Commit Graph

1324 Commits

Author SHA1 Message Date
Andrew Nicols 30de8275c0 MDL-71055 behat: Update core settings to use generator
These changes have only been applied to settings which were already
using settings names and values, but which were still using the UI.
2021-08-23 12:23:03 +08:00
Paul Holden a2bd7e21df MDL-71957 auth_shibboleth: safer session retrieval during logout. 2021-07-08 23:33:31 +02:00
Eloy Lafuente (stronk7) d73d9dd99f Merge branch 'MDL-71425-310-enfix' of git://github.com/mudrd8mz/moodle into MOODLE_310_STABLE 2021-05-04 23:39:50 +02:00
David Mudrák 9f4404e80d MDL-70804 mnet: Use proper DML method to get records from the table
This improves the code and avoids the risk of SQL injection through the
malicious XML-RPC request from the MNet peer.
2021-05-04 17:22:47 +02:00
Helen Foster 23f0d09ec7 MDL-71425 lang: Import fixed English strings (en_fix) 2021-05-04 16:48:21 +02:00
Peter Dias d199b23598 MDL-70306 auth: Update the thirdpartylib.xml 2021-03-15 11:10:23 +08:00
Eloy Lafuente (stronk7) c25ae6986c Merge branch 'MDL-70424-auth-avoid-changes-MOODLE_310_STABLE' of https://github.com/brendanheywood/moodle into MOODLE_310_STABLE 2021-03-04 00:29:21 +01:00
Brendan Heywood f5e822222d MDL-70424 auth: Avoid random changes to $CFG->auth 2021-03-04 09:30:17 +11:00
Sander Wind 3f9d4a08a5 MDL-70668 auth: Fix secret validation during user confirmation
Co-authored-by: Michael Hawkins <michaelh@moodle.com>
2021-03-02 23:44:24 +01:00
Mihail Geshoski 4fec7a276d MDL-68486 auth_shibboleth: Reset convert_data if it uses dataroot file
Upgrade step that resets the 'Data modification API' (convert_data)
setting to its default value if this setting is currently configured
to use a file located within the $CFG->dataroot directory.
2021-01-13 12:35:00 +08:00
Mihail Geshoski b70a1c71e1 MDL-68486 auth_shibboleth: Prevent using dataroot files in convert_data
Prevents configuring the 'Data modification API' (convert_data) setting
to use files located within the $CFG->dataroot directory as it exposes
the site to security risks.
2021-01-13 12:35:00 +08:00
Marina Glancy 2c4426bb10 MDL-70242 auth_oauth2: set page context and url 2020-11-17 16:47:59 +01:00
Jun Pataleta 4b0988f014 Merge branch 'MDL-68349-310' of git://github.com/marinaglancy/moodle into MOODLE_310_STABLE 2020-11-10 10:14:37 +08:00
Eloy Lafuente (stronk7) 4aa83d92bf MDL-70146 upgrade: add 3.10.0 separation line to all upgrade scripts 2020-11-07 23:26:09 +01:00
Eloy Lafuente (stronk7) b0a1b4ce8b MDL-70089 versions: bump all versions and requires near release
version = 2020110900 release version
requires= 2020110300 current beta+ (week6roll1) version

Note that, because we are under parallel development period,
this is being done in the branch that is going to be released
(MOODLE_310_STABLE already existing) for Moodle 3.10.0 and
not in master, that is the one getting the bump under normal
(non-parallel) periods.
2020-11-03 19:34:52 +01:00
Marina Glancy 937c7eeef1 MDL-68349 auth_db: user_created event should be triggered later 2020-10-30 14:21:06 +01:00
Eloy Lafuente (stronk7) 46606b3ddd MDL-67673 phpunit: Remove deprecated assertEquals() params
The optional parameters of assertEquals() and assertNotEquals()
are deprecated in PHPUnit 8 (to be removed in PHPUnit 9):

- delta => use assertEqualsWithDelta()
- canonicalize => use assertEqualsCanonicalizing()
- ignoreCase => use assertEqualsIgnoringCase
- maxDepth => removed without replacement.

More info @ https://github.com/sebastianbergmann/phpunit/issues/3341

Initial search done with:

ag 'assert(Not)?Equals\(.*,.*,' --php

Then, running tests and fixing remaining cases.
2020-10-21 12:46:05 +02:00
Eloy Lafuente (stronk7) 35bc26b516 MDL-67673 phpunit: Remove deprecated assertContains() uses on strings
Both assertContains() and assertNotContains() are deprecated in PHPUnit 8
for operations on strings. Also the optional case parameter is. All uses
must be changed to one of:

- assertStringContainsString()
- assertStringContainsStringIgnoringCase()
- assertStringNotContainsString()
- assertStringNotContainsStringIgnoringCase()

More info: https://github.com/sebastianbergmann/phpunit/issues/3422

Regexp to find all uses:

ag 'assert(Not)?Contains\('
2020-10-21 12:46:05 +02:00
Eloy Lafuente (stronk7) d81a94807b MDL-67673 phpunit: Fix the return type of template methods
All the setup/teardown/pre/post/conditions template methods
now are required to return void. This was warned with phpunit 7
and now is enforced.

At the same time, fix a few wrong function names,
provider data and param types, return statements...
2020-10-21 12:46:04 +02:00
Dani Palou e16b858ff9 MDL-68098 ws: Add unit tests to test mathjax in WS 2020-09-23 12:08:52 +02:00
Dani Palou f4bdb898c7 MDL-68098 ws: Fix WebServices broken by filters HTML 2020-09-23 12:08:40 +02:00
Sara Arjona c83543095a Merge branch 'MDL-69521_310' of https://github.com/stronk7/moodle into MOODLE_310_STABLE 2020-09-09 08:08:29 +02:00
Eloy Lafuente (stronk7) 8452418666 MDL-69521 core: Move all comments in code from 4.1 to 3.11 2020-09-08 19:01:36 +02:00
Eloy Lafuente (stronk7) 5ba67416e6 Merge branch 'MDL-69510-310' of https://github.com/snake/moodle into MOODLE_310_STABLE 2020-09-08 15:28:33 +02:00
Paul Holden 95e0ff974c MDL-69492 auth_ldap: normalise member distinguished name config. 2020-09-04 08:25:58 +01:00
Paul Holden db361e09e7 MDL-69492 auth_cas: normalise member distinguished name config. 2020-09-04 08:25:58 +01:00
Andrew Nicols f558127d0e MDL-69391 behat: Grammar correction in feature 2020-09-03 11:35:08 +08:00
Andrew Nicols fc1d22ea70 Merge branch 'MDL-69391-310' of git://github.com/junpataleta/moodle into MOODLE_310_STABLE 2020-09-03 11:35:04 +08:00
Jun Pataleta fe346f0afb MDL-69391 auth: Colour contrast accessibility test for login page 2020-09-03 11:11:29 +08:00
Jake Dallimore b96e85feac MDL-69510 admin: make ldap configuration warnings clear 2020-09-03 10:26:00 +08:00
Farhan Karmali d179137f1b MDL-67419 admin: New admin setting for lang during user creation 2020-09-02 08:54:47 +08:00
Jun Pataleta db8fea04f5 MDL-69389 auth: Add wcag141 test for the login page accessibility test 2020-08-26 11:05:27 +08:00
Eloy Lafuente (stronk7) e010b2e75c MDL-69271 auth_ldap: Don't assume any ordering, just verify matches
Both ldap or the DB can return information in a non-consistent
ordering leading to events to be generated in different order.

And current tests are, right now, assuming a given order.

Note this is a rare random, but it's happening, so better
fix it, see the issue for some more details.

So we just do the tests ordering immune, verifying that all the
expected events have been triggered and done. Irrespectively of their order.
2020-08-20 07:35:59 +08:00
Leon Stringer c66bf80bd8 MDL-65847 auth_db: user_update() handle errors
The external database authentication plugin (auth_db) can update the
external database if mapped fields are set to Update external: On
update.  This change adds error handling in case this update fails.
2020-08-19 00:36:21 +02:00
Andrew Nicols 39a736ef9a MDL-67687 behat: Login page accessibility ensurance 2020-08-05 07:41:45 +08:00
Andrew Nicols b284293402 MDL-69138 behat: Update session->visit() to use visit step 2020-07-22 16:43:08 +08:00
Mihail Geshoski ecf15a63b4 MDL-60827 oauth2: Consider requireconfirmation setting on login 2020-07-06 10:04:42 +08:00
Eloy Lafuente (stronk7) b764343e5a MDL-69044 upgrade: add 3.9.0 separation line to all upgrade scripts 2020-06-14 13:08:09 +02:00
Eloy Lafuente (stronk7) 115cc0214f MDL-68973 versions: bump all versions and requires near release
version = 2020061500 release version
requires= 2020060900 current rc1 (week7roll1) version
2020-06-09 16:23:09 +02:00
Mathew May a2fc851738 MDL-68244 auth_email: Update unit test, remove hard assertion 2020-05-25 16:37:49 +08:00
Brendan Heywood d71752df93 MDL-67818 auth_none: Moved to improved Check API
AMOS BEGIN
 MOV [check_noauth_details,auth_none],[checknoauthdetails,auth_none]
 MOV [check_noauth_error,auth_none],[checknoautherror,auth_none]
 MOV [check_noauth_name,auth_none],[checknoauthname,auth_none]
 MOV [check_noauth_ok,auth_none],[checknoauthok,auth_none]
AMOS END
2020-04-06 22:08:33 +10:00
Brendan Heywood 00c2153be1 MDL-67818 check: Added Check API and refactored security checks
AMOS BEGIN
 MOV [check_noauth_details,report_security],[check_noauth_details,auth_none]
 MOV [check_noauth_error,report_security],[check_noauth_error,auth_none]
 MOV [check_noauth_name,report_security],[check_noauth_name,auth_none]
 MOV [check_noauth_ok,report_security],[check_noauth_ok,auth_none]
AMOS END
2020-04-06 12:28:37 +10:00
Dani Palou 5a56d34063 MDL-67641 auth: Fix shortname type in get_signup_settings WS 2020-03-04 08:11:11 +01:00
Paul Holden 1e89b1d686 MDL-59303 auth_shibboleth: consistent readme URL. 2020-02-07 14:25:15 +00:00
Eloy Lafuente (stronk7) 49d1ce3ac2 MDL-67118 auth_ldap: add pagesize/subcontexts test provider
With that provider we'll be explicitly covering that any
pagesize and subcontexts search is returning results consistently
so the internal paging/servercontrols work as expected.
2020-01-16 19:16:14 +01:00
Eloy Lafuente (stronk7) 988f9bf5b5 MDL-67118 auth_ldap: paged results functions deprecated php74 and up
Starting with php74 the following functions are deprecated:
- ldap_control_paged_result()
- ldap_control_paged_result_response()

Starting with php73, ldap servercontrols were included. One of those
servercontrols, LDAP_CONTROL_PAGEDRESULTS, is the one in charge of
controlling paged results.

So, we are going to add some conditional code here:

1) if php < 7.3, use old paged result functions.
2) if php >= 7.3, switch to LDAP_CONTROL_PAGEDRESULTS servercontrol.

With a TODO about removing 1) in Moodle 4.1, once php73 becomes required.
2020-01-16 19:16:14 +01:00
Andrew Nicols 48dffcb9e1 Merge branch 'MDL-67382-master' of git://github.com/vmdef/moodle 2020-01-13 12:59:28 +08:00
Sara Arjona a26cfe71d3 MDL-65809 upgrade: clean < 3.5.0 upgrade steps
This just deletes all the upgrade steps previous to 3.5.0. Some
small adjustments, like tweaking globals can also be applied
when needed.

Also includes an upgrade step to prevent upgrading from any
version < 2018051700 (v3.5.0) as anti-cheating measure.

Previous commits have removed/deprecated all the upgradelib functions
not used anymore in codebase. Deletion has been documented in corresponding
upgrade.txt files:

- upgrade_fix_block_instance_configuration()
- upgrade_theme_is_from_family(), upgrade_find_theme_location()
and linkcoursesectionsupgradescriptwasrun setting
- upgrade_block_positions
- upgrade_fix_config_auth_plugin_names()
 and upgrade_fix_config_auth_plugin_defaults()
- format_xxx_upgrade_remove_numsections(), format_xxx_upgrade_hide_extra_sections()
and format_xxx_upgrade_add_empty_sections()
- filter_mathjaxloader_upgrade_cdn_cloudflare()
and filter_mathjaxloader_upgrade_mathjaxconfig_equal()
- get_assignments_with_rescaled_null_grades()

These have been kept because continue being used by restore:

- \core\task\refresh_mod_calendar_events_task
2019-12-20 12:20:43 +01:00
Sara Arjona 089e918033 MDL-65809 upgrade: remove upgrade_fix_config_auth_plugin_names
These functions were used only by deleted upgrade steps
so it's safe to proceed with straight deletion, considering
them internal. Deletion has been documented in corresponding
upgrade.txt files:

- upgrade_fix_config_auth_plugin_names()
- upgrade_fix_config_auth_plugin_defaults()
2019-12-20 12:20:43 +01:00
Víctor Déniz Falcón 1cfbaab373 MDL-67382 auth_cas: update phpCAS to 1.3.8 2019-12-13 12:34:06 +00:00