Plugin doesn't respect user_authenticated_hook from Moodle auth plugin workflow

[temujin9]

This plugin doesn't allow other plugins to run their user_authenticated_hook on a successful login, but instead immediately redirects to $SESSION->wantsurl immediately. This makes it difficult to construct wantsurl on variables obtained from the Moodle login.

https://docs.moodle.org/dev/Authentication_plugins describes the expected workflow.

[mfprimo]

It is not easy to fix because this plugin (as other which use SSO authN mechs such as Shibboleth and NTLM) is triggered before Moodle shows the login form, while user_authenticated_hook() is called after the login input, which never happens with SSO. In fact, both official plugins for Shibboleth and LDAP with NTLM authentication duplicate many code from the base login process to complete the whole authentication machinery. Unfortunately this approach is troublesome in a contributed external plugin because changes in base code could break the plugin without any pre-alert.

[mfprimo]

Hi Nathaniel, could you provide us a test case or a description of the currente and expected behaviour?

Thanks.

[temujin9]

I'll do my best, but this was a one-off contract back when I first posted it, so I don't remember much.

Expected behavior is that other plugins' user_authenticated_hook be allowed to intercept the Moodle login flow, as normal, to allow modification of the wantsurl before it gets applied.

The workaround for the client was to set wantsurl earlier, and then have its target be a dumb PHP script that unpacked the necessary info to redirect as they desired.