Merge branch 'MDL-40050-master' of git://github.com/FMCorz/moodle
authorMarina Glancy <marina@moodle.com>
Wed, 2 Oct 2013 06:54:59 +0000 (16:54 +1000)
committerMarina Glancy <marina@moodle.com>
Wed, 2 Oct 2013 06:54:59 +0000 (16:54 +1000)
1  2 
webservice/lib.php

diff --combined webservice/lib.php
@@@ -110,11 -110,12 +110,11 @@@ class webservice 
          enrol_check_plugins($user);
  
          // setup user session to check capability
 -        session_set_user($user);
 +        \core\session\manager::set_user($user);
  
          //assumes that if sid is set then there must be a valid associated session no matter the token type
          if ($token->sid) {
 -            $session = session_get_instance();
 -            if (!$session->session_exists($token->sid)) {
 +            if (!\core\session\manager::session_exists($token->sid)) {
                  $DB->delete_records('external_tokens', array('sid' => $token->sid));
                  throw new webservice_access_exception('Invalid session based token - session not found or expired');
              }
@@@ -866,8 -867,7 +866,7 @@@ abstract class webservice_server implem
              'context' => context_system::instance(),
              'other' => array(
                  'method' => $this->authmethod,
-                 'reason' => null,
-                 'token' => $this->token
+                 'reason' => null
              )
          );
  
  
          // now fake user login, the session is completely empty too
          enrol_check_plugins($user);
 -        session_set_user($user);
 +        \core\session\manager::set_user($user);
          $this->userid = $user->id;
  
          if ($this->authmethod != WEBSERVICE_AUTHMETHOD_SESSION_TOKEN && !has_capability("webservice/$this->wsname:use", $this->restricted_context)) {
              'context' => context_system::instance(),
              'other' => array(
                  'method' => $this->authmethod,
-                 'reason' => null,
-                 'token' => $this->token
+                 'reason' => null
              )
          );
  
          }
  
          if ($token->sid){//assumes that if sid is set then there must be a valid associated session no matter the token type
 -            $session = session_get_instance();
 -            if (!$session->session_exists($token->sid)){
 +            if (!\core\session\manager::session_exists($token->sid)){
                  $DB->delete_records('external_tokens', array('sid'=>$token->sid));
                  throw new webservice_access_exception('Invalid session based token - session not found or expired');
              }