/** * Get user info should fail if is passed an invalid token with secret. * It should be allowed to continue othewise. * * @return void */ public function test_get_user_info_invalid_token() { $callback = 'block_mhaairs_utilservice_external::get_user_info'; $this->set_user('admin'); $secret = 'DF4#R66'; $userid = $this->student1->username; $equal = true; // SECRET NOT CONFIGURED. // Invalid token missing userid. // Should fail with or without a correct secret. $this->assert_invalid_token('time=' . MHUtil::get_time_stamp()); $this->assert_invalid_token('time=' . MHUtil::get_time_stamp(), $secret); // Invalid token with userid. // Should NOT fail with or without secret. $this->assert_invalid_token("userid={$userid}", null, !$equal); $this->assert_invalid_token("userid={$userid}", $secret, !$equal); // SECRET CONFIGURED. set_config('block_mhaairs_shared_secret', $secret); // Invalid token missing userid. // Should fail with or without a correct secret. $this->assert_invalid_token('time=' . MHUtil::get_time_stamp()); $this->assert_invalid_token('time=' . MHUtil::get_time_stamp(), $secret); // Invalid token with userid. // Should fail with or without a correct secret. $this->assert_invalid_token("userid={$userid}", null, $equal); $this->assert_invalid_token("userid={$userid}", $secret, $equal); // Valid token, incorrect secret. $this->assert_invalid_token(MHUtil::create_token($userid), $secret . '7', $equal); }
} $token = optional_param('token', 'test', PARAM_ALPHANUM); $action = optional_param('action', null, PARAM_ALPHA); $username = optional_param('username', null, PARAM_USERNAME); $userid = optional_param('userid', null, PARAM_INT); $password = optional_param('password', null, PARAM_TEXT); $identitytype = optional_param('identitytype', null, PARAM_TEXT); if (empty($secure) and !empty($CFG->block_mhaairs_sslonly)) { echo 'Connection must be secured with SSL'; return; } $secret = !empty($CFG->block_mhaairs_shared_secret) ? $CFG->block_mhaairs_shared_secret : ''; $result = null; switch ($action) { case "test": $result = "OK"; break; case "ValidateLogin": $result = MHUtil::validate_login($token, $secret, $username, $password); break; case "GetUserInfo": $result = MHUtil::get_user_info($token, $secret, $identitytype); break; case "GetServerTime": $result = MHUtil::get_time_stamp(); break; default: break; } header('Content-Type: application/json; charset=utf-8'); echo json_encode($result);
// // Moodle is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // You should have received a copy of the GNU General Public License // along with Moodle. If not, see <http://www.gnu.org/licenses/>. require_once '../../config.php'; global $CFG; require_once $CFG->libdir . '/accesslib.php'; require_once $CFG->libdir . '/datalib.php'; require_once $CFG->libdir . '/moodlelib.php'; require_once $CFG->dirroot . '/blocks/mhaairs/block_mhaairs_util.php'; global $CFG, $COURSE, $USER, $_SERVER; $blockrequestbase = "/blocks/mhaairs/"; $testuserid = "moodleinstructor"; $testcourseid = "testcourse123"; $testtimestamp = MHUtil::get_time_stamp(); echo "<p>time stamp:<b>" . $testtimestamp . "</b></p>"; echo "<p>test user id:<b>" . $testuserid . "</b></p>"; echo "<p>test course id:<b>" . $testcourseid . "</b></p>"; $customer = $CFG->block_mhaairs_customer_number; $sharedsecret = $CFG->block_mhaairs_sharedsecret; $base = $CFG->block_mhaairs_base_address; $requesttoken = MHUtil::create_token($testuserid); $encodedrequesttoken = MHUtil::encode_token2($requesttoken, $sharedsecret); echo "<p>the token is valid:<b>" . (MHUtil::is_token_valid($encodedrequesttoken, $sharedsecret) ? "true" : "false") . "</b></p>"; $getuserinfourl = $blockrequestbase . "block_mhaairs_action.php?action=GetUserInfo&token=" . $encodedrequesttoken; "<p>encoded request token:<b>" . $encodedrequesttoken . "</b></p>"; echo "<a href='" . $getuserinfourl . "' target='blank'>get user info</a>";