MDL-49026 webservice: Remove tokens on password change

moodle · Aug 2, 2016 · ce75268 · ce75268
1 parent 1174a46
commit ce75268
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/lib/moodlelib.php b/lib/moodlelib.php
@@ -4450,6 +4450,7 @@ function hash_internal_user_password($password, $fasthash = false) {
  *
  * Updating the password will modify the $user object and the database
  * record to use the current hashing algorithm.
+ * It will remove Web Services user tokens too.
  *
  * @param stdClass $user User object (password property may be updated).
  * @param string $password Plain text password.
@@ -4499,6 +4500,10 @@ function update_internal_user_password($user, $password, $fasthash = false) {
         // Trigger event.
         $user = $DB->get_record('user', array('id' => $user->id));
         \core\event\user_password_updated::create_from_user($user)->trigger();
+
+        // Remove WS user tokens.
+        require_once($CFG->dirroot.'/webservice/lib.php');
+        webservice::delete_user_ws_tokens($user->id);
     }
 
     return true;

diff --git a/webservice/lib.php b/webservice/lib.php
@@ -421,6 +421,16 @@ public function delete_user_ws_token($tokenid) {
         $DB->delete_records('external_tokens', array('id'=>$tokenid));
     }
 
+    /**
+     * Delete all the tokens belonging to a user.
+     *
+     * @param int $userid the user id whose tokens must be deleted
+     */
+    public static function delete_user_ws_tokens($userid) {
+        global $DB;
+        $DB->delete_records('external_tokens', array('userid' => $userid));
+    }
+
     /**
      * Delete a service
      * Also delete function references and authorised user references.