Details

    • Type: Sub-task
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.1.2
    • Fix Version/s: 2.1.3
    • Component/s: Web Services
    • Labels:
      None
    • Testing Instructions:
      Hide

      1- create a web service (enabled and authorised for a specific username)
      2- in the mysql/postgres 'external_services' table, set manually the SHORTNAME
      3- Enter in your browser: http://yourmoodle/login/token.php?service=SHORTNAME&username=USERNAME&password=PASSWORD (do not test with an admin user expect if asked)

      //none admin username who hasn't the moodle/webservice:createtoken capability
      a) you already created a token in the admin with an expired valid date => error message (Moodle will fail to find a token, and try to create a new one)
      b) you already created a token in the admin with a different ip address => error message (Moodle will fail to find a token, and try to create a new one)
      c) you already created a token in the admin but for a different service => error message (Moodle will fail to find a token, and try to create a new one)
      d) you already created a token in the admin (the service is enabled and authorised for everybody, correct valid dates, correct ip restrictions) => the token is returned

      //none admin username who has the moodle/webservice:createtoken capbility (excepted if mentioned)
      e) the user is an admin
      f) the user is not authorised on a restricted service => error message
      g) the user is authorised but has a expired valid date (manage service admin page, click on authorised user then on the user full name link) => error message
      h) the user is authorised but has a different ip address => error message
      i) the user has not the capability to create a token (moodle/webservice:createtoken) => error message
      j) the user never visited his security keys page (i.e. not token was previously generated) and everything is set up correctly => a token is returned
      k) you run j) a new time (so a token has been generated) => the same token is returned.
      l) the user has not the service required capability.

      Now you are going to use the 'moodle_mobile_app' shortname (the mobile service). Enable it first in the administration. Redo i), it should success if the user doesn't have the 'moodle/webservice:createtoken' capability. Mobile service does not require the capability but the 'moodle/webservice:createmobiletoken' capability.

      Show
      1- create a web service (enabled and authorised for a specific username) 2- in the mysql/postgres 'external_services' table, set manually the SHORTNAME 3- Enter in your browser: http://yourmoodle/login/token.php?service=SHORTNAME&username=USERNAME&password=PASSWORD (do not test with an admin user expect if asked) //none admin username who hasn't the moodle/webservice:createtoken capability a) you already created a token in the admin with an expired valid date => error message (Moodle will fail to find a token, and try to create a new one) b) you already created a token in the admin with a different ip address => error message (Moodle will fail to find a token, and try to create a new one) c) you already created a token in the admin but for a different service => error message (Moodle will fail to find a token, and try to create a new one) d) you already created a token in the admin (the service is enabled and authorised for everybody, correct valid dates, correct ip restrictions) => the token is returned //none admin username who has the moodle/webservice:createtoken capbility (excepted if mentioned) e) the user is an admin f) the user is not authorised on a restricted service => error message g) the user is authorised but has a expired valid date (manage service admin page, click on authorised user then on the user full name link) => error message h) the user is authorised but has a different ip address => error message i) the user has not the capability to create a token (moodle/webservice:createtoken) => error message j) the user never visited his security keys page (i.e. not token was previously generated) and everything is set up correctly => a token is returned k) you run j) a new time (so a token has been generated) => the same token is returned. l) the user has not the service required capability. Now you are going to use the 'moodle_mobile_app' shortname (the mobile service). Enable it first in the administration. Redo i), it should success if the user doesn't have the 'moodle/webservice:createtoken' capability. Mobile service does not require the capability but the 'moodle/webservice:createmobiletoken' capability.
    • Affected Branches:
      MOODLE_21_STABLE
    • Fixed Branches:
      MOODLE_21_STABLE

      Gliffy Diagrams

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  28/Nov/11