Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-27360

Web service tokens are displayed for deleted users

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.1, 2.2.1
    • Fix Version/s: 2.1.5, 2.2.2
    • Component/s: Web Services
    • Labels:
    • Testing Instructions:
      Hide
      • Create a service and authorise a user on it
      • Create a token for this user and this service
      • Delete the user but not the token
        => you should not see the token anymore displayed in the administration
        => the deleted user should not be authorised on the service anymore
      Show
      Create a service and authorise a user on it Create a token for this user and this service Delete the user but not the token => you should not see the token anymore displayed in the administration => the deleted user should not be authorised on the service anymore
    • Affected Branches:
      MOODLE_21_STABLE, MOODLE_22_STABLE
    • Fixed Branches:
      MOODLE_21_STABLE, MOODLE_22_STABLE
    • Pull Master Branch:

      Description

      1- Even though the core web service servers check if the user related to the token is deleted, it would be better to delete tokens when users are deleted. (specially for third party server not using the webservice_server class containing the authentication method then this would be a security issue)

      2- In the same time the administration should not display token for deleted users (patch in http://moodle.org/mod/forum/discuss.php?d=174506#p765320)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              jerome Jérôme Mouneyrac
              Reporter:
              jerome Jérôme Mouneyrac
              Peer reviewer:
              Rossiani Wijaya
              Integrator:
              Eloy Lafuente (stronk7)
              Tester:
              Gerard Caulfield
              Participants:
              Component watchers:
              Juan Leyva, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona), Víctor Déniz Falcón
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                12/Mar/12