Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-76656

Web service tokens should be read-once

    XMLWordPrintable

Details

    • MOODLE_311_STABLE, MOODLE_39_STABLE, MOODLE_400_STABLE, MOODLE_401_STABLE, MOODLE_402_STABLE
    • MOODLE_403_STABLE
    • MDL-76656-master
    • Hide

      Behat test

      1. Run the Behat feature:

      mdk behat -r -n "Manage external services tokens"

      2. Verify that all scenarios and steps are passed without any failures.

       

      Manual test

      1. Login as admin.
      2. Navigate to  Site Administration -> Server -> Web services -> Manage tokens.
      3. Verify that you will not see the Token column anymore.
      4. Verify that you will see the Name column.
      5. Click Create token.
      6. Verify that you will see a new field called Name.
      7. Verify that the Valid until will be enabled by default.
      8. Verify that the default value of Valid until is the next month (30 days from now).
      9. Fill the name as: Test token.
      10. Try to create the token.
      11. Verify that you will see a message: Copy the token now. It won't be shown again once you leave this page.
      12. Verify that you will see the new token.
      13. Verify that you will see a button called Copy to clipboard
      14. Click on the Copy to clipboard button.
      15. Verify that you will see a toast: Text copied to clipboard.
      16. Verify that the token value will be copied to your clipboard.
      17. Refresh the page.
      18. Verify that you will not see the Copy to clipboard button anymore.
      19. Verify that you will not see the token value anymore.
      20. Click Create token button.
      21. Leave the Name as blank.
      22. Try to create the token.
      23. Verify that the newly created token name has the following format: Webservice-[5 random characters].

      Privacy

      1. Login as admin.
      2. Navigate to  Site Administration -> User -> Privacy and policies -> Plugin privacy registry.
      3. Expand core -> core_external
      4. Verify that you will see a field called name in external_tokens table.
      5. Verify that the description of that field is: The token name

       

      Show
      Behat test 1. Run the Behat feature: mdk behat -r -n "Manage external services tokens" 2. Verify that all scenarios and steps are passed without any failures.   Manual test Login as admin. Navigate to  Site Administration -> Server -> Web services -> Manage tokens. Verify that you will not see the Token column anymore. Verify that you will see the Name column. Click Create token. Verify that you will see a new field called Name. Verify that the Valid until will be enabled by default. Verify that the default value of Valid until is the next month (30 days from now). Fill the name as: Test token. Try to create the token. Verify that you will see a message: Copy the token now. It won't be shown again once you leave this page. Verify that you will see the new token. Verify that you will see a button called Copy to clipboard Click on the Copy to clipboard button. Verify that you will see a toast: Text copied to clipboard. Verify that the token value will be copied to your clipboard. Refresh the page. Verify that you will not see the Copy to clipboard button anymore. Verify that you will not see the token value anymore. Click Create token button. Leave the Name as blank. Try to create the token. Verify that the newly created token name has the following format: Webservice- [5 random characters] . Privacy Login as admin. Navigate to  Site Administration -> User -> Privacy and policies -> Plugin privacy registry. Expand core -> core_external Verify that you will see a field called name in external_tokens table. Verify that the description of that field is: The token name  
    • 10
    • Team Hedgehog 2023 Sprint 2.1, Team Hedgehog 2023 Sprint 2.2, Team Hedgehog 2023 Sprint 2.3

    Description

      As skodak points out in MDL-76640, tokens should be read-once. If you forget it, then you create a new one.

      We should audit all places which show a token and address this.

      Attachments

        1. 2023-05-24_22-09.png
          2023-05-24_22-09.png
          93 kB
        2. 2023-05-24_22-17.png
          2023-05-24_22-17.png
          23 kB
        3. MDL-76656-behat_test.png
          MDL-76656-behat_test.png
          102 kB
        4. MDL-76656-manual_test.png
          MDL-76656-manual_test.png
          721 kB
        5. MDL-76656-privacy.png
          MDL-76656-privacy.png
          151 kB
        6. new_token_notification.png
          new_token_notification.png
          319 kB

        Issue Links

          Activity

            People

              meirza.arson@moodle.com Meirza
              dobedobedoh Andrew Lyons
              Huong Nguyen Huong Nguyen
              Ilya Tregubov Ilya Tregubov
              Ron Carl Alfon Yu Ron Carl Alfon Yu
              Votes:
              3 Vote for this issue
              Watchers:
              13 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 week, 3 days, 4 hours, 16 minutes
                  1w 3d 4h 16m

                  Clockify

                    Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.