Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-30043

login/token.php: should only check for EXTERNAL_TOKEN_PERMANENT

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.2
    • Fix Version/s: 2.2
    • Component/s: Web Services
    • Labels:
      None
    • Testing Instructions:
      Hide

      1- create a web service (enabled and authorised for a specific username)
      2- in the mysql/postgres 'external_services' table, set manually the SHORTNAME
      3- Enter in your browser: http://yourmoodle/login/token.php?service=SHORTNAME&username=USERNAME&password=PASSWORD

      //use a no-admin user who has the moodle/webservice:createtoken capability
      a) the user never visited his security keys page (i.e. no token exists for him) and everything is set up correctly => a token is returned
      b) you run a) a new time (so a token has been generated) => the same token is returned.

      Show
      1- create a web service (enabled and authorised for a specific username) 2- in the mysql/postgres 'external_services' table, set manually the SHORTNAME 3- Enter in your browser: http://yourmoodle/login/token.php?service=SHORTNAME&username=USERNAME&password=PASSWORD //use a no-admin user who has the moodle/webservice:createtoken capability a) the user never visited his security keys page (i.e. no token exists for him) and everything is set up correctly => a token is returned b) you run a) a new time (so a token has been generated) => the same token is returned.
    • Affected Branches:
      MOODLE_22_STABLE
    • Fixed Branches:
      MOODLE_22_STABLE
    • Pull Master Branch:

      Description

      The login/token.php should not return a mix of different type of token. By default it should be EXTERNAL_TOKEN_PERMANENT (not sure if the script should return EXTERNAL_TOKEN_EMBEDDED though...)

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  5/Dec/11