do not allow LTI access to admin course #2292
Conversation
Alex-Jordan
force-pushed
the
admin-LTI
branch
from
4782edd to
bebb326
Compare
|
@taniwallach I made it configurable. Does the comment I left starting at line 722 sound right to you? |
Alex-Jordan
force-pushed
the
admin-LTI
branch
from
bebb326 to
782531b
Compare
|
@taniwallach Thanks for seeing that mistake and the suggestion. I fixed the mistake and lightly edited the suggestion. |
|
@Alex-Jordan did you see my review? Anyways, I don't think |
|
@somiaj I do not see any previous review/comments from you in this PR before the most recent one. And only Tani shows up as a reviewer when I'm looking at this in GitHub.
This is not quite as simple as it seems at first. Of course, it is right that users should not edit
Some authentication modules have their own config files, and some do not (Shibboleth [not working, but someone recently posted they will work on it], Moodle). Sometimes an individual So which is better: having the explanation in one place ( I've lost previous iterations of this, but at some point prior to Tani's copy for the explanation, I think I had an explicit suggestion that these things should be overrided in an authentication module config file. What do you think about adding that explicit note for the admin advising them to figure out which makes sense for overriding in their use case: |
conf/defaults.config
Outdated
| # sql_moodle => "WeBWorK::Authen::Moodle", | ||
| # sql_ldap => "WeBWorK::Authen::LDAP", | ||
| #sql_moodle => "WeBWorK::Authen::Moodle", | ||
| #sql_moodle => "WeBWorK::Authen::Moodle", |
There was a problem hiding this comment.
Why did you remove ldap here and have have moodle twice?
There was a problem hiding this comment.
Though it does seem weird to have commented out options here, I didn't think users should be editing defaults.conf, so having editable comments here seems strange.
conf/defaults.config
Outdated
| # Authentication modules that may be used to enter the admin course. | ||
| # If additional authentication modules are included in $authen{user_module} | ||
| # (either in localOverrides.conf or within config files for those modules) | ||
| # then consideration should be made about whether to include those modules for | ||
| # entry into the admin course (again either in localOverrides.conf or within | ||
| # config files for those modules). | ||
| $authen{admin_module} = [ | ||
| 'WeBWorK::Authen::Basic_TheLastOption' | ||
| ]; | ||
|
|
There was a problem hiding this comment.
You should add this to authen_ldap.conf.dist, authen_LTI.conf.dist, and authen_CAS.conf.dist like $authen{user_module}, as that is where users will actually edit this. That would be a good place to have a comment and maybe commented out options for the appropriate module to enable it. I don't think users should be editing defaults.conf, so the comment I think is a little out of place here and should maybe just state what this does.
|
@Alex-Jordan that is odd, I wonder why you cannot see my reviews. Anyways Tani caught the same thing I did, and you summarized my other one. I have attached some screenshots of what I see in this PR, so I'm confused as to why you (or maybe others) don't see them. Okay, an error on my end, for some reason the review was just 'pending' and I had to click a finalize button, new to me, since I saw the review in the PR, I assumed others did too...my mistake. Anyways, for new users I don't think looking in defaults.conf is a common thing to do. The instructions state making copies of the various .dist files and editing those, so options that only appear in defaults.config might get missed. My original suggestion was just to follow what is currently being done with Although it may not be new to have options hiding in defaults.conf with descriptions on them, to me I think the descriptions in defaults.conf should be more to developers, and the description for users and and options to edit should be in the .dist files that system admins are meant to edit when setting up their server. |
Alex-Jordan
force-pushed
the
admin-LTI
branch
from
782531b to
c80cc5a
Compare
|
I saw your review and comments came through this afternoon. I updated it to put commented out options for all this in More feedback is welcome. |
conf/authen_LTI.conf.dist
Outdated
| $authen{admin_module} = [ | ||
| 'WeBWorK::Authen::LTIAdvantage', | ||
| 'WeBWorK::Authen::LTIAdvanced', | ||
| 'WeBWorK::Authen::Basic_TheLastOption' | ||
| ]; |
There was a problem hiding this comment.
Do you want to comment out the LTI methods here, to make default behavior LTI cannot be used to access the admin course (like your original intent was). I think this as reasonable since LTI can also create student users (they can't do much in the admin course), but that could be another reason it should be disabled by default?
There was a problem hiding this comment.
Now that it's configurable, it feels OK to let the default behavior go unchanged from what it has been up to now. I don't really have an opinion though. In my own servers, I'll make sure that LTI can't be used to access the admin course either way.
|
@Alex-Jordan I figured out what I did wrong, and submitted my old review just so you could see the comments and I wouldn't have to copy them again. I figured out what I was doing incorrectly, there is both a 'enter single comment' and 'start a review', the second needs to be finalized. I have only left single comments in the past so didn't realize that 'start a review' as an option until now. |
|
In localOverrides.conf you added the commented out authentication options before the includes that include the auth_LTI.conf and auth_LDAP.conf, which have the same options not commented out. So if a user removes the comments to configure the auth methods there, they will just be overridden by what is in the last auth_Foo.conf file included. I think you should move these to after the includes, so they can be used to override anything the configuration files may be doing when a user removes the comments. |
My perspective is that is exactly what should happen. The authentication module config files are "loaded last" conceptually, even if they come in the middle of In the case of LDAP, it is odd to have a commented out line that suggests using it (in |
Alex-Jordan
force-pushed
the
admin-LTI
branch
from
c80cc5a to
3eb241f
Compare
Alex-Jordan
force-pushed
the
admin-LTI
branch
2 times, most recently
from
eb1e6c0 to
da0cf3f
Compare
Alex-Jordan
force-pushed
the
admin-LTI
branch
from
da0cf3f to
165a465
Compare
|
This is rebased now, I think just awaiting @taniwallach's review. I did lose track if I got to everything @somiaj mentioned, and please alert me if there is more to adjust. |
|
I recall you addressed everything I mentioned, but I am going to mention it again just in case. Note, I'm okay with things the way they are, I'm just sharing my observations on hypotheticals. I would still remove LTI access by default (maybe comment it out) in the admin course. This seems like a reasonable default to me, vs just allowing admins to remove it. Sure it changes current behavior, but I think for the better. I still think the order in which the config options are read should be addressed a bit more. Or maybe add comments about this, to avoid possible confusing. Currently if someone wanted to override the settings in I did understand your argument that in some cases that the config files may not be read until |
|
I think you are right that it would be good to change the default. I wonder if there is anyone it would even effect. Who is currently intentionally accessing their admin course using LTI? So I will make that change unless someone else stops me. As we saw with a recent forum thread, the situation with the config files for authentication is a mess. Some solution may be needed that is beyond the scope here. |
Alex-Jordan
force-pushed
the
admin-LTI
branch
from
eb5b1cf to
d9bf525
Compare
|
@drgrice1 I believe I addressed the recent things you mentioned here. |
|
It looks like you have addressed the issues that have been put forth. @taniwallach, could you look at this, and if you are satisfied give it an approval to remove the block on merging? |
|
@drgrice1 This has a conflict now following the merge of #2333. Since I don't follow everything that you are changing in #2333, would you mind looking this over and suggesting how to address the conflict? And then @taniwallach, following addressing the conflict, can you look at this and lift your block on merging? |
|
Yeah, I will look at it. |
lib/WeBWorK/Authen.pm
Outdated
| my $authen_ref = ref($c->authen); | ||
| if ($c->ce->{courseName} eq 'admin' && !(grep(/^$authen_ref$/, @{ $c->ce->{authen}{admin_module} }))) { | ||
| $self->write_log_entry("Cannot authenticate into admin course using $authen_ref."); | ||
| $c->stash( | ||
| authen_error => $c->maketext( | ||
| 'There was an error during the login process. Please speak to your instructor or system administrator.' | ||
| ) | ||
| ); | ||
| return ($self->call_next_authen_method()); | ||
| } |
There was a problem hiding this comment.
The easiest way to fix the conflict here is to merge origin/develop into this branch. When you do that the following merge conflict will occur:
<<<<<<< HEAD
my $authen_ref = ref($c->authen);
if ($c->ce->{courseName} eq 'admin' && !(grep(/^$authen_ref$/, @{ $c->ce->{authen}{admin_module} }))) {
$self->write_log_entry("Cannot authenticate into admin course using $authen_ref.");
$c->stash(
authen_error => $c->maketext(
'There was an error during the login process. Please speak to your instructor or system administrator.'
)
);
return ($self->call_next_authen_method());
}
my $result = $self->do_verify;
my $error = $self->{error};
my $log_error = $self->{log_error};
=======
return $self->call_next_authen_method if !$self->request_has_data_for_this_verification_module;
>>>>>>> origin/develop
Just delete the version control conflict markers and move return $self->call_next_authen_method if !$self->request_has_data_for_this_verification_module; before the changes you added here. Then delete the lines my $result = ..., my $error = ..., and my $log_error = ....
Although, I also see some code issues that need to be fixed. I will comment on those separately.
|
OK, I made all those updates. @taniwallach this is ready for you to review. |
Alex-Jordan
force-pushed
the
admin-LTI
branch
3 times, most recently
from
8bbbc34 to
d9f9e78
Compare
There was a problem hiding this comment.
Looked over things again and looks good. I tested that by default I get the error There was an error during the login process. Please speak to your instructor or system administrator. when trying to login via LTI by default (so it is correctly not letting me log in via LTI), and if I add WeBWorK::Authen::LTIAdvanced to $authen{admin_module} then it tries to login via LTI (though I get an error since I didn't have LTI setup correctly to login, but see via the debug parameters it attempted to).
|
Since this now has two approvals, I will override @taniwallach disapproval, and merge it. I believe that his issues have been addressed, and that he just has not had the time to look at this. |
If the authentication module is an LTI authentication module and the course is the admin course, this moves on to the next authentication module.
This is to kill any potential for an LMS user to spoof their LTI data and enter the admin course as one of its admin users.