Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-40050

Replace add_to_log with an event trigger - webservices

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.5
    • Fix Version/s: 2.6
    • Component/s: Events API, Logging
    • Labels:
    • Testing Instructions:
      Hide

      Test pre-requisites

      1. Enable the mobile service enablemobilewebservice

      Services test

      1. Create, edit, delete a new Service
      2. Make sure each of those actions adds an entry in mdl_log.
      3. Add/remove users from one of the service
      4. Make sure each of those actions adds an entry in mdl_log.

      Token test

      1. With a user that doesn't have any token yet, access the following URL (replace USER and PASSWORD):
      2. Make sure you get 2 new entries in mdl_log
        • Token created
        • Token sent

      Server test

      1. Make sure that calling a function through REST and XMLRPC create an entry in mdl_log for each protocol.

      (example: curl -G "http://jerome.moodle.local/m/integration_master/webservice/rest/server.php" -d "wsfunction=core_get_component_strings" -d "moodlewsrestformat=json" -d "wstoken=4a480b99767d7c8e1096c24a01a66717" -d "component=moodle")

      Failed authentication test

      In this test, you have to make sure that each authentication failure triggers a corresponding log entry. Tweak the database or user details to generate those errors.

      1. Using the REST server
      2. When trying to call a WS function
        1. using username/password auth (simpleserver.php):
          • Password is invalid
        2. using token auth (server.php):
          • Token is invalid
          • Token expired
          • Ip restricted for that token (log: Failed to login)
        3. With simpleserver.php or server.php (example: curl -G "http://jerome.moodle.local/m/integration_master/webservice/rest/simpleserver.php" -d "wsfunction=core_get_component_strings" -d "moodlewsrestformat=json" -d "wsusername=webservice" -d "wspassword=Webservice2013_" -d "component=moodle" PS:atm if you want to change the password from a ws user then you need to change can_change_password() to return true. See linked issue.):
          • User deleted
          • User not confirmed
          • User suspended
          • User password expired
          • The user uses the authentication nologin
      3. When trying to download a file via WS.
        • The token has expired (valid until < time())
        • The token is restricted to another IP. (log: Failed to login)
        • The user is not confirmed
        • The user is suspended
        • The user uses the authentication nologin
        • The user password has expired
      Show
      Test pre-requisites Enable the mobile service enablemobilewebservice Services test Create, edit, delete a new Service Make sure each of those actions adds an entry in mdl_log. Add/remove users from one of the service Make sure each of those actions adds an entry in mdl_log. Token test With a user that doesn't have any token yet, access the following URL (replace USER and PASSWORD): http://yourmoodle/login/token.php?username=USER&password=PASSWORD&service=moodle_mobile_app (example: curl -G "http://jerome.moodle.local/m/integration_master/login/token.php" -d "username=admin" -d "password=test" -d "service=moodle_mobile_app" ) Make sure you get 2 new entries in mdl_log Token created Token sent Server test Make sure that calling a function through REST and XMLRPC create an entry in mdl_log for each protocol. (example: curl -G "http://jerome.moodle.local/m/integration_master/webservice/rest/server.php" -d "wsfunction=core_get_component_strings" -d "moodlewsrestformat=json" -d "wstoken=4a480b99767d7c8e1096c24a01a66717" -d "component=moodle") Failed authentication test In this test, you have to make sure that each authentication failure triggers a corresponding log entry. Tweak the database or user details to generate those errors. Using the REST server When trying to call a WS function using username/password auth (simpleserver.php): Password is invalid using token auth (server.php): Token is invalid Token expired Ip restricted for that token (log: Failed to login) With simpleserver.php or server.php (example: curl -G "http://jerome.moodle.local/m/integration_master/webservice/rest/simpleserver.php" -d "wsfunction=core_get_component_strings" -d "moodlewsrestformat=json" -d "wsusername=webservice" -d "wspassword=Webservice2013_" -d "component=moodle" PS:atm if you want to change the password from a ws user then you need to change can_change_password() to return true. See linked issue.): User deleted User not confirmed User suspended User password expired The user uses the authentication nologin When trying to download a file via WS. The token has expired (valid until < time()) The token is restricted to another IP. (log: Failed to login) The user is not confirmed The user is suspended The user uses the authentication nologin The user password has expired
    • Affected Branches:
      MOODLE_25_STABLE
    • Fixed Branches:
      MOODLE_26_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-40050-master
    • Story Points:
      40
    • Sprint:
      BACKEND Sprint 5

      Description

      Replace the add_to_log calls for the following area, with a call to the get_legacy_logdata function in the event class.

      webservices
      /webservice/lib.php:74: add_to_log(SITEID, 'webservice', get_string('tokenauthlog', 'webservice'), '', get_string('invalidtimedtoken', 'webservice'), 0);
      /webservice/lib.php:81: add_to_log(SITEID, 'webservice', get_string('tokenauthlog', 'webservice'), '', get_string('failedtolog', 'webservice') . ": " . getremoteaddr(), 0);
      /webservice/lib.php:145: add_to_log(SITEID, 'webservice', 'user unconfirmed', '', $user->username);
      /webservice/lib.php:151: add_to_log(SITEID, 'webservice', 'user suspended', '', $user->username);
      /webservice/lib.php:157: add_to_log(SITEID, 'webservice', 'nologin auth attempt with web service', '', $user->username);
      /webservice/lib.php:166: add_to_log(SITEID, 'webservice', 'expired password', '', $user->username);
      /webservice/lib.php:850: add_to_log(SITEID, 'webservice', get_string('simpleauthlog', 'webservice'), '' , get_string('failedtolog', 'webservice').": ".$this->username."/".$this->password." - ".getremoteaddr() , 0);
      /webservice/lib.php:870: add_to_log(SITEID, '', '', '', get_string('wsaccessuserdeleted', 'webservice', $user->username) . " - ".getremoteaddr(), 0, $user->id);
      /webservice/lib.php:876: add_to_log(SITEID, '', '', '', get_string('wsaccessuserunconfirmed', 'webservice', $user->username) . " - ".getremoteaddr(), 0, $user->id);
      /webservice/lib.php:882: add_to_log(SITEID, '', '', '', get_string('wsaccessusersuspended', 'webservice', $user->username) . " - ".getremoteaddr(), 0, $user->id);
      /webservice/lib.php:895: add_to_log(SITEID, '', '', '', get_string('wsaccessuserexpired', 'webservice', $user->username) . " - ".getremoteaddr(), 0, $user->id);
      /webservice/lib.php:902: add_to_log(SITEID, '', '', '', get_string('wsaccessusernologin', 'webservice', $user->username) . " - ".getremoteaddr(), 0, $user->id);
      /webservice/lib.php:929: add_to_log(SITEID, 'webservice', get_string('tokenauthlog', 'webservice'), '' , get_string('failedtolog', 'webservice').": ".$this->token. " - ".getremoteaddr() , 0);
      /webservice/lib.php:947: add_to_log(SITEID, 'webservice', get_string('tokenauthlog', 'webservice'), '' , get_string('failedtolog', 'webservice').": ".getremoteaddr() , 0);
      /webservice/lib.php:1061: add_to_log(SITEID, 'webservice', '', '' , $this->zend_class." ".getremoteaddr() , 0, $this->userid);
      /webservice/lib.php:1522: add_to_log(SITEID, 'webservice', $this->functionname, '' , getremoteaddr() , 0, $this->userid);

      /admin/webservice/service.php:61: add_to_log(SITEID, 'webservice', 'delete', $returnurl, get_string('deleteservice', 'webservice', $service));
      /admin/webservice/service.php:78: add_to_log(SITEID, 'webservice', 'add', $returnurl, get_string('addservice', 'webservice', $servicedata));
      /admin/webservice/service.php:88: add_to_log(SITEID, 'webservice', 'edit', $returnurl, get_string('editservice', 'webservice', $servicedata));
      /admin/webservice/service_users.php:60: add_to_log(SITEID, 'core', 'assign', $CFG->admin . '/webservice/service_users.php?id='
      /admin/webservice/service_users.php:74: add_to_log(SITEID, 'core', 'assign', $CFG->admin . '/webservice/service_users.php?id='

      webservice (login)
      /login/token.php:164: add_to_log(SITEID, 'webservice', 'automatically create user token', '' , 'User ID: ' . $user->id);
      /login/token.php:174: add_to_log(SITEID, 'webservice', 'sending requested user token', '' , 'User ID: ' . $user->id);

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              fred Frédéric Massart
              Reporter:
              abgreeve Adrian Greeve
              Peer reviewer:
              Dan Poltawski
              Integrator:
              Eloy Lafuente (stronk7)
              Tester:
              Jérôme Mouneyrac
              Participants:
              Component watchers:
              Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona), Andrew Nicols, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                18/Nov/13