Bug 1676223: Check token is supplied first

Before checking that it is in database and is unique behatnotneeded Change-Id: I3c51b228361ad10c567f6af04148246a95fed096 Signed-off-by: Robert Lyon <robertl@catalyst.net.nz>

Bug 1676223: Check token is supplied first
Before checking that it is in database and is unique behatnotneeded Change-Id: I3c51b228361ad10c567f6af04148246a95fed096 Signed-off-by: Robert Lyon <robertl@catalyst.net.nz>
b9ad180b · Robert Lyon · 4908b12b · b9ad180b · b9ad180b
Commit b9ad180b authored Mar 27, 2017 by Robert Lyon
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 0 deletions

htdocs/auth/webservice/lang/en.utf8/auth.webservice.php htdocs/auth/webservice/lang/en.utf8/auth.webservice.php +1 -0

htdocs/webservice/lib.php htdocs/webservice/lib.php +4 -0

No files found.
--- a/htdocs/auth/webservice/lang/en.utf8/auth.webservice.php
+++ b/htdocs/auth/webservice/lang/en.utf8/auth.webservice.php
@@ -144,6 +144,7 @@ $string['owner'] = 'Owner';
 $string['servicename'] = 'Service';
 $string['generate'] = 'Generate token';
 $string['invalidtoken'] = 'Invalid token selected';
+$string['invalidtokennotsuppied'] = 'Invalid token selected or none supplied';
 $string['token'] = 'Token';
 $string['tokenid'] = 'Token "%s"';
 $string['invaliduserselected'] = 'Invalid user selected';

--- a/htdocs/webservice/lib.php
+++ b/htdocs/webservice/lib.php
@@ -1030,6 +1030,10 @@ abstract class webservice_server implements webservice_server_interface {
            return $user;
        }

+        if (empty($this->token)) {
+            // log failed login attempts
+            throw new WebserviceAccessException(get_string('invalidtokennotsupplied', 'auth.webservice'));
+        }

        $token = get_record('external_tokens', 'token', $this->token);
        if (!$token) {