moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-04 08:26:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-72464 webservice: fix detection of non-expiring external tokens.

Browse source
This commit is contained in:
Paul Holden 2021-09-02 12:44:22 +01:00
parent e746dc75af
commit 797cff78d5
4 changed files with 76 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

35
user/tests/behat/edituserpassword.feature
View file

@ -1,8 +1,8 @@
@core @core_user @core @core_user
Feature: Enable/disable password field based on authentication selected. Feature: Edit a users password
In order edit a user password properly In order edit a user password properly
As an admin As an admin
I need to be able to notice if the change in password is allowed by athuentication plugin or not I need to be able to edit their profile and change their password
@javascript @javascript
Scenario: Verify the password field is enabled/disabled based on authentication selected, in user edit advanced page. Scenario: Verify the password field is enabled/disabled based on authentication selected, in user edit advanced page.
@ -15,3 +15,34 @@ Feature: Enable/disable password field based on authentication selected.
And the "New password" "field" should be enabled And the "New password" "field" should be enabled
# We need to cancel/submit a form that has been modified. # We need to cancel/submit a form that has been modified.
And I press "Create user" And I press "Create user"
Scenario: Sign out everywhere field is not present if user doesn't have active token
Given the following "users" exist:
| username | firstname | lastname | email |
| user01 | User | One | user01@example.com |
And I log in as "admin"
When I navigate to "Users > Accounts > Browse list of users" in site administration
And I click on "User One" "link" in the "users" "table"
And I click on "Edit profile" "link"
Then "Sign out everywhere" "field" should not exist
Scenario Outline: Sign out everywhere field is present based on expiry of active token
Given the following "users" exist:
| username | firstname | lastname | email |
| user01 | User | One | user01@example.com |
And the following "core_webservice > Service" exist:
| shortname | name |
| mytestservice | My test service |
And the following "core_webservice > Tokens" exist:
| user | service | validuntil |
| user01 | mytestservice | <validuntil> |
And I log in as "admin"
When I navigate to "Users > Accounts > Browse list of users" in site administration
And I click on "User One" "link" in the "users" "table"
And I click on "Edit profile" "link"
Then "Sign out everywhere" "field" <shouldornot> exist
Examples:
| validuntil | shouldornot |
| ## -1 month ## | should not |
| 0 | should |
| ## +1 month ## | should |

2
webservice/lib.php
View file

@ -866,7 +866,7 @@ class webservice {
$sql = 'SELECT t.*, s.name as servicename FROM {external_tokens} t JOIN $sql = 'SELECT t.*, s.name as servicename FROM {external_tokens} t JOIN
{external_services} s ON t.externalserviceid = s.id WHERE {external_services} s ON t.externalserviceid = s.id WHERE
t.userid = :userid AND (t.validuntil IS NULL OR t.validuntil > :now)'; t.userid = :userid AND (COALESCE(t.validuntil, 0) = 0 OR t.validuntil > :now)';
$params = array('userid' => $userid, 'now' => time()); $params = array('userid' => $userid, 'now' => time());
return $DB->get_records_sql($sql, $params); return $DB->get_records_sql($sql, $params);
} }

1
webservice/tests/generator/lib.php
View file

@ -49,6 +49,7 @@ class core_webservice_generator extends component_generator_base {
} }
$optionalfields = [ $optionalfields = [
'enabled' => false,
'requiredcapability' => '', 'requiredcapability' => '',
'restrictedusers' => 0, 'restrictedusers' => 0,
'component' => '', 'component' => '',

41
webservice/tests/lib_test.php
View file

@ -252,6 +252,47 @@ class webservice_test extends advanced_testcase {
$this->assertContains('moodle/course:managegroups', $missing[$user3->id]); $this->assertContains('moodle/course:managegroups', $missing[$user3->id]);
} }
/**
* Data provider for {@see test_get_active_tokens}
*
* @return array
*/
public function get_active_tokens_provider(): array {
return [
'No expiration' => [0, true],
'Active' => [time() + DAYSECS, true],
'Expired' => [time() - DAYSECS, false],
];
}
/**
* Test getting active tokens for a user
*
* @param int $validuntil
* @param bool $expectedactive
*
* @dataProvider get_active_tokens_provider
*/
public function test_get_active_tokens(int $validuntil, bool $expectedactive): void {
$this->resetAfterTest();
$user = $this->getDataGenerator()->create_user();
/** @var core_webservice_generator $generator */
$generator = $this->getDataGenerator()->get_plugin_generator('core_webservice');
$service = $generator->create_service(['name' => 'My test service', 'shortname' => 'mytestservice']);
$generator->create_token(['userid' => $user->id, 'service' => $service->shortname, 'validuntil' => $validuntil]);
$tokens = webservice::get_active_tokens($user->id);
if ($expectedactive) {
$this->assertCount(1, $tokens);
$this->assertEquals($service->id, reset($tokens)->externalserviceid);
} else {
$this->assertEmpty($tokens);
}
}
/** /**
* Utility method that tests the parameter type of a method info's input/output parameter. * Utility method that tests the parameter type of a method info's input/output parameter.
* *