Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-32204

enrol/mnet creates users with the same auth as on home server

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • 2.1.7, 2.2.4
    • 2.2
    • MNet
    • MOODLE_22_STABLE
    • MOODLE_21_STABLE, MOODLE_22_STABLE
    • MDL-32204-mnet-auth
    • Hide

      Testing difficulty: HARD (requires MNet environment)

      (I believe testing could be skipped here as the patch is trivial and the reporter obviously tested his solution)

      1. Set up MNet between two Moodle sites and enable remote enrolment via MNet in the site with courses
      2. At the site with users, enrol some local user to the a course on the remote site. Make sure that the user does not have a roaming profile at the remote site yet.
      3. TEST: Check that a new user record was created at the remote site and the auth method is set to 'mnet' for them.

      Show
      Testing difficulty: HARD (requires MNet environment) (I believe testing could be skipped here as the patch is trivial and the reporter obviously tested his solution) 1. Set up MNet between two Moodle sites and enable remote enrolment via MNet in the site with courses 2. At the site with users, enrol some local user to the a course on the remote site. Make sure that the user does not have a roaming profile at the remote site yet. 3. TEST: Check that a new user record was created at the remote site and the auth method is set to 'mnet' for them.

      Remote enrolment of users through MNet copies several properties of user account from home server. This includes user name, mailing preferences and among some others the authentication method. Let me repeat: the 'auth' field is copied from original Moodle site to remote Moodle site.
      This has a side-effect for users automatically subscribed to a news forum on a remote site, when they have never visited the site (their accounts are not fully set up). At start their remote profiles have 'auth' field set the same as on their home server, like 'local' or 'ldap'. The next day the cron job runs and tries to update user accounts, and then users which could not be authenticated have their 'auth' field reset to 'nologin'. And then no more news are sent, even if users should be in fact subscribed (since they were remotely enrolled in a course).
      Users that visited the remote site have 'auth' field in their profiles updated when they are fully set up. This field becomes 'mnet' since then, which means forum news are being sent. No visit - no news. Bad Thing (tm).

      The solution may be simpler than the above description sounds. Please consider adding one line to MOODLE/enrol/mnet/enrol.php in function enrol_user():

      /* MOODLE/enrol/mnet/enrol.php */
      		 
      ...
      		 
          public function enrol_user(array $userdata, $courseid) {
      		 
      ...
      		 
      /* Around line 143 in Moodle 2.2 */
      		 
              if ($user === false) {
      		 
                  // here we could check the setting if the enrol_mnet is allowed to auto-register
      		 
                  // users {@link http://tracker.moodle.org/browse/MDL-21327}
      		 
                  $user = mnet_strip_user((object)$userdata, mnet_fields_to_import($client));
      		 
                  $user->mnethostid = $client->id;
      		 
      /* ADD! */  $user->auth = 'mnet';  /* THIS ! */
      		 
                  try {
      		 
                      $user->id = $DB->insert_record('user', $user);
      		 
                  } catch (Exception $e) {
      		 
                      throw new mnet_server_exception(5011, 'couldnotcreateuser', 'enrol_mnet');
      		 
                  }
      		 
              }

      This way 'auth' field reflects the fact that a user has been enrolled remotely, and does not contain invalid authentication method (e.g. 'ldap' or other), copied from home site.

      As an additional measure, the 'auth' field might be not transferred at all when enrolling users remotely. In file MOODLE/mnet/lib.php there is a '$forced' array defined, which lists fields that should be transferred. Maybe 'auth' should be removed from '$forced' as well? Especially if $user->auth could be set anyway in enrol_user() as described earlier?

      /* MOODLE/mnet/lib.php */
      		 
      ...
      		 
      function mnet_profile_field_options() {
      		 
      ...
      		 
      /* Around line 595 in Moodle 2.2 */
      		 
          // these are the ones that user_not_fully_set_up will complain about
      		 
          // and also special case ones
      		 
          $forced = array(
      		 
              'username',
      		 
              'email',
      		 
              'firstname',
      		 
              'lastname',
      		 
              'auth',  /* How about removing this one? */
      		 
              'wwwroot',
      		 
              'session.gc_lifetime',
      		 
              '_mnet_userpicture_timemodified',
      		 
              '_mnet_userpicture_mimetype',
      		 
          );

            mudrd8mz David Mudrák (@mudrd8mz)
            wiktorw Wiktor Wandachowicz
            Sam Hemelryk Sam Hemelryk
            Dan Poltawski Dan Poltawski
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.