Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-27360

Web service tokens are displayed for deleted users

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.1, 2.2.1
    • Fix Version/s: 2.1.5, 2.2.2
    • Component/s: Web Services
    • Labels:
    • Testing Instructions:
      Hide
      • Create a service and authorise a user on it
      • Create a token for this user and this service
      • Delete the user but not the token
        => you should not see the token anymore displayed in the administration
        => the deleted user should not be authorised on the service anymore
      Show
      Create a service and authorise a user on it Create a token for this user and this service Delete the user but not the token => you should not see the token anymore displayed in the administration => the deleted user should not be authorised on the service anymore
    • Affected Branches:
      MOODLE_21_STABLE, MOODLE_22_STABLE
    • Fixed Branches:
      MOODLE_21_STABLE, MOODLE_22_STABLE
    • Pull Master Branch:

      Description

      1- Even though the core web service servers check if the user related to the token is deleted, it would be better to delete tokens when users are deleted. (specially for third party server not using the webservice_server class containing the authentication method then this would be a security issue)

      2- In the same time the administration should not display token for deleted users (patch in http://moodle.org/mod/forum/discuss.php?d=174506#p765320)

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Votes:
                  1 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Fix Release Date:
                    12/Mar/12