Mahara

Allow users to self-issue webservice access tokens

Bug #1620879 reported by Aaron Wells on 2016-09-07

6

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Mahara	Fix Released	Wishlist	Unassigned	Mahara 16.10.0

Bug Description

For the generation 2 Mahara mobile app ( https://github.com/maharaproject/mahara-mobile ), we want users to be able to generate the access tokens they need via the app itself, rather than the current process where users have to log in to Mahara in a web browser, go to their account settings page, scroll to the bottom and manually create an access token (typing in its value themselves), then launch the mobile app and write that same access token into the mobile app.

Instead, we envision a process the same as the Moodle Mobile app. The user is presented with a username/password field, they enter their credentials there, and the app then does the dirty work of talking to the Mahara server, requesting the access token, and storing it.

In order to support SSO options, there also needs to be an alternative flow, where the app opens an embedded iframe that displays the Mahara login form, and returns the access token value back to the app when done.

Tags:

Revision history for this message

Aaron Wells (u-aaronw) wrote on 2016-09-07:

#1

See https://github.com/agwells/mahara/tree/mobile for my work in progress on this.

The following API changes need to be included (hopefully these can squeak into 16.10.0). Most of these are cribbed from how the functionality works in Moodle (because our Webservices module is port of the Moodle webservices module):

1. Addition of the two token-generation scripts, one REST-based for the in-app-form scenario; the other a standard webpage for the embedded-iframe SSO scenario.

2. Add a "shortname" to WS service groups, that the token generation scripts can use to unambiguously refer to which service group they want a token for.

3. Use the presence or absence of a "component" value for WS service groups, to indicate whether the service group was created by a plugin, or manually created by a human. The "component" should indicate which plugin created them.

3a. Block the UI from adding/removing functions from plugin-created service groups.

3b. Update all the "example" service groups that currently ship with Mahara, so that they no longer have a "component" value

4. Implement any necessary functions and/or service groups for the mobile app. (The clean way of doing this would be to make the app do everything through the new webservices system, and get rid of the old /api/mobile directory. The quick-and-dirty way of doing this would be to create a function in the new webservice, for generating the tokens used by /api/mobile. [So yes, that would mean the app gets a token for the *new* webservices, then uses that to get a token for the *old* webservices.])

5. Determine the access control; which users are allowed to self-generate webservice tokens? Moodle does this via its capabilities system, which there is no direct equivalent of in Moodle. The current webservices permissions don't exactly work for this. See follow-up note for more details.

6. Give users the ability to inspect and cancel their self-issued webservices tokens. (This mainly means, changing the permissions and navigation menus for webservice/apptokens.php, which is currently an admin-only script that handles this behavior.)

See https://github.com/agwells/mahara/tree/mobile for my work in progress on this.

The following API changes need to be included (hopefully these can squeak into 16.10.0). Most of these are cribbed from how the functionality works in Moodle (because our Webservices module is port of the Moodle webservices module):

1. Addition of the two token-generation scripts, one REST-based for the in-app-form scenario; the other a standard webpage for the embedded-iframe SSO scenario.

2. Add a "shortname" to WS service groups, that the token generation scripts can use to unambiguously refer to which service group they want a token for.

3. Use the presence or absence of a "component" value for WS service groups, to indicate whether the service group was created by a plugin, or manually created by a human. The "component" should indicate which plugin created them.

3a. Block the UI from adding/removing functions from plugin-created service groups.

3b. Update all the "example" service groups that currently ship with Mahara, so that they no longer have a "component" value

4. Implement any necessary functions and/or service groups for the mobile app. (The clean way of doing this would be to make the app do everything through the new webservices system, and get rid of the old /api/mobile directory. The quick-and-dirty way of doing this would be to create a function in the new webservice, for generating the tokens used by /api/mobile. [So yes, that would mean the app gets a token for the *new* webservices, then uses that to get a token for the *old* webservices.])

5. Determine the access control; which users are allowed to self-generate webservice tokens? Moodle does this via its capabilities system, which there is no direct equivalent of in Moodle. The current webservices permissions don't exactly work for this. See follow-up note for more details.

6. Give users the ability to inspect and cancel their self-issued webservices tokens. (This mainly means, changing the permissions and navigation menus for webservice/apptokens.php, which is currently an admin-only script that handles this behavior.)

Revision history for this message

Aaron Wells (u-aaronw) wrote on 2016-09-07:

#2

So, the one undetermined issue with users self-issuing tokens, is access control. In Moodle there's a capability for this, and also any user who is a site admin is *not* allowed to self-issue tokens through the REST interface, for security purposes. (Admins can still self-generate tokens through the web UI)

We can easily add the restriction on admin users if we want, but the bigger question is, how do we decide which normal users can self-issue webservices tokens?

Currently, the closest thing we have is the "webservice" auth method. However, this isn't quite what we need. It is written to allow "robot" users, which authenticate to webservices via a username and password, but cannot log in to Mahara via the normal methods. We could use its presence or absence in an institution to determine whether the institution as a whole allows webservices, but I don't think that's a good idea because it would confuse admins as to the purpose of this auth plugin. The last thing we want is admins assigning users the "webservice" auth to try to let them use the app, and then discovering the users can no longer log in to Mahara.

We also have per-institution connection manager setup. However, this also isn't appropriate, because the connection manager is only for configuring *outgoing* connections, i.e. Mahara using webservices to retrieve data from another service provider. In the token-issuing scenario, Mahara is instead accepting *incoming* connections.

So probably what would make the most sense, would be to turn this into another per-institution setting with a sitewide default. Ideally it'd be as granular as the connection manager; so individual institutions could enable/disable individual user-token-issuing for each service group. However, it could start with a simple institution-level "on-off": "Allow individual users to access webservices (for mobile applications)"

That said... since we're so late in the 16.10 release process we should probably go the simplest route. And the drop-dead simplest thing would be to piggyback this on the existing "Allow mobile uploads" sitewide admin setting. So for that route, we would hard-code the token-issuing scripts to *only* allow access to the Mahara mobile app service group, and access would be contingent on the "Allow mobile uploads" setting. (Or perhaps add a DB flag to service groups in the database to indicate that they are "mobile uploads"). So, I'll probably go that route.

So, the one undetermined issue with users self-issuing tokens, is access control. In Moodle there's a capability for this, and also any user who is a site admin is *not* allowed to self-issue tokens through the REST interface, for security purposes. (Admins can still self-generate tokens through the web UI)

We can easily add the restriction on admin users if we want, but the bigger question is, how do we decide which normal users can self-issue webservices tokens?

Currently, the closest thing we have is the "webservice" auth method. However, this isn't quite what we need. It is written to allow "robot" users, which authenticate to webservices via a username and password, but cannot log in to Mahara via the normal methods. We could use its presence or absence in an institution to determine whether the institution as a whole allows webservices, but I don't think that's a good idea because it would confuse admins as to the purpose of this auth plugin. The last thing we want is admins assigning users the "webservice" auth to try to let them use the app, and then discovering the users can no longer log in to Mahara.

We also have per-institution connection manager setup. However, this also isn't appropriate, because the connection manager is only for configuring *outgoing* connections, i.e. Mahara using webservices to retrieve data from another service provider. In the token-issuing scenario, Mahara is instead accepting *incoming* connections.

So probably what would make the most sense, would be to turn this into another per-institution setting with a sitewide default. Ideally it'd be as granular as the connection manager; so individual institutions could enable/disable individual user-token-issuing for each service group. However, it could start with a simple institution-level "on-off": "Allow individual users to access webservices (for mobile applications)"

That said... since we're so late in the 16.10 release process we should probably go the simplest route. And the drop-dead simplest thing would be to piggyback this on the existing "Allow mobile uploads" sitewide admin setting. So for that route, we would hard-code the token-issuing scripts to *only* allow access to the Mahara mobile app service group, and access would be contingent on the "Allow mobile uploads" setting. (Or perhaps add a DB flag to service groups in the database to indicate that they are "mobile uploads"). So, I'll probably go that route.

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-09-11: A patch has been submitted for review

#3

Patch for "master" branch: https://reviews.mahara.org/6952

Revision history for this message

Robert Lyon (robertl-9) wrote on 2016-09-11:

#4

partially hidden delete button Edit (38.3 KiB, image/png)

During testing I noted a delete button being hidden by right sidebar - see attached

Revision history for this message

Aaron Wells (u-aaronw) wrote on 2016-09-13:

#5

As Robert pointed out, the webservice/apptokens.php page, "Settings -> Web services", is a big, wide table, which overlaps the sidebars. It also has a bunch of messy hard-coded HTML in it which should probably be extracted out into a Smarty template. (This is probably because it was ported from a Moodle HTML generator class originally.)

We should really redesign it to be less tabular and more flexible. For now, I've just disabled the display of the sidebars on that page.

Kristina Hoeppner (kris-hoeppner) on 2016-09-19

Changed in mahara:
status:	New → In Progress
importance:	Undecided → Medium
milestone:	none → 16.10.0
importance:	Medium → Wishlist

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-09-26:

#6

Patch for "master" branch: https://reviews.mahara.org/7031

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-09-26:

#7

Patch for "master" branch: https://reviews.mahara.org/7033

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-09-26:

#8

Patch for "master" branch: https://reviews.mahara.org/7035

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-09-26:

#17

Patch for "master" branch: https://reviews.mahara.org/7032

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-09-26:

#18

Patch for "master" branch: https://reviews.mahara.org/7034

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-09-26:

#9

Patch for "master" branch: https://reviews.mahara.org/7037

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-09-26:

#10

Patch for "master" branch: https://reviews.mahara.org/7039

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-09-26:

#11

Patch for "master" branch: https://reviews.mahara.org/7036

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-09-26:

#12

Patch for "master" branch: https://reviews.mahara.org/7038

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-09-26:

#13

Patch for "master" branch: https://reviews.mahara.org/7040

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-09-26:

#14

Patch for "master" branch: https://reviews.mahara.org/7043

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-09-26:

#15

Patch for "master" branch: https://reviews.mahara.org/7044

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-09-26:

#16

Patch for "master" branch: https://reviews.mahara.org/7041

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-09-26:

#19

Patch for "master" branch: https://reviews.mahara.org/7042

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-09-26: A change has been merged

#20

Reviewed: https://reviews.mahara.org/6952
Committed: https://git.mahara.org/mahara/mahara/commit/d382d069581fd43c6173c14269adaa35f10d94f6
Submitter: Aaron Wells (<email address hidden>)
Branch: master

commit d382d069581fd43c6173c14269adaa35f10d94f6
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 13:53:01 2016 +1300

Bug 1620879: Improve JSON error messages when JSON flag is on

JSON-encodes more information about the error or exception,
and adds an optional error number.

behatnotneeded: Can't test in Behat

Change-Id: I258e7a275d78c91a5f8cd638ab7f6a7590125a6d

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-09-26: A patch has been submitted for review

#21

Patch for "16.10_STABLE" branch: https://reviews.mahara.org/7046

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-09-26: A change has been merged

#22

Reviewed: https://reviews.mahara.org/7046
Committed: https://git.mahara.org/mahara/mahara/commit/8f55eefd9875babc44ab2c4beae0caac25d31a8a
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE

commit 8f55eefd9875babc44ab2c4beae0caac25d31a8a
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 13:53:01 2016 +1300

Bug 1620879: Improve JSON error messages when JSON flag is on

JSON-encodes more information about the error or exception,
and adds an optional error number.

behatnotneeded: Can't test in Behat

Change-Id: I258e7a275d78c91a5f8cd638ab7f6a7590125a6d
(cherry picked from commit d382d069581fd43c6173c14269adaa35f10d94f6)

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-05: A patch has been submitted for review

#23

Patch for "master" branch: https://reviews.mahara.org/7079

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-05: A change has been merged

#24

Reviewed: https://reviews.mahara.org/7032
Committed: https://git.mahara.org/mahara/mahara/commit/d159aaf425c9453a1d25720eace96f48a2b62d47
Submitter: Aaron Wells (<email address hidden>)
Branch: master

commit d159aaf425c9453a1d25720eace96f48a2b62d47
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 14:16:41 2016 +1300

Bug 1620879: Changes to service groups to facilitate automation

- Adding "shortname" field to service groups
- Marking plugin-created service groups, as the ones that have
a "component" field. Make the function list for plugin-created
service groups not editable by users.
- Since users may have already edited the old "sample" service
groups, removing the "component" value from those.
- And, to avoid trouble going forward, preventing the install
of the sample service groups on new installations

behatnotneeded: Tests to be written later

Change-Id: I23c781d6f2bbf689c12de30a67882bf3f1f4aff9

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-05:

#25

Reviewed: https://reviews.mahara.org/7033
Committed: https://git.mahara.org/mahara/mahara/commit/0633673a9772f3ca90bf0df2203d1f23d6f6534d
Submitter: Aaron Wells (<email address hidden>)
Branch: master

commit 0633673a9772f3ca90bf0df2203d1f23d6f6534d
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 14:25:09 2016 +1300

Bug 1620879: Add "apiversion" field to external_services

To help clients determine which version of a webservice
they might be connecting to.

behatnotneeded: Tests to come later

Change-Id: I90abd0d9470cba4ae42ee3a22a6c0629d325f8d2

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-05: A patch has been submitted for review

#26

Patch for "16.10_STABLE" branch: https://reviews.mahara.org/7086

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-05:

#27

Patch for "16.10_STABLE" branch: https://reviews.mahara.org/7087

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-05: A change has been merged

#28

Reviewed: https://reviews.mahara.org/7087
Committed: https://git.mahara.org/mahara/mahara/commit/75fb7791ff09a23bd2b177bdde6c325237d146e8
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE

commit 75fb7791ff09a23bd2b177bdde6c325237d146e8
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 14:25:09 2016 +1300

Bug 1620879: Add "apiversion" field to external_services

To help clients determine which version of a webservice
they might be connecting to.

behatnotneeded: Tests to come later

Change-Id: I90abd0d9470cba4ae42ee3a22a6c0629d325f8d2

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-05:

#29

Reviewed: https://reviews.mahara.org/7086
Committed: https://git.mahara.org/mahara/mahara/commit/ecc2b8daa129c946ae26cf7df3c83418c4f8c17f
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE

commit ecc2b8daa129c946ae26cf7df3c83418c4f8c17f
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 14:16:41 2016 +1300

Bug 1620879: Changes to service groups to facilitate automation

- Adding "shortname" field to service groups
- Marking plugin-created service groups, as the ones that have
a "component" field. Make the function list for plugin-created
service groups not editable by users.
- Since users may have already edited the old "sample" service
groups, removing the "component" value from those.
- And, to avoid trouble going forward, preventing the install
of the sample service groups on new installations

behatnotneeded: Tests to be written later

Change-Id: I23c781d6f2bbf689c12de30a67882bf3f1f4aff9
(cherry picked from commit d159aaf425c9453a1d25720eace96f48a2b62d47)

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-07:

#30

Reviewed: https://reviews.mahara.org/7031
Committed: https://git.mahara.org/mahara/mahara/commit/6d8b81f4649ed6a6cda14270878d09d71797dd96
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 6d8b81f4649ed6a6cda14270878d09d71797dd96
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 13:57:58 2016 +1300

Bug 1620879: Improve formatting of WS function descriptions

behatnotneeded

Change-Id: Idea08ba7827d939af6f2fc8ec6be30774f2af5cb

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-07: A patch has been submitted for review

#31

Patch for "16.10_STABLE" branch: https://reviews.mahara.org/7090

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-07: A change has been merged

#32

Reviewed: https://reviews.mahara.org/7090
Committed: https://git.mahara.org/mahara/mahara/commit/29076d44aadcbfdfe693f809e74aa090602e7e95
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE

commit 29076d44aadcbfdfe693f809e74aa090602e7e95
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 13:57:58 2016 +1300

Bug 1620879: Improve formatting of WS function descriptions

behatnotneeded

Change-Id: Idea08ba7827d939af6f2fc8ec6be30774f2af5cb
(cherry picked from commit 6d8b81f4649ed6a6cda14270878d09d71797dd96)

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-07:

#33

Reviewed: https://reviews.mahara.org/7034
Committed: https://git.mahara.org/mahara/mahara/commit/98ca273e25d578d53b5992c2472a082e93271126
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 98ca273e25d578d53b5992c2472a082e93271126
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 14:34:31 2016 +1300

Bug 1620879: Remove extraneous "/webservice" from end of plugin components

Currently, a plugin has to list its component as e.g.
"module/mobileapi/webservice". This could just be "module/mobileapi".

Since we're using the component string as part of the automated token
request system, it's better to change this now to something more sensible.

behatnotneeded: Tests to come later

Change-Id: Ia7663065b79598d92c3bf8450c5539efb6aa3e2d

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-07: A patch has been submitted for review

#34

Patch for "16.10_STABLE" branch: https://reviews.mahara.org/7095

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-07: A change has been merged

#35

Reviewed: https://reviews.mahara.org/7095
Committed: https://git.mahara.org/mahara/mahara/commit/ec8471aeead83714b56d86e6949b6fa27f7c3ab1
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE

commit ec8471aeead83714b56d86e6949b6fa27f7c3ab1
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 14:34:31 2016 +1300

Bug 1620879: Remove extraneous "/webservice" from end of plugin components

Currently, a plugin has to list its component as e.g.
"module/mobileapi/webservice". This could just be "module/mobileapi".

Since we're using the component string as part of the automated token
request system, it's better to change this now to something more sensible.

behatnotneeded: Tests to come later

Change-Id: Ia7663065b79598d92c3bf8450c5539efb6aa3e2d
(cherry picked from commit 98ca273e25d578d53b5992c2472a082e93271126)

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-07:

#36

Reviewed: https://reviews.mahara.org/7035
Committed: https://git.mahara.org/mahara/mahara/commit/ef871685926ce8767aaa0c0e6e94bea6f80e1a3e
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit ef871685926ce8767aaa0c0e6e94bea6f80e1a3e
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 14:38:23 2016 +1300

Bug 1620879: Combine duplicate "get_allowed_services" method

Two of the server classes had their own implementations of this,
with slightly different logic. Moving it up into the parent class
in order to make sure everything works the same, all the time.

behatnotneeded: Can't test in Behat

Change-Id: I91c205822a18213c475bbef7c784247cebdbd649

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-07: A patch has been submitted for review

#37

Patch for "16.10_STABLE" branch: https://reviews.mahara.org/7096

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-07: A change has been merged

#38

Reviewed: https://reviews.mahara.org/7096
Committed: https://git.mahara.org/mahara/mahara/commit/75fb4eb6d5331844859a933264642d5730ba9cb5
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE

commit 75fb4eb6d5331844859a933264642d5730ba9cb5
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 14:38:23 2016 +1300

Bug 1620879: Combine duplicate "get_allowed_services" method

Two of the server classes had their own implementations of this,
with slightly different logic. Moving it up into the parent class
in order to make sure everything works the same, all the time.

behatnotneeded: Can't test in Behat

Change-Id: I91c205822a18213c475bbef7c784247cebdbd649
(cherry picked from commit ef871685926ce8767aaa0c0e6e94bea6f80e1a3e)

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-07:

#39

Reviewed: https://reviews.mahara.org/7036
Committed: https://git.mahara.org/mahara/mahara/commit/872da91396efe09df7dcd80e0ee53c9547456fb5
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 872da91396efe09df7dcd80e0ee53c9547456fb5
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 14:42:45 2016 +1300

Bug 1620879: Allow a user to have multiple tokens for the same service

behatnotneeded: Test to come later

Change-Id: I77131ad76a5a9f1c6e0f780fdb9bff07d70a8421

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-07:

#40

Reviewed: https://reviews.mahara.org/7037
Committed: https://git.mahara.org/mahara/mahara/commit/219e7553f5321ecf35fdde58f4a7652f732a58b1
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 219e7553f5321ecf35fdde58f4a7652f732a58b1
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 14:45:15 2016 +1300

Bug 1620879: Add fields to external_tokens to record client app

These fields can be used to indicate which client app
registered and/or is using the token

behatnotneeded: Can't be tested in Behat

Change-Id: I939c844cc5474fc799ddfd002a1052bb4ca67d1b

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-07:

#41

Reviewed: https://reviews.mahara.org/7058
Committed: https://git.mahara.org/mahara/mahara/commit/72498ad745a4a5cf764d025ac5571754f3b74966
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 72498ad745a4a5cf764d025ac5571754f3b74966
Author: Aaron Wells <email address hidden>
Date: Mon Oct 3 13:20:07 2016 +1300

Bug 1620879: Improved webservice param validation

- Respect the "optional" and "default" flags for
object and array params (not just scalar params)

- Allow REST server to handle file upload params ($_FILES)

behatnotneeded: Tests to come later

Change-Id: I3a6a6ccf7c9de1711e2fd39aa5f130c245823721

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-07: A patch has been submitted for review

#42

Patch for "16.10_STABLE" branch: https://reviews.mahara.org/7098

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-07: A change has been merged

#43

Reviewed: https://reviews.mahara.org/7098
Committed: https://git.mahara.org/mahara/mahara/commit/1f808bee841e8ee73a6b07351cbf0d2329dda15b
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE

commit 1f808bee841e8ee73a6b07351cbf0d2329dda15b
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 14:42:45 2016 +1300

Bug 1620879: Allow a user to have multiple tokens for the same service

behatnotneeded: Test to come later

Change-Id: I77131ad76a5a9f1c6e0f780fdb9bff07d70a8421
(cherry picked from commit 872da91396efe09df7dcd80e0ee53c9547456fb5)

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-07: A patch has been submitted for review

#44

Patch for "16.10_STABLE" branch: https://reviews.mahara.org/7099

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-07: A change has been merged

#45

Reviewed: https://reviews.mahara.org/7099
Committed: https://git.mahara.org/mahara/mahara/commit/949d2d6064233738b64d6e09a3da36e10048e1a2
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE

commit 949d2d6064233738b64d6e09a3da36e10048e1a2
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 14:45:15 2016 +1300

Bug 1620879: Add fields to external_tokens to record client app

These fields can be used to indicate which client app
registered and/or is using the token

behatnotneeded: Can't be tested in Behat

Change-Id: I939c844cc5474fc799ddfd002a1052bb4ca67d1b
(cherry picked from commit 219e7553f5321ecf35fdde58f4a7652f732a58b1)

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-07: A patch has been submitted for review

#46

Patch for "16.10_STABLE" branch: https://reviews.mahara.org/7100

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-07: A change has been merged

#47

Reviewed: https://reviews.mahara.org/7100
Committed: https://git.mahara.org/mahara/mahara/commit/a03d2573ac9299ee12afda505c3acfc708caf391
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE

commit a03d2573ac9299ee12afda505c3acfc708caf391
Author: Aaron Wells <email address hidden>
Date: Mon Oct 3 13:20:07 2016 +1300

Bug 1620879: Improved webservice param validation

- Respect the "optional" and "default" flags for
object and array params (not just scalar params)

- Allow REST server to handle file upload params ($_FILES)

behatnotneeded: Tests to come later

Change-Id: I3a6a6ccf7c9de1711e2fd39aa5f130c245823721
(cherry picked from commit 72498ad745a4a5cf764d025ac5571754f3b74966)

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-11:

#48

Reviewed: https://reviews.mahara.org/7039
Committed: https://git.mahara.org/mahara/mahara/commit/9345d3e547948fef5f73958e8045683442dfe335
Submitter: Aaron Wells (<email address hidden>)
Branch: master

commit 9345d3e547948fef5f73958e8045683442dfe335
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 14:59:04 2016 +1300

Bug 1620879: Add page for non-admin users to manager app tokens

behatnotneeded: Test to come later

Change-Id: I2663d376f6bc50d7195d6d26d65206a47385e21c

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-11:

#49

Reviewed: https://reviews.mahara.org/7038
Committed: https://git.mahara.org/mahara/mahara/commit/15334434f9a86dfdb43797d14d5656b0e2138bdc
Submitter: Aaron Wells (<email address hidden>)
Branch: master

commit 15334434f9a86dfdb43797d14d5656b0e2138bdc
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 14:55:01 2016 +1300

Bug 1620879: Adding mobileapi module

This module will hold most of the code specifically needed
by the Mahara Mobile app (as opposed to normal webservices
functionality, which is mostly meant to be server-to-server)

behatnotneeded: Test to come later

Change-Id: I8dca163ba9dd4c1777564e305cf49768358be088

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-11:

#50

Reviewed: https://reviews.mahara.org/7040
Committed: https://git.mahara.org/mahara/mahara/commit/2d93d2ee90c0bde0c9c27f4eba82931c99839bfc
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 2d93d2ee90c0bde0c9c27f4eba82931c99839bfc
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 15:23:08 2016 +1300

Bug 1620879: Adding user self-service token gen scripts

behatnotneeded: Test to come later

Change-Id: I0c1b2b7ee9cc927a23c498293da0ddc1ec31f31e

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-11: A patch has been submitted for review

#51

Patch for "16.10_STABLE" branch: https://reviews.mahara.org/7110

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-11: A change has been merged

#52

Reviewed: https://reviews.mahara.org/7110
Committed: https://git.mahara.org/mahara/mahara/commit/9206fd44a2f0a2c818b949386bcd90cac21514b9
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE

commit 9206fd44a2f0a2c818b949386bcd90cac21514b9
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 14:55:01 2016 +1300

Bug 1620879: Adding mobileapi module

This module will hold most of the code specifically needed
by the Mahara Mobile app (as opposed to normal webservices
functionality, which is mostly meant to be server-to-server)

behatnotneeded: Test to come later

Change-Id: I8dca163ba9dd4c1777564e305cf49768358be088
(cherry picked from commit 15334434f9a86dfdb43797d14d5656b0e2138bdc)

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-11: A patch has been submitted for review

#53

Patch for "16.10_STABLE" branch: https://reviews.mahara.org/7111

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-11: A change has been merged

#54

Reviewed: https://reviews.mahara.org/7111
Committed: https://git.mahara.org/mahara/mahara/commit/bf45ba8edcf8af171177575f69a38657104da90d
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE

commit bf45ba8edcf8af171177575f69a38657104da90d
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 14:59:04 2016 +1300

Bug 1620879: Add page for non-admin users to manager app tokens

behatnotneeded: Test to come later

Change-Id: I2663d376f6bc50d7195d6d26d65206a47385e21c
(cherry picked from commit 9345d3e547948fef5f73958e8045683442dfe335)

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-11: A patch has been submitted for review

#55

Patch for "16.10_STABLE" branch: https://reviews.mahara.org/7112

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-11: A change has been merged

#56

Reviewed: https://reviews.mahara.org/7112
Committed: https://git.mahara.org/mahara/mahara/commit/2ae5a4e430f5530cbbdfa2c50a667c9937f9281f
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE

commit 2ae5a4e430f5530cbbdfa2c50a667c9937f9281f
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 15:23:08 2016 +1300

Bug 1620879: Adding user self-service token gen scripts

behatnotneeded: Test to come later

Change-Id: I0c1b2b7ee9cc927a23c498293da0ddc1ec31f31e
(cherry picked from commit 2d93d2ee90c0bde0c9c27f4eba82931c99839bfc)

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-12:

#57

Reviewed: https://reviews.mahara.org/7042
Committed: https://git.mahara.org/mahara/mahara/commit/08f5a3aff09e789740084028417808664f220e23
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 08f5a3aff09e789740084028417808664f220e23
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 15:27:05 2016 +1300

Bug 1620879: Adding pre-auth JSON script to aid apps in using automatic registration

behatnotneeded: Test to come later

Change-Id: Ie57d662b8edf69eb16cab248db5b432b7492a6a2

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-12:

#58

Reviewed: https://reviews.mahara.org/7043
Committed: https://git.mahara.org/mahara/mahara/commit/29324842c3613021a962f5efc9bedb80a8c5c55b
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 29324842c3613021a962f5efc9bedb80a8c5c55b
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 15:30:49 2016 +1300

Bug 1620879: Adding script to help webservices download user icons

behatnotneeded: Covered by existing tests

Change-Id: Iec9939b02b7b38fbf0f3217d6be45d538e3a9760

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-12:

#59

Reviewed: https://reviews.mahara.org/7041
Committed: https://git.mahara.org/mahara/mahara/commit/2c8761b27eda16843d85441edb0f9c53e0f07b17
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 2c8761b27eda16843d85441edb0f9c53e0f07b17
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 14:02:50 2016 +1300

Bug 1620879: Make SAML auth return to initial URL after login

This is needed specifically for the
module/mobileapi/tokenform.php script

Also adding an anchor "#sso" at the extra login elements,
to allow the app to scroll that part into view.

behatnotneeded: Can't test in Behat (yet)

Change-Id: I4363976522b8339542002535d8ba57fdc70496ac

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-12: A patch has been submitted for review

#60

Patch for "16.10_STABLE" branch: https://reviews.mahara.org/7113

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-12: A change has been merged

#61

Reviewed: https://reviews.mahara.org/7113
Committed: https://git.mahara.org/mahara/mahara/commit/89147cceafcece438ab91671c6601640f023301a
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE

commit 89147cceafcece438ab91671c6601640f023301a
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 14:02:50 2016 +1300

Bug 1620879: Make SAML auth return to initial URL after login

This is needed specifically for the
module/mobileapi/tokenform.php script

Also adding an anchor "#sso" at the extra login elements,
to allow the app to scroll that part into view.

behatnotneeded: Can't test in Behat (yet)

Change-Id: I4363976522b8339542002535d8ba57fdc70496ac
(cherry picked from commit 2c8761b27eda16843d85441edb0f9c53e0f07b17)

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-12: A patch has been submitted for review

#62

Patch for "16.10_STABLE" branch: https://reviews.mahara.org/7114

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-12: A change has been merged

#63

Reviewed: https://reviews.mahara.org/7114
Committed: https://git.mahara.org/mahara/mahara/commit/2533cf069c8fcbd90efb158bd70b7a079048a53b
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE

commit 2533cf069c8fcbd90efb158bd70b7a079048a53b
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 15:27:05 2016 +1300

Bug 1620879: Adding pre-auth JSON script to aid apps in using automatic registration

behatnotneeded: Test to come later

Change-Id: Ie57d662b8edf69eb16cab248db5b432b7492a6a2
(cherry picked from commit 08f5a3aff09e789740084028417808664f220e23)

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-12: A patch has been submitted for review

#64

Patch for "16.10_STABLE" branch: https://reviews.mahara.org/7115

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-12: A change has been merged

#65

Reviewed: https://reviews.mahara.org/7115
Committed: https://git.mahara.org/mahara/mahara/commit/e68c11248f0f2dd9f5623f7db5a30324c0e3844a
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE

commit e68c11248f0f2dd9f5623f7db5a30324c0e3844a
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 15:30:49 2016 +1300

Bug 1620879: Adding script to help webservices download user icons

behatnotneeded: Covered by existing tests

Change-Id: Iec9939b02b7b38fbf0f3217d6be45d538e3a9760
(cherry picked from commit 29324842c3613021a962f5efc9bedb80a8c5c55b)

Kristina Hoeppner (kris-hoeppner) on 2016-10-12

tags:

added: nominatedfeature

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-17:

#66

Reviewed: https://reviews.mahara.org/7044
Committed: https://git.mahara.org/mahara/mahara/commit/a617b3c21864aedf1c26f107537da5024a212fb2
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit a617b3c21864aedf1c26f107537da5024a212fb2
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 15:32:04 2016 +1300

Bug 1620879: Adding webservices to replicate api/mobile functionality.

behatnotneeded: can't test in behat

Change-Id: I9b8cfada9122cafe72afea86f573873b9d781bfb

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-17:

#67

Reviewed: https://reviews.mahara.org/7079
Committed: https://git.mahara.org/mahara/mahara/commit/7cf66563a3ee1bc415566787b07c62b6cac430c5
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 7cf66563a3ee1bc415566787b07c62b6cac430c5
Author: Aaron Wells <email address hidden>
Date: Wed Oct 5 17:07:20 2016 +1300

Bug 1620879: Language string changes

plus fix for non custom service groups edit button to have right side
border

behatnotneeded

Change-Id: Ib760673905f022823038a1240c87dc12f8714444

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-17: A patch has been submitted for review

#68

Patch for "16.10_STABLE" branch: https://reviews.mahara.org/7132

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-17: A change has been merged

#69

Reviewed: https://reviews.mahara.org/7132
Committed: https://git.mahara.org/mahara/mahara/commit/032b6ba69ec7fc0db1f6a61ec53402c3c1a1cb49
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE

commit 032b6ba69ec7fc0db1f6a61ec53402c3c1a1cb49
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 15:32:04 2016 +1300

Bug 1620879: Adding webservices to replicate api/mobile functionality.

behatnotneeded: can't test in behat

Change-Id: I9b8cfada9122cafe72afea86f573873b9d781bfb
(cherry picked from commit a617b3c21864aedf1c26f107537da5024a212fb2)

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-17: A patch has been submitted for review

#70

Patch for "16.10_STABLE" branch: https://reviews.mahara.org/7133

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-10-17: A change has been merged

#71

Reviewed: https://reviews.mahara.org/7133
Committed: https://git.mahara.org/mahara/mahara/commit/c9f30142a9908057a1f8ca02d63b9cd50667f846
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE

commit c9f30142a9908057a1f8ca02d63b9cd50667f846
Author: Aaron Wells <email address hidden>
Date: Wed Oct 5 17:07:20 2016 +1300

Bug 1620879: Language string changes

plus fix for non custom service groups edit button to have right side
border

behatnotneeded

Change-Id: Ib760673905f022823038a1240c87dc12f8714444
(cherry picked from commit 7cf66563a3ee1bc415566787b07c62b6cac430c5)

Robert Lyon (robertl-9) on 2016-10-17

Changed in mahara:
status:	In Progress → Fix Committed

Robert Lyon (robertl-9) on 2016-10-21

Changed in mahara:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

partially hidden delete button Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.