MDL-67749 ws: Set private token when reset or manual create token
authorDani Palou <dani@moodle.com>
Tue, 11 Feb 2020 09:31:01 +0000 (10:31 +0100)
committerDani Palou <dani@moodle.com>
Wed, 19 Feb 2020 11:03:48 +0000 (12:03 +0100)
lib/externallib.php
webservice/lib.php

index f7394d0..e6d5e99 100644 (file)
@@ -773,7 +773,8 @@ function external_generate_token($tokentype, $serviceorid, $userid, $contextorid
     if (!empty($iprestriction)) {
         $newtoken->iprestriction = $iprestriction;
     }
-    $newtoken->privatetoken = null;
+    // Generate the private token, it must be transmitted only via https.
+    $newtoken->privatetoken = random_string(64);
     $DB->insert_record('external_tokens', $newtoken);
     return $newtoken->token;
 }
index abb2ed1..fe6c061 100644 (file)
@@ -370,7 +370,8 @@ class webservice {
                     $newtoken->contextid = context_system::instance()->id;
                     $newtoken->creatorid = $userid;
                     $newtoken->timecreated = time();
-                    $newtoken->privatetoken = null;
+                    // Generate the private token, it must be transmitted only via https.
+                    $newtoken->privatetoken = random_string(64);
 
                     $DB->insert_record('external_tokens', $newtoken);
                 }