From 0e23f9dbb3ccc46672a2ac318beea7b0f8f467ed Mon Sep 17 00:00:00 2001
From: Kevin Pham <keevan.pham@gmail.com>
Date: Wed, 4 May 2022 16:26:56 +1000
Subject: [PATCH] fix: issue where the user executing the web service was being
 updated

This prevents the lastaccess time from being updated, and checks for both lastlogin and lastaccess timestamps to ensure they are unchanged after running the webservice action

Improves upon #182
---
 classes/steps/actions/webservice_action_step.php |  6 ++++++
 tests/webservice_action_step_test.php            | 11 +++++++++++
 2 files changed, 17 insertions(+)

diff --git a/classes/steps/actions/webservice_action_step.php b/classes/steps/actions/webservice_action_step.php
index 5164b79..bff31d8 100644
--- a/classes/steps/actions/webservice_action_step.php
+++ b/classes/steps/actions/webservice_action_step.php
@@ -140,10 +140,16 @@ public function execute($step, $trigger, $event, $stepresults) {
         \core\session\manager::set_user($user);
         set_login_session_preferences();
 
+        // Fake it till you make it - set the the lastaccess in advance to avoid
+        // this value being updated in the database via user_accesstime_log() as
+        // we are not actually logging in and accessing the site as this user.
+        $USER->lastaccess = time();
+
         // Run the function and parse the response to a step result.
         // This entire block is wrapped in a generic handler, so no matter what the correct user is always restored.
         try {
             $response = $this->run_function();
+
             if ($response['error']) {
                 $status = [false, (array) $response['exception']];
             } else {
diff --git a/tests/webservice_action_step_test.php b/tests/webservice_action_step_test.php
index 1224ba6..429960f 100644
--- a/tests/webservice_action_step_test.php
+++ b/tests/webservice_action_step_test.php
@@ -42,6 +42,8 @@ public function setup(): void {
      * Simple test, with a successful result.
      */
     public function test_with_valid_call_to_enrol_user() {
+        global $DB;
+
         $adminuser = get_admin();
         $stepsettings = [
             'username' => $adminuser->username,
@@ -50,6 +52,11 @@ public function test_with_valid_call_to_enrol_user() {
                 '{"enrolments":{"0":{"roleid":"5","userid":' . $this->user1->id . ',"courseid":' . $this->course->id . '}}}',
         ];
 
+        // Ensure the user provided by the username is not actually 'logged in'
+        // to perform the required actions.
+        $this->assertEquals(0, $adminuser->lastaccess);
+        $this->assertEquals(0, $adminuser->lastlogin);
+
         // Check if user is NOT enrolled yet.
         $context = context_course::instance($this->course->id);
         $enrolled = is_enrolled($context, $this->user1->id);
@@ -66,6 +73,10 @@ public function test_with_valid_call_to_enrol_user() {
         $context = context_course::instance($this->course->id);
         $enrolled = is_enrolled($context, $this->user1->id);
         $this->assertTrue($enrolled);
+
+        $user = $DB->get_record('user', ['id' => $adminuser->id, 'deleted' => 0]);
+        $this->assertEquals(0, $user->lastaccess);
+        $this->assertEquals(0, $user->lastlogin);
     }
 
     /**