Commit Graph

614 Commits

Author SHA1 Message Date
Aparup Banerjee a7cb1e62f4 MDL-26257 Authentication : whitespace/style fixes 2011-09-13 19:15:48 +08:00
Aparup Banerjee edb8077e7b Merge branch 'MDL-26257-21' of git://github.com/bostelm/moodle into MOODLE_21_STABLE 2011-09-13 19:11:49 +08:00
Petr Skoda e1e082a809 MDL-29312 prevent cookieless mode for security reasons 2011-09-11 10:07:27 +02:00
Henning Bostelmann 033a066e4f MDL-26257 Shibboleth auth: run logout handler only if logged in via Shibboleth 2011-09-08 11:53:44 +01:00
Iñaki Arenaza 85f5ab3145 MDL-27689 Vague README-LDAP file in auth/ldap
README-LDAP referes to a file that was renamed (to auth.php) in Moodle
1.8 and no longer exists. Make clear what file we are referring to.
2011-09-05 13:31:41 +08:00
Eloy Lafuente (stronk7) 119b895133 Merge branch 'wip_MDL-16168_2.1_CAS_crash_if_no_LDAP' of https://github.com/iarenaza/moodle into MOODLE_21_STABLE 2011-08-29 01:33:03 +02:00
Iñaki Arenaza 5e7d9e3e36 MDL-28402 LDAP configuration values being stored in lower case, causing misconfiguration
It looks like array_change_key_case() does not work recursively, so we
were not actually lowercasing the expiration attribute key. As the
configuration setting is always lowercase they didn't match.
2011-08-29 01:08:42 +02:00
Iñaki Arenaza b38bcc3a1d MDL-16168 auth/cas CAS crashes if no LDAP is set up
Fix was pending for Moodle 2.1. Credit goes to Ivan Dackiewicz.
2011-08-28 15:32:32 +02:00
David Mudrak 9b81b37eb9 MDL-27107 auth_mnet - consider all incoming roaming users as confirmed
The 'confirmed' field can't be optional. If the identity provider did
not export it, the new remote user would be created with 'confirmed' set
to default zero and as such could be a subject of scheduled deletion.
2011-08-28 02:36:38 +02:00
Petr Skoda 4133a3cd5b MDL-28182 always use full user object when deleting users 2011-07-22 22:48:16 +02:00
Petr Skoda 27b4936fcf MDL-27889 use new recaptcha google urls in lang packs 2011-07-19 10:26:30 +02:00
Aparup Banerjee 2fa78e85e9 MDL-28169 Installation Added 2.1 upgrade (idiot proof) lines to upgrade scripts. 2011-07-07 10:24:38 +02:00
Iñaki Arenaza 7679e8d256 MDL-24666 sync_users.php can throw db exception on sites upgraded from 1.x
From 2.0 on we lowercase all the settings related to LDAP attributes
to cope with differences in LDAP servers when returning attribute
names as array indices (some lowercase them, some leave them as
specified in the query, some normalize them, etc.).

But we only lowercase them when saving the settings page. So on sites
that have been migrated from 1.x, it may happen that we still have
mixed-case attribute names. And this is fatal for the user_attribute
setting, as we might not detect it in the returned array from LDAP and
it will be empty (and the db layer throws and exception).

So we just make sure the attribute name is lowercased (and trimmed,
in case it's got some white space around it).

Signed-off-by: Iñaki Arenaza <iarenaza@mondragon.edu>
2011-07-04 21:46:44 +02:00
Eloy Lafuente (stronk7) 20d8d5c799 MDL-27148 whitespace fix 2011-04-18 01:38:41 +02:00
Petr Skoda cf717dc26b MDL-27148 use new get_in_or_equal() param prefix instead of start 2011-04-14 15:15:01 +02:00
Petr Skoda c6a074f867 MDL-26795 fix incorrect location of email change strings
AMOS BEGIN
 MOV [auth_emailchangecancel,auth_email],[emailchangecancel,core_auth]
 MOV [auth_emailchangepending,auth_email],[emailchangepending,core_auth]
 MOV [auth_emailupdate,auth_email],[emailupdate,core_auth]
 MOV [auth_emailnowexists,auth_email],[emailnowexists,core_auth]
 MOV [auth_emailupdatemessage,auth_email],[emailupdatemessage,core_auth]
 MOV [auth_emailupdatesuccess,auth_email],[emailupdatesuccess,core_auth]
 MOV [auth_emailupdatetitle,auth_email],[emailupdatetitle,core_auth]
 CPY [auth_emailnoemail,auth_email],[noemail,auth_ldap]
AMOS END
2011-03-27 17:19:23 +02:00
Petr Skoda ee69d85a1f MDL-26634 LDAP NTLM SSO Multiple subnet separator is not specified and people use a wrong one
Credit goes to Inaki Arenaza.
2011-03-13 10:14:20 +01:00
Petr Skoda 431ac39634 MDL-26623 fix file permissions
The permissions are now going to be verified as part of the weekly release process.
2011-03-01 12:26:49 +01:00
Petr Skoda 8bdb31ed54 MDL-26564 fix regressions and other problems in csv user upload
This patch fixes incorrect password creating, updating and resetting, updating of user fields, unsupported auth plugins are correctly identified, modification of mnethostid is prevented, fixed problem with email duplicates, new password is generated for users without email, etc. It also includes coding style improvements, more inline docs, future TODOs and license information.
2011-02-28 08:27:31 +01:00
Eloy Lafuente (stronk7) da622b497b Merge branch 'w07_MDL-25778_20_defaultcity' of git://github.com/skodak/moodle 2011-02-15 12:40:43 +01:00
Petr Skoda 9449d0c5e8 MDL-25778 fix default country and city on user upload form and revert change in auth plugins
Auth plugins should have separate defaults from site defaults).
2011-02-15 09:13:33 +01:00
Eloy Lafuente (stronk7) 2623f6bef2 Merge branch 'w07_MDL-25778_20_defaultcity' of git://github.com/skodak/moodle 2011-02-14 23:24:52 +01:00
Petr Skoda fa7f750c60 MDL-25778 add defaultcity option
This is based on patch by Jonathan Harker.
2011-02-14 20:10:50 +01:00
Petr Skoda cd138b26f1 MDL-26376 fix incorrect Shibboleth string and undefined property during first config saving 2011-02-12 17:00:36 +01:00
Sam Hemelryk 80c1289773 MDL-25637 Fixed whitespace 2011-01-24 16:20:30 +08:00
Aparup Banerjee b692e4aa29 Performance MDL-25637 moved static count/sizeof functions out of for loop conditions 2011-01-24 14:51:21 +08:00
Helen Foster f085c3eccb MDL-21250 capital letters removal 2010-12-08 19:47:46 +00:00
Helen Foster bea9531a78 MDL-25475 lang string update thanks to Inaki Arenaza and Angelo Pappano 2010-12-01 12:17:44 +00:00
David Mudrak 42ae4ff290 MNet: fixed wrong column name in SQL cleanup code 2010-11-26 09:20:16 +00:00
David Mudrak ee4cd8f16d Prevent MNet error message when multiple records for the user are found in mnet_session table 2010-11-26 09:20:06 +00:00
David Mudrak 35d76df31d MDL-25367 user images are sent a received over MNet during SSO again 2010-11-26 09:19:55 +00:00
Inaki 40293947bb auth/cas: MDL-25062 CAS authentication plugin does not validate the CAS server certificate
If we enable the server validation but don't specify a certificate file path
flag the error and don't let the user save the settings.
2010-11-18 00:57:06 +00:00
Inaki 387d1dc0d5 auth/cas: MDL-25062 CAS authentication plugin does not validate the CAS server certificate
The CAS protocol security model requires that you verify the cas server
certificate before you trust the answer (valid authentication and username
etc.).

Credit goes to Joachim Fritschi for reporting it and providing a patch.
2010-11-18 00:12:23 +00:00
Petr Skoda 7415aed103 MDL-11728 finally defining the exact meaning of is_internal() in auth plugins
internal means "uses password hash for user authentication", there is a new is_synchronised_with_external() method that indicates if moodle should automatically sync user info with external system after login; I have also improved the default for prevent_local_passwords() which is now defaulting to !is_internal()
2010-11-14 02:01:59 +00:00
David Mudrak 8bda7ceca1 Fixed MNet strings that explicitly talk about Moodle site
The remote site can be Mahara site, too.
2010-11-12 09:36:50 +00:00
Petr Skoda 4e56afdfb4 attempt to fix mnet jumping issue when already logged in as guest 2010-11-11 09:39:41 +00:00
David Mudrak 4d0552e8ea MDL-25052 Do not display 'All hosts' as the identity provider at login form 2010-11-09 15:39:07 +00:00
Petr Skoda 03ea0b32cc MDL-20210 dod not stop login process when can not connect to auth/db external database 2010-10-22 09:07:02 +00:00
Inaki e494a7615e auth/cas MDL-24789 phpCAS single sign-on module client needs updating due to security issues
Upgraded phpCAS to 1.1.3 (latest stable version), which fixes them.
2010-10-21 08:22:21 +00:00
Petr Skoda 22a8fbdcf9 MDL-22739, MDL-23772 improved changeme hack + finally fixing the delayed changeme effect 2010-10-11 07:55:24 +00:00
Petr Skoda 8a8f1c7cd6 MDL-10137 rewritten cookie test on login page, username cookie is not required any more - hopefully this will be more reliable test 2010-10-10 17:30:28 +00:00
Petr Skoda 17c70aa007 MDL-16723 automatic redirects to https when loginhttps enabled - this solves accidental usage of http version + it also solves recent navigation regressions + fixed regression from PAGE conversions + deprecated old httpsrequired() and $HTTPSPAGEREQUIRED 2010-10-10 15:04:19 +00:00
David Mudrak 672bbc791d MDL-24425 mnet: fixed SQL DISTINCT from a table containing text field 2010-10-07 16:11:42 +00:00
Petr Skoda bc31625aba MDL-24356 fixed DML conversion - based on patch by Jay Knight 2010-09-27 09:41:59 +00:00
Petr Skoda 1dffbae2da MDL-24321 switching to stdClass in /auth/ 2010-09-21 08:09:22 +00:00
Helen Foster 0d9926b3f5 MDL-24203 typo fix thanks to Koen Roggemans 2010-09-17 12:25:19 +00:00
Petr Skoda 5c7bc383ce fixed phpdocs type 2010-09-17 10:44:56 +00:00
Petr Skoda cc2202299f MDL-24253 we need to udpate shibboleth to use new session api 2010-09-17 10:43:15 +00:00
Petr Skoda fb81718414 replaced forbidden font tags 2010-09-17 10:39:29 +00:00
Petr Skoda f685e83030 MDL-14679 fixed remaining old style set_field()s 2010-09-03 18:14:55 +00:00