid) field to the auth_instance table to record when one adds/edits auth details to see when things changed as this human error can cause big problems for users. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1546769/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1546769] Re: The 'None' auth needs to be locked down or removed to avoid troubles with multi institutions
** Changed in: mahara/16.04 Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1546769 Title: The 'None' auth needs to be locked down or removed to avoid troubles with multi institutions Status in Mahara: Fix Released Status in Mahara 16.04 series: Fix Released Status in Mahara 16.10 series: Fix Released Status in Mahara 17.04 series: Fix Committed Status in Mahara 17.10 series: Fix Released Bug description: When there are multiple institutions/tenants on a mahara and one of the tenants decides to add the 'None' auth method to their institution it causes havoc for users on all institutions as if they accidentally enter their login details wrong they get logged in to institution with 'None' set as a new user rather than their normal institution/account. Things that need to be changed to avoid this problem: 1) When an institution tries to add the 'None' auth option it needs to check to see if there are any other institutions present and only allow it if institution count = 1 2) Conversely if the only institution uses 'None' auth then you shouldn't be allowed to add a new institution until that auth is removed 3) And when you are able to add "None" you should probably get some prominent message with "Do you really want to do this? You know, it means that anybody will be able to log in without any authorization" Also as part of this change it would be very good to add a ctime (and maybe userid) field to the auth_instance table to record when one adds/edits auth details to see when things changed as this human error can cause big problems for users. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1546769/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1546769] Re: The 'None' auth needs to be locked down or removed to avoid troubles with multi institutions
** Changed in: mahara/17.10 Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1546769 Title: The 'None' auth needs to be locked down or removed to avoid troubles with multi institutions Status in Mahara: Fix Released Status in Mahara 16.04 series: Fix Committed Status in Mahara 16.10 series: Fix Committed Status in Mahara 17.04 series: Fix Committed Status in Mahara 17.10 series: Fix Released Bug description: When there are multiple institutions/tenants on a mahara and one of the tenants decides to add the 'None' auth method to their institution it causes havoc for users on all institutions as if they accidentally enter their login details wrong they get logged in to institution with 'None' set as a new user rather than their normal institution/account. Things that need to be changed to avoid this problem: 1) When an institution tries to add the 'None' auth option it needs to check to see if there are any other institutions present and only allow it if institution count = 1 2) Conversely if the only institution uses 'None' auth then you shouldn't be allowed to add a new institution until that auth is removed 3) And when you are able to add "None" you should probably get some prominent message with "Do you really want to do this? You know, it means that anybody will be able to log in without any authorization" Also as part of this change it would be very good to add a ctime (and maybe userid) field to the auth_instance table to record when one adds/edits auth details to see when things changed as this human error can cause big problems for users. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1546769/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1546769] Re: The 'None' auth needs to be locked down or removed to avoid troubles with multi institutions
** Tags added: usermanualupdate -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1546769 Title: The 'None' auth needs to be locked down or removed to avoid troubles with multi institutions Status in Mahara: Fix Committed Status in Mahara 16.04 series: Fix Committed Status in Mahara 16.10 series: Fix Committed Status in Mahara 17.04 series: Fix Committed Status in Mahara 17.10 series: Fix Committed Bug description: When there are multiple institutions/tenants on a mahara and one of the tenants decides to add the 'None' auth method to their institution it causes havoc for users on all institutions as if they accidentally enter their login details wrong they get logged in to institution with 'None' set as a new user rather than their normal institution/account. Things that need to be changed to avoid this problem: 1) When an institution tries to add the 'None' auth option it needs to check to see if there are any other institutions present and only allow it if institution count = 1 2) Conversely if the only institution uses 'None' auth then you shouldn't be allowed to add a new institution until that auth is removed 3) And when you are able to add "None" you should probably get some prominent message with "Do you really want to do this? You know, it means that anybody will be able to log in without any authorization" Also as part of this change it would be very good to add a ctime (and maybe userid) field to the auth_instance table to record when one adds/edits auth details to see when things changed as this human error can cause big problems for users. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1546769/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1546769] Re: The 'None' auth needs to be locked down or removed to avoid troubles with multi institutions
** Changed in: mahara/17.04 Status: In Progress => Fix Committed ** Changed in: mahara/16.10 Status: In Progress => Fix Committed ** Changed in: mahara/16.04 Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1546769 Title: The 'None' auth needs to be locked down or removed to avoid troubles with multi institutions Status in Mahara: Fix Committed Status in Mahara 16.04 series: Fix Committed Status in Mahara 16.10 series: Fix Committed Status in Mahara 17.04 series: Fix Committed Status in Mahara 17.10 series: Fix Committed Bug description: When there are multiple institutions/tenants on a mahara and one of the tenants decides to add the 'None' auth method to their institution it causes havoc for users on all institutions as if they accidentally enter their login details wrong they get logged in to institution with 'None' set as a new user rather than their normal institution/account. Things that need to be changed to avoid this problem: 1) When an institution tries to add the 'None' auth option it needs to check to see if there are any other institutions present and only allow it if institution count = 1 2) Conversely if the only institution uses 'None' auth then you shouldn't be allowed to add a new institution until that auth is removed 3) And when you are able to add "None" you should probably get some prominent message with "Do you really want to do this? You know, it means that anybody will be able to log in without any authorization" Also as part of this change it would be very good to add a ctime (and maybe userid) field to the auth_instance table to record when one adds/edits auth details to see when things changed as this human error can cause big problems for users. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1546769/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1546769] Re: The 'None' auth needs to be locked down or removed to avoid troubles with multi institutions
** Changed in: mahara/17.10 Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1546769 Title: The 'None' auth needs to be locked down or removed to avoid troubles with multi institutions Status in Mahara: Fix Committed Status in Mahara 16.04 series: Fix Committed Status in Mahara 16.10 series: Fix Committed Status in Mahara 17.04 series: Fix Committed Status in Mahara 17.10 series: Fix Committed Bug description: When there are multiple institutions/tenants on a mahara and one of the tenants decides to add the 'None' auth method to their institution it causes havoc for users on all institutions as if they accidentally enter their login details wrong they get logged in to institution with 'None' set as a new user rather than their normal institution/account. Things that need to be changed to avoid this problem: 1) When an institution tries to add the 'None' auth option it needs to check to see if there are any other institutions present and only allow it if institution count = 1 2) Conversely if the only institution uses 'None' auth then you shouldn't be allowed to add a new institution until that auth is removed 3) And when you are able to add "None" you should probably get some prominent message with "Do you really want to do this? You know, it means that anybody will be able to log in without any authorization" Also as part of this change it would be very good to add a ctime (and maybe userid) field to the auth_instance table to record when one adds/edits auth details to see when things changed as this human error can cause big problems for users. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1546769/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1546769] Re: The 'None' auth needs to be locked down or removed to avoid troubles with multi institutions
The easiest thing to do is make auth return false if site is in production mode ** Changed in: mahara Status: Confirmed => In Progress ** Also affects: mahara/16.10 Importance: Undecided Status: New ** Also affects: mahara/17.10 Importance: High Assignee: Robert Lyon (robertl-9) Status: In Progress ** Also affects: mahara/16.04 Importance: Undecided Status: New ** Also affects: mahara/17.04 Importance: Undecided Status: New ** Changed in: mahara/17.04 Milestone: None => 17.04.4 ** Changed in: mahara/16.10 Milestone: None => 16.10.6 ** Changed in: mahara/16.04 Milestone: None => 16.04.9 ** Changed in: mahara/17.04 Importance: Undecided => High ** Changed in: mahara/16.10 Importance: Undecided => High ** Changed in: mahara/16.04 Importance: Undecided => High ** Changed in: mahara/17.04 Status: New => In Progress ** Changed in: mahara/16.04 Status: New => In Progress ** Changed in: mahara/16.10 Status: New => In Progress -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1546769 Title: The 'None' auth needs to be locked down or removed to avoid troubles with multi institutions Status in Mahara: In Progress Status in Mahara 16.04 series: In Progress Status in Mahara 16.10 series: In Progress Status in Mahara 17.04 series: In Progress Status in Mahara 17.10 series: In Progress Bug description: When there are multiple institutions/tenants on a mahara and one of the tenants decides to add the 'None' auth method to their institution it causes havoc for users on all institutions as if they accidentally enter their login details wrong they get logged in to institution with 'None' set as a new user rather than their normal institution/account. Things that need to be changed to avoid this problem: 1) When an institution tries to add the 'None' auth option it needs to check to see if there are any other institutions present and only allow it if institution count = 1 2) Conversely if the only institution uses 'None' auth then you shouldn't be allowed to add a new institution until that auth is removed 3) And when you are able to add "None" you should probably get some prominent message with "Do you really want to do this? You know, it means that anybody will be able to log in without any authorization" Also as part of this change it would be very good to add a ctime (and maybe userid) field to the auth_instance table to record when one adds/edits auth details to see when things changed as this human error can cause big problems for users. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1546769/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1546769] Re: The 'None' auth needs to be locked down or removed to avoid troubles with multi institutions
** Changed in: mahara Status: In Progress => Confirmed -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1546769 Title: The 'None' auth needs to be locked down or removed to avoid troubles with multi institutions Status in Mahara: Confirmed Bug description: When there are multiple institutions/tenants on a mahara and one of the tenants decides to add the 'None' auth method to their institution it causes havoc for users on all institutions as if they accidentally enter their login details wrong they get logged in to institution with 'None' set as a new user rather than their normal institution/account. Things that need to be changed to avoid this problem: 1) When an institution tries to add the 'None' auth option it needs to check to see if there are any other institutions present and only allow it if institution count = 1 2) Conversely if the only institution uses 'None' auth then you shouldn't be allowed to add a new institution until that auth is removed 3) And when you are able to add "None" you should probably get some prominent message with "Do you really want to do this? You know, it means that anybody will be able to log in without any authorization" Also as part of this change it would be very good to add a ctime (and maybe userid) field to the auth_instance table to record when one adds/edits auth details to see when things changed as this human error can cause big problems for users. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1546769/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1546769] Re: The 'None' auth needs to be locked down or removed to avoid troubles with multi institutions
** Changed in: mahara Milestone: 17.04.0 => 17.10.0 -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1546769 Title: The 'None' auth needs to be locked down or removed to avoid troubles with multi institutions Status in Mahara: In Progress Bug description: When there are multiple institutions/tenants on a mahara and one of the tenants decides to add the 'None' auth method to their institution it causes havoc for users on all institutions as if they accidentally enter their login details wrong they get logged in to institution with 'None' set as a new user rather than their normal institution/account. Things that need to be changed to avoid this problem: 1) When an institution tries to add the 'None' auth option it needs to check to see if there are any other institutions present and only allow it if institution count = 1 2) Conversely if the only institution uses 'None' auth then you shouldn't be allowed to add a new institution until that auth is removed 3) And when you are able to add "None" you should probably get some prominent message with "Do you really want to do this? You know, it means that anybody will be able to log in without any authorization" Also as part of this change it would be very good to add a ctime (and maybe userid) field to the auth_instance table to record when one adds/edits auth details to see when things changed as this human error can cause big problems for users. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1546769/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1546769] Re: The 'None' auth needs to be locked down or removed to avoid troubles with multi institutions
** Changed in: mahara Milestone: None => 17.04.0 -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1546769 Title: The 'None' auth needs to be locked down or removed to avoid troubles with multi institutions Status in Mahara: In Progress Bug description: When there are multiple institutions/tenants on a mahara and one of the tenants decides to add the 'None' auth method to their institution it causes havoc for users on all institutions as if they accidentally enter their login details wrong they get logged in to institution with 'None' set as a new user rather than their normal institution/account. Things that need to be changed to avoid this problem: 1) When an institution tries to add the 'None' auth option it needs to check to see if there are any other institutions present and only allow it if institution count = 1 2) Conversely if the only institution uses 'None' auth then you shouldn't be allowed to add a new institution until that auth is removed 3) And when you are able to add "None" you should probably get some prominent message with "Do you really want to do this? You know, it means that anybody will be able to log in without any authorization" Also as part of this change it would be very good to add a ctime (and maybe userid) field to the auth_instance table to record when one adds/edits auth details to see when things changed as this human error can cause big problems for users. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1546769/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
