MDL-56751 admin: New setting to set user created tokens duration

We were using a hardcoded value for 12 months.
With this change, administrators can change the duration time via a
security setting.

admin/settings/security.php

@@ -108,6 +108,10 @@
         new lang_string('passwordchangetokendeletion', 'admin'),
         new lang_string('passwordchangetokendeletion_desc', 'admin'), 0));
 
+    $temp->add(new admin_setting_configduration('tokenduration',
+        new lang_string('tokenduration', 'admin'),
+        new lang_string('tokenduration_desc', 'admin'), 12 * WEEKSECS, WEEKSECS));
+
     $temp->add(new admin_setting_configcheckbox('groupenrolmentkeypolicy', new lang_string('groupenrolmentkeypolicy', 'admin'), new lang_string('groupenrolmentkeypolicy_desc', 'admin'), 1));
     $temp->add(new admin_setting_configcheckbox('disableuserimages', new lang_string('disableuserimages', 'admin'), new lang_string('configdisableuserimages', 'admin'), 0));
     $temp->add(new admin_setting_configcheckbox('emailchangeconfirmation', new lang_string('emailchangeconfirmation', 'admin'), new lang_string('configemailchangeconfirmation', 'admin'), 1));

lang/en/admin.php

@@ -1132,6 +1132,8 @@
 $string['timezonephpdefault'] = 'Default PHP timezone ({$a})';
 $string['timezoneserver'] = 'Server timezone ({$a})';
 $string['tlswarning'] = 'No PHP/cURL extension with TLSv1.2 support has been detected. Some services may not work. It is strongly recommended to upgrade your TLS libraries.';
+$string['tokenduration'] = 'User created token duration';
+$string['tokenduration_desc'] = 'New tokens created by users (for example via the mobile app) will be valid for the specified time.';
 $string['tokenizerrecommended'] = 'Installing the optional PHP Tokenizer extension is recommended -- it improves Moodle Networking functionality.';
 $string['tools'] = 'Admin tools';
 $string['toolsmanage'] = 'Manage admin tools';

lib/externallib.php

@@ -968,7 +968,7 @@ function external_format_text($text, $textformat, $contextid, $component = null,
  * @throws moodle_exception
  */
 function external_generate_token_for_current_user($service) {
-    global $DB, $USER;
+    global $DB, $USER, $CFG;
 
     core_user::require_active_user($USER, true, true);
 
@@ -1052,8 +1052,8 @@ function external_generate_token_for_current_user($service) {
             $token->creatorid = $USER->id;
             $token->timecreated = time();
             $token->externalserviceid = $service->id;
-            // MDL-43119 Token valid for 3 months (12 weeks).
-            $token->validuntil = $token->timecreated + 12 * WEEKSECS;
+            // By default tokens are valid for 12 weeks.
+            $token->validuntil = $token->timecreated + $CFG->tokenduration;
             $token->iprestriction = null;
             $token->sid = null;
             $token->lastaccess = null;

lib/tests/externallib_test.php

@@ -571,6 +571,32 @@ public function test_external_files() {
         }
 
     }
+
+    /**
+     * Test default time for user created tokens.
+     */
+    public function test_user_created_tokens_duration() {
+        global $CFG, $DB;
+        $this->resetAfterTest(true);
+
+        $CFG->enablewebservices = 1;
+        $CFG->enablemobilewebservice = 1;
+        $user1 = $this->getDataGenerator()->create_user();
+        $user2 = $this->getDataGenerator()->create_user();
+        $service = $DB->get_record('external_services', array('shortname' => MOODLE_OFFICIAL_MOBILE_SERVICE, 'enabled' => 1));
+
+        $this->setUser($user1);
+        $timenow = time();
+        $token = external_generate_token_for_current_user($service);
+        $this->assertGreaterThanOrEqual($timenow + $CFG->tokenduration, $token->validuntil);
+
+        // Change token default time.
+        $this->setUser($user2);
+        set_config('tokenduration', DAYSECS);
+        $token = external_generate_token_for_current_user($service);
+        $timenow = time();
+        $this->assertLessThanOrEqual($timenow + DAYSECS, $token->validuntil);
+    }
 }
 
 /*

version.php

@@ -29,7 +29,7 @@
 
 defined('MOODLE_INTERNAL') || die();
 
-$version  = 2017070700.00;              // YYYYMMDD      = weekly release date of this DEV branch.
+$version  = 2017070700.01;              // YYYYMMDD      = weekly release date of this DEV branch.
                                         //         RR    = release increments - 00 in DEV branches.
                                         //           .XX = incremental changes.