From f575093bc40b46c3bd5c512f770a7c72ea588951 Mon Sep 17 00:00:00 2001 From: Juan Leyva Date: Tue, 30 Jun 2020 13:56:51 +0200 Subject: [PATCH 1/2] MDL-69095 tool_mobile: Avoid non-https sites using qrlogin by default --- admin/tool/mobile/lang/en/tool_mobile.php | 2 +- admin/tool/mobile/settings.php | 10 ++++++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/admin/tool/mobile/lang/en/tool_mobile.php b/admin/tool/mobile/lang/en/tool_mobile.php index bc7fc893e98..952e99bc2c3 100644 --- a/admin/tool/mobile/lang/en/tool_mobile.php +++ b/admin/tool/mobile/lang/en/tool_mobile.php @@ -114,7 +114,7 @@ $string['qrcodeformobileapploginabout'] = 'Scan the QR code with your mobile app $string['qrcodeformobileappurlabout'] = 'Scan the QR code with your mobile app to fill in the site URL in your app.'; $string['qrsiteadminsnotallowed'] = 'For security reasons login via QR code is not allowed for site administrators or if you are logged in as another user.'; $string['qrcodetype'] = 'QR code access'; -$string['qrcodetype_desc'] = 'A QR code can be provided for mobile app users to scan and either have the site URL filled in or be automatically logged in without having to enter their credentials.'; +$string['qrcodetype_desc'] = 'A QR code can be provided for mobile app users to scan. This can be used to fill in the site URL, or where the site is secured using HTTPS, to automatically log the user in without having to enter their username and password.'; $string['qrcodetypeurl'] = 'QR code with site URL'; $string['qrcodetypelogin'] = 'QR code with automatic login'; $string['readingthisemailgettheapp'] = 'Reading this in an email? Download the mobile app and receive notifications on your mobile device.'; diff --git a/admin/tool/mobile/settings.php b/admin/tool/mobile/settings.php index c2cee8c622e..19a879851c2 100644 --- a/admin/tool/mobile/settings.php +++ b/admin/tool/mobile/settings.php @@ -94,11 +94,17 @@ if ($hassiteconfig) { $options = [ tool_mobile\api::QR_CODE_DISABLED => new lang_string('qrcodedisabled', 'tool_mobile'), tool_mobile\api::QR_CODE_URL => new lang_string('qrcodetypeurl', 'tool_mobile'), - tool_mobile\api::QR_CODE_LOGIN => new lang_string('qrcodetypelogin', 'tool_mobile'), ]; + $qrcodetypedefault = tool_mobile\api::QR_CODE_URL; + + if (is_https()) { // Allow QR login for https sites. + $options[tool_mobile\api::QR_CODE_LOGIN] = new lang_string('qrcodetypelogin', 'tool_mobile'); + $qrcodetypedefault = tool_mobile\api::QR_CODE_LOGIN; + } + $temp->add(new admin_setting_configselect('tool_mobile/qrcodetype', new lang_string('qrcodetype', 'tool_mobile'), - new lang_string('qrcodetype_desc', 'tool_mobile'), tool_mobile\api::QR_CODE_LOGIN, $options)); + new lang_string('qrcodetype_desc', 'tool_mobile'), $qrcodetypedefault, $options)); $temp->add(new admin_setting_configtext('tool_mobile/forcedurlscheme', new lang_string('forcedurlscheme_key', 'tool_mobile'), From d58b3df9389920b0ccb4eb8f35011a33c8f09fa3 Mon Sep 17 00:00:00 2001 From: Juan Leyva Date: Tue, 30 Jun 2020 13:59:15 +0200 Subject: [PATCH 2/2] MDL-69095 tool_mobile: Display warning if not allowed to use qr login --- admin/tool/mobile/classes/output/subscription.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/admin/tool/mobile/classes/output/subscription.php b/admin/tool/mobile/classes/output/subscription.php index d8deaca2d7e..572a91ac400 100644 --- a/admin/tool/mobile/classes/output/subscription.php +++ b/admin/tool/mobile/classes/output/subscription.php @@ -184,6 +184,13 @@ class subscription implements \renderable, \templatable { 'type' => 'danger', 'message' => get_string('subscriptionfeaturenotapplied', 'tool_mobile')]; } break; + // Check QR automatic login. + case 'qrautomaticlogin': + if ($ms->qrcodetype == \tool_mobile\api::QR_CODE_LOGIN) { + $feature['message'] = [ + 'type' => 'danger', 'message' => get_string('subscriptionfeaturenotapplied', 'tool_mobile')]; + } + break; } } }