Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-56159

Improve how the user_not_fully_setup and auth_forcepasswordchange cases are treated

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 3.1.2
    • 3.2
    • Web Services
    • MOODLE_31_STABLE
    • MOODLE_32_STABLE
    • MDL-56159-master
    • Hide
      1. Create a new user in Moodle
      2. In the database, table user, set empty the lastname field
      3. Enable "Mobile services": Plugins ► Web Services ► Mobile
      4. Now, get a ws token via login/token.php (passing the username, password and moodle_mobile_app as $service)
      5. Next, you can do a CURL REST call simulating a WS client with the user.
        • You need to replace the wstoken, useridto and the URL of your moodle instance

          curl 'http://localhost/m/stable_master/webservice/rest/server.php?moodlewsrestformat=json' --data 'useridto=120&useridfrom=0&type=notifications&read=0&newestfirst=1&limitfrom=0&limitnum=20&moodlewssettingfilter=true&moodlewssettingfileurl=true&wsfunction=core_message_get_messages&wstoken=df1bfa97aed575da512382a1f80e2273' --compressed

      6. Confirm that you receive a moodle_exception with a usernotfullysetup errorcode
      7. Access with the user credentials to the Moodle web site and add the missing last name
      8. As admin now, force a password change to the user
      9. Execute again the same curl request and confirm that you receive a moodle_exception with a forcechangepasword errorcode
      Show
      Create a new user in Moodle In the database, table user, set empty the lastname field Enable "Mobile services": Plugins ► Web Services ► Mobile Now, get a ws token via login/token.php (passing the username, password and moodle_mobile_app as $service) Next, you can do a CURL REST call simulating a WS client with the user. You need to replace the wstoken, useridto and the URL of your moodle instance curl 'http://localhost/m/stable_master/webservice/rest/server.php?moodlewsrestformat=json' --data 'useridto=120&useridfrom=0&type=notifications&read=0&newestfirst=1&limitfrom=0&limitnum=20&moodlewssettingfilter=true&moodlewssettingfileurl=true&wsfunction=core_message_get_messages&wstoken=df1bfa97aed575da512382a1f80e2273' --compressed Confirm that you receive a moodle_exception with a usernotfullysetup errorcode Access with the user credentials to the Moodle web site and add the missing last name As admin now, force a password change to the user Execute again the same curl request and confirm that you receive a moodle_exception with a forcechangepasword errorcode

    Description

      We have two different but similar problems:

      • Auth force password change: We are avoiding create a token via login/token.php, this was done because WS weren't usable in that case (require_login throws an exception) but right now that there is a way to do auto-login we should have a valid token to redirect the user to the site-version so he can change his password.
      • User not fully setup: In this case we are returning a token but require_login throws an exception, as I previously commented in this case we should auto-login the user in Moodle and point the browser to the form where the user can add the rest of the required data.

      Changes required:

      • Throw proper exceptions with an exceptioncode that can be captured by the mobile app in require_login
      • Remove the auth_forcepasswordchange restriction in login/token.php so the user can't get a token (as I said before, this is double checked in the require_login/validate_context so the user won't be able to do anything)
      • Modify the get_autologin_key WS so the validate_context expects and handle those exceptions and the user can get a valid autologin key.

      In the mobile app, when we capture one of those 2 exceptions, we'll be opening an inappbrowser pointing to the Moodle web page to change the password or add the missing required fields. Ideally, it should be handled via Web Serrvices but until is done the inappbrowser with auto-login should be enough.

      Attachments

        Issue Links

          Activity

            People

              jleyva Juan Leyva
              jleyva Juan Leyva
              Dani Palou Dani Palou
              David Monllaó David Monllaó
              Simey Lameze Simey Lameze
              Juan Leyva, David Woloszyn, Huong Nguyen, Jake Dallimore, Michael Hawkins, Stevani Andolo
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                5/Dec/16