Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-74263

Enable Guest access with password support on the app

    XMLWordPrintable

Details

    • MOODLE_39_STABLE
    • MOODLE_403_STABLE
    • MDL-74263-master
    • Hide
      1. As an admin, enable “Web services for mobile devices” on Site administration ► Advanced features
      2. Create a new empty course
      3. Enable the "Guest access" enrolment method configured to require a password (any)
      4. In the Plugins global settings for the Enrolment "Guest access" plugin allow the option to "Show hints"
      5. Create a Token in the mobile app service for any user on the site (not an admin account)
        • Click on Site administration ► Plugins ► Web services ► Manage tokens
      6. Open the console and execute this new curl request, replacing WS_TOKEN with the token you just created and the SITE_URL with yours. Replace also COURSE_ID with the previously created course

        curl 'http://SITE_URL/webservice/rest/server.php?moodlewsrestformat=json' --data 'wsfunction=core_course_get_contents&wstoken=WS_TOKEN&courseid=COURSE_ID'

      7. Confirm that:
        • In the curl request response you receive an error "errorcoursecontextnotvalid"
      8. Now, execute the following curl request, replacing COURSE_PASSWORD with the password you set and ENROL_INSTACE with the id of the enrolment plugin, you can get that id from the delete button to the right of the plugin name in the course Enrolment methods configuration page

        curl 'http://SITE_URL/webservice/rest/server.php?moodlewsrestformat=json' --data 'wsfunction=enrol_guest_validate_password&wstoken=WS_TOKEN&instanceid=ENROL_INSTANCE_ID&password=COURSE_PASSWORD'

      9. Confirm that:
        • In the response you see a field "validated" set to true
      10. Execute again the first CURL request and confirm that:
        • You don't see an error anymore, and you receive the course contents as part of the response
      11. Now, execute the second CURL request but this time using an incorrect password
      12. Confirm that:
        • In the response, validated is set to false and the field "hint" contains a "hint" indicating the first letter of the password
      Show
      As an admin, enable “Web services for mobile devices” on Site administration ► Advanced features Create a new empty course Enable the "Guest access" enrolment method configured to require a password (any) In the Plugins global settings for the Enrolment "Guest access" plugin allow the option to "Show hints" Create a Token in the mobile app service for any user on the site (not an admin account) Click on Site administration ► Plugins ► Web services ► Manage tokens Open the console and execute this new curl request, replacing WS_TOKEN with the token you just created and the SITE_URL with yours. Replace also COURSE_ID with the previously created course curl 'http://SITE_URL/webservice/rest/server.php?moodlewsrestformat=json' --data 'wsfunction=core_course_get_contents&wstoken=WS_TOKEN&courseid=COURSE_ID' Confirm that: In the curl request response you receive an error "errorcoursecontextnotvalid" Now, execute the following curl request, replacing COURSE_PASSWORD with the password you set and ENROL_INSTACE with the id of the enrolment plugin, you can get that id from the delete button to the right of the plugin name in the course Enrolment methods configuration page curl 'http://SITE_URL/webservice/rest/server.php?moodlewsrestformat=json' --data 'wsfunction=enrol_guest_validate_password&wstoken=WS_TOKEN&instanceid=ENROL_INSTANCE_ID&password=COURSE_PASSWORD' Confirm that: In the response you see a field "validated" set to true Execute again the first CURL request and confirm that: You don't see an error anymore, and you receive the course contents as part of the response Now, execute the second CURL request but this time using an incorrect password Confirm that: In the response, validated is set to false and the field "hint" contains a "hint" indicating the first letter of the password

    Description

      Guest access is checked by calling the enrolment callback try_guestaccess that does:

      if ($USER->enrol_guest_passwords[$instance->id] === $instance->password) {

      This is not mobile app compatible because it relies on the user session (and WS request are sessionless) so an exception for WS should be applied so instead of of using the session, a permanent stored value via preference can be retrieved.

      Some notes:

      • In web version, the password is kept during the user session
      • In the proposed WS implementation is always kept (there are no user sessions in the app context and also the app does not support guest users, so it will be always kept in a logged-in user preference)
      • The previous does not have any security implications (the student knows the password in both cases) and provides a better experience for the app
      • It will be only reset for the user if it is detected it was changed at course configuration level.

      Attachments

        Issue Links

          Activity

            People

              jleyva Juan Leyva
              jleyva Juan Leyva
              Rodrigo Mady Rodrigo Mady
              Jun Pataleta Jun Pataleta
              Ron Carl Alfon Yu Ron Carl Alfon Yu
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 day, 1 hour, 58 minutes
                  1d 1h 58m

                  Clockify

                    Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.