-
-
Notifications
You must be signed in to change notification settings - Fork 61
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Example configuration for SSO #4
Comments
Yes of course the configuration file must be called
The complete mail block can be omitted if you do not want to be notified by mail about changes. But the bigger problem is SSO, that was already a problem with the old version of the downloader, I had done a lot of tinkering there. That you don't get a token can also be caused by a wrong configured SSO plugin. But there is nothing you can do about that. The normal way to get a token is with this URL But I read something here. You should be redirected to You are welcome to contact me whether that works or not. I would also like to know what kind of error message comes up when you try to get a token normally, with |
I'm looking into it in the next days. I'll have a look at how it works with the mobile app (which works despite of sso). Regarding the token.php API I'm a bit concerned my password could leak (don't know what came to their mind when deciding to pass passwords in URLs). There just have to be some very basic logging and all passwords are logged. Notes |
The mobile app uses the normal /login/token.php to get a token. Only if it detects that the moodle usese SSO then it uses /admin/tool/mobile/launch.php or other detected plugins. The code of the app is here. Yes logically the password could appear in logs of the server. But therefore you should use a separate password for each account (aka. use a password manager!). Normally you trust your provider to prevent this from happening. But SSO is not offered by every Moodle instance. For example, this is not an option for mine. Besides it can happen that the admin also logs post data. You can ask your admin about this and recommend censoring post and get data from token-login. :D |
With the mobile/launch.php one is redirected to the SSO page and no credentials are transferred to moodle. So far decoding the token looked like binary data (at least not ASCII). Have a closer look into it tomorrow. |
I've just seen that the REST interface of Moodle also accepts post-requests, I'll make the changes so that all requests are sent by POST. This helps at least against basic logging. |
Worked like a charm. I could now use the token to download everything from Moodle. @shoeper First login and then change the url accordingly to @C0D3D3V's post |
I also found the issue I ran into yesterday: On my computer the token is not shown because xdg-open is registered as handler for all protocols. I first tried to pass http as protocol but then all characters will be lowercase and the whole string is urlencoded. Passing http://localhost shows the token in the url bar. Example url: https://example.com/admin/tool/mobile/launch.php?service=moodle_mobile_app&passport=12345&urlscheme=http://localhost |
Using another moodle the urlscheme=http://localhost trick did not work. They seem to user proper sanitization. In that case one can open the developer console, open the network tab and the token will be visible there (as failed request). (And then just run echo -n "TOKEN" | base64 -d and copy the element after the first ::: - as you said). Also we have multiple moodles. I don't know how common it is but in such a case it would be great when the config could contain multiple tokens and urls and they would be processed one by one. And another thing is the file naming. At our university some course names are very long because they contain e.g. course numbers. Some courses also use too many folders (like one folder for one file or even folders without any files). And personally I think about adding a whitelist because usually I only want to have the courses I currently hear and keep the others as they are. Maybe I'll look into these some day. Apart from these points (which are personal preferences anyway) the tools works great and it is quite fast. Dockerfile
.dockerignore
build
can be run like this:
In the next step WebDAV will be added to the Docker image. The files can then directly be uploaded to a WebDAV server and all devices can automatically fetch the files using e.g. Seafile or Nextcloud. |
I'm glad it worked out for you, too. As soon as the exam phase is over, I will automate this so that you can easily add a Moodle account with SSO just like in the APP. But until then this issue is a good guide I think. That the downloader downloads multiple Moodles is in itself easy to implement. But I'm not sure if it makes more sense to simply run multiple cron jobs. But I'll be happy to implement it, it doesn't hurt. Yes, filenames are always a problem, I don't have a perfect solution yet. Especially files have two names in Moodle, the real filename I am currently using and the name used to display them on the platform. Course names are really sometimes very long. Although you can give a short name as a course creator, I have not seen anyone use this feature yet. I could, however, change the implementation and use the short name instead (although this is most likely identical to the long name). And then I could cut the names to a certain length. Do you mean real folders or sections in which a course is divided. I have not seen empty folders yet, and the downloader should not download them at all. Yes, I can implement a whitelist already tomorrow. In the end it is the same as the blacklist I already implented. I would be very happy if you implement some of this and make a Pull Request. Any support is welcome, I don't have to implement everything myself. Thanks for your appreciation, I am very pleased that the tool is useful. And many thanks for the Docker guide! It might be better to split all these different topics into different issues, so that you can find the topics easier in the future... |
We have quite some courses where files and up in folders named by date or weak number. Such folders are really inconvenient, because they do not say anything about the content and make it more "complex" to find and open the files.
I could also imagine some further options in combination with that. Or rather just as a new option where one can define such things per course id. Specifically:
Obviously that would be some additional configuration to perform, but given that it would only have to be done once and saves all the manual file lookups and downloads on moodle (without the tool) it would be worth it. Regarding pull requests: I'll look into this after my exams. |
I have automated the process to get a token with SSO login. Check out the latest commit. |
That's nice. I think there are still cases where manual configuration could be preferred, though. E.g. when running it on a headless machine. |
Yes good idea i plan to create a Wiki page for the repo where i can document this. Documenting everything in the readme would be too much. |
@shoeper Have you by chance created a ready-/working Dockerfile? I would like to include it in the project or at least offer it in the wiki. |
I use this simple one. davfs2 and bash aren't required for most users so the RUN statement could be removed. Dockerfile
.dockerignore
|
Ok perfect, I tested it, apart from the docker-entrypoint.sh it works great. But I think those are just customizations of yours. I will add the dockerfile to the repo and will explain in the wiki how to use it. |
I could also setup an automated build but don't have time, currently. |
This is the entrypoint. I'm not using it so far, so not sure whether it really works. The idea is to allow placing the files on a WebDAV remote. That way the job can run on a server or also services like Gitlab CI and upload the files to e.g. Nextcloud or Seafile where the clients automatically fetch the new files for all devices.
|
This is very cool, I will test it and then add it to the wiki. Thanks a lot. |
Hi, could you check in an example configuration?
I'd like to use the tool but our university uses SSO. Maybe it is possible to obtain the token externally and pass it using the config. It would be helpful to have a template configuration, so one doesn't have to look up configurable options in the code.
The text was updated successfully, but these errors were encountered: