mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-13 12:32:08 +02:00
Code Issues Projects Releases Wiki Activity

Merge branch 'MDL-67053-main' of https://github.com/davewoloszyn/moodle

Browse Source
This commit is contained in:
Huong Nguyen 2024-01-23 16:14:27 +07:00
commit 06946991d2
3 changed files with 25 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
auth/tests/behat/login.feature
View File

@ -61,3 +61,10 @@ Feature: Authentication
When I am on site homepage
Then the page should meet "wcag143" accessibility standards
And the page should meet accessibility standards with "wcag143" extra tests
Scenario: Alternate login URL can be bypassed
Given the following config values are set as admin:
| alternateloginurl | https://www.google.com/ |
And I am on site homepage
When I visit "/login/index.php?loginredirect=0"
Then I should see "Log in to Acceptance test site"

1
lib/upgrade.txt
View File

@ -35,6 +35,7 @@ information provided here is intended especially for developers.
- `\core\deprecation::is_deprecated(example::class);`
- `\core\deprecation::emit_deprecation_if_present([self::class, 'some_method']);`
* Added missing deprecation for PARAM_CLEANFILE which was deprecated in Moodle 2.0.
* Login can now utilise new param 'loginredirect' to indicate when to use value set for $CFG->alternateloginurl.
=== 4.3 ===

19
login/index.php
View File

@ -31,6 +31,7 @@ redirect_if_major_upgrade_required();
$testsession = optional_param('testsession', 0, PARAM_INT); // test session works properly
$anchor = optional_param('anchor', '', PARAM_RAW); // Used to restore hash anchor to wantsurl.
$loginredirect = optional_param('loginredirect', 1, PARAM_BOOL); // Used to bypass alternateloginurl.
$resendconfirmemail = optional_param('resendconfirmemail', false, PARAM_BOOL);
@ -274,6 +275,9 @@ if ($frm and isset($frm->username)) { // Login WITH
unset($SESSION->loginerrormsg);
unset($SESSION->logininfomsg);
// Discard loginredirect if we are redirecting away.
unset($SESSION->loginredirect);
// test the session actually works by redirecting to self
$SESSION->wantsurl = $urltogo;
redirect(new moodle_url(get_login_url(), array('testsession'=>$USER->id)));
@ -313,8 +317,14 @@ if (empty($SESSION->wantsurl)) {
}
}
// Check if loginredirect is set in the SESSION.
if ($errorcode && isset($SESSION->loginredirect)) {
$loginredirect = $SESSION->loginredirect;
}
$SESSION->loginredirect = $loginredirect;
/// Redirect to alternative login URL if needed
if (!empty($CFG->alternateloginurl)) {
if (!empty($CFG->alternateloginurl) && $loginredirect) {
$loginurl = new moodle_url($CFG->alternateloginurl);
$loginurlstr = $loginurl->out(false);
@ -366,7 +376,12 @@ if (!empty($SESSION->loginerrormsg) || !empty($SESSION->logininfomsg)) {
if ($errormsg) {
$SESSION->loginerrormsg = $errormsg;
}
redirect(new moodle_url('/login/index.php'));
// Add redirect param to url.
$loginurl = new moodle_url('/login/index.php');
$loginurl->param('loginredirect', $SESSION->loginredirect);
redirect($loginurl->out(false));
}
$PAGE->set_title($loginsite);