Minor Good day dear team.
The mod_chat module seems to have a bug that affects any Web Service that has the loginrequired property as true. This bug causes the Web Service to fail with an invalidsesskey error.
Summary explanation: currently on mod_chat instances configured with the chat_method set to "Normal", any Web Service that requires the user to be logged in (loginrequired being true) will fail when the Web Service is called from the popup that opens when clicking on "Enter the chat". This is because when the chat_method is set to “Normal”, the mod_chat requested PHP files all include the NO_MOODLE_COOKIES constant defined as true, and this in turn causes the user sessions to be initialized as empty, which have no sesskey, and then this leads to the invalidsesskey error because a random sesskey had to be generated.
Some context for the problem
Every time that $OUTPUT->footer() is called, all functions of the form _before_footer() are executed from all plugins where these functions reside on the lib.php of said plugins. If the _before_footer() function in turn calls a Web Service, then this error will happen, because when the chat_method is set to "Normal", clicking on "Enter the chat" within a Chat activity opens up a popup. This popup calls $OUTPUT->footer() twice. Given that there are not many plugins with a _before_footer() function on their lib.php, and the ones that have it don't call a Web Service, it's possible that that's a reason this wasn't observed before.
Steps to replicate
- Login as admin.
- Go to Site administration -> Plugins -> Activity modules -> Chat.
- Set the Chat method to "Normal", then click on Save changes.
- Create a course.
- Turn on Edit mode.
- Create a Chat activity.
- Enable a plugin that has a _before_footer() function in its lib.php file, and that calls a Web Service within that function. If you don't have any such plugin, you can edit a plugin like this (tested minimal code replication):
1. Go to the mod/book/lib.php file, and paste this code at the end of the file:
function mod_book_before_footer() {
|
global $PAGE;
|
$PAGE->requires->js_call_amd('mod_book/amd1', 'func1', []); |
}
|
2. Go to the mod/book directory and create these two subdirectories: mod/book/amd/src, mod/book/amd/build.
3. Create the file mod/book/amd/scr/amd1.js
4. Paste this code in the file created on the previous step:
define(['core/ajax'], function (ajax) { |
return { |
'func1': () => { |
ajax.call([{
|
methodname: 'tool_dataprivacy_create_category_form', args: {} |
}]);
|
}
|
};
|
});
|
5. Don't forget to grunt your AMDs (on a terminal go to mod/book/ and run `grunt amd`).
6. Purge caches.
8. Go to the Chat activity created before.
9. Open the devtools of your browser.
10. Go to the Settings -> Preferences of the devtools, then enable the feature to open devtools on popups (possibly by clicking the settings gear and searching there, please consult how to do this on your particular browser).
11. Make sure that on the Network tab, requests are being recorded.
12. Click on "Enter the chat"
13. In the devtools of the popup, switch to the Network tab, filter by asynchronous requests, or filter by searching for "service.php" to see Web Service requests only.
14. Search for the request of tool_dataprivacy_create_category_form and select it.
15. Click on the Response tab.
16. You should see a JSON response like the following:
[
|
{
|
"error": true, |
"exception": { |
"message": "Your session has most likely timed out. Please log in again.", |
"errorcode": "invalidsesskey", |
"backtrace": "* line 85 of \/lib\/sessionlib.php: moodle_exception thrown\n* line 223 of \/lib\/external\/classes\/external_api.php: call to require_sesskey()\n* line 83 of \/lib\/ajax\/service.php: call to core_external\\external_api::call_external_function()\n", |
"link": "http:\/\/main.test:80\/", |
"moreinfourl": "https:\/\/docs.moodle.org\/403\/en\/error\/moodle\/invalidsesskey", |
"debuginfo": "\nError code: invalidsesskey" |
}
|
}
|
]
|
Most likely your domain will differ in this message.
Observed behavior
The Web Service fails in the conditions shown. The response brings a JSON with an error similar to the shown at the end of the Steps to replicate.
Expected behavior
The Web Service doesn't fail in the conditions shown, and so this Web Service can be successfully called from within the _before_footer() function of any plugin, when using a mod_chat activity configured with the chat_method set to "Normal".
