mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-01-19 06:18:28 +01:00
Code Issues Projects Releases Wiki Activity

MDL-56159 webservice: Improve not fully setup and missing pwd checks

Browse Source 
Removing the check in login/token.php is secure since the
auth_forcepasswordchange is checked in require_login that is called via
validate_context.
The user must be able to get a token even if that setting is on. With
that token we’ll redirect the user to the site or we’ll change the
password when a new WS for that is available.
This commit is contained in:
Juan Leyva 2016-09-28 11:06:20 +01:00
parent b7676ef92c
commit 80e0f0b85b
3 changed files with 5 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lang/en/error.php
View File

@ -562,6 +562,7 @@ $string['usernotdeletedadmin'] = 'User not deleted - can not delete administrato
$string['usernotdeletederror'] = 'User not deleted - error'; $string['usernotdeletederror'] = 'User not deleted - error';
$string['usernotdeletedmissing'] = 'User not deleted - could not find the username'; $string['usernotdeletedmissing'] = 'User not deleted - could not find the username';
$string['usernotdeletedoff'] = 'User not deleted - deleting not allowed'; $string['usernotdeletedoff'] = 'User not deleted - deleting not allowed';
$string['usernotfullysetup'] = 'User not fully set-up';
$string['usernotincourse'] = 'This user is not in this course!'; $string['usernotincourse'] = 'This user is not in this course!';
$string['usernotrenamedadmin'] = 'Cannot rename admin accounts'; $string['usernotrenamedadmin'] = 'Cannot rename admin accounts';
$string['usernotrenamedexists'] = 'User not renamed - the new username is already in use'; $string['usernotrenamedexists'] = 'User not renamed - the new username is already in use';

6
lib/moodlelib.php
View File

@ -2639,8 +2639,10 @@ function require_login($courseorid = null, $autologinguest = true, $cm = null, $
redirect($wwwroot .'/login/change_password.php'); redirect($wwwroot .'/login/change_password.php');
} }
} }
} else if ($userauth->can_change_password()) {
throw new moodle_exception('forcepasswordchangenotice');
} else { } else {
print_error('nopasswordchangeforced', 'auth'); throw new moodle_exception('nopasswordchangeforced', 'auth');
} }
} }
@ -2656,7 +2658,7 @@ function require_login($courseorid = null, $autologinguest = true, $cm = null, $
if ($usernotfullysetup) { if ($usernotfullysetup) {
if ($preventredirect) { if ($preventredirect) {
throw new require_login_exception('User not fully set-up'); throw new moodle_exception('usernotfullysetup');
} }
if ($setwantsurltome) { if ($setwantsurltome) {
$SESSION->wantsurl = qualified_me(); $SESSION->wantsurl = qualified_me();

9
login/token.php
View File

@ -71,15 +71,6 @@ if (!empty($user)) {
} }
} }
// Check whether the user should be changing password.
if (get_user_preferences('auth_forcepasswordchange', false, $user)) {
if ($userauth->can_change_password()) {
throw new moodle_exception('forcepasswordchangenotice');
} else {
throw new moodle_exception('nopasswordchangeforced', 'auth');
}
}
// let enrol plugins deal with new enrolments if necessary // let enrol plugins deal with new enrolments if necessary
enrol_check_plugins($user); enrol_check_plugins($user);