Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-56751

Create new security setting to configure the expiration time of tokens created via login/token.php or tool/mobile/launch.php

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide
      1. As admin, enable "Mobile services": Site administration ► Mobile app ► Mobile settings
      2. Create two new users in the site
      3. Log-in to the site via the mobile app with one user
      4. Check that in the external_tokens database table there is a token for the user and that the validuntil field is a timestamp that indicates that the token is valid for 12 weeks (the timestamp is the time you created the token + 12 weeks)
      5. As admin in the site go to Administration -> Security -> Site policies
      6. Set a new value for the tokenduration field (for example 2 days)
      7. Log-in to the site via the mobile app with the other user
      8. Check that in the external_tokens database table there is a token for the user and that the validuntil field is a timestamp that indicates that the token is valid for the time you specified (the timestamp is the time you created the token + the time you specified)
      Show
      As admin, enable "Mobile services": Site administration ► Mobile app ► Mobile settings Create two new users in the site Log-in to the site via the mobile app with one user Check that in the external_tokens database table there is a token for the user and that the validuntil field is a timestamp that indicates that the token is valid for 12 weeks (the timestamp is the time you created the token + 12 weeks) As admin in the site go to Administration -> Security -> Site policies Set a new value for the tokenduration field (for example 2 days) Log-in to the site via the mobile app with the other user Check that in the external_tokens database table there is a token for the user and that the validuntil field is a timestamp that indicates that the token is valid for the time you specified (the timestamp is the time you created the token + the time you specified)
    • Affected Branches:
      MOODLE_31_STABLE, MOODLE_34_STABLE
    • Fixed Branches:
      MOODLE_34_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-56751-master

      Description

      Right now we are using a hardcoded value of 3 months.

      It should be sensible to have a new security setting so this value can be decreased or increased in a reasonable range.

        Attachments

          Activity

            People

            • Votes:
              2 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Fix Release Date:
                13/Nov/17