Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-56159

Improve how the user_not_fully_setup and auth_forcepasswordchange cases are treated

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.1.2
    • Fix Version/s: 3.2
    • Component/s: Web Services
    • Labels:
    • Testing Instructions:
      Hide
      1. Create a new user in Moodle
      2. In the database, table user, set empty the lastname field
      3. Enable "Mobile services": Plugins ► Web Services ► Mobile
      4. Now, get a ws token via login/token.php (passing the username, password and moodle_mobile_app as $service)
      5. Next, you can do a CURL REST call simulating a WS client with the user.
        • You need to replace the wstoken, useridto and the URL of your moodle instance

          curl 'http://localhost/m/stable_master/webservice/rest/server.php?moodlewsrestformat=json' --data 'useridto=120&useridfrom=0&type=notifications&read=0&newestfirst=1&limitfrom=0&limitnum=20&moodlewssettingfilter=true&moodlewssettingfileurl=true&wsfunction=core_message_get_messages&wstoken=df1bfa97aed575da512382a1f80e2273' --compressed

      6. Confirm that you receive a moodle_exception with a usernotfullysetup errorcode
      7. Access with the user credentials to the Moodle web site and add the missing last name
      8. As admin now, force a password change to the user
      9. Execute again the same curl request and confirm that you receive a moodle_exception with a forcechangepasword errorcode
      Show
      Create a new user in Moodle In the database, table user, set empty the lastname field Enable "Mobile services": Plugins ► Web Services ► Mobile Now, get a ws token via login/token.php (passing the username, password and moodle_mobile_app as $service) Next, you can do a CURL REST call simulating a WS client with the user. You need to replace the wstoken, useridto and the URL of your moodle instance curl 'http://localhost/m/stable_master/webservice/rest/server.php?moodlewsrestformat=json' --data 'useridto=120&useridfrom=0&type=notifications&read=0&newestfirst=1&limitfrom=0&limitnum=20&moodlewssettingfilter=true&moodlewssettingfileurl=true&wsfunction=core_message_get_messages&wstoken=df1bfa97aed575da512382a1f80e2273' --compressed Confirm that you receive a moodle_exception with a usernotfullysetup errorcode Access with the user credentials to the Moodle web site and add the missing last name As admin now, force a password change to the user Execute again the same curl request and confirm that you receive a moodle_exception with a forcechangepasword errorcode
    • Affected Branches:
      MOODLE_31_STABLE
    • Fixed Branches:
      MOODLE_32_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-56159-master

      Description

      We have two different but similar problems:

      • Auth force password change: We are avoiding create a token via login/token.php, this was done because WS weren't usable in that case (require_login throws an exception) but right now that there is a way to do auto-login we should have a valid token to redirect the user to the site-version so he can change his password.
      • User not fully setup: In this case we are returning a token but require_login throws an exception, as I previously commented in this case we should auto-login the user in Moodle and point the browser to the form where the user can add the rest of the required data.

      Changes required:

      • Throw proper exceptions with an exceptioncode that can be captured by the mobile app in require_login
      • Remove the auth_forcepasswordchange restriction in login/token.php so the user can't get a token (as I said before, this is double checked in the require_login/validate_context so the user won't be able to do anything)
      • Modify the get_autologin_key WS so the validate_context expects and handle those exceptions and the user can get a valid autologin key.

      In the mobile app, when we capture one of those 2 exceptions, we'll be opening an inappbrowser pointing to the Moodle web page to change the password or add the missing required fields. Ideally, it should be handled via Web Serrvices but until is done the inappbrowser with auto-login should be enough.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  5/Dec/16