o365-moodle icon indicating copy to clipboard operation
o365-moodle copied to clipboard

Published 20 hours ago verified publisher icon microsoft

Password Policies

Open farlo18 opened this issue 1 year ago • 4 comments

When a user signs in I'm currently getting this error:

image

If I disable the password policy of course this doesn't show up, but this isn't helpful to users not using the plugin. Is there a setting somewhere that's missed that has the accounts not notify users of password issues?

farlo18 avatar Oct 23 '23 23:10 farlo18

Hi @farlo18

This seems coming from Moodle core, rather than the Microsoft plugins. Specifically auth_oidc plugin doesn't store password for users using the authentication method. Pleased check the authentication method of the user to confirm.

If the user seeing this error does use auth_oidc, please provide more details, e.g. Moodle and plugin versions, how the Moodle account is created (i.e. from the user sync task, by user login, or Moodle account pre-existed etc), and steps on how to reproduce the issue.

Thank you. Lai

weilai-irl avatar Oct 24 '23 08:10 weilai-irl

This user was created with the plugin from user login (no sync task). Using Moodle 4.3 and plugin 4.2.2 for OpenID Connect. I will say I modified main.php and auth.php to change $password=null to $password=‘’ as having it as null didn’t allow any logins at all.

If I delete the user from the system and then attempt to sign in it first creates an error message about a null password still and then has the user back at the site home not logged in. When signing in again the user is logged in with a newly created account with the password policy message.

Here is the first error message:

Exception - update_internal_user_password(): Argument #2 ($password) must be of type string, null given, called in [dirroot]/lib/moodlelib.php on line 3927

More information about this error

As I said this error message would happen and prevent login every time until I updated the two php files. Also the password policy error message doesn’t affect the user logging in, only displays the error message to the user (which will confuse them).

farlo18 avatar Oct 24 '23 09:10 farlo18

The error "Exception - update_internal_user_password(): Argument https://github.com/microsoft/o365-moodle/issues/2 ($password) must be of type string, null given, called in [dirroot]/lib/moodlelib.php on line 3927" is more a bug in Moodle than in auth_oidc. The update_internal_user_password function assumes that it will always have access to a password, but part of the point of the likes of OIDC is that the app server never sees the user's password at all.

Since update_internal_user_password is called by authenticate_user_login, which auth_oidc really does need to call, it's not auth_oidc's fault - it's an oversight while adding the type annotations to Moodle core.

nwp90 avatar Dec 17 '23 23:12 nwp90

Hi @farlo18,

The error about update_internal_user_password() function is an auth_oidc plugin compatibility issue in Moodle 4.3, and it was fixed in the 4.3.0 release of the plugins, or from Moodle plugin directory at this link.

We didn't see this error when testing the plugin for Moodle 4.3 upgrade. Please use this new version to test again and see if the issue still exists.

Regards, Lai

weilai-irl avatar Jan 23 '24 09:01 weilai-irl

I did a fresh install of Moodle 4.4 and the updated plugin. There is no issues or errors now from it. Thank you.

farlo18 avatar Jun 03 '24 05:06 farlo18