Moodle
  1. Moodle
  2. MDL-29527

Add description to RSS security key reset

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 2.1.2, 2.2
    • Fix Version/s: 2.1.3
    • Component/s: RSS
    • Labels:
    • Rank:
      19005

      Description

      On http://YOURMOODLEURL/user/managetoken.php, a user can reset his RSS security keys.

      As the link to this page is noticably located in "My profile settings -> Security keys", we saw curious users checking the possibilities in their profiles (and never having used a rss feed yet) visiting this page.

      For these users, the widget on this page doesn't give any information. We were asked by users what can be reset there and why. We propose that there should be a description for this feature within the widget, similar to the description for resetting security keys for web services.

      Changes have to be done in /rss/renderer.php, replace

      //$return .= get_string('keyshelp', 'webservice');

      with

      $return .= get_string('keyshelp', 'rss');

      and add a decriptive text to the rss language package.

      We propose adapting the text from moodle docs (http://docs.moodle.org/20/en/RSS_feeds_2.0#Restricting_access_to_RSS_feeds):

      <p>To ensure security and privacy RSS feed URLs contain a special token that identifies the user they are for. This prevents other users from accessing areas of Moodle they shouldn\'t have access to via RSS feeds.</p><p>This token is automatically created the first time you access an area of Moodle that produces an RSS feed. If you feel that your RSS feed token has been compromised in some way you can request a new one by clicking the Reset link here. Please note that your present RSS feed URLs will then become invalid.</p>

      We have also done a german translation for this:

      <p>Um Sicherheit und Vertraulichkeit zu gewährleisten enthalten RSS-Feed URLs einen Sicherheitsschlüssel, welcher den Benutzer identifiziert, der den RSS-Feed erzeugt hat. Dadurch wird verhindert, dass andere Benutzer mithilfe von RSS-Feeds Zugriff auf Informationen erlangen, auf die sie sonst keinen Zugriff hätten.</p><p>Der Sicherheitsschlüssel wird automatisch erzeugt, wenn Sie das erste Mal eine Aktivität nutzen, die RSS-Feeds unterstützt. Falls Sie denken, dass Dritte von Ihrem RSS Sicherheitsschlüssel Kenntnis erlangt haben könnten, können Sie ihn durch Klick auf "Zurücksetzen" neu setzen. Dadurch werden Ihre bisherigen RSS-Feed URLs ungültig und können neu abonniert werden.</p>

        Issue Links

          Activity

          Hide
          Michael de Raadt added a comment -

          Thanks for suggesting that and providing the fix.

          Show
          Michael de Raadt added a comment - Thanks for suggesting that and providing the fix.
          Hide
          Dan Poltawski added a comment -

          Thanks for the suggestion. I have submitted a fix for integration doing exactly as you describe.

          Show
          Dan Poltawski added a comment - Thanks for the suggestion. I have submitted a fix for integration doing exactly as you describe.
          Hide
          Eloy Lafuente (stronk7) added a comment -

          The main moodle.git repository has just been updated with latest weekly modifications. You may wish to rebase your PULL branches to simplify history and avoid any possible merge conflicts. This would also make integrator's life easier next week.

          TIA and ciao

          Show
          Eloy Lafuente (stronk7) added a comment - The main moodle.git repository has just been updated with latest weekly modifications. You may wish to rebase your PULL branches to simplify history and avoid any possible merge conflicts. This would also make integrator's life easier next week. TIA and ciao
          Hide
          Aparup Banerjee added a comment -

          just popping in the git repo url

          Show
          Aparup Banerjee added a comment - just popping in the git repo url
          Hide
          Aparup Banerjee added a comment -

          minor note: there must be a missing comma somewhere in the English string, perhaps :'To ensure security and privacy, RSS feed URLs contain a'... ?

          added Helen for her comment before integrating this.

          Show
          Aparup Banerjee added a comment - minor note: there must be a missing comma somewhere in the English string, perhaps :'To ensure security and privacy, RSS feed URLs contain a'... ? added Helen for her comment before integrating this.
          Hide
          Helen Foster added a comment -

          Hi Apu,

          Yes, you're right about the comma:

          To ensure security and privacy, RSS feed URLs contain a special token that identifies the user they are for.

          is better. Also, if you're editing the string, you could change the word "present" to "current" to make the last sentence:

          Please note that your current RSS feed URLs will then become invalid.

          Show
          Helen Foster added a comment - Hi Apu, Yes, you're right about the comma: To ensure security and privacy, RSS feed URLs contain a special token that identifies the user they are for. is better. Also, if you're editing the string, you could change the word "present" to "current" to make the last sentence: Please note that your current RSS feed URLs will then become invalid.
          Hide
          Aparup Banerjee added a comment -

          Thanks everyone, I've incorporated Helen's suggestion and now this improvement has been integrated into master and back-ported into 2.1.x

          Show
          Aparup Banerjee added a comment - Thanks everyone, I've incorporated Helen's suggestion and now this improvement has been integrated into master and back-ported into 2.1.x
          Hide
          Ankit Agarwal added a comment -

          Test passed!
          Thanks

          Show
          Ankit Agarwal added a comment - Test passed! Thanks
          Hide
          Eloy Lafuente (stronk7) added a comment -

          Done, your delicious hacks have been sent upstream, many thanks!

          Closing as fixed, ciao

          Show
          Eloy Lafuente (stronk7) added a comment - Done, your delicious hacks have been sent upstream, many thanks! Closing as fixed, ciao

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: