[MDL-31209] web service error message: Indication about the service not containg the web service function is confusing - Moodle Tracker

Details

Type: Bug
Status: Closed
Priority: Trivial
Resolution: Fixed
Affects Version/s: 2.2.1, 2.3.7, 2.4.4, 2.5
Fix Version/s: 2.3.8, 2.4.5, 2.5.1
Component/s: Web Services
Labels:
- triaged

Testing Instructions:

Hide

Create a service that authorise users
Add a user to this service
On the page where you added the user, click on the name. You arrive on the user settings. here enter an IP address which is not yours.
Create a ws token linked to this service.
Call a webservice (use REST demo client for example: https://github.com/moodlehq/sample-ws-clients/tree/master/PHP-REST) and check that the returned error message is clear enough. See the commit to check that the text error message match the changes.

Show
Create a service that authorise users Add a user to this service On the page where you added the user, click on the name. You arrive on the user settings. here enter an IP address which is not yours. Create a ws token linked to this service. Call a webservice (use REST demo client for example: https://github.com/moodlehq/sample-ws-clients/tree/master/PHP-REST ) and check that the returned error message is clear enough. See the commit to check that the text error message match the changes.
Affected Branches:
MOODLE_22_STABLE, MOODLE_23_STABLE, MOODLE_24_STABLE, MOODLE_25_STABLE
Fixed Branches:
MOODLE_23_STABLE, MOODLE_24_STABLE, MOODLE_25_STABLE
Pull from Repository:
git://github.com/mouneyrac/moodle.git
Pull Master Branch:
~~MDL-31209~~-master
Pull Master Diff URL:
https://github.com/mouneyrac/moodle/compare/moodle:master...MDL-31209-master

Description

Following ~~MDL-31138~~, the error message could be more accurate:

"Access to the function local_wstemplate_hello_world() is not allowed. Please check if a service containing the function is enabled. In the service settings: if the service is restricted check that the user is listed. Still in the service settings check for IP restriction or if the service requires a capability"

We should advice to check that the service linked to the token contains the called function. PS: in the case of username/password authentication, no specific service is linked. The current error message is more matching this authentication method.

Gliffy Diagrams

Attachments

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Jérôme Mouneyrac added a comment - 07/May/13 10:07 AM

Send to Helen for string reviews.

Show

Jérôme Mouneyrac added a comment - 07/May/13 10:07 AM Send to Helen for string reviews.

Hide

Permalink

Jérôme Mouneyrac added a comment - 07/May/13 10:11 AM

updated.

Show

Jérôme Mouneyrac added a comment - 07/May/13 10:11 AM updated.

Hide

Permalink

Andrew Davis added a comment - 14/May/13 2:38 AM

This issue is missing testing instructions. Please describe how a human tester can verify that this fix has been correctly integrated and is working correctly.

Show

Andrew Davis added a comment - 14/May/13 2:38 AM This issue is missing testing instructions. Please describe how a human tester can verify that this fix has been correctly integrated and is working correctly.

Hide

Permalink

Helen Foster added a comment - 14/May/13 7:23 AM

Jerome, thanks for asking me to take a look at the string. Here's my suggested small rewording:

There could be multiple reasons for this:
1. The service linked to the user token does not contain the function.
2. The service is user-restricted and the user is not listed.
3. The service is IP-restricted and the user IP is not listed.
4. The service is time-restricted and the time has expired.
5. The token is time-restricted and the time has expired.
6. The service requires a specific capability which the user does not have.
7. The function is called with username/password (no user token is sent) and none of the services has the function to allow the user.
These settings can be found in Administration > Site administration > Plugins > Web services > External services and Manage tokens.

Show

Helen Foster added a comment - 14/May/13 7:23 AM Jerome, thanks for asking me to take a look at the string. Here's my suggested small rewording: There could be multiple reasons for this: 1. The service linked to the user token does not contain the function. 2. The service is user-restricted and the user is not listed. 3. The service is IP-restricted and the user IP is not listed. 4. The service is time-restricted and the time has expired. 5. The token is time-restricted and the time has expired. 6. The service requires a specific capability which the user does not have. 7. The function is called with username/password (no user token is sent) and none of the services has the function to allow the user. These settings can be found in Administration > Site administration > Plugins > Web services > External services and Manage tokens.

Hide

Permalink

Jérôme Mouneyrac added a comment - 14/May/13 7:56 AM

Thanks Helen.

Show

Jérôme Mouneyrac added a comment - 14/May/13 7:56 AM Thanks Helen.

Hide

Permalink

Eloy Lafuente (stronk7) added a comment - 20/May/13 5:07 PM

Integrated (23, 24, 25 & master), thanks!

Show

Eloy Lafuente (stronk7) added a comment - 20/May/13 5:07 PM Integrated (23, 24, 25 & master), thanks!

Hide

Permalink

Rajesh Taneja added a comment - 21/May/13 9:01 AM

Thanks Jerome,

I can see the new message.

FYI: I got following message by testing instructions.

<?xml version="1.0" encoding="UTF-8" ?>

<EXCEPTION class="webservice_access_exception">

<ERRORCODE>accessexception</ERRORCODE>

<MESSAGE>Access control exception</MESSAGE>

<DEBUGINFO>Invalid service - IP:192.168.100.33 is not supported - check this allowed user</DEBUGINFO>

</EXCEPTION>

But passing function name (from ws-client) different then one linked in service throw expected message.
Let me know it's ok to pass.

Show

Rajesh Taneja added a comment - 21/May/13 9:01 AM Thanks Jerome, I can see the new message. FYI: I got following message by testing instructions. <?xml version="1.0" encoding="UTF-8" ?> <EXCEPTION class="webservice_access_exception"> <ERRORCODE>accessexception</ERRORCODE> <MESSAGE>Access control exception</MESSAGE> <DEBUGINFO>Invalid service - IP:192.168.100.33 is not supported - check this allowed user</DEBUGINFO> </EXCEPTION> But passing function name (from ws-client) different then one linked in service throw expected message. Let me know it's ok to pass.

Hide

Permalink

Rajesh Taneja added a comment - 22/May/13 4:05 AM

Passing this as message for testing instructions in more precise and I could see the general (updated) message.

Show

Rajesh Taneja added a comment - 22/May/13 4:05 AM Passing this as message for testing instructions in more precise and I could see the general (updated) message.

Hide

Permalink

Damyon Wiese added a comment - 24/May/13 6:46 AM

Thanks for your contribution! This issue has been reviewed, integrated, tested and now released to everyone.

Closing as Fixed!

Show

Damyon Wiese added a comment - 24/May/13 6:46 AM Thanks for your contribution! This issue has been reviewed, integrated, tested and now released to everyone. Closing as Fixed!

People

Assignee:

Jérôme Mouneyrac

Reporter:

Jérôme Mouneyrac

Peer reviewer:

Helen Foster

Integrator:

Eloy Lafuente (stronk7)

Tester:

Rajesh Taneja

Participants:

Andrew Davis, Damyon Wiese, Eloy Lafuente (stronk7), Helen Foster, Jérôme Mouneyrac, Rajesh Taneja

Votes:

0 Vote for this issue

Watchers:

5 Start watching this issue

Dates

Created:

17/Jan/12 12:22 PM

Updated:

24/May/13 6:46 AM

Resolved:

24/May/13 6:46 AM

Fix Release Date:

8/Jul/13