From ee2df1a8b2c9dba6c35501ba82ef64f4d2cd32d3 Mon Sep 17 00:00:00 2001 From: Frederic Massart Date: Wed, 2 Oct 2013 13:00:28 +0800 Subject: [PATCH 1/2] MDL-40050 webservice: Remove token from events --- admin/webservice/service.php | 4 ++-- lib/classes/event/webservice_login_failed.php | 13 +++++++++++-- webservice/lib.php | 6 ++---- webservice/tests/events.php | 12 ++++++++++-- 4 files changed, 25 insertions(+), 10 deletions(-) diff --git a/admin/webservice/service.php b/admin/webservice/service.php index 13f3c8d294ea4..0abf9d0be023d 100644 --- a/admin/webservice/service.php +++ b/admin/webservice/service.php @@ -83,7 +83,7 @@ $params = array( 'objectid' => $servicedata->id ); - $event = \core\event\webservice_service_updated::create($params); + $event = \core\event\webservice_service_created::create($params); $event->add_record_snapshot('external_services', $servicedata); $event->trigger(); @@ -98,7 +98,7 @@ $params = array( 'objectid' => $servicedata->id ); - $event = \core\event\webservice_service_created::create($params); + $event = \core\event\webservice_service_updated::create($params); $event->add_record_snapshot('external_services', $servicedata); $event->trigger(); } diff --git a/lib/classes/event/webservice_login_failed.php b/lib/classes/event/webservice_login_failed.php index 02c49a3443162..395e91bca3d16 100644 --- a/lib/classes/event/webservice_login_failed.php +++ b/lib/classes/event/webservice_login_failed.php @@ -92,6 +92,15 @@ public function set_legacy_logdata($logdata) { /** * Custom validation. * + * It is recommended to set the properties: + * - $other['tokenid'] + * - $other['username'] + * + * However they are not mandatory as they are not always known. + * + * Please note that the token CANNOT be specified, it is considered + * as a password and should never be displayed. + * * @throws \coding_exception * @return void */ @@ -100,8 +109,8 @@ protected function validate_data() { throw new \coding_exception('The key \'reason\' needs to be set in $other.'); } else if (!isset($this->other['method'])) { throw new \coding_exception('The key \'method\' needs to be set in $other.'); - } else if (!isset($this->other['token']) && !isset($this->other['tokenid']) && !isset($this->other['username'])) { - throw new \coding_exception('The keys \'username\', \'token\' or \'tokenid\' need to be set in $other.'); + } else if (isset($this->other['token'])) { + throw new \coding_exception('The token cannot be set in $other.'); } } } diff --git a/webservice/lib.php b/webservice/lib.php index e20928e44f2e4..949871a6801e1 100644 --- a/webservice/lib.php +++ b/webservice/lib.php @@ -867,8 +867,7 @@ protected function authenticate_user() { 'context' => context_system::instance(), 'other' => array( 'method' => $this->authmethod, - 'reason' => null, - 'token' => $this->token + 'reason' => null ) ); @@ -1016,8 +1015,7 @@ protected function authenticate_by_token($tokentype){ 'context' => context_system::instance(), 'other' => array( 'method' => $this->authmethod, - 'reason' => null, - 'token' => $this->token + 'reason' => null ) ); diff --git a/webservice/tests/events.php b/webservice/tests/events.php index b1961007abdfb..3508c927a1f4d 100644 --- a/webservice/tests/events.php +++ b/webservice/tests/events.php @@ -77,7 +77,7 @@ public function test_login_failed() { 'other' => array( 'reason' => 'Unit Test', 'method' => 'Some method', - 'token' => 'A fake token' + 'tokenid' => '123' ) ); $event = \core\event\webservice_login_failed::create($params); @@ -91,8 +91,16 @@ public function test_login_failed() { $this->assertEquals(context_system::instance(), $event->get_context()); $this->assertEquals($params['other']['reason'], $event->other['reason']); $this->assertEquals($params['other']['method'], $event->other['method']); - $this->assertEquals($params['other']['token'], $event->other['token']); + $this->assertEquals($params['other']['tokenid'], $event->other['tokenid']); $this->assertEventLegacyLogData($fakelogdata, $event); + + // We cannot set the token in the other properties. + $params['other']['token'] = 'I should not be set'; + try { + $event = \core\event\webservice_login_failed::create($params); + $this->fail('The token cannot be allowed in \core\event\webservice_login_failed'); + } catch (coding_exception $e) { + } } public function test_service_created() { From 26422a66ad1f004cee7c92b74c2766429f7c6dbe Mon Sep 17 00:00:00 2001 From: Frederic Massart Date: Wed, 2 Oct 2013 13:10:45 +0800 Subject: [PATCH 2/2] MDL-40050 webservice: Moving new events test file to right location --- webservice/tests/{events.php => events_test.php} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename webservice/tests/{events.php => events_test.php} (99%) diff --git a/webservice/tests/events.php b/webservice/tests/events_test.php similarity index 99% rename from webservice/tests/events.php rename to webservice/tests/events_test.php index 3508c927a1f4d..7152077703d8a 100644 --- a/webservice/tests/events.php +++ b/webservice/tests/events_test.php @@ -33,7 +33,7 @@ * @copyright 2013 Frédéric Massart * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later */ -class webservice_events_testcase extends advanced_testcase { +class core_webservice_events_testcase extends advanced_testcase { public function setUp() { $this->resetAfterTest();