Permalink
Browse files

MDL-27107 auth_mnet - consider all incoming roaming users as confirmed

The 'confirmed' field can't be optional. If the identity provider did
not export it, the new remote user would be created with 'confirmed' set
to default zero and as such could be a subject of scheduled deletion.
  • Loading branch information...
1 parent e4527c5 commit 9b81b37eb9f9bd2b83b8b20f9d813c4f3251e514 @mudrd8mz mudrd8mz committed Aug 28, 2011
Showing with 2 additions and 1 deletion.
  1. +1 −0 auth/mnet/auth.php
  2. +1 −1 mnet/lib.php
View
1 auth/mnet/auth.php
@@ -276,6 +276,7 @@ function confirm_mnet_session($token, $remotepeer) {
*/
$remoteuser->mnethostid = $remotehost->id;
$remoteuser->firstaccess = time(); // First time user in this server, grab it here
+ $remoteuser->confirmed = 1;
$remoteuser->id = $DB->insert_record('user', $remoteuser);
$firsttime = true;
View
2 mnet/lib.php
@@ -586,6 +586,7 @@ function mnet_profile_field_options() {
'timemodified', // will be set to relative to the host anyway
'auth', // going to be set to 'mnet'
'deleted', // we should never get deleted users sent over, but don't send this anyway
+ 'confirmed', // unconfirmed users can't log in to their home site, all remote users considered confirmed
'password', // no password for mnet users
'theme', // handled separately
'lastip', // will be set to relative to the host anyway
@@ -610,7 +611,6 @@ function mnet_profile_field_options() {
'username',
'email',
'auth',
- 'confirmed',
'deleted',
'firstname',
'lastname',

0 comments on commit 9b81b37

Please sign in to comment.