Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-73407

UX: Resetting a webservice token is a delete not a reset


    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • Future Dev
    • Web Services

      This is a UX inconsistency in the user/managetoken.php page discovered in MDL-73295.

      If you 'reset' an RSS token then a new token is new token is created on the spot. This is what I would expect with a 'reset'. However with a webservice token if you reset it then it just deletes it. Some web service tokens will be auto generated again at some later point, like the mobile app, but some tokens are manually setup and if they have metadata like an expiry date or an ip range then this data is simple gone.


      1) At minimum the button is changed to say 'delete' instead of reset. (aligns with lang string used on admin/webservice/tokens.php)

      2) use confirm actions to make the flow nicer

      3) Ideally also have a proper reset which clones the existing token to a new token with the same metadata and then deletes the old one.

      4) Also this page is explicitly limited so that admin users cannot use it. I've had a dig through old trackers and can't see any logical reason or security issue with this. At the very least I think it should show the tokens the same as any other user would and then link to /admin/webservice/tokens.php as a convenience. But I think you should be able to delete or reset tokens here to. Admins are still real users too.


            Unassigned Unassigned
            brendanheywood Brendan Heywood
            0 Vote for this issue
            1 Start watching this issue


                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.