Commit Graph

22 Commits

Author SHA1 Message Date
Juan Leyva b0abcbda17 MDL-48691 webservices: Check if the user must be changing password 2015-03-02 14:40:05 +00:00
Juan Leyva 679e323aaa MDL-43119 Add valid until dates for tokens created by login/token.php
3 months were decided
2014-05-07 16:16:40 +08:00
Eloy Lafuente (stronk7) 94211c02c3 Merge branch 'MDL-40050-master' of git://github.com/FMCorz/moodle 2013-09-30 21:55:41 +02:00
Frederic Massart d733a8ccc3 MDL-40050 webservice: Replace add_to_log() with new events 2013-09-24 15:20:18 +08:00
Petr Škoda d79d5ac276 MDL-31501 rework user session architecture
List of changes:
 * New OOP API using PHP namespace \core\session\.
 * All handlers now update the sessions table consistently.
 * Experimental DB session support in Oracle.
 * Full support for session file handler (filesystem locking required).
 * New option for alternative session directory.
 * Official memcached session handler support.
 * Workaround for memcached version with non-functional gc.
 * Improved security - forced session id regeneration.
 * Improved compatibility with recent PHP releases.
 * Fixed borked CSS during install in debug mode.
 * Switched to file based sessions in new installs.
 * DB session setting disappears if DB does not support sessions.
 * DB session setting disappears if session handler specified in config.php.
 * Fast purging of sessions used in request only.
 * No legacy distinction -  file, database and memcached support the same functionality.
 * Session handler name included in performance info.
 * Fixed user_loggedin and user_loggedout event triggering.
 * Other minor bugfixing and improvements.
 * Fixed database session segfault if MUC disposed before $DB.

Limitations:
 * Session access time is now updated right after session start.
 * Support for $CFG->sessionlockloggedinonly was removed.
 * First request does not update userid in sessions table.
 * The timeouts may break badly if server hosting forces PHP.ini session settings.
 * The session GC is a lot slower, we do not rely on external session timeouts.
 * There cannot be any hooks triggered at the session write time.
 * File and memcached handlers do not support session lock acquire timeouts.
 * Some low level PHP session functions can not be used directly in Moodle code.
2013-09-21 13:11:56 +02:00
Petr Škoda 2f1e464a88 MDL-40438 migrate all collatorlib:: and textlib:: uses 2013-08-06 21:04:35 +02:00
Ankit Agarwal 0601e0eef6 MDL-40402 libraries: Replace get_system_context() with context_system::instance() in core 2013-07-04 15:41:06 +08:00
Jerome Mouneyrac e9e567f33c MDL-29805 add REQUIRE_CORRECT_ACCESS define + return error code when AJAX_SCRIPT fails 2012-12-04 11:47:19 +08:00
Dan Poltawski 813a7724cf Merge branch 'MDL-35636' of git://github.com/mouneyrac/moodle 2012-10-02 14:40:23 +08:00
Jerome Mouneyrac 2650c2b03e MDL-35636 login/token.php: confusing 'create user token' log appearing before 'token user request' 2012-09-26 11:47:23 +08:00
Frederic Massart 5583a208c9 MDL-35242 Web Services: Removed translation causing error in add_to_log 2012-09-21 09:58:52 +08:00
Adrian Greeve a689cd1def MDL-34469 - lib - replacement of the deprecated get_context_instance and get_context_by_id functions (group 15) 2012-07-30 14:59:57 +08:00
Petr Skoda 6f3451e540 MDL-31301 remove all uses of moodle_strtolower() and deprecated it 2012-03-03 11:46:26 +01:00
Sam Hemelryk b28de4b412 Merge branch 'MDL-28629' of git://github.com/mouneyrac/moodle 2011-11-22 18:26:35 +13:00
Jerome Mouneyrac 07a90ec313 MDL-28629 more checks during web service authentication 2011-11-11 15:07:18 +08:00
Jerome Mouneyrac 2b8fe35b65 MDL-30043 token.php should not return a mix of EXTERNAL_TOKEN_PERMANENT and EXTERNAL_TOKEN_EMBEDDED 2011-11-02 09:38:02 +08:00
Jerome Mouneyrac dab3977a54 MDL-29931 remove unneeded join and selects 2011-10-31 10:57:06 +08:00
Jerome Mouneyrac 5b9735b949 MDL-29716 Make token more flexible to support third party client - also fix issue with some code not matching the way the server authenticate/authorize token, missing iprestriction/validuntil for restricted users (there are iprestriction/validiuntil on token and on restricted user). Also add missing check when the user is not listed in the authorised list. 2011-10-25 11:17:18 +08:00
Petr Skoda e922fe23b6 MDL-29602 accesslib improvements
Refactoring and improvements of the accesslib.php library including prevention of access for not-logged-in users when forcelogin enabled, improved context caching, OOP refactoring of contexts, fixed context loading, deduplication of role definitions in user sessions, installation improvements, decoupling of enrolment checking from capability loading, added detection of deleted and non-existent users in has_capability(), new function accesslib test, auth and enrol upgrade notes.

More details are available in tracker subtasks.
2011-10-16 14:05:18 +02:00
Eloy Lafuente (stronk7) 9b9d7a6039 MDL-27552 whitespace fixes 2011-06-14 08:55:06 +02:00
Sam Hemelryk d8f85b6e8b Merged branch 's11_MDL-27552_token_master' of git@github.com:dongsheng/moodle.git with changes 2011-06-14 09:32:44 +08:00
Dongsheng Cai 13ea96c40b MDL-27552 get webservice token by providing username and password 2011-06-13 17:41:56 +08:00