MDL-72464 webservice: fix detection of non-expiring external tokens.

2025-04-21 08:22:07 +02:00 · 2021-09-02 12:44:22 +01:00 · 2021-09-02 12:44:22 +01:00 · 797cff78d5
commit 797cff78d5
parent e746dc75af
4 changed files with 76 additions and 3 deletions
--- a/user/tests/behat/edituserpassword.feature
+++ b/user/tests/behat/edituserpassword.feature
@ -1,8 +1,8 @@
@core @core_user
-Feature: Enable/disable password field based on authentication selected.
+Feature: Edit a users password
  In order edit a user password properly
  As an admin
-  I need to be able to notice if the change in password is allowed by athuentication plugin or not
+  I need to be able to edit their profile and change their password

  @javascript
  Scenario: Verify the password field is enabled/disabled based on authentication selected, in user edit advanced page.
@ -15,3 +15,34 @@ Feature: Enable/disable password field based on authentication selected.
    And the "New password" "field" should be enabled
    # We need to cancel/submit a form that has been modified.
    And I press "Create user"
+
+  Scenario: Sign out everywhere field is not present if user doesn't have active token
+    Given the following "users" exist:
+      | username | firstname | lastname | email              |
+      | user01   | User      | One      | user01@example.com |
+    And I log in as "admin"
+    When I navigate to "Users > Accounts > Browse list of users" in site administration
+    And I click on "User One" "link" in the "users" "table"
+    And I click on "Edit profile" "link"
+    Then "Sign out everywhere" "field" should not exist
+
+  Scenario Outline: Sign out everywhere field is present based on expiry of active token
+    Given the following "users" exist:
+      | username | firstname | lastname | email              |
+      | user01   | User      | One      | user01@example.com |
+    And the following "core_webservice > Service" exist:
+      | shortname     | name            |
+      | mytestservice | My test service |
+    And the following "core_webservice > Tokens" exist:
+      | user   | service       | validuntil   |
+      | user01 | mytestservice | <validuntil> |
+    And I log in as "admin"
+    When I navigate to "Users > Accounts > Browse list of users" in site administration
+    And I click on "User One" "link" in the "users" "table"
+    And I click on "Edit profile" "link"
+    Then "Sign out everywhere" "field" <shouldornot> exist
+    Examples:
+      | validuntil     | shouldornot |
+      | ## -1 month ## | should not  |
+      | 0              | should      |
+      | ## +1 month ## | should      |
--- a/webservice/lib.php
+++ b/webservice/lib.php
@ -866,7 +866,7 @@ class webservice {

        $sql = 'SELECT t.*, s.name as servicename FROM {external_tokens} t JOIN
                {external_services} s ON t.externalserviceid = s.id WHERE
-                t.userid = :userid AND (t.validuntil IS NULL OR t.validuntil > :now)';
+                t.userid = :userid AND (COALESCE(t.validuntil, 0) = 0 OR t.validuntil > :now)';
        $params = array('userid' => $userid, 'now' => time());
        return $DB->get_records_sql($sql, $params);
    }
--- a/webservice/tests/generator/lib.php
+++ b/webservice/tests/generator/lib.php
@ -49,6 +49,7 @@ class core_webservice_generator extends component_generator_base {
        }

        $optionalfields = [
+            'enabled' => false,
            'requiredcapability' => '',
            'restrictedusers' => 0,
            'component' => '',
--- a/webservice/tests/lib_test.php
+++ b/webservice/tests/lib_test.php
@ -252,6 +252,47 @@ class webservice_test extends advanced_testcase {
        $this->assertContains('moodle/course:managegroups', $missing[$user3->id]);
    }

+    /**
+     * Data provider for {@see test_get_active_tokens}
+     *
+     * @return array
+     */
+    public function get_active_tokens_provider(): array {
+        return [
+            'No expiration' => [0, true],
+            'Active' => [time() + DAYSECS, true],
+            'Expired' => [time() - DAYSECS, false],
+        ];
+    }
+
+    /**
+     * Test getting active tokens for a user
+     *
+     * @param int $validuntil
+     * @param bool $expectedactive
+     *
+     * @dataProvider get_active_tokens_provider
+     */
+    public function test_get_active_tokens(int $validuntil, bool $expectedactive): void {
+        $this->resetAfterTest();
+
+        $user = $this->getDataGenerator()->create_user();
+
+        /** @var core_webservice_generator $generator */
+        $generator = $this->getDataGenerator()->get_plugin_generator('core_webservice');
+
+        $service = $generator->create_service(['name' => 'My test service', 'shortname' => 'mytestservice']);
+        $generator->create_token(['userid' => $user->id, 'service' => $service->shortname, 'validuntil' => $validuntil]);
+
+        $tokens = webservice::get_active_tokens($user->id);
+        if ($expectedactive) {
+            $this->assertCount(1, $tokens);
+            $this->assertEquals($service->id, reset($tokens)->externalserviceid);
+        } else {
+            $this->assertEmpty($tokens);
+        }
+    }
+
    /**
     * Utility method that tests the parameter type of a method info's input/output parameter.
     *