MDL-17135 external token access support

author Petr Skoda <skodak@moodle.org>

Mon, 26 Oct 2009 19:10:20 +0000 (19:10 +0000)

committer Petr Skoda <skodak@moodle.org>

Mon, 26 Oct 2009 19:10:20 +0000 (19:10 +0000)
author Petr Skoda <skodak@moodle.org>
Mon, 26 Oct 2009 19:10:20 +0000 (19:10 +0000)
committer Petr Skoda <skodak@moodle.org>
Mon, 26 Oct 2009 19:10:20 +0000 (19:10 +0000)
diff --git a/lib/db/install.xml b/lib/db/install.xml

index e1337dd09c9eeaa8aa35da5259999a429fb7feb9..bd18e06c2c60b7c4b9232f3c08c3ad6542f47926 100644 (file)
--- a/lib/db/install.xml
+++ b/lib/db/install.xml
@@ -1,5 +1,5 @@
  <?xml version="1.0" encoding="UTF-8" ?>
-<XMLDB PATH="lib/db" VERSION="20091006" COMMENT="XMLDB file for core Moodle tables"
+<XMLDB PATH="lib/db" VERSION="20091026" COMMENT="XMLDB file for core Moodle tables"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:noNamespaceSchemaLocation="../../lib/xmldb/xmldb.xsd"
  >
@@ -2276,7 +2276,7 @@
          <KEY NAME="externalserviceid" TYPE="foreign" FIELDS="externalserviceid" REFTABLE="external_services" REFFIELDS="id" PREVIOUS="primary"/>
        </KEYS>
      </TABLE>
-    <TABLE NAME="external_services_users" COMMENT="users allowed to use services with restricted users flag" PREVIOUS="external_services_functions">
+    <TABLE NAME="external_services_users" COMMENT="users allowed to use services with restricted users flag" PREVIOUS="external_services_functions" NEXT="external_tokens">
        <FIELDS>
          <FIELD NAME="id" TYPE="int" LENGTH="10" NOTNULL="true" UNSIGNED="true" SEQUENCE="true" NEXT="externalserviceid"/>
          <FIELD NAME="externalserviceid" TYPE="int" LENGTH="10" NOTNULL="true" UNSIGNED="true" SEQUENCE="false" PREVIOUS="id" NEXT="userid"/>
@@ -2291,5 +2291,26 @@
          <KEY NAME="userid" TYPE="foreign" FIELDS="userid" REFTABLE="user" REFFIELDS="id" PREVIOUS="externalserviceid"/>
        </KEYS>
      </TABLE>
+    <TABLE NAME="external_tokens" COMMENT="Security tokens for accessing of external services" PREVIOUS="external_services_users">
+      <FIELDS>
+        <FIELD NAME="id" TYPE="int" LENGTH="10" NOTNULL="true" UNSIGNED="true" SEQUENCE="true" NEXT="token"/>
+        <FIELD NAME="token" TYPE="char" LENGTH="128" NOTNULL="true" SEQUENCE="false" COMMENT="security token, aka private access key" PREVIOUS="id" NEXT="tokentype"/>
+        <FIELD NAME="tokentype" TYPE="int" LENGTH="4" NOTNULL="true" UNSIGNED="true" SEQUENCE="false" COMMENT="type of token: 0=permanent, no session; 1=linked to current browser session via sid; 2=permanent, with emulated session" PREVIOUS="token" NEXT="userid"/>
+        <FIELD NAME="userid" TYPE="int" LENGTH="10" NOTNULL="true" UNSIGNED="true" SEQUENCE="false" COMMENT="owner of the token" PREVIOUS="tokentype" NEXT="externalserviceid"/>
+        <FIELD NAME="externalserviceid" TYPE="int" LENGTH="10" NOTNULL="true" UNSIGNED="true" SEQUENCE="false" PREVIOUS="userid" NEXT="sid"/>
+        <FIELD NAME="sid" TYPE="char" LENGTH="128" NOTNULL="false" SEQUENCE="false" COMMENT="link to browser or emulated session" PREVIOUS="externalserviceid" NEXT="contextid"/>
+        <FIELD NAME="contextid" TYPE="int" LENGTH="10" NOTNULL="true" UNSIGNED="true" SEQUENCE="false" COMMENT="context id where in token valid" PREVIOUS="sid" NEXT="iprestriction"/>
+        <FIELD NAME="iprestriction" TYPE="char" LENGTH="255" NOTNULL="false" SEQUENCE="false" COMMENT="ip restriction" PREVIOUS="contextid" NEXT="validuntil"/>
+        <FIELD NAME="validuntil" TYPE="int" LENGTH="10" NOTNULL="false" UNSIGNED="true" SEQUENCE="false" COMMENT="timestampt - valid until data" PREVIOUS="iprestriction" NEXT="timecreated"/>
+        <FIELD NAME="timecreated" TYPE="int" LENGTH="10" NOTNULL="true" UNSIGNED="true" SEQUENCE="false" COMMENT="created timestamp" PREVIOUS="validuntil" NEXT="lastaccess"/>
+        <FIELD NAME="lastaccess" TYPE="int" LENGTH="10" NOTNULL="false" UNSIGNED="true" SEQUENCE="false" COMMENT="last access timestamp" PREVIOUS="timecreated"/>
+      </FIELDS>
+      <KEYS>
+        <KEY NAME="primary" TYPE="primary" FIELDS="id" NEXT="userid"/>
+        <KEY NAME="userid" TYPE="foreign" FIELDS="userid" REFTABLE="user" REFFIELDS="id" PREVIOUS="primary" NEXT="externalserviceid"/>
+        <KEY NAME="externalserviceid" TYPE="foreign" FIELDS="externalserviceid" REFTABLE="external_services" REFFIELDS="id" PREVIOUS="userid" NEXT="contextid"/>
+        <KEY NAME="contextid" TYPE="foreign" FIELDS="contextid" REFTABLE="context" REFFIELDS="id" PREVIOUS="externalserviceid"/>
+      </KEYS>
+    </TABLE>
    </TABLES>
  </XMLDB>
 \ No newline at end of file
diff --git a/lib/db/upgrade.php b/lib/db/upgrade.php

index 56462aaf19da3c7b5b801b025c0b63a9206cc36c..841a86d7ab521a22405608f714f234634638b4b8 100644 (file)
--- a/lib/db/upgrade.php
+++ b/lib/db/upgrade.php
@@ -2598,6 +2598,37 @@ WHERE gradeitemid IS NOT NULL AND grademax IS NOT NULL");
          upgrade_main_savepoint($result, 2009100605);
      }
  
+    if ($result && $oldversion < 2009102600) {
+
+    /// Define table external_tokens to be created
+        $table = new xmldb_table('external_tokens');
+
+    /// Adding fields to table external_tokens
+        $table->add_field('id', XMLDB_TYPE_INTEGER, '10', XMLDB_UNSIGNED, XMLDB_NOTNULL, XMLDB_SEQUENCE, null);
+        $table->add_field('token', XMLDB_TYPE_CHAR, '128', null, XMLDB_NOTNULL, null, null);
+        $table->add_field('tokentype', XMLDB_TYPE_INTEGER, '4', XMLDB_UNSIGNED, XMLDB_NOTNULL, null, null);
+        $table->add_field('userid', XMLDB_TYPE_INTEGER, '10', XMLDB_UNSIGNED, XMLDB_NOTNULL, null, null);
+        $table->add_field('externalserviceid', XMLDB_TYPE_INTEGER, '10', XMLDB_UNSIGNED, XMLDB_NOTNULL, null, null);
+        $table->add_field('sid', XMLDB_TYPE_CHAR, '128', null, null, null, null);
+        $table->add_field('contextid', XMLDB_TYPE_INTEGER, '10', XMLDB_UNSIGNED, XMLDB_NOTNULL, null, null);
+        $table->add_field('iprestriction', XMLDB_TYPE_CHAR, '255', null, null, null, null);
+        $table->add_field('validuntil', XMLDB_TYPE_INTEGER, '10', XMLDB_UNSIGNED, null, null, null);
+        $table->add_field('timecreated', XMLDB_TYPE_INTEGER, '10', XMLDB_UNSIGNED, XMLDB_NOTNULL, null, null);
+        $table->add_field('lastaccess', XMLDB_TYPE_INTEGER, '10', XMLDB_UNSIGNED, null, null, null);
+
+    /// Adding keys to table external_tokens
+        $table->add_key('primary', XMLDB_KEY_PRIMARY, array('id'));
+        $table->add_key('userid', XMLDB_KEY_FOREIGN, array('userid'), 'user', array('id'));
+        $table->add_key('externalserviceid', XMLDB_KEY_FOREIGN, array('externalserviceid'), 'external_services', array('id'));
+        $table->add_key('contextid', XMLDB_KEY_FOREIGN, array('contextid'), 'context', array('id'));
+
+    /// Launch create table for external_tokens
+        $dbman->create_table($table);
+
+    /// Main savepoint reached
+        upgrade_main_savepoint($result, 2009102600);
+    }
+
      return $result;
  }
  
diff --git a/lib/externallib.php b/lib/externallib.php

index bb5330dcb172dae300cbde6b23b70c2650b5da8c..6bcfc6a340f96dc13e9128144e2dac7a978c88e4 100644 (file)
--- a/lib/externallib.php
+++ b/lib/externallib.php
@@ -24,6 +24,23 @@
   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
   */
  
+/**
+ * Security token used for allowing access
+ * from external application such as web services.
+ * Scripts do not use any session, performance is relatively
+ * low because we need to load access info in each request.
+ * Scrits are executed in parallel.
+ */
+define('EXTERNAL_TOKEN_PERMANENT', 0);
+
+/**
+ * Security token used for allowing access
+ * of embedded applications, the code is executed in the
+ * active user session. Token is invalidated after user logs out.
+ * Scripts are executed serially - normal session locking is used.
+ */
+define('EXTERNAL_TOKEN_EMBEDDED', 1);
+
  /**
   * Returns detailed functio information
   * @param string|object $function name of external function or record from external_function
diff --git a/version.php b/version.php

index 1a6d86bac22d2b1c734f4286646d1e64ac5dd49d..e011e45d71716f295577916421072a16cee9cfcc 100644 (file)
--- a/version.php
+++ b/version.php
@@ -6,7 +6,7 @@
  // This is compared against the values stored in the database to determine
  // whether upgrades should be performed (see lib/db/*.php)
  
-    $version = 2009102201;  // YYYYMMDD   = date of the last version bump
+    $version = 2009102600;  // YYYYMMDD   = date of the last version bump
                              //         XX = daily increments
  
      $release = '2.0 dev (Build: 20091026)';  // Human-friendly version name
author	Petr Skoda <skodak@moodle.org>
	Mon, 26 Oct 2009 19:10:20 +0000 (19:10 +0000)
committer	Petr Skoda <skodak@moodle.org>
	Mon, 26 Oct 2009 19:10:20 +0000 (19:10 +0000)
lib/db/install.xml		patch \| blob \| history
lib/db/upgrade.php		patch \| blob \| history
lib/externallib.php		patch \| blob \| history
version.php		patch \| blob \| history