Moodle
  1. Moodle
  2. MDL-31431

Profile image sometimes requires login => mobile app can not retrieve profile images

    Details

    • Testing Instructions:
      Hide

      Go to Plugins > Web services > API Documentation
      Check that core_webservice_get_site_info:userpictureurl return value explain how to retrieve the profile picture when forcelogin is set to YES or guestaccess to NO.

      Show
      Go to Plugins > Web services > API Documentation Check that core_webservice_get_site_info:userpictureurl return value explain how to retrieve the profile picture when forcelogin is set to YES or guestaccess to NO.
    • Workaround:
      Hide

      At the moment core_webservice_get_site_info() returns:

      <KEY name="userpictureurl"><VALUE>http://jerome.moodle.local/~jerome/Moodle_HEAD/pluginfile.php/5/user/icon/f1</VALUE>
      </KEY>
      

      to avoid this MDL issue with forcelogin/guestaccess, you can call the picture this way:

      http://jerome.moodle.local/~jerome/Moodle_HEAD/webservice/pluginfile.php?token= f95fe8ce5f6a4f01dc22ccdf333bba22&file=/5/user/icon/f1
      
      Show
      At the moment core_webservice_get_site_info() returns: <KEY name= "userpictureurl" ><VALUE>http: //jerome.moodle.local/~jerome/Moodle_HEAD/pluginfile.php/5/user/icon/f1</VALUE> </KEY> to avoid this MDL issue with forcelogin/guestaccess, you can call the picture this way: http: //jerome.moodle.local/~jerome/Moodle_HEAD/webservice/pluginfile.php?token= f95fe8ce5f6a4f01dc22ccdf333bba22&file=/5/user/icon/f1
    • Affected Branches:
      MOODLE_22_STABLE
    • Fixed Branches:
      MOODLE_22_STABLE
    • Pull Master Branch:
    • Rank:
      37956

      Description

      Juan wrote in the web service forum:

      The current webservices for displaying information about an user returns a value called:

      user.profileimageurl

      This is the full url of the user profile image

      Please, note that the current implementation only works if forcelogin is set to NO and guestaccess to Yes

      Also, there is a new security issue for preventing displaying profile images for guests users

      http://tracker.moodle.org/browse/MDL-29844

      I think it's neccesary a new script for obtaining this image using the auth token as a parmether (like the new pluginfile)

        Issue Links

          Activity

          Hide
          Jérôme Mouneyrac added a comment -

          Hi Juan,
          I tested with the demo client, the webservice/pluginfile.php script is already able to serve the profil picture:

          /// GLOBAL SETTINGS - CHANGE THEM !
          $token = 'f95fe8ce5f6a4f01dc24ccdf333bba22';
          $domainname = 'http://jerome.moodle.local/~jerome/Moodle_HEAD';
          
          /// DOWNLOAD PARAMETERS
          //Note: The service associated to the user token must allow "file download" ! 
          //      in the administration, edit the service to check the setting (click "advanced" button on the edit page).
          
          //Normally you retrieve the file download url from calling a web service like core_course_get_contents()
          $relativepath = '/5/user/icon/standard/f1'; //CHANGE THIS ! (I got this line from the picture url in my profile)
          
          //CHANGE THIS ! This is where you will store the file. 
          //Don't forget to allow 'write permission' on the folder for your web server.
          $path = '/Users/jerome/Sites/sample-ws-clients/PHP-HTTP-filehandling/profilepicture.jpg'; 
          
          /// DOWNLOAD IMAGE - Moodle 2.2 and later
          $url  = $domainname . '/webservice/pluginfile.php' . $relativepath; //NOTE: normally you should get this download url from your previous call of core_course_get_contents() 
          $tokenurl = $url . '?token=' . $token; //NOTE: in your client/app don't forget to attach the token to your download url
          $fp = fopen($path, 'w');
          $ch = curl_init($tokenurl);
          curl_setopt($ch, CURLOPT_FILE, $fp);
          $data = curl_exec($ch);
          curl_close($ch);
          fclose($fp);
          

          I'll have a look Monday to what we can do. Most likely going to be something like core_course_get_contents() where the client will have to edit the returned profile picture url to add his/her token to it.

          Show
          Jérôme Mouneyrac added a comment - Hi Juan, I tested with the demo client , the webservice/pluginfile.php script is already able to serve the profil picture: /// GLOBAL SETTINGS - CHANGE THEM ! $token = 'f95fe8ce5f6a4f01dc24ccdf333bba22'; $domainname = 'http: //jerome.moodle.local/~jerome/Moodle_HEAD'; /// DOWNLOAD PARAMETERS //Note: The service associated to the user token must allow "file download" ! // in the administration, edit the service to check the setting (click "advanced" button on the edit page). //Normally you retrieve the file download url from calling a web service like core_course_get_contents() $relativepath = '/5/user/icon/standard/f1'; //CHANGE THIS ! (I got this line from the picture url in my profile) //CHANGE THIS ! This is where you will store the file. //Don't forget to allow 'write permission' on the folder for your web server. $path = '/Users/jerome/Sites/sample-ws-clients/PHP-HTTP-filehandling/profilepicture.jpg'; /// DOWNLOAD IMAGE - Moodle 2.2 and later $url = $domainname . '/webservice/pluginfile.php' . $relativepath; //NOTE: normally you should get this download url from your previous call of core_course_get_contents() $tokenurl = $url . '?token=' . $token; //NOTE: in your client/app don't forget to attach the token to your download url $fp = fopen($path, 'w'); $ch = curl_init($tokenurl); curl_setopt($ch, CURLOPT_FILE, $fp); $data = curl_exec($ch); curl_close($ch); fclose($fp); I'll have a look Monday to what we can do. Most likely going to be something like core_course_get_contents() where the client will have to edit the returned profile picture url to add his/her token to it.
          Hide
          Jérôme Mouneyrac added a comment - - edited

          I think there is already a workaround:

          At the moment core_webservice_get_site_info() returns:

          <KEY name="userpictureurl"><VALUE>http://jerome.moodle.local/~jerome/Moodle_HEAD/pluginfile.php/5/user/icon/f1</VALUE>
          </KEY>
          

          to avoid this MDL issue with forcelogin/guestaccess, you can call the picture this way:

          http://jerome.moodle.local/~jerome/Moodle_HEAD/webservice/pluginfile.php?token= f95fe8ce5f6a4f01dc22ccdf333bba22&file=/5/user/icon/f1
          

          Of course the best way is to retrieve the image with https as you don't want to send the user token in clear.

          Show
          Jérôme Mouneyrac added a comment - - edited I think there is already a workaround: At the moment core_webservice_get_site_info() returns: <KEY name= "userpictureurl" ><VALUE>http: //jerome.moodle.local/~jerome/Moodle_HEAD/pluginfile.php/5/user/icon/f1</VALUE> </KEY> to avoid this MDL issue with forcelogin/guestaccess, you can call the picture this way: http: //jerome.moodle.local/~jerome/Moodle_HEAD/webservice/pluginfile.php?token= f95fe8ce5f6a4f01dc22ccdf333bba22&file=/5/user/icon/f1 Of course the best way is to retrieve the image with https as you don't want to send the user token in clear.
          Hide
          Jérôme Mouneyrac added a comment -

          I decrease the priority as there is a workaround (which actually should be the way to download profile picture)

          Show
          Jérôme Mouneyrac added a comment - I decrease the priority as there is a workaround (which actually should be the way to download profile picture)
          Hide
          Jérôme Mouneyrac added a comment -

          Ok I think we just need to mention to the client dev to replace in the return url:

          pluginfile.php

          by

          webservice/pluginfile.php?token= f95fe8ce5f6a4f01dc22ccdf333bba22&file=
          
          Show
          Jérôme Mouneyrac added a comment - Ok I think we just need to mention to the client dev to replace in the return url: pluginfile.php by webservice/pluginfile.php?token= f95fe8ce5f6a4f01dc22ccdf333bba22&file=
          Hide
          Jérôme Mouneyrac added a comment -

          I added a message to the API documentation. Sending for peer-review to Juan.

          Show
          Jérôme Mouneyrac added a comment - I added a message to the API documentation. Sending for peer-review to Juan.
          Hide
          Jérôme Mouneyrac added a comment -

          Juan can you tell me if this is ok for you?

          Show
          Jérôme Mouneyrac added a comment - Juan can you tell me if this is ok for you?
          Hide
          Juan Leyva added a comment -

          Works ok for me, thanks for pointing this solution

          Show
          Juan Leyva added a comment - Works ok for me, thanks for pointing this solution
          Hide
          Jérôme Mouneyrac added a comment -

          Thanks Juan, I submit it to integration.

          Show
          Jérôme Mouneyrac added a comment - Thanks Juan, I submit it to integration.
          Hide
          Jérôme Mouneyrac added a comment -

          For the integrator: can you cherry-pick it in 2.2 too? Thanks.

          Show
          Jérôme Mouneyrac added a comment - For the integrator: can you cherry-pick it in 2.2 too? Thanks.
          Hide
          Dan Poltawski added a comment -

          The main moodle.git repository has just been updated with latest weekly modifications. You may wish to rebase your PULL branches to simplify history and avoid any possible merge conflicts. This would also make integrator's life easier next week.

          TIA and ciao

          Show
          Dan Poltawski added a comment - The main moodle.git repository has just been updated with latest weekly modifications. You may wish to rebase your PULL branches to simplify history and avoid any possible merge conflicts. This would also make integrator's life easier next week. TIA and ciao
          Hide
          Dan Poltawski added a comment -

          Thanks Jerome, this has been integrated into master and 22 stable

          Show
          Dan Poltawski added a comment - Thanks Jerome, this has been integrated into master and 22 stable
          Hide
          Ankit Agarwal added a comment -

          All Good
          Passing!
          Thanks

          Show
          Ankit Agarwal added a comment - All Good Passing! Thanks
          Hide
          Eloy Lafuente (stronk7) added a comment -

          This has been near becoming rejected, because it's not the best code you are able to produce.

          But, luckily, at the end, it has landed and has been spread to all repos out there.

          Many thanks and, don't forget it, keep improving your skills, you can!

          Closing, ciao

          Show
          Eloy Lafuente (stronk7) added a comment - This has been near becoming rejected, because it's not the best code you are able to produce. But, luckily, at the end, it has landed and has been spread to all repos out there. Many thanks and, don't forget it, keep improving your skills, you can! Closing, ciao

            People

            • Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: