Closed t6nis closed 9 years ago
frumbert
commented
11 years ago no, you are correct. it was a stub file that i put in for a particular implementation that generates web service authentication tokens for users who had been created using this SSO plugin. I probably should look at removing it.
t6nis
commented
11 years ago Good to know, just checking.. :) Although i noticed another thing, did you know that those users created in Moodle via this plugin can login into Moodle without submitting a password(leave password field empty and login to Moodle)? This can happen only if username is known.. I mean they go directly to Moodle instance and there is the wp2Moodle plugin enabled.
frumbert
commented
11 years ago hmm, i probably should look into that!
Tim St. Clair http://about.me/timstclair/
On 02/10/2013, at 6:33 AM, Tõnis Tartes notifications@github.com wrote:
Good to know, just checking.. :) Although i noticed another thing, did you know that those users created in Moodle via this plugin can login into Moodle without submitting a password(leave password field empty and login to Moodle)? This can happen only if username is known.. I mean they go directly to Moodle instance and there is the wp2Moodle plugin enabled.
— Reply to this email directly or view it on GitHub.
t6nis
commented
11 years ago The bug comes from auth.php function user_login where it does not check the password and just logs in.(returns true if only username exists) I have to deal myself with WP and Moodle SSO and your work gives a good start. Thank you for this!
It seems that the plugin makes no use of the token.php file or i am missing something?