/**
* Get user info should fail if is passed an invalid token with secret.
* It should be allowed to continue othewise.
*
* @return void
*/
public function test_get_user_info_invalid_token()
{
$callback = 'block_mhaairs_utilservice_external::get_user_info';
$this->set_user('admin');
$secret = 'DF4#R66';
$userid = $this->student1->username;
$equal = true;
// SECRET NOT CONFIGURED.
// Invalid token missing userid.
// Should fail with or without a correct secret.
$this->assert_invalid_token('time=' . MHUtil::get_time_stamp());
$this->assert_invalid_token('time=' . MHUtil::get_time_stamp(), $secret);
// Invalid token with userid.
// Should NOT fail with or without secret.
$this->assert_invalid_token("userid={$userid}", null, !$equal);
$this->assert_invalid_token("userid={$userid}", $secret, !$equal);
// SECRET CONFIGURED.
set_config('block_mhaairs_shared_secret', $secret);
// Invalid token missing userid.
// Should fail with or without a correct secret.
$this->assert_invalid_token('time=' . MHUtil::get_time_stamp());
$this->assert_invalid_token('time=' . MHUtil::get_time_stamp(), $secret);
// Invalid token with userid.
// Should fail with or without a correct secret.
$this->assert_invalid_token("userid={$userid}", null, $equal);
$this->assert_invalid_token("userid={$userid}", $secret, $equal);
// Valid token, incorrect secret.
$this->assert_invalid_token(MHUtil::create_token($userid), $secret . '7', $equal);
}
}
$token = optional_param('token', 'test', PARAM_ALPHANUM);
$action = optional_param('action', null, PARAM_ALPHA);
$username = optional_param('username', null, PARAM_USERNAME);
$userid = optional_param('userid', null, PARAM_INT);
$password = optional_param('password', null, PARAM_TEXT);
$identitytype = optional_param('identitytype', null, PARAM_TEXT);
if (empty($secure) and !empty($CFG->block_mhaairs_sslonly)) {
echo 'Connection must be secured with SSL';
return;
}
$secret = !empty($CFG->block_mhaairs_shared_secret) ? $CFG->block_mhaairs_shared_secret : '';
$result = null;
switch ($action) {
case "test":
$result = "OK";
break;
case "ValidateLogin":
$result = MHUtil::validate_login($token, $secret, $username, $password);
break;
case "GetUserInfo":
$result = MHUtil::get_user_info($token, $secret, $identitytype);
break;
case "GetServerTime":
$result = MHUtil::get_time_stamp();
break;
default:
break;
}
header('Content-Type: application/json; charset=utf-8');
echo json_encode($result);
// // Moodle is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // You should have received a copy of the GNU General Public License // along with Moodle. If not, see <http://www.gnu.org/licenses/>. require_once '../../config.php'; global $CFG; require_once $CFG->libdir . '/accesslib.php'; require_once $CFG->libdir . '/datalib.php'; require_once $CFG->libdir . '/moodlelib.php'; require_once $CFG->dirroot . '/blocks/mhaairs/block_mhaairs_util.php'; global $CFG, $COURSE, $USER, $_SERVER; $blockrequestbase = "/blocks/mhaairs/"; $testuserid = "moodleinstructor"; $testcourseid = "testcourse123"; $testtimestamp = MHUtil::get_time_stamp(); echo "<p>time stamp:<b>" . $testtimestamp . "</b></p>"; echo "<p>test user id:<b>" . $testuserid . "</b></p>"; echo "<p>test course id:<b>" . $testcourseid . "</b></p>"; $customer = $CFG->block_mhaairs_customer_number; $sharedsecret = $CFG->block_mhaairs_sharedsecret; $base = $CFG->block_mhaairs_base_address; $requesttoken = MHUtil::create_token($testuserid); $encodedrequesttoken = MHUtil::encode_token2($requesttoken, $sharedsecret); echo "<p>the token is valid:<b>" . (MHUtil::is_token_valid($encodedrequesttoken, $sharedsecret) ? "true" : "false") . "</b></p>"; $getuserinfourl = $blockrequestbase . "block_mhaairs_action.php?action=GetUserInfo&token=" . $encodedrequesttoken; "<p>encoded request token:<b>" . $encodedrequesttoken . "</b></p>"; echo "<a href='" . $getuserinfourl . "' target='blank'>get user info</a>";
