moodlehq / moodle-enrol_oneroster

OneRoster Enrolment plugin for Moodle
GNU General Public License v3.0
3 stars 7 forks source link

[BUG] sourcedId can be longer than indexes #1

Open andrewnicols opened 4 years ago

andrewnicols commented 4 years ago

Describe the bug The OneRoster sourcedId field is a GUID 1, which is itself a String 2, and String types can be up to 256 characters in length 3.

The idnumber field on the user table is a varchar(255), and has an index.

Additionally it is not possible to have indexes larger than 255 characters (see MDL-69629 for related issues).

We need to encode the sourcedId into a fixed-length field < 256 characters to reliably support the full potential range of sourcedId values.

One way in which we can do this is to SHA encode the sourcedId which will give us. A SHA1 hash should provide sufficient entropy and does not pose any security issue as this is not used for passwords.

This needs doing for all sourcedId field, and we may additionally want to include a mapping table from sourcedId to sha1 to act as a limited rainbow table for fetching data from the REST API using sourcedId fetched from an idnumber.

andrewnicols commented 4 years ago

As an alternative, we can state that the maximum length of a sourcedId is only 255 characters.