Password Policies #2396
Comments
|
Hi @farlo18 This seems coming from Moodle core, rather than the Microsoft plugins. Specifically auth_oidc plugin doesn't store password for users using the authentication method. Pleased check the authentication method of the user to confirm. If the user seeing this error does use auth_oidc, please provide more details, e.g. Moodle and plugin versions, how the Moodle account is created (i.e. from the user sync task, by user login, or Moodle account pre-existed etc), and steps on how to reproduce the issue. Thank you. |
weilai-irl
added
the
Issue type - help wanted
|
This user was created with the plugin from user login (no sync task). Using Moodle 4.3 and plugin 4.2.2 for OpenID Connect. I will say I modified main.php and auth.php to change $password=null to $password=‘’ as having it as null didn’t allow any logins at all. If I delete the user from the system and then attempt to sign in it first creates an error message about a null password still and then has the user back at the site home not logged in. When signing in again the user is logged in with a newly created account with the password policy message. Here is the first error message: Exception - update_internal_user_password(): Argument #2 ($password) must be of type string, null given, called in [dirroot]/lib/moodlelib.php on line 3927 More information about this error As I said this error message would happen and prevent login every time until I updated the two php files. Also the password policy error message doesn’t affect the user logging in, only displays the error message to the user (which will confuse them). |
|
The error "Exception - update_internal_user_password(): Argument #2 ($password) must be of type string, null given, called in [dirroot]/lib/moodlelib.php on line 3927" is more a bug in Moodle than in auth_oidc. The update_internal_user_password function assumes that it will always have access to a password, but part of the point of the likes of OIDC is that the app server never sees the user's password at all. Since update_internal_user_password is called by authenticate_user_login, which auth_oidc really does need to call, it's not auth_oidc's fault - it's an oversight while adding the type annotations to Moodle core. |
|
Hi @farlo18, The error about update_internal_user_password() function is an auth_oidc plugin compatibility issue in Moodle 4.3, and it was fixed in the 4.3.0 release of the plugins, or from Moodle plugin directory at this link. We didn't see this error when testing the plugin for Moodle 4.3 upgrade. Please use this new version to test again and see if the issue still exists. Regards, |
weilai-irl
added
Status - need more info
|
I did a fresh install of Moodle 4.4 and the updated plugin. There is no issues or errors now from it. Thank you. |
When a user signs in I'm currently getting this error:
If I disable the password policy of course this doesn't show up, but this isn't helpful to users not using the plugin. Is there a setting somewhere that's missed that has the accounts not notify users of password issues?
The text was updated successfully, but these errors were encountered: