Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-76656

Web service tokens should be read-once

XMLWordPrintable

    • MOODLE_311_STABLE, MOODLE_39_STABLE, MOODLE_400_STABLE, MOODLE_401_STABLE, MOODLE_402_STABLE
    • MOODLE_403_STABLE
    • MDL-76656-master
    • Hide

      Behat test

      1. Run the Behat feature:

      mdk behat -r -n "Manage external services tokens"

      2. Verify that all scenarios and steps are passed without any failures.

       

      Manual test

      1. Login as admin.
      2. Navigate to  Site Administration -> Server -> Web services -> Manage tokens.
      3. Verify that you will not see the Token column anymore.
      4. Verify that you will see the Name column.
      5. Click Create token.
      6. Verify that you will see a new field called Name.
      7. Verify that the Valid until will be enabled by default.
      8. Verify that the default value of Valid until is the next month (30 days from now).
      9. Fill the name as: Test token.
      10. Try to create the token.
      11. Verify that you will see a message: Copy the token now. It won't be shown again once you leave this page.
      12. Verify that you will see the new token.
      13. Verify that you will see a button called Copy to clipboard
      14. Click on the Copy to clipboard button.
      15. Verify that you will see a toast: Text copied to clipboard.
      16. Verify that the token value will be copied to your clipboard.
      17. Refresh the page.
      18. Verify that you will not see the Copy to clipboard button anymore.
      19. Verify that you will not see the token value anymore.
      20. Click Create token button.
      21. Leave the Name as blank.
      22. Try to create the token.
      23. Verify that the newly created token name has the following format: Webservice-[5 random characters].

      Privacy

      1. Login as admin.
      2. Navigate to  Site Administration -> User -> Privacy and policies -> Plugin privacy registry.
      3. Expand core -> core_external
      4. Verify that you will see a field called name in external_tokens table.
      5. Verify that the description of that field is: The token name

       

      Show
      Behat test 1. Run the Behat feature: mdk behat -r -n "Manage external services tokens" 2. Verify that all scenarios and steps are passed without any failures.   Manual test Login as admin. Navigate to  Site Administration -> Server -> Web services -> Manage tokens. Verify that you will not see the Token column anymore. Verify that you will see the Name column. Click Create token. Verify that you will see a new field called Name. Verify that the Valid until will be enabled by default. Verify that the default value of Valid until is the next month (30 days from now). Fill the name as: Test token. Try to create the token. Verify that you will see a message: Copy the token now. It won't be shown again once you leave this page. Verify that you will see the new token. Verify that you will see a button called Copy to clipboard Click on the Copy to clipboard button. Verify that you will see a toast: Text copied to clipboard. Verify that the token value will be copied to your clipboard. Refresh the page. Verify that you will not see the Copy to clipboard button anymore. Verify that you will not see the token value anymore. Click Create token button. Leave the Name as blank. Try to create the token. Verify that the newly created token name has the following format: Webservice- [5 random characters] . Privacy Login as admin. Navigate to  Site Administration -> User -> Privacy and policies -> Plugin privacy registry. Expand core -> core_external Verify that you will see a field called name in external_tokens table. Verify that the description of that field is: The token name  
    • 10
    • Team Hedgehog 2023 Sprint 2.1, Team Hedgehog 2023 Sprint 2.2, Team Hedgehog 2023 Sprint 2.3

      As skodak points out in MDL-76640, tokens should be read-once. If you forget it, then you create a new one.

      We should audit all places which show a token and address this.

        1. 2023-05-24_22-09.png
          2023-05-24_22-09.png
          93 kB
        2. 2023-05-24_22-17.png
          2023-05-24_22-17.png
          23 kB
        3. MDL-76656-behat_test.png
          MDL-76656-behat_test.png
          102 kB
        4. MDL-76656-manual_test.png
          MDL-76656-manual_test.png
          721 kB
        5. MDL-76656-privacy.png
          MDL-76656-privacy.png
          151 kB
        6. new_token_notification.png
          new_token_notification.png
          319 kB

            meirza.arson@moodle.com Meirza
            dobedobedoh Andrew Lyons
            Huong Nguyen Huong Nguyen
            Ilya Tregubov Ilya Tregubov
            Ron Carl Alfon Yu Ron Carl Alfon Yu
            Votes:
            3 Vote for this issue
            Watchers:
            13 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - 0 minutes
                0m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 week, 3 days, 4 hours, 16 minutes
                1w 3d 4h 16m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.