Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-30043

login/token.php: should only check for EXTERNAL_TOKEN_PERMANENT

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.2
    • Fix Version/s: 2.2
    • Component/s: Web Services
    • Labels:
      None
    • Testing Instructions:
      Hide

      1- create a web service (enabled and authorised for a specific username)
      2- in the mysql/postgres 'external_services' table, set manually the SHORTNAME
      3- Enter in your browser: http://yourmoodle/login/token.php?service=SHORTNAME&username=USERNAME&password=PASSWORD

      //use a no-admin user who has the moodle/webservice:createtoken capability
      a) the user never visited his security keys page (i.e. no token exists for him) and everything is set up correctly => a token is returned
      b) you run a) a new time (so a token has been generated) => the same token is returned.

      Show
      1- create a web service (enabled and authorised for a specific username) 2- in the mysql/postgres 'external_services' table, set manually the SHORTNAME 3- Enter in your browser: http://yourmoodle/login/token.php?service=SHORTNAME&username=USERNAME&password=PASSWORD //use a no-admin user who has the moodle/webservice:createtoken capability a) the user never visited his security keys page (i.e. no token exists for him) and everything is set up correctly => a token is returned b) you run a) a new time (so a token has been generated) => the same token is returned.
    • Affected Branches:
      MOODLE_22_STABLE
    • Fixed Branches:
      MOODLE_22_STABLE
    • Pull from Repository:
    • Pull Master Branch:
    • Pull Master Diff URL:

      Description

      The login/token.php should not return a mix of different type of token. By default it should be EXTERNAL_TOKEN_PERMANENT (not sure if the script should return EXTERNAL_TOKEN_EMBEDDED though...)

        Attachments

          Activity

            People

            Assignee:
            jerome Jérôme Mouneyrac
            Reporter:
            jerome Jérôme Mouneyrac
            Integrator:
            Eloy Lafuente (stronk7)
            Tester:
            Rossiani Wijaya
            Participants:
            Component watchers:
            Juan Leyva, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Ilya Tregubov, Sara Arjona (@sarjona)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Fix Release Date:
              5/Dec/11