willianmano / moodle-theme_moove

A Moodle Boost child theme
GNU General Public License v3.0
176 stars 157 forks source link

LDAP authentication broken after updating Moodle from 4.1.0 to 4.4.2 #473

Closed fortender closed 1 month ago

fortender commented 2 months ago

We are currently facing issues with the LDAP authentication plugin since we updated moodle from 4.1.0 to 4.4.2.

TL;DR

The auth plugin performs a redirect with a message attached. That message contains markup that needs to be rendered as a notification so that the authentication procedure can succeed. However, the theme's redirect_message (see core_renderer.php or down below) function ignores the message and no notification is rendered. Therefore the authentication fails. Interestingly the core_renderer base class does indeed render notifications. The theme overrides that behavior and does not render notifications at all. Why is that?

Long version

First of all, you may wonder why this should be related to this theme. I am not entirely sure whether this is related to the theme or not, but i traced the issue down to the way notifications are rendered when a redirect is issued and a message is attached. Apparently, the function redirect($msg, $message, $delay, ...) in weblib.php calls the renderer's redirect_message function. In this case the theme's core renderer implementation does not handle the message at all, as you can see here: https://github.com/willianmano/moodle-theme_moove/blob/571b74a7b879e30f594df3965596310e57a26909/classes/output/core_renderer.php#L502-L543

I am not sure if the theme is supposed to render the notifications, but the base class definetely does. The notification contains an image tag that references the corresponding PHP script that authenticates the session. In detail this is what happens:

  1. /login redirects to /auth/ldap/ntlmsso_attempt.php
  2. ntlmsso_attempt.php calls weblib.php->redirect("...ntlmsso_finish.php", $msg) with msg being of the following form
    <p>Some text</p><img width="1", height="1"  src="https://moodle/auth/ldap/ntlmsso_magic.php?sesskey=$sesskey" />
  3. As headers are sent already, the notification can't be simply added to \core\notification::add
  4. Redirect to ntlmsso_finish.php happens through this theme's redirect_message method, but the message is not handled in there
  5. After the timeout we are being redirected to the login page

Possible workaround

To "fix" this we can simply add the following line in core_renderer.php -> redirect_message:

$output .= $this->notification($message, $messagetype); // add this
$output .= $this->render_from_template('theme_moove/loading-overlay', ['encodedurl' => $encodedurl]);
willianmano commented 1 month ago

@fortender Thanks for reporting this, but I only support the most recent Moodle version.

Can you confirm if this problem persists on Moodle 4.4?

willianmano commented 1 month ago

@fortender Fixed! Thanks for reporting this.