Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-67758

Missing $CFG->wwwroot in messageoutput_airnotifer payload sent to Airnotifier prevents intended use checks

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.7.4, 3.8.1, 3.9
    • Fix Version/s: 3.7.5, 3.8.2
    • Component/s: Messages
    • Labels:
    • Testing Instructions:
      Hide

      This issue should be tested by the apps team since Airnotifier isn't testable yet (see MDL-66706).

      How to test this issue

      • In a local Airnotifier installation edit the hooks/moodle.py file
      • Add debugging so the "extra" field in the requestPayLoad variable is displayed in the Airnotifier log
      • Reset the Airnotifier server
      • In a Moodle installation with this patch applied generate a Push notification (sending a private message to an user with the mobile notifications enabled)
      • Review the Airnotifier log and check that in the "extra" field the wwwroot field is set and contains the Moodle site URL
      Show
      This issue should be tested by the apps team since Airnotifier isn't testable yet (see  MDL-66706 ). How to test this issue In a local Airnotifier installation edit the hooks/moodle.py file Add debugging so the "extra" field in the requestPayLoad variable is displayed in the Airnotifier log Reset the Airnotifier server In a Moodle installation with this patch applied generate a Push notification (sending a private message to an user with the mobile notifications enabled) Review the Airnotifier log and check that in the "extra" field the wwwroot field is set and contains the Moodle site URL
    • Affected Branches:
      MOODLE_37_STABLE, MOODLE_38_STABLE, MOODLE_39_STABLE
    • Fixed Branches:
      MOODLE_37_STABLE, MOODLE_38_STABLE
    • Pull from Repository:
    • Pull 3.7 Branch:
    • Pull 3.8 Branch:
    • Pull Master Branch:
      MDL-67758-master

      Description

      The $CFG->wwwroot is necessary to check for good use of the provided Access keys by Airnotifier (the access key should be only used by the site that originally requested it).

      Right now, this value is not passed to the Airnotifier public instance so it is very easy to use the same "Access key" for multiple different sites (even if they are not registered).

       

       

        Attachments

          Activity

            People

            Assignee:
            dpalou Dani Palou
            Reporter:
            jleyva Juan Leyva
            Peer reviewer:
            Juan Leyva
            Integrator:
            Eloy Lafuente (stronk7)
            Tester:
            Pau Ferrer
            Participants:
            Component watchers:
            Jake Dallimore, Jun Pataleta
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Fix Release Date:
              9/Mar/20

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 hour, 40 minutes
                1h 40m