Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-59876

Web services returning user preferences is too strict on type

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.3, 3.3.3, 3.4
    • Fix Version/s: 3.3.4, 3.4.1
    • Component/s: Web Services
    • Labels:
    • Testing Instructions:
      Hide
      1. Enrol several users to one course as students.
      2. As admin: enable "Mobile services": Administration ► Mobile app ► Mobile settings
      3. In Plugins ► Web services ► Manage tokens: Create a Token for one of the course users.
      4. In the database table user_preferences created a new entry for the user you created the token. The user_preference name should be something including special characters like pipe "my|preference|#|&%name" for example
      5. Next, you can do a CURL REST call simulating a WS client.
        • You need to replace the wstoken, courseid and the URL of your moodle instance.

          curl 'http://localhost/m/stable_master/webservice/rest/server.php?moodlewsrestformat=json' --data 'courseid=8&wsfunction=core_enrol_get_enrolled_users&wstoken=739efbfeecb19bc787b6cb5f88c6cfdc' | python -m "json.tool"

      1. Confirm that you receive all the users correctly and in the user who did the request check that you see a preferences field including the preference with the special characters you created
      2. Now, call the WS core_user_get_users_by_field passing as parameters: field=id and values[0]=userid (userid should be the id of the user you created the token for).

        curl 'http://localhost/m/stable_master/webservice/rest/server.php?moodlewsrestformat=json' --data 'wsfunction=core_user_get_users_by_field&field=id&values[0]=138&wstoken=12a2a65aeea2a177055e233f9e303218' | python -m "json.tool"

      1. Check that you receive the user preference with the special characters
      2. Change the function core_calendar_user_preferences() in calendar/lib.php to define some new custom preferences.

        $preferences['my|preference|#|&%name'] = array('type' => PARAM_INT, 'choices' => range(1, 20)); 
        $preferences['preference2'] = array('type' => PARAM_INT, 'choices' => range(1, 20));

      1. Clear all caches
      2. Finally, using a wstoken generated for an admin you can use the following client: https://github.com/moodlehq/sample-ws-clients/blob/master/PHP-REST/client.php for creating new users. Please, edit the line #44 to change the preference name to the ones you added in step 9. The values will also have to be integers between 1 and 20.
      3. Once the users are created, you can use the same script for updating them changing the preference value to a different (but still valid) one. In this case you need to change the script to include the user id and to point to the core_user_update_users WS
      4. Once the script finishes, please check that the preference name was updated correctly in the database
      Show
      Enrol several users to one course as students. As admin: enable "Mobile services": Administration ► Mobile app ► Mobile settings In Plugins ► Web services ► Manage tokens: Create a Token for one of the course users. In the database table user_preferences created a new entry for the user you created the token. The user_preference name should be something including special characters like pipe "my|preference|#|&%name" for example Next, you can do a CURL REST call simulating a WS client. You need to replace the wstoken, courseid and the URL of your moodle instance. curl 'http://localhost/m/stable_master/webservice/rest/server.php?moodlewsrestformat=json' --data 'courseid=8&wsfunction=core_enrol_get_enrolled_users&wstoken=739efbfeecb19bc787b6cb5f88c6cfdc' | python -m "json.tool" Confirm that you receive all the users correctly and in the user who did the request check that you see a preferences field including the preference with the special characters you created Now, call the WS core_user_get_users_by_field passing as parameters: field=id and values [0] =userid (userid should be the id of the user you created the token for). curl 'http://localhost/m/stable_master/webservice/rest/server.php?moodlewsrestformat=json' --data 'wsfunction=core_user_get_users_by_field&field=id&values [0] =138&wstoken=12a2a65aeea2a177055e233f9e303218' | python -m "json.tool" Check that you receive the user preference with the special characters Change the function core_calendar_user_preferences() in calendar/lib.php to define some new custom preferences. $preferences[ 'my|preference|#|&%name' ] = array( 'type' => PARAM_INT, 'choices' => range( 1 , 20 )); $preferences[ 'preference2' ] = array( 'type' => PARAM_INT, 'choices' => range( 1 , 20 )); Clear all caches Finally, using a wstoken generated for an admin you can use the following client: https://github.com/moodlehq/sample-ws-clients/blob/master/PHP-REST/client.php for creating new users. Please, edit the line #44 to change the preference name to the ones you added in step 9. The values will also have to be integers between 1 and 20. Once the users are created, you can use the same script for updating them changing the preference value to a different (but still valid) one. In this case you need to change the script to include the user id and to point to the core_user_update_users WS Once the script finishes, please check that the preference name was updated correctly in the database
    • Affected Branches:
      MOODLE_33_STABLE, MOODLE_34_STABLE
    • Fixed Branches:
      MOODLE_33_STABLE, MOODLE_34_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-59876-master

      Description

      I have discovered that user preferences I've introduced in one of my plugin break some web services, because I use illegal characters (such as pipe). When defining such user preferences, I took in consideration the format defined here:

      // lib/ajax/setuserpref.php
      $name = required_param('pref', PARAM_RAW);
      

      But some web services define the preferences' key as:

      'name'  => new external_value(PARAM_ALPHANUMEXT, 'The name of the preferences'),
      

      Found in:

      • core_user_get_enrolled_users
      • And others using core_user::user_description()

      The key format expected in the user preferences API should be documented somewhere, and maybe the web services could be made less strict.

      (This obviously affect many versions)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              jleyva Juan Leyva
              Reporter:
              fred Frédéric Massart
              Peer reviewer:
              Marina Glancy
              Integrator:
              Damyon Wiese
              Tester:
              Adrian Greeve
              Participants:
              Component watchers:
              Juan Leyva, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona), Víctor Déniz Falcón
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                15/Jan/18