Note:

If you want to create a new page for developers, you should create it on the Moodle Developer Resource site.

External services security: Difference between revisions

From MoodleDocs
Line 33: Line 33:
==New public_services table==
==New public_services table==
''Service'' is defined as a group of functions.
''Service'' is defined as a group of functions.
{| class="nicetable"
! Field
! Type
! Default
! Description
|-
| '''id'''
| int(10)
| auto-incrementing
|
|-
| '''name'''
| varchar(150)
|
| Name of service
|-
| '''version'''
| varchar(10)
|
| version string
|}


==New public_services_functions table==
==New public_services_functions table==

Revision as of 18:08, 21 May 2009

Moodle 2.0


Descriptions of security framework for web services, also used for RSS feeds, embedded application and similar parts that can not use normal HTTP cookies.

Overview

Current solutions

  • user keys for gradebook import and export - see require_user_key_login() and db table user_private_key
  • open RSS feeds - no security at all
  • chat_sid tokens - generated separately for each user in each chat
  • calendar hash from user name, password and salt
  • hacky cookie emulation in visual gradebook plugin

Types of token

We need several types of tokens

  1. token sharing/linked to active session, should time out or be destroyed at the same time as session (ex.: chat) - shared $SESSION and $USER
  2. permanent token, revokeable by user (ex.: RSS feeds, web services) - emulated $SESSION and $USER

In the second case we need to deal with performance problems if many repeated request expected. This can be dealt with later.

API layers

Three layers:

  1. external server interface (SOAP, REST, RSS, etc.) - deals with tokens, emulates user session, parameter processing
  2. public PHP API - functions usable directly from PHP, list generated from inline PHP docs, need to verify all parameters and access control, may access $USER, should not manipulate $SESSION directly, must not read $_POST or $_GET
  3. low level internal API - as fast as possible, basic param validation, no access control, must not touch $USER, $SESSION, $_GET or $_POST, must not use has_capability() or require_login()!

Implementation

New public_functions table

List of public functions. Created automatically by parsing of external files.

New public_services table

Service is defined as a group of functions.


Field Type Default Description
id int(10) auto-incrementing
name varchar(150) Name of service
version varchar(10) version string

New public_services_functions table

Specifies functions used by services.

Updated user_tokens table

Based on user_private_key, stores tokens for cookieless access, script runs without real session, $USER and $SESSION is emulated. Use is relatively expensive because each scripts has to initialize accessdata in acceslib.php again.

Field Type Default Description
id int(10) auto-incrementing
userid int(10) foreign key, references user.id
token varchar(128) private access key value
contextid int(10) security restriction, key usable only in this context, references context.id
service varchar(150) Name of application - gradeexport/xml
itemid int(10) Service specific item id
iprestriction varchar(255) null IP address restriction, list of allowed addresses
validuntil int(10) null timestampt - valid until date
timecreated int(10) time when key created
lastaccess int(10) time when key last used for access

New table user_external_sessions

Alternative session handling for scripts that are not allowed to access http cookies such as flex apps or external applications. The $SESSION is a true session which shares locking with the real http session. The token is automatically destroyed when http session ends (timeout, logout, login, etc.)

Field Type Default Description
id int(10) auto-incrementing
userid int(10) foreign key, references user.id
token varchar(128) private access key value
contextid int(10) security restriction, key usable only in this context, references context.id
service varchar(150) Name of application - mod/chat/flex
itemid int(10) Service specific item id
sid varchar(128) PHP session id - links sessions table or files directly for legacy session types

New capabilities

New capability for each public service above.

New auth plugins

Used for system user accounts the web services are running under. Intended for services that need to supply username/password. Alternative solution is to generate normal user token and use it instead of login/password authentication.

See also