Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-74263

Enable Guest access with password support on the app

XMLWordPrintable

    • MOODLE_39_STABLE
    • MOODLE_403_STABLE
    • MDL-74263-master
    • Hide
      1. As an admin, enable “Web services for mobile devices” on Site administration ► Advanced features
      2. Create a new empty course
      3. Enable the "Guest access" enrolment method configured to require a password (any)
      4. In the Plugins global settings for the Enrolment "Guest access" plugin allow the option to "Show hints"
      5. Create a Token in the mobile app service for any user on the site (not an admin account)
        • Click on Site administration ► Plugins ► Web services ► Manage tokens
      6. Open the console and execute this new curl request, replacing WS_TOKEN with the token you just created and the SITE_URL with yours. Replace also COURSE_ID with the previously created course

        curl 'http://SITE_URL/webservice/rest/server.php?moodlewsrestformat=json' --data 'wsfunction=core_course_get_contents&wstoken=WS_TOKEN&courseid=COURSE_ID'

      7. Confirm that:
        • In the curl request response you receive an error "errorcoursecontextnotvalid"
      8. Now, execute the following curl request, replacing COURSE_PASSWORD with the password you set and ENROL_INSTACE with the id of the enrolment plugin, you can get that id from the delete button to the right of the plugin name in the course Enrolment methods configuration page

        curl 'http://SITE_URL/webservice/rest/server.php?moodlewsrestformat=json' --data 'wsfunction=enrol_guest_validate_password&wstoken=WS_TOKEN&instanceid=ENROL_INSTANCE_ID&password=COURSE_PASSWORD'

      9. Confirm that:
        • In the response you see a field "validated" set to true
      10. Execute again the first CURL request and confirm that:
        • You don't see an error anymore, and you receive the course contents as part of the response
      11. Now, execute the second CURL request but this time using an incorrect password
      12. Confirm that:
        • In the response, validated is set to false and the field "hint" contains a "hint" indicating the first letter of the password
      Show
      As an admin, enable “Web services for mobile devices” on Site administration ► Advanced features Create a new empty course Enable the "Guest access" enrolment method configured to require a password (any) In the Plugins global settings for the Enrolment "Guest access" plugin allow the option to "Show hints" Create a Token in the mobile app service for any user on the site (not an admin account) Click on Site administration ► Plugins ► Web services ► Manage tokens Open the console and execute this new curl request, replacing WS_TOKEN with the token you just created and the SITE_URL with yours. Replace also COURSE_ID with the previously created course curl 'http://SITE_URL/webservice/rest/server.php?moodlewsrestformat=json' --data 'wsfunction=core_course_get_contents&wstoken=WS_TOKEN&courseid=COURSE_ID' Confirm that: In the curl request response you receive an error "errorcoursecontextnotvalid" Now, execute the following curl request, replacing COURSE_PASSWORD with the password you set and ENROL_INSTACE with the id of the enrolment plugin, you can get that id from the delete button to the right of the plugin name in the course Enrolment methods configuration page curl 'http://SITE_URL/webservice/rest/server.php?moodlewsrestformat=json' --data 'wsfunction=enrol_guest_validate_password&wstoken=WS_TOKEN&instanceid=ENROL_INSTANCE_ID&password=COURSE_PASSWORD' Confirm that: In the response you see a field "validated" set to true Execute again the first CURL request and confirm that: You don't see an error anymore, and you receive the course contents as part of the response Now, execute the second CURL request but this time using an incorrect password Confirm that: In the response, validated is set to false and the field "hint" contains a "hint" indicating the first letter of the password

      Guest access is checked by calling the enrolment callback try_guestaccess that does:

      if ($USER->enrol_guest_passwords[$instance->id] === $instance->password) {

      This is not mobile app compatible because it relies on the user session (and WS request are sessionless) so an exception for WS should be applied so instead of of using the session, a permanent stored value via preference can be retrieved.

      Some notes:

      • In web version, the password is kept during the user session
      • In the proposed WS implementation is always kept (there are no user sessions in the app context and also the app does not support guest users, so it will be always kept in a logged-in user preference)
      • The previous does not have any security implications (the student knows the password in both cases) and provides a better experience for the app
      • It will be only reset for the user if it is detected it was changed at course configuration level.

        1. MDL-74263.png
          276 kB
          Ron Carl Alfon Yu

            jleyva Juan Leyva
            jleyva Juan Leyva
            Rodrigo Mady Rodrigo Mady
            Jun Pataleta Jun Pataleta
            Ron Carl Alfon Yu Ron Carl Alfon Yu
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - 0 minutes
                0m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 day, 1 hour, 58 minutes
                1d 1h 58m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.