Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-27360

Web service tokens are displayed for deleted users

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • 2.1.5, 2.2.2
    • 2.1, 2.2.1
    • Web Services
    • MOODLE_21_STABLE, MOODLE_22_STABLE
    • MOODLE_21_STABLE, MOODLE_22_STABLE
    • Hide
      • Create a service and authorise a user on it
      • Create a token for this user and this service
      • Delete the user but not the token
        => you should not see the token anymore displayed in the administration
        => the deleted user should not be authorised on the service anymore
      Show
      Create a service and authorise a user on it Create a token for this user and this service Delete the user but not the token => you should not see the token anymore displayed in the administration => the deleted user should not be authorised on the service anymore

      1- Even though the core web service servers check if the user related to the token is deleted, it would be better to delete tokens when users are deleted. (specially for third party server not using the webservice_server class containing the authentication method then this would be a security issue)

      2- In the same time the administration should not display token for deleted users (patch in http://moodle.org/mod/forum/discuss.php?d=174506#p765320)

            jerome Jérôme Mouneyrac
            jerome Jérôme Mouneyrac
            Rossiani Wijaya Rossiani Wijaya
            Eloy Lafuente (stronk7) Eloy Lafuente (stronk7)
            Gerard Caulfield Gerard Caulfield
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.