mirror of
https://github.com/moodle/moodle.git
synced 2025-04-15 05:25:08 +02:00
MDL-73295 webservice: only pass around sesskey for tokens as needed.
This commit is contained in:
Paul Holden
parent
f8eb36373d
commit
d4bd398ad7
@ -164,6 +164,7 @@ $string['required'] = 'Required';
|
||||
$string['requiredcapability'] = 'Required capability';
|
||||
$string['requiredcapability_help'] = 'If set, only users with the required capability can access the service.';
|
||||
$string['requiredcaps'] = 'Required capabilities';
|
||||
$string['resettokencomplete'] = 'The selected token was reset';
|
||||
$string['resettokenconfirm'] = 'Do you really want to reset this web service key for <strong>{$a->user}</strong> on the service <strong>{$a->service}</strong>?';
|
||||
$string['resettokenconfirmsimple'] = 'Do you really want to reset this key? Any saved links containing the old key will not work anymore.';
|
||||
$string['response'] = 'Response';
|
||||
|
||||
@ -10198,7 +10198,7 @@ class admin_setting_webservicesoverview extends admin_setting {
|
||||
|
||||
/// 8. Create token for the specific user
|
||||
$row = array();
|
||||
$url = new moodle_url("/admin/webservice/tokens.php?sesskey=" . sesskey() . "&action=create");
|
||||
$url = new moodle_url('/admin/webservice/tokens.php', ['action' => 'create']);
|
||||
$row[0] = "8. " . html_writer::tag('a', get_string('createtokenforuser', 'webservice'),
|
||||
array('href' => $url));
|
||||
$row[1] = "";
|
||||
|
||||
@ -5204,7 +5204,7 @@ class settings_navigation extends navigation_node {
|
||||
}
|
||||
// Security keys.
|
||||
if ($currentuser && $enablemanagetokens) {
|
||||
$url = new moodle_url('/user/managetoken.php', array('sesskey'=>sesskey()));
|
||||
$url = new moodle_url('/user/managetoken.php');
|
||||
$useraccount->add(get_string('securitykeys', 'webservice'), $url, self::TYPE_SETTING);
|
||||
}
|
||||
|
||||
|
||||
@ -35,12 +35,10 @@ class core_rss_renderer extends plugin_renderer_base {
|
||||
* @return string html
|
||||
*/
|
||||
public function user_reset_rss_token_confirmation() {
|
||||
global $CFG;
|
||||
$managetokenurl = $CFG->wwwroot."/user/managetoken.php?sesskey=" . sesskey();
|
||||
$optionsyes = array('action' => 'resetrsstoken', 'confirm' => 1, 'sesskey' => sesskey());
|
||||
$optionsno = array('section' => 'webservicetokens', 'sesskey' => sesskey());
|
||||
$managetokenurl = '/user/managetoken.php';
|
||||
$optionsyes = ['action' => 'resetrsstoken', 'confirm' => 1];
|
||||
$formcontinue = new single_button(new moodle_url($managetokenurl, $optionsyes), get_string('reset'));
|
||||
$formcancel = new single_button(new moodle_url($managetokenurl, $optionsno), get_string('cancel'), 'get');
|
||||
$formcancel = new single_button(new moodle_url($managetokenurl), get_string('cancel'), 'get');
|
||||
$html = $this->output->confirm(get_string('resettokenconfirmsimple', 'webservice'), $formcontinue, $formcancel);
|
||||
return $html;
|
||||
}
|
||||
@ -69,8 +67,9 @@ class core_rss_renderer extends plugin_renderer_base {
|
||||
$table->data = array();
|
||||
|
||||
if (!empty($token)) {
|
||||
$reset = "<a href=\"".$CFG->wwwroot."/user/managetoken.php?sesskey=".sesskey().
|
||||
"&action=resetrsstoken\">".get_string('reset')."</a>";
|
||||
$reset = html_writer::link(new moodle_url('/user/managetoken.php', [
|
||||
'action' => 'resetrsstoken',
|
||||
]), get_string('reset'));
|
||||
|
||||
$table->data[] = array($token, $reset);
|
||||
|
||||
|
||||
@ -26,7 +26,6 @@
|
||||
require('../config.php');
|
||||
|
||||
require_login();
|
||||
require_sesskey();
|
||||
|
||||
$usercontext = context_user::instance($USER->id);
|
||||
|
||||
@ -57,7 +56,9 @@ if ( !is_siteadmin($USER->id)
|
||||
$resetconfirmation = $wsrenderer->user_reset_token_confirmation($token);
|
||||
} else {
|
||||
// Delete the token that need to be regenerated.
|
||||
require_sesskey();
|
||||
$webservice->delete_user_ws_token($tokenid);
|
||||
redirect($PAGE->url, get_string('resettokencomplete', 'core_webservice'));
|
||||
}
|
||||
}
|
||||
|
||||
@ -92,7 +93,9 @@ if (!empty($CFG->enablerssfeeds)) {
|
||||
if (!$confirm) {
|
||||
$resetconfirmation = $rssrenderer->user_reset_rss_token_confirmation();
|
||||
} else {
|
||||
require_sesskey();
|
||||
rss_delete_token($USER->id);
|
||||
redirect($PAGE->url, get_string('resettokencomplete', 'core_webservice'));
|
||||
}
|
||||
}
|
||||
if (empty($resetconfirmation)) {
|
||||
|
||||
@ -117,7 +117,6 @@ class token_table extends \table_sql {
|
||||
$tokenpageurl = new \moodle_url(
|
||||
"/admin/webservice/tokens.php",
|
||||
[
|
||||
"sesskey" => sesskey(),
|
||||
"action" => "delete",
|
||||
"tokenid" => $data->id
|
||||
]
|
||||
|
||||
@ -263,15 +263,10 @@ class core_webservice_renderer extends plugin_renderer_base {
|
||||
* @return string html
|
||||
*/
|
||||
public function user_reset_token_confirmation($token) {
|
||||
global $CFG;
|
||||
$managetokenurl = $CFG->wwwroot . "/user/managetoken.php?sesskey=" . sesskey();
|
||||
$optionsyes = array('tokenid' => $token->id, 'action' => 'resetwstoken', 'confirm' => 1,
|
||||
'sesskey' => sesskey());
|
||||
$optionsno = array('section' => 'webservicetokens', 'sesskey' => sesskey());
|
||||
$formcontinue = new single_button(new moodle_url($managetokenurl, $optionsyes),
|
||||
get_string('reset'));
|
||||
$formcancel = new single_button(new moodle_url($managetokenurl, $optionsno),
|
||||
get_string('cancel'), 'get');
|
||||
$managetokenurl = '/user/managetoken.php';
|
||||
$optionsyes = ['tokenid' => $token->id, 'action' => 'resetwstoken', 'confirm' => 1];
|
||||
$formcontinue = new single_button(new moodle_url($managetokenurl, $optionsyes), get_string('reset'));
|
||||
$formcancel = new single_button(new moodle_url($managetokenurl), get_string('cancel'), 'get');
|
||||
$html = $this->output->confirm(get_string('resettokenconfirm', 'webservice',
|
||||
(object) array('user' => $token->firstname . " " .
|
||||
$token->lastname, 'service' => $token->name)),
|
||||
@ -318,9 +313,10 @@ class core_webservice_renderer extends plugin_renderer_base {
|
||||
foreach ($tokens as $token) {
|
||||
|
||||
if ($token->creatorid == $userid) {
|
||||
$reset = "<a href=\"" . $CFG->wwwroot . "/user/managetoken.php?sesskey="
|
||||
. sesskey() . "&action=resetwstoken&tokenid=" . $token->id . "\">";
|
||||
$reset .= get_string('reset') . "</a>";
|
||||
$reset = html_writer::link(new moodle_url('/user/managetoken.php', [
|
||||
'action' => 'resetwstoken',
|
||||
'tokenid' => $token->id,
|
||||
]), get_string('reset'));
|
||||
$creator = $token->firstname . " " . $token->lastname;
|
||||
} else {
|
||||
//retrieve administrator name
|
||||
@ -347,7 +343,7 @@ class core_webservice_renderer extends plugin_renderer_base {
|
||||
|
||||
if ($documentation) {
|
||||
$doclink = new moodle_url('/webservice/wsdoc.php',
|
||||
array('id' => $token->id, 'sesskey' => sesskey()));
|
||||
array('id' => $token->id));
|
||||
$row[] = html_writer::tag('a', get_string('doc', 'webservice'),
|
||||
array('href' => $doclink));
|
||||
}
|
||||
|
||||
@ -27,7 +27,6 @@ require_once('../config.php');
|
||||
require($CFG->dirroot . '/webservice/lib.php');
|
||||
|
||||
require_login();
|
||||
require_sesskey();
|
||||
|
||||
$usercontext = context_user::instance($USER->id);
|
||||
$tokenid = required_param('id', PARAM_INT);
|
||||
@ -43,9 +42,7 @@ $PAGE->set_pagelayout('standard');
|
||||
$PAGE->navbar->ignore_active(true);
|
||||
$PAGE->navbar->add(get_string('preferences'), new moodle_url('/user/preferences.php'));
|
||||
$PAGE->navbar->add(get_string('useraccount'));
|
||||
$PAGE->navbar->add(get_string('securitykeys', 'webservice'),
|
||||
new moodle_url('/user/managetoken.php',
|
||||
array('id' => $tokenid, 'sesskey' => sesskey())));
|
||||
$PAGE->navbar->add(get_string('securitykeys', 'webservice'), new moodle_url('/user/managetoken.php'));
|
||||
$PAGE->navbar->add(get_string('wsdocumentation', 'webservice'));
|
||||
|
||||
// check web service are enabled
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user