Mahara

XMLRPC web services don't honor $cfg->usersuniquebyusername

Bug #1269665 reported by Aaron Wells on 2014-01-16

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	Mahara	Fix Released	Low	Ghada El-Zoghbi	Mahara 16.04.0

Bug Description

As reported in the forum: https://mahara.org/interaction/forum/topic.php?id=6042

If you set $cfg->usersuniquebyusername, then when a user roams across from XMLRPC, we're supposed to identify their Mahara account by finding the usr.username value that matches their username in the remote system.

This is in contrast to the normal method, in which we look up their remote username in the auth_remote_user table, and use that to map them to a Mahara user.

The problem is that many of the XMLRPC web services methods, used by the Moodle plugins, call a method api/xmlrpc/lib.php : find_remote_user($username, $wwwroot);. And that method calls User->find_by_instanceid_username(), a method which relies on the auth_remote_user table.

What we should do is, if $cfg->usersuniquebyusername is set, find_remote_user() should call User->find_by_username(), the same as what goes on auth/xmlrpc/lib.php : AuthXmlrpc->request_user_authorise()

Tags:

Revision history for this message

Aaron Wells (u-aaronw) wrote on 2014-01-16:

Marked low priority because it will only rarely cause any problems. Normally, even if you have $cfg->usersuniquebyusername enabled, we create auth_remote_user records for each user anyway, with the remote username set the same as the user's Mahara username.

So, this bug will only cause problems if the auth_remote_user record is missing for some reason, or if it has a value different than the user's Mahara username.

Revision history for this message

Kristina Hoeppner (kris-hoeppner) wrote on 2014-01-26:

I agree with low priority also because usersuniquebyusername is an experimental feature and not in much use afaik.

Revision history for this message

Ghada El-Zoghbi (ghada-z) wrote on 2016-01-06:

One of our clients is affected by this. I'll put in the changes I made for them.

Changed in mahara:
assignee:	nobody → Ghada El-Zoghbi (ghada-z)

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-01-14: A change has been merged

Reviewed: https://reviews.mahara.org/5886
Committed: https://git.mahara.org/mahara/mahara/commit/b3c1310eb1c3f5d5789a41c635ac334769311e10
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit b3c1310eb1c3f5d5789a41c635ac334769311e10
Author: Ghada El-Zoghbi <email address hidden>
Date: Wed Jan 6 13:48:04 2016 +1100

Bug 1269665: For xmlrpc api call to find_remote_user(), search for user in usr table when usersuniquebyusername is set.

behatnotneeded

Change-Id: Icd30eef4754b6987b87c3f402cd01056d9a29bcf

Robert Lyon (robertl-9) on 2016-01-14

Changed in mahara:
status:	Confirmed → Fix Committed
milestone:	none → 16.04.0

Revision history for this message

Ghada El-Zoghbi (ghada-z) wrote on 2016-01-14:

Hi Kristina and RoberL,

This fix was contributed by Federation University Australia:

http://federation.edu.au/

Can we give them credit / mention for this?

Thanks,
Ghada

Kristina Hoeppner (kris-hoeppner) on 2016-04-30

Changed in mahara:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.