MDL-67749 ws: Set private token when reset or manual create token

author Dani Palou <dani@moodle.com>

Tue, 11 Feb 2020 09:31:01 +0000 (10:31 +0100)

committer Dani Palou <dani@moodle.com>

Wed, 19 Feb 2020 11:03:48 +0000 (12:03 +0100)
author Dani Palou <dani@moodle.com>
Tue, 11 Feb 2020 09:31:01 +0000 (10:31 +0100)
committer Dani Palou <dani@moodle.com>
Wed, 19 Feb 2020 11:03:48 +0000 (12:03 +0100)
diff --git a/lib/externallib.php b/lib/externallib.php

index f7394d0..e6d5e99 100644 (file)
--- a/lib/externallib.php
+++ b/lib/externallib.php
@@ -773,7 +773,8 @@ function external_generate_token($tokentype, $serviceorid, $userid, $contextorid
      if (!empty($iprestriction)) {
          $newtoken->iprestriction = $iprestriction;
      }
-    $newtoken->privatetoken = null;
+    // Generate the private token, it must be transmitted only via https.
+    $newtoken->privatetoken = random_string(64);
      $DB->insert_record('external_tokens', $newtoken);
      return $newtoken->token;
  }
diff --git a/webservice/lib.php b/webservice/lib.php

index abb2ed1..fe6c061 100644 (file)
--- a/webservice/lib.php
+++ b/webservice/lib.php
@@ -370,7 +370,8 @@ class webservice {
                      $newtoken->contextid = context_system::instance()->id;
                      $newtoken->creatorid = $userid;
                      $newtoken->timecreated = time();
-                    $newtoken->privatetoken = null;
+                    // Generate the private token, it must be transmitted only via https.
+                    $newtoken->privatetoken = random_string(64);
  
                      $DB->insert_record('external_tokens', $newtoken);
                  }
author	Dani Palou <dani@moodle.com>
	Tue, 11 Feb 2020 09:31:01 +0000 (10:31 +0100)
committer	Dani Palou <dani@moodle.com>
	Wed, 19 Feb 2020 11:03:48 +0000 (12:03 +0100)
lib/externallib.php		patch \| blob \| blame \| history
webservice/lib.php		patch \| blob \| blame \| history