-
Improvement
-
Resolution: Fixed
-
Minor
-
3.9.13, DEV backlog
-
MOODLE_39_STABLE
-
MOODLE_403_STABLE
-
MDL-74263-master -
Guest access is checked by calling the enrolment callback try_guestaccess that does:
if ($USER->enrol_guest_passwords[$instance->id] === $instance->password) {
This is not mobile app compatible because it relies on the user session (and WS request are sessionless) so an exception for WS should be applied so instead of of using the session, a permanent stored value via preference can be retrieved.
Some notes:
- In web version, the password is kept during the user session
- In the proposed WS implementation is always kept (there are no user sessions in the app context and also the app does not support guest users, so it will be always kept in a logged-in user preference)
- The previous does not have any security implications (the student knows the password in both cases) and provides a better experience for the app
- It will be only reset for the user if it is detected it was changed at course configuration level.
- blocks
-
MOBILE-4009 Guest access with password support on the app
- Closed