Skip to content

Commit

Permalink
Guessing at fixes for Shibboleth issues.
Browse files Browse the repository at this point in the history
There are two problems with the Shibboleth authenticaiton that I have
identified in discussion with @glarose together with analyzing code and
the issues posted in the forums (see
https://webwork.maa.org/moodle/mod/forum/discuss.php?d=8534#p21568).

The first is that the Shibboleth module overrides the WeBWorK::Authen
check_session method, and does not properly initialize the database
session.  This causes anything that uses the database session (which
includes test proctor authentication) to fail.

The second is that the WeBWorK::Controller session method returns
undefined in the case that cookies are disabled (which the Shibboleth
authentication module does).  The Mojolicious::Plugin::DefaultHelpers
_validation method then calls the session method expecting it to be an
object or a hash reference.

I have no way to test that this fixes the issues that have been
reported, and can only write code that should work.  So someone with
a Shibboleth identity provider will need to test this.
  • Loading branch information
drgrice1 committed Oct 22, 2024
1 parent 6d96fda commit fd6676d
Showing 1 changed file with 14 additions and 10 deletions.
24 changes: 14 additions & 10 deletions lib/WeBWorK/Authen/Shibboleth.pm
Original file line number Diff line number Diff line change
Expand Up @@ -167,20 +167,24 @@ sub check_session {
if ($ce->{shiboff}) {
return $self->SUPER::check_session(@_);
} else {
my $Key = $db->getKey($userID); # checked
my $Key = $db->getKey($userID);
return 0 unless defined $Key;

my $keyMatches = (defined $possibleKey and $possibleKey eq $Key->key);
my $timestampValid = (time <= $Key->timestamp() + $ce->{sessionTimeout});
if ($ce->{shibboleth}{manage_session_timeout}) {
# always valid to allow shib to take control of timeout
$timestampValid = 1;
}
my $currentTime = time;

my $keyMatches = defined $possibleKey && $possibleKey eq $Key->key;
my $timestampValid = $currentTime <= $Key->timestamp() + $ce->{sessionTimeout};
# Allow shib to take control of timeout.
$timestampValid = 1 if $ce->{shibboleth}{manage_session_timeout};

if ($keyMatches and $timestampValid and $updateTimestamp) {
$Key->timestamp(time);
$db->putKey($Key);
if ($keyMatches && $timestampValid && $updateTimestamp) {
$Key->timestamp($currentTime);
$self->{c}->stash->{'webwork2.database_session'} = { $Key->toHash };
$self->{c}->stash->{'webwork2.database_session'}{session}{flash} =
delete $self->{c}->stash->{'webwork2.database_session'}{session}{new_flash}
if $self->{c}->stash->{'webwork2.database_session'}{session}{new_flash};
}

return (1, $keyMatches, $timestampValid);
}
}
Expand Down

0 comments on commit fd6676d

Please sign in to comment.