webservice MDL-20805 add token authentication method to test client (+ use token...

diff --git a/admin/webservice/tokens.php b/admin/webservice/tokens.php
index 953e25e3db010c94c64204e5cddee694c15c95a3..170c6c086b40382937765d68ce919e193c0a4471 100644 (file)
--- a/admin/webservice/tokens.php
+++ b/admin/webservice/tokens.php
@@ -72,7 +72,7 @@ switch ($action) {
                 } else {
                     throw new moodle_exception('nocapabilitytousethisservice');
                 }
-                $newtoken->tokentype = 2;
+                $newtoken->tokentype = EXTERNAL_TOKEN_PERMANENT;
                 $newtoken->userid = $data->user;
                 //TODO: find a way to get the context - UPDATE FOLLOWING LINE
                 $newtoken->contextid = get_context_instance(CONTEXT_SYSTEM)->id; 
@@ -103,7 +103,7 @@ switch ($action) {
                 FROM
                     {external_tokens} token, {user} user, {external_services} service
                 WHERE
-                    token.creatorid=? AND token.id=? AND token.tokentype = 2 AND service.id = token.externalserviceid AND token.userid = user.id";
+                    token.creatorid=? AND token.id=? AND token.tokentype = ".EXTERNAL_TOKEN_PERMANENT." AND service.id = token.externalserviceid AND token.userid = user.id";
         $token = $DB->get_record_sql($sql, array($USER->id, $tokenid), MUST_EXIST); //must be the token creator
         if (!$confirm) {
             admin_externalpage_print_header();

diff --git a/lib/externallib.php b/lib/externallib.php
index 6e2b0458bd1cdd8bea0d27036be214696c54ea66..2ea1ff76935393452684c28e01ee4fcac45368f8 100644 (file)
--- a/lib/externallib.php
+++ b/lib/externallib.php
@@ -24,25 +24,9 @@
  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  */
 
-/**
- * Security token used for allowing access
- * from external application such as web services.
- * Scripts do not use any session, performance is relatively
- * low because we need to load access info in each request.
- * Scrits are executed in parallel.
- */
-define('EXTERNAL_TOKEN_PERMANENT', 0);
-
-/**
- * Security token used for allowing access
- * of embedded applications, the code is executed in the
- * active user session. Token is invalidated after user logs out.
- * Scripts are executed serially - normal session locking is used.
- */
-define('EXTERNAL_TOKEN_EMBEDDED', 1);
 
 /**
- * Returns detailed functio information
+ * Returns detailed function information
  * @param string|object $function name of external function or record from external_function
  * @param int $strictness IGNORE_MISSING means compatible mode, false returned if record not found, debug message if more found;
  *                        MUST_EXIST means throw exception if no record or multiple records found

diff --git a/user/managetoken.php b/user/managetoken.php
index 791f158f8dd600f47709098b83159e8dcbb23d67..9164145efb25ad48715110b7be46c8e7e83bfcdf 100644 (file)
--- a/user/managetoken.php
+++ b/user/managetoken.php
@@ -69,7 +69,7 @@ switch ($action) {
                     throw new moodle_exception('nocapabilitytousethisservice');
                 }
 
-                $newtoken->tokentype = 2;
+                $newtoken->tokentype = EXTERNAL_TOKEN_PERMANENT;
                 $newtoken->userid = $USER->id;
                 //TODO: find a way to get the context - UPDATE FOLLOWING LINE
                 $newtoken->contextid = get_context_instance(CONTEXT_SYSTEM)->id;
@@ -98,7 +98,7 @@ switch ($action) {
                 FROM
                     {external_tokens} token, {user} user, {external_services} service
                 WHERE
-                    token.creatorid=? AND token.id=? AND token.tokentype = 2 AND service.id = token.externalserviceid AND token.userid = user.id";
+                    token.creatorid=? AND token.id=? AND token.tokentype = ".EXTERNAL_TOKEN_PERMANENT." AND service.id = token.externalserviceid AND token.userid = user.id";
         $token = $DB->get_record_sql($sql, array($USER->id, $tokenid), MUST_EXIST); //must be the token creator
         if (!$confirm) {
             echo $OUTPUT->header();

diff --git a/webservice/testclient.php b/webservice/testclient.php
index e652e1e047474c4d3824633cc8576e2a9e893724..b67faf269d22cb64e164b52d0f9e22b72253c11b 100644 (file)
--- a/webservice/testclient.php
+++ b/webservice/testclient.php
@@ -30,6 +30,7 @@ require_once("$CFG->dirroot/webservice/testclient_forms.php");
 
 $function = optional_param('function', '', PARAM_SAFEDIR);
 $protocol = optional_param('protocol', '', PARAM_SAFEDIR);
+$authmethod = optional_param('authmethod', '', PARAM_SAFEDIR);
 
 $PAGE->set_url('webservice/testclient.php');
 
@@ -87,7 +88,7 @@ if (!$function or !$protocol) {
 
 $class = $function.'_form';
 
-$mform = new $class();
+$mform = new $class(null, array('authmethod' => $authmethod));
 $mform->set_data(array('function'=>$function, 'protocol'=>$protocol));
 
 if ($mform->is_cancelled()) {
@@ -106,9 +107,15 @@ if ($mform->is_cancelled()) {
     }
     $testclient = new $testclientclass();
 
-    $serverurl = "$CFG->wwwroot/webservice/$protocol/simpleserver.php";
-    $serverurl .= '?wsusername='.urlencode($data->wsusername);
-    $serverurl .= '&wspassword='.urlencode($data->wspassword);
+    $serverurl = "$CFG->wwwroot/webservice/$protocol/";
+    if ($authmethod == 'simple') {
+        $serverurl .= 'simpleserver.php';
+        $serverurl .= '?wsusername='.urlencode($data->wsusername);
+        $serverurl .= '&wspassword='.urlencode($data->wspassword);
+    } else if ($authmethod == 'token') {
+        $serverurl .= 'server.php';
+        $serverurl .= '?wstoken='.urlencode($data->token);
+    }
 
     // now get the function parameters
     $params = $mform->get_params();

diff --git a/webservice/testclient_forms.php b/webservice/testclient_forms.php
index a6a70767c64f406fdbd5d207c030d9052ec93c5c..1701d764ea76019d4b3f5c4c70d14fb668645410 100644 (file)
--- a/webservice/testclient_forms.php
+++ b/webservice/testclient_forms.php
@@ -12,6 +12,9 @@ class webservice_test_client_form extends moodleform {
 
         $mform->addElement('header', 'wstestclienthdr', get_string('testclient', 'webservice'));
 
+        $authmethod = array('simple' => 'simple', 'token' => 'token');
+        $mform->addElement('select', 'authmethod', get_string('authmethod', 'webservice'), $authmethod);
+
         $mform->addElement('select', 'protocol', get_string('protocol', 'webservice'), $protocols);
 
         $mform->addElement('select', 'function', get_string('function', 'webservice'), $functions);
@@ -27,12 +30,22 @@ class moodle_group_create_groups_form extends moodleform {
         global $CFG;
 
         $mform = $this->_form;
+       
 
         $mform->addElement('header', 'wstestclienthdr', get_string('testclient', 'webservice'));
 
         //note: these values are intentionally PARAM_RAW - we want users to test any rubbish as parameters
-        $mform->addElement('text', 'wsusername', 'wsusername');
-        $mform->addElement('text', 'wspassword', 'wspassword');
+        $data = $this->_customdata;
+        if ($data['authmethod'] == 'simple') {
+            $mform->addElement('text', 'wsusername', 'wsusername');
+            $mform->addElement('text', 'wspassword', 'wspassword');
+        } else  if ($data['authmethod'] == 'token') {
+            $mform->addElement('text', 'token', 'token');
+        }
+
+        $mform->addElement('hidden', 'authmethod', $data['authmethod']);
+        $mform->setType('authmethod', PARAM_SAFEDIR);
+
         $mform->addElement('text', 'courseid', 'courseid');
         $mform->addElement('text', 'name', 'name');
         $mform->addElement('text', 'description', 'description');
@@ -44,6 +57,8 @@ class moodle_group_create_groups_form extends moodleform {
         $mform->addElement('hidden', 'protocol');
         $mform->setType('protocol', PARAM_SAFEDIR);
 
+        
+
         $mform->addElement('static', 'warning', '', get_string('executewarnign', 'webservice'));
 
         $this->add_action_buttons(true, get_string('execute', 'webservice'));
@@ -59,6 +74,8 @@ class moodle_group_create_groups_form extends moodleform {
         unset($data->function);
         unset($data->wsusername);
         unset($data->wspassword);
+        unset($data->token);
+        unset($data->authmethod);
 
         $params = array();
         $params['groups'] = array();
@@ -77,8 +94,16 @@ class moodle_group_get_groups_form extends moodleform {
         $mform->addElement('header', 'wstestclienthdr', get_string('testclient', 'webservice'));
 
         //note: these values are intentionally PARAM_RAW - we want users to test any rubbish as parameters
-        $mform->addElement('text', 'wsusername', 'wsusername');
-        $mform->addElement('text', 'wspassword', 'wspassword');
+        $data = $this->_customdata;
+        if ($data['authmethod'] == 'simple') {
+            $mform->addElement('text', 'wsusername', 'wsusername');
+            $mform->addElement('text', 'wspassword', 'wspassword');
+        } else  if ($data['authmethod'] == 'token') {
+            $mform->addElement('text', 'token', 'token');
+        }
+
+        $mform->addElement('hidden', 'authmethod', $data['authmethod']);
+        $mform->setType('authmethod', PARAM_SAFEDIR);
         $mform->addElement('text', 'groupids[0]', 'groupids[0]');
         $mform->addElement('text', 'groupids[1]', 'groupids[1]');
         $mform->addElement('text', 'groupids[2]', 'groupids[2]');
@@ -103,6 +128,8 @@ class moodle_group_get_groups_form extends moodleform {
         unset($data->function);
         unset($data->wsusername);
         unset($data->wspassword);
+        unset($data->token);
+        unset($data->authmethod);
 
         $params = array();
         $params['groupids'] = array();
@@ -126,8 +153,16 @@ class moodle_group_get_course_groups_form extends moodleform {
         $mform->addElement('header', 'wstestclienthdr', get_string('testclient', 'webservice'));
 
         //note: these values are intentionally PARAM_RAW - we want users to test any rubbish as parameters
-        $mform->addElement('text', 'wsusername', 'wsusername');
-        $mform->addElement('text', 'wspassword', 'wspassword');
+        $data = $this->_customdata;
+        if ($data['authmethod'] == 'simple') {
+            $mform->addElement('text', 'wsusername', 'wsusername');
+            $mform->addElement('text', 'wspassword', 'wspassword');
+        } else  if ($data['authmethod'] == 'token') {
+            $mform->addElement('text', 'token', 'token');
+        }
+
+        $mform->addElement('hidden', 'authmethod', $data['authmethod']);
+        $mform->setType('authmethod', PARAM_SAFEDIR);
         $mform->addElement('text', 'courseid', 'courseid');
 
         $mform->addElement('hidden', 'function');
@@ -149,6 +184,8 @@ class moodle_group_get_course_groups_form extends moodleform {
         unset($data->function);
         unset($data->wsusername);
         unset($data->wspassword);
+        unset($data->token);
+        unset($data->authmethod);
 
         $params = array();
         $params['courseid'] = $data->courseid;
@@ -166,8 +203,16 @@ class moodle_group_delete_groups_form extends moodleform {
         $mform->addElement('header', 'wstestclienthdr', get_string('testclient', 'webservice'));
 
         //note: these values are intentionally PARAM_RAW - we want users to test any rubbish as parameters
-        $mform->addElement('text', 'wsusername', 'wsusername');
-        $mform->addElement('text', 'wspassword', 'wspassword');
+        $data = $this->_customdata;
+        if ($data['authmethod'] == 'simple') {
+            $mform->addElement('text', 'wsusername', 'wsusername');
+            $mform->addElement('text', 'wspassword', 'wspassword');
+        } else  if ($data['authmethod'] == 'token') {
+            $mform->addElement('text', 'token', 'token');
+        }
+
+        $mform->addElement('hidden', 'authmethod', $data['authmethod']);
+        $mform->setType('authmethod', PARAM_SAFEDIR);
         $mform->addElement('text', 'groupids[0]', 'groupids[0]');
         $mform->addElement('text', 'groupids[1]', 'groupids[1]');
         $mform->addElement('text', 'groupids[2]', 'groupids[2]');
@@ -194,6 +239,8 @@ class moodle_group_delete_groups_form extends moodleform {
         unset($data->function);
         unset($data->wsusername);
         unset($data->wspassword);
+        unset($data->token);
+        unset($data->authmethod);
 
         $params = array();
         $params['groupids'] = array();
@@ -217,8 +264,16 @@ class moodle_group_get_groupmembers_form extends moodleform {
         $mform->addElement('header', 'wstestclienthdr', get_string('testclient', 'webservice'));
 
         //note: these values are intentionally PARAM_RAW - we want users to test any rubbish as parameters
-        $mform->addElement('text', 'wsusername', 'wsusername');
-        $mform->addElement('text', 'wspassword', 'wspassword');
+        $data = $this->_customdata;
+        if ($data['authmethod'] == 'simple') {
+            $mform->addElement('text', 'wsusername', 'wsusername');
+            $mform->addElement('text', 'wspassword', 'wspassword');
+        } else  if ($data['authmethod'] == 'token') {
+            $mform->addElement('text', 'token', 'token');
+        }
+
+        $mform->addElement('hidden', 'authmethod', $data['authmethod']);
+        $mform->setType('authmethod', PARAM_SAFEDIR);
         $mform->addElement('text', 'groupids[0]', 'groupids[0]');
         $mform->addElement('text', 'groupids[1]', 'groupids[1]');
         $mform->addElement('text', 'groupids[2]', 'groupids[2]');
@@ -243,6 +298,8 @@ class moodle_group_get_groupmembers_form extends moodleform {
         unset($data->function);
         unset($data->wsusername);
         unset($data->wspassword);
+        unset($data->token);
+        unset($data->authmethod);
 
         $params = array();
         $params['groupids'] = array();
@@ -266,8 +323,16 @@ class moodle_group_add_groupmembers_form extends moodleform {
         $mform->addElement('header', 'wstestclienthdr', get_string('testclient', 'webservice'));
 
         //note: these values are intentionally PARAM_RAW - we want users to test any rubbish as parameters
-        $mform->addElement('text', 'wsusername', 'wsusername');
-        $mform->addElement('text', 'wspassword', 'wspassword');
+        $data = $this->_customdata;
+        if ($data['authmethod'] == 'simple') {
+            $mform->addElement('text', 'wsusername', 'wsusername');
+            $mform->addElement('text', 'wspassword', 'wspassword');
+        } else  if ($data['authmethod'] == 'token') {
+            $mform->addElement('text', 'token', 'token');
+        }
+
+        $mform->addElement('hidden', 'authmethod', $data['authmethod']);
+        $mform->setType('authmethod', PARAM_SAFEDIR);
         $mform->addElement('text', 'userid[0]', 'userid[0]');
         $mform->addElement('text', 'groupid[0]', 'groupid[0]');
         $mform->addElement('text', 'userid[1]', 'userid[1]');
@@ -292,6 +357,8 @@ class moodle_group_add_groupmembers_form extends moodleform {
         unset($data->function);
         unset($data->wsusername);
         unset($data->wspassword);
+        unset($data->token);
+        unset($data->authmethod);
 
         $params = array();
         $params['members'] = array();
@@ -315,8 +382,16 @@ class moodle_group_delete_groupmembers_form extends moodleform {
         $mform->addElement('header', 'wstestclienthdr', get_string('testclient', 'webservice'));
 
         //note: these values are intentionally PARAM_RAW - we want users to test any rubbish as parameters
-        $mform->addElement('text', 'wsusername', 'wsusername');
-        $mform->addElement('text', 'wspassword', 'wspassword');
+        $data = $this->_customdata;
+        if ($data['authmethod'] == 'simple') {
+            $mform->addElement('text', 'wsusername', 'wsusername');
+            $mform->addElement('text', 'wspassword', 'wspassword');
+        } else  if ($data['authmethod'] == 'token') {
+            $mform->addElement('text', 'token', 'token');
+        }
+
+        $mform->addElement('hidden', 'authmethod', $data['authmethod']);
+        $mform->setType('authmethod', PARAM_SAFEDIR);
         $mform->addElement('text', 'userid[0]', 'userid[0]');
         $mform->addElement('text', 'groupid[0]', 'groupid[0]');
         $mform->addElement('text', 'userid[1]', 'userid[1]');
@@ -341,6 +416,8 @@ class moodle_group_delete_groupmembers_form extends moodleform {
         unset($data->function);
         unset($data->wsusername);
         unset($data->wspassword);
+        unset($data->token);
+        unset($data->authmethod);
 
         $params = array();
         $params['members'] = array();