Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-79202

Webservices: tool_mobile incorrect exception signature


      In the web service method `get_autologin_key` for tool_mobile there is an exception call that passes in a `$minutes` variable to show as part of the exception string see[ code here|https://github.com/moodle/moodle/blob/master/admin/tool/mobile/classes/external.php#L321].

      The call is:

       throw new moodle_exception('autologinkeygenerationlockout', 'tool_mobile', $minutes);

      However, it looks like `moodle_exception` has a different signature to `get_string` so the call for `moodle_exception` looks like it needs to be:

       throw new moodle_exception('autologinkeygenerationlockout', 'tool_mobile', '', $minutes);


      Test to expose the issue

      (Will need to be updated when fix is applied, to test fix)

      • Get or create an existing user that can log in with a username and password. Must not be a site admin.
      • You will need to know their internal Moodle user id.
      • Using cURL (wget or whatever you like to make requests outside of a browser, run the command:
      • curl 'https://webserver/login/token.php?username=testuser&password=sEcReTpAsSwOrD&service=moodle_mobile_app'
        • Replace 'webserver' with the domain of your Moodle instance
        • You MUST use a HTTPS site for this test
      • This command will return a response in the format of: {"token":"7c1bd46b379ecfa6874a49564f4539a7","privatetoken":"IYvPCLomSLYfGTCCX57kZoVBxQWWxQyCVLzeF8dF5rPPCPVUubqgkEtiAAoFzAYM"}
      • Within the next 60 seconds, replace the token and private token in the following command (replacing the domain with that of your test site) and then run it:
        curl 'https://webserver/webservice/rest/server.php?moodlewsrestformat=json' \
        -A "MoodleMobile" \
        --data 'privatetoken=IYvPCLomSLYfGTCCX57kZoVBxQWWxQyCVLzeF8dF5rPPCPVUubqgkEtiAAoFzAYM&wsfunction=tool_mobile_get_autologin_key&wstoken=7c1bd46b379ecfa6874a49564f4539a7' 
      • The command will return a response in the format: {"key":"1bf8caab3fe7ed06918909dad5f5ccf8","autologinurl":"https:\/\/webserver\/admin\/tool\/mobile\/autologin.php","warnings":[]}
      • Now immediately send the same curl request again
      • Confirm you see the response string with the unrelaced '{$a}' variable: {"exception":"moodle_exception","errorcode":"autologinkeygenerationlockout","message":"Auto-login key generation is blocked. You need to wait {$a} minutes between requests."}

            pholden Paul Holden
            matt.porritt@moodle.com Matt Porritt
            Matt Porritt Matt Porritt
            Ilya Tregubov Ilya Tregubov
            CiBoT CiBoT
            0 Vote for this issue
            5 Start watching this issue


                Original Estimate - Not Specified
                Not Specified
                Remaining Estimate - 0 minutes
                Time Spent - 45 minutes

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.