moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-06 09:26:35 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-80836 auth_lti: take user through login instead of sesspiggyback

Browse source 
Browsers are phasing out 3rd party cookies. Those which can be set are
partitioned to the top level embedding site, so piggybacking is
prevented. This will break the account linking process. This fix swaps
the piggyback for a login round trip, as originally intended, which
resolves the issue.
This commit is contained in:
Jake Dallimore 2024-02-05 13:19:52 +08:00
parent 328b48ebc5
commit faf084ff00
No known key found for this signature in database
3 changed files with 10 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

11
auth/lti/classes/output/renderer.php
View file

@ -33,33 +33,32 @@ class renderer extends \plugin_renderer_base {
* @return string the html. * @return string the html.
*/ */
public function render_account_binding_options_page(int $provisioningmode): string { public function render_account_binding_options_page(int $provisioningmode): string {
$formaction = new \moodle_url('/auth/lti/login.php'); $formaction = new \moodle_url('/auth/lti/login.php');
$notification = new notification(get_string('firstlaunchnotice', 'auth_lti'), \core\notification::INFO, false); $notification = new notification(get_string('firstlaunchnotice', 'auth_lti'), \core\notification::INFO, false);
$noauthnotice = new notification(get_string('firstlaunchnoauthnotice', 'auth_lti', get_docs_url('Publish_as_LTI_tool')),
\core\notification::WARNING, false);
$cancreateaccounts = !get_config('moodle', 'authpreventaccountcreation'); $cancreateaccounts = !get_config('moodle', 'authpreventaccountcreation');
if ($provisioningmode == \auth_plugin_lti::PROVISIONING_MODE_PROMPT_EXISTING_ONLY) { if ($provisioningmode == \auth_plugin_lti::PROVISIONING_MODE_PROMPT_EXISTING_ONLY) {
$cancreateaccounts = false; $cancreateaccounts = false;
} }
$accountinfo = ['isloggedin' => isloggedin()]; $accountinfo = [];
if (isloggedin()) { if (isloggedin()) {
global $USER; global $USER;
$accountinfo = array_merge($accountinfo, [ $accountinfo = [
'firstname' => $USER->firstname, 'firstname' => $USER->firstname,
'lastname' => $USER->lastname, 'lastname' => $USER->lastname,
'email' => $USER->email, 'email' => $USER->email,
'picturehtml' => $this->output->user_picture($USER, ['size' => 35, 'class' => 'round']), 'picturehtml' => $this->output->user_picture($USER, ['size' => 35, 'class' => 'round']),
]); ];
} }
$context = [ $context = [
'isloggedin' => isloggedin(),
'info' => $notification->export_for_template($this), 'info' => $notification->export_for_template($this),
'formaction' => $formaction->out(), 'formaction' => $formaction->out(),
'sesskey' => sesskey(), 'sesskey' => sesskey(),
'accountinfo' => $accountinfo, 'accountinfo' => $accountinfo,
'cancreateaccounts' => $cancreateaccounts, 'cancreateaccounts' => $cancreateaccounts,
'noauthnotice' => $noauthnotice->export_for_template($this)
]; ];
return parent::render_from_template('auth_lti/local/ltiadvantage/login', $context); return parent::render_from_template('auth_lti/local/ltiadvantage/login', $context);
} }

2
auth/lti/lang/en/auth_lti.php
View file

@ -35,7 +35,7 @@ $string['firstlaunchnoauthnotice'] = 'To link your existing account you must be
$string['getstartedwithnewaccount'] = 'Get started with a new account'; $string['getstartedwithnewaccount'] = 'Get started with a new account';
$string['haveexistingaccount'] = 'I have an existing account'; $string['haveexistingaccount'] = 'I have an existing account';
$string['linkthisaccount'] = 'Link this account'; $string['linkthisaccount'] = 'Link this account';
$string['mustbeloggedin'] = 'You need to be logged in to your existing account'; $string['mustbeloggedin'] = 'Sign in to link your existing account';
$string['pluginname'] = 'LTI'; $string['pluginname'] = 'LTI';
$string['privacy:metadata:auth_lti'] = 'LTI authentication'; $string['privacy:metadata:auth_lti'] = 'LTI authentication';
$string['privacy:metadata:auth_lti:authsubsystem'] = 'This plugin is connected to the authentication subsystem.'; $string['privacy:metadata:auth_lti:authsubsystem'] = 'This plugin is connected to the authentication subsystem.';

18
auth/lti/templates/local/ltiadvantage/login.mustache
View file

@ -32,7 +32,6 @@
* info - a notification describing the first launch options * info - a notification describing the first launch options
* cancreateaccounts - whether or not the user is allowed to create auth_lti accounts * cancreateaccounts - whether or not the user is allowed to create auth_lti accounts
* accountinfo - information about the user, importantly whether they are logged in or not. * accountinfo - information about the user, importantly whether they are logged in or not.
* noauthnotice - a notification telling the user they must be authenticated to link accounts. Only relevant when not logged in.
Example context (json): Example context (json):
{ {
@ -46,19 +45,12 @@
"issuccess": true "issuccess": true
}, },
"cancreateaccounts": true, "cancreateaccounts": true,
"isloggedin": true,
"accountinfo": { "accountinfo": {
"isloggedin": true,
"firstname": "John", "firstname": "John",
"lastname": "Smith", "lastname": "Smith",
"email": "john@example.com", "email": "john@example.com",
"picturehtml": "<img src=\"http://site.example.com/pluginfile.php/5/user/icon/boost/f2?rev=99\" class=\"round\" alt=\"\" width=\"35\" height=\"35\">" "picturehtml": "<img src=\"http://site.example.com/pluginfile.php/5/user/icon/boost/f2?rev=99\" class=\"round\" alt=\"\" width=\"35\" height=\"35\">"
},
"noauthnotice": {
"message": "To link your existing account you must be logged in to the site...",
"extraclasses": "",
"announce": false,
"closebutton": false,
"iswarning": true
} }
} }
}} }}
@ -79,8 +71,8 @@
<div class="card-body text-center d-flex flex-column"> <div class="card-body text-center d-flex flex-column">
<i class="fa fa-user-circle-o fa-2x link"></i> <i class="fa fa-user-circle-o fa-2x link"></i>
<h4 class="card-title">{{#str}} useexistingaccount, auth_lti {{/str}}</h4> <h4 class="card-title">{{#str}} useexistingaccount, auth_lti {{/str}}</h4>
{{#accountinfo}}
{{#isloggedin}} {{#isloggedin}}
{{#accountinfo}}
<p class="card-text mt-2"> <p class="card-text mt-2">
<span class="text-muted"> <span class="text-muted">
{{#str}} currentlyloggedinas, auth_lti {{/str}} {{#str}} currentlyloggedinas, auth_lti {{/str}}
@ -90,14 +82,12 @@
{{firstname}} {{lastname}} ({{email}}) {{firstname}} {{lastname}} ({{email}})
</p> </p>
<input type="submit" class="btn btn-primary mt-auto" name="existing_account" value="{{#str}} linkthisaccount, auth_lti {{/str}}"> <input type="submit" class="btn btn-primary mt-auto" name="existing_account" value="{{#str}} linkthisaccount, auth_lti {{/str}}">
{{/accountinfo}}
{{/isloggedin}} {{/isloggedin}}
{{^isloggedin}} {{^isloggedin}}
<p class="card-text text-muted">{{#str}} mustbeloggedin, auth_lti {{/str}}</p> <p class="card-text text-muted">{{#str}} mustbeloggedin, auth_lti {{/str}}</p>
{{#noauthnotice}} <input type="submit" class="btn btn-primary mt-auto" name="existing_account" value="{{#str}} login, moodle {{/str}}">
{{> core/notification}}
{{/noauthnotice}}
{{/isloggedin}} {{/isloggedin}}
{{/accountinfo}}
</div> </div>
</div> </div>
</div> </div>