Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-76640

Allow admin users to use user/managetoken.php safely like a normal user

    XMLWordPrintable

Details

    • Hide

      1) As an admin turn on web services

      2) Ensure you have a personal token for the app by visiting this url. It will try to open in the app with a redirect which can be canceled / ignored.

      /admin/tool/mobile/launch.php?service=moodle_mobile_app&passport=test

      3) Visit user/managetoken.php

      4) Confirm that as an admin you see your own personal tokens for the app

      5) Confirm you can see when the key was last used

      Show
      1) As an admin turn on web services 2) Ensure you have a personal token for the app by visiting this url. It will try to open in the app with a redirect which can be canceled / ignored. /admin/tool/mobile/launch.php?service=moodle_mobile_app&passport=test 3) Visit user/managetoken.php 4) Confirm that as an admin you see your own personal tokens for the app 5) Confirm you can see when the key was last used

    Description

      A stepping stone towards MDL-73088

      The primary driver here is to make this page function as consistently as practical for admin users and non admin users, as well as improving the ease of auditing keys and revoking them.

      So current state is:

      1. generates new keys for normal users but not admin users
      2. shows current services with keys but not admin users
      3. shows the keys for those services but not admin users
      4. allows revoking of keys  but not admin users

      Proposed state is: (changes in bold)

      1. generates new keys for normal users but not admin users (unchanged)
      2. shows current services with keys including admin users
      3. shows the redacted keys for those services including admin users
      4. allows revoking of keys including admin users
      5. Also show key creation date and last access date

      Attachments

        Issue Links

          has been marked as being related by

          Improvement - An enhancement to an existing Moodle feature. MDL-69801 Introduce a new generic private / public certificate + password / token manager api / Vault API

          • Minor - Minor loss of function where workaround is possible
          • Open

          Improvement - An enhancement to an existing Moodle feature. MDL-73088 Refactor /user/managetoken.php to allow all user keys to be managed and revoked

          • Minor - Minor loss of function where workaround is possible
          • Open
          will be (partly) resolved by

          Improvement - An enhancement to an existing Moodle feature. MDL-76656 All security tokens should be read-once

          • Major - Major loss of function, incorrect output
          • Waiting for peer review

          Activity

            People

              brendanheywood Brendan Heywood
              brendanheywood Brendan Heywood
              Huong Nguyen, Barbara Ramiro, Bas Brands, Mathew May, David Woloszyn, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo, Juan Leyva, David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated: