Below is the approach I'm taking. It's hacky, but it's the only way I could get it to work. I'd be very pleased if someone can suggest a cleaner approach.
- Login to moodle as admin, go to: Site Administration > Advanced Features > Plugins > Web Services > External services
- Under 'Custom services' click 'Add' and create an external service called 'PasswordCheck' (or whatever name you find relevant)
- From your Rails client, do a REST call to
- http://<moodle>/login/token.php?username=<uname>&password=<pwd>&service=PasswordCheck
- The JSON response will be analysed as follows:
- The response will contain 'token':'20119eb2a31...' if the username/password are correct and username has permission to use the PasswordCheck service
- The response will contain 'error':'...No permission...' if the username/password are correct, but username has no permission to use the PasswordCheck service
- The response will contain 'error':'...username was not found...' if the username and password did not match
- If you've got a token, then you can do REST calls like
http://<moodle>/webservice/rest/server.php?wsfunction=core_user_update_users&token=<the token returned from login>&...
where the wsfunction values are any functions you've added to the external service after point 2 above.
I hope that helps!