Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-54098

Review uses of require_login() / PAGE->set_context() within external functions

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.1
    • Fix Version/s: 3.1
    • Component/s: Web Services
    • Labels:
    • Testing Instructions:
      Hide

      Unit tests

      1. Run the unit tests

      core_enrol

      1. Create a course with enrolment methods 'self' and 'guest'
      2. Get a WS token for a user not enrolled in that course
      3. Request the following:

        // This is using HTTPie
        http -f WWWROOT/webservice/rest/server.php wstoken=TOKEN_NOT_ENROLLED wsfunction=core_enrol_get_course_enrolment_methods courseid=COURSE_ID
        

      4. Confirm that you get the list of self/guest enrolment methods available

      Enrol guest

      1. In a visible course, create a new instance of enrol_guest.
        • Note its ID: SELECT id FROM mdl_enrol WHERE enrol = 'guest'
      2. Get a WS token for a user not enrolled in that course
      3. Request the following:

        // This is using HTTPie
        http -f WWWROOT/webservice/rest/server.php wstoken=TOKEN_NOT_ENROLLED wsfunction=enrol_guest_get_instance_info instanceid=INSTANCE_ID
        

      4. Confirm that you get the enrol instance info.

      Enrol self

      1. In a visible course, create a new instance of enrol_self.
        • Note its ID: SELECT id FROM mdl_enrol WHERE enrol = 'self'
      2. Get a WS token for a user not enrolled in that course
      3. Request the following:

        // This is using HTTPie
        http -f WWWROOT/webservice/rest/server.php wstoken=TOKEN_NOT_ENROLLED wsfunction=enrol_self_get_instance_info instanceid=INSTANCE_ID
        

      4. Confirm that you get the enrol instance info.
      5. Request the following:

        // This is using HTTPie
        http -f WWWROOT/webservice/rest/server.php wstoken=TOKEN_NOT_ENROLLED wsfunction=enrol_self_enrol_user courseid=COURSEID
        

      6. Confirm that the user was enrolled in the course

      LTI

      1. Navigate to Dashboard ► Site administration ► Plugins ► Activity modules ► LTI ► Manage tools
      2. Confirm that the list of tools is properly loaded

      Question

      1. Repeat test from MDL-53409

      Tags

      1. Go to a tag's page
      2. Confirm that you can navigate (Next/Back) between users with that tag as interest
      3. Set-up the webservices, and request:

        // This is using HTTPie
        http -f WWWROOT/webservice/rest/server.php wstoken=YOUR_TOKEN wsfunction=core_tag_get_tags tags[]['id']=A_TAG_ID
        

      4. Confirm that you get a tag back
      Show
      Unit tests Run the unit tests core_enrol Create a course with enrolment methods 'self' and 'guest' Get a WS token for a user not enrolled in that course Request the following: // This is using HTTPie http -f WWWROOT/webservice/rest/server.php wstoken=TOKEN_NOT_ENROLLED wsfunction=core_enrol_get_course_enrolment_methods courseid=COURSE_ID Confirm that you get the list of self/guest enrolment methods available Enrol guest In a visible course, create a new instance of enrol_guest . Note its ID: SELECT id FROM mdl_enrol WHERE enrol = 'guest' Get a WS token for a user not enrolled in that course Request the following: // This is using HTTPie http -f WWWROOT/webservice/rest/server.php wstoken=TOKEN_NOT_ENROLLED wsfunction=enrol_guest_get_instance_info instanceid=INSTANCE_ID Confirm that you get the enrol instance info. Enrol self In a visible course, create a new instance of enrol_self . Note its ID: SELECT id FROM mdl_enrol WHERE enrol = 'self' Get a WS token for a user not enrolled in that course Request the following: // This is using HTTPie http -f WWWROOT/webservice/rest/server.php wstoken=TOKEN_NOT_ENROLLED wsfunction=enrol_self_get_instance_info instanceid=INSTANCE_ID Confirm that you get the enrol instance info. Request the following: // This is using HTTPie http -f WWWROOT/webservice/rest/server.php wstoken=TOKEN_NOT_ENROLLED wsfunction=enrol_self_enrol_user courseid=COURSEID Confirm that the user was enrolled in the course LTI Navigate to Dashboard ► Site administration ► Plugins ► Activity modules ► LTI ► Manage tools Confirm that the list of tools is properly loaded Question Repeat test from MDL-53409 Tags Go to a tag's page Confirm that you can navigate (Next/Back) between users with that tag as interest Set-up the webservices, and request: // This is using HTTPie http -f WWWROOT/webservice/rest/server.php wstoken=YOUR_TOKEN wsfunction=core_tag_get_tags tags[]['id']=A_TAG_ID Confirm that you get a tag back
    • Affected Branches:
      MOODLE_31_STABLE
    • Fixed Branches:
      MOODLE_31_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-54098-master

      Description

      With MDL-53772, validate_context() became better and now it supports any context. That should lead to all current uses of require_login(false...) and/or PAGE->set_context() within external functions to be killed and replaced (if missing) by validate_context().

      A quick search, returns a bunch (note the regexp maybe innacurate/incomplete):

      $ ag 'require_login\(|set_context\(' | grep external
      badges/external.php:43:    require_login();
      badges/external.php:49:    require_login();
      badges/external.php:78:$PAGE->set_context(context_system::instance());
      blog/external_blog_edit.php:32:require_login();
      blog/external_blog_edit.php:46:$PAGE->set_context(context_user::instance($USER->id));
      blog/external_blogs.php:30:require_login();
      blog/external_blogs.php:32:$PAGE->set_context(context_user::instance($USER->id));
      enrol/externallib.php:656:        require_login(null, false, null, false, true);
      enrol/guest/classes/external.php:74:        require_login(null, false, null, false, true);
      enrol/self/externallib.php:71:        require_login(null, false, null, false, true);
      enrol/self/externallib.php:150:        require_login(null, false, null, false, true);
      lib/externallib.php:480:        require_login($course, false, $cm, false, true);
      lib/externallib.php:481:        $PAGE->set_context($context);
      mod/lti/classes/external.php:641:        $PAGE->set_context($context);
      mod/lti/externalregistrationreturn.php:36:require_login(0, false);
      mod/lti/externalregistrationreturn.php:42:$PAGE->set_context($systemcontext);
      question/classes/external.php:91:        require_login(null, false, null, false, true);
      tag/classes/external.php:194:        require_login(null, false, null, false, true);
      tag/classes/external.php:303:        require_login(null, false, null, false, true);
      

      So, this is about to kill all the uglies and verify everything continues working the same. 3.1 only. Old branches will need to continue using the old (ugly) approach.

      Ciao

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  23/May/16