Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-67749

Regenerated user tokens are missing the privatetoken

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.7.4, 3.8.1
    • Fix Version/s: 3.7.5, 3.8.2
    • Component/s: Web Services
    • Labels:
    • Testing Instructions:
      Hide

      Setup

      1. Login as admin in a site using https.
      2. Go to Site administration ► Users ► Permissions ► Define roles.
      3. Click to Edit the role Authenticated user.
      4. In the Capability section, Allow the capability "moodle/webservice:createtoken".
      5. Now go to Site administration ► Mobile app ► Mobile settings.
      6. Enable "Enable web services for mobile devices".
      7. Now go to "Site administration ► Users ► Accounts ► Add a new user" and  create a new user in the site (not an admin user).

      Test create a token manually

      1. As admin, go to "Site administration ► Plugins ► Web services ► Manage tokens" and create a Token in the mobile app service for the user created in the step 7 of the previous section.
      2. Open the following URL in a browser (or you can do a CURL request if you prefer). Please notice you need to replace the site URL with yours, and set the username and password with the user created before.

        https://MYSITE/login/token.php?username=user67749&password=test&service=moodle_mobile_app
        

      3. Check that the response includes a privatetoken and is not null.

      Test reset tokens

      1. As admin, go to "Site administration ► Plugins ► Web services ► Manage tokens" and delete the token created in the step 1 of the previous section.
      2. Open the following URL in a browser (or you can do a CURL request if you prefer). Please notice you need to replace the site URL with yours, and set the username and password with the user created before.

        https://MYSITE/login/token.php?username=user67749&password=test&service=moodle_mobile_app
        

      3. Check that the response includes a privatetoken and is not null.
      4. Login with the user used in the previous step.
      5. Click your image in the top right and go to Preferences ► Security keys.
      6. Click "Reset" at the right of the token and confirm the action.
      7. Repeat step 2.
      8. Check that the response includes a privatetoken and is not null.

       

      Show
      Setup Login as admin in a site using https . Go to Site administration ► Users ► Permissions ► Define roles. Click to Edit the role Authenticated user . In the  Capability section, Allow the capability "moodle/webservice:createtoken". Now go to Site administration ► Mobile app ► Mobile settings. Enable "Enable web services for mobile devices". Now go to "Site administration ► Users ► Accounts ► Add a new user" and  create a new user in the site (not an admin user). Test create a token manually As admin, go to "Site administration ► Plugins ► Web services ► Manage tokens" and create a Token in the mobile app service for the user created in the step 7 of the previous section. Open the following URL in a browser (or you can do a CURL request if you prefer). Please notice you need to replace the site URL with yours, and set the username and password with the user created before. https://MYSITE/login/token.php?username=user67749&password=test&service=moodle_mobile_app Check that the response includes a  privatetoken and is not null. Test reset tokens As admin, go to "Site administration ► Plugins ► Web services ► Manage tokens" and delete the token created in the step 1 of the previous section. Open the following URL in a browser (or you can do a CURL request if you prefer). Please notice you need to replace the site URL with yours, and set the username and password with the user created before. https://MYSITE/login/token.php?username=user67749&password=test&service=moodle_mobile_app Check that the response includes a  privatetoken and is not null. Login with the user used in the previous step. Click your image in the top right and go to Preferences ► Security keys. Click "Reset" at the right of the token and confirm the action. Repeat step 2. Check that the response includes a  privatetoken and is not null.  
    • Affected Branches:
      MOODLE_37_STABLE, MOODLE_38_STABLE
    • Fixed Branches:
      MOODLE_37_STABLE, MOODLE_38_STABLE
    • Pull from Repository:
    • Pull 3.7 Branch:
    • Pull 3.8 Branch:
    • Pull Master Branch:
      MDL-67749-master

      Description

      STEPS TO REPRODUCE

      • In a site with Mobile services enabled and the capability ''moodle/webservice:createtoken' granted to authenticated users
      • Access with a non-admin user to a site using the Moodle app
      • In the Moodle web version go to the user profile -> Preferences -> Security keys and "Reset" the "Moodle mobile web service" token
      • Reconnect to the site using the Moodle app
      • Auto-login to a site (via clicking the Web Site option in the More menu) won't work and the user will be asked to enter its credentials

        Attachments

          Activity

            People

            Assignee:
            dpalou Dani Palou
            Reporter:
            jleyva Juan Leyva
            Peer reviewer:
            Juan Leyva
            Integrator:
            Sara Arjona (@sarjona)
            Tester:
            Janelle Barcega
            Participants:
            Component watchers:
            Juan Leyva, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona), Víctor Déniz Falcón
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Fix Release Date:
              9/Mar/20

                Time Tracking

                Estimated:
                Original Estimate - 0 minutes
                0m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 3 hours, 10 minutes
                3h 10m