Commit Graph

147 Commits

Author SHA1 Message Date
Petr Škoda 7f5a384c99 MDL-43585 remove incorrect user/lib.php include 2014-01-07 12:16:34 +08:00
Mark Nelson 5991cabfd7 MDL-40045 auth: removed unnecessary add_to_log calls
Both LDAP and Shibboleth call complete_user_login which triggers
a user_loggedin event that handles the legacy call to add_to_log.
2013-10-21 11:53:30 +08:00
Petr Škoda d79d5ac276 MDL-31501 rework user session architecture
List of changes:
 * New OOP API using PHP namespace \core\session\.
 * All handlers now update the sessions table consistently.
 * Experimental DB session support in Oracle.
 * Full support for session file handler (filesystem locking required).
 * New option for alternative session directory.
 * Official memcached session handler support.
 * Workaround for memcached version with non-functional gc.
 * Improved security - forced session id regeneration.
 * Improved compatibility with recent PHP releases.
 * Fixed borked CSS during install in debug mode.
 * Switched to file based sessions in new installs.
 * DB session setting disappears if DB does not support sessions.
 * DB session setting disappears if session handler specified in config.php.
 * Fast purging of sessions used in request only.
 * No legacy distinction -  file, database and memcached support the same functionality.
 * Session handler name included in performance info.
 * Fixed user_loggedin and user_loggedout event triggering.
 * Other minor bugfixing and improvements.
 * Fixed database session segfault if MUC disposed before $DB.

Limitations:
 * Session access time is now updated right after session start.
 * Support for $CFG->sessionlockloggedinonly was removed.
 * First request does not update userid in sessions table.
 * The timeouts may break badly if server hosting forces PHP.ini session settings.
 * The session GC is a lot slower, we do not rely on external session timeouts.
 * There cannot be any hooks triggered at the session write time.
 * File and memcached handlers do not support session lock acquire timeouts.
 * Some low level PHP session functions can not be used directly in Moodle code.
2013-09-21 13:11:56 +02:00
Dan Poltawski 378b3eac83 MDL-36316 useragent: Reduce user agent sniffing
* core_useragent: Introduce is_vendor methods to improve readability
  when we are just detecting if a browser is from a vendor, rather than
  the exact version

* Remove uncessary browser version checks when we are just detecting
  vendors - this makes the intention of our sniffing clearer.

* Remove sniffing for browsers which we do not support, grades/ajax/tinymce
  all support modern browsers so there is no need to sniff for them.
2013-09-13 14:25:37 +08:00
Rajesh Taneja bb78e249cd MDL-39961 Events: Replace Legacy events - User
This change includes:
* Added user_updated event, replacing old event
* Added user_created event, replacing old event
* Added user_deleted event, replacing old event
* Added user_loggedout event, replacing old event
* Added user_enrolment_created event, replacing old event
* Added user_enrolment_deleted event, replacing old event
* Added user_enrolment_updated event, replacing old event
2013-09-02 16:10:05 +08:00
Sam Hemelryk c3d2fbf9cd MDL-40931 useragent: separated user agent functionality into a lib
This commit moves user agent related functionality out of several
core libraries and combines it into a more manageable class.
All core uses are converted and functions deprecated in favor
of the new class.
2013-08-26 13:59:19 +12:00
Damyon Wiese 9ead041cdb Revert "MDL-40931 useragent: separated user agent functionality into a lib"
This reverts commit af62237d0e.
This reverts commit 87a4194fdc.
This reverts commit b2c66eb60c.

Conflicts:

	version.php
2013-08-22 13:31:25 +08:00
Sam Hemelryk af62237d0e MDL-40931 useragent: separated user agent functionality into a lib
This commit moves user agent related functionality out of several
core libraries and combines it into a more manageable class.
All core uses are converted and functions deprecated in favor
of the new class.
2013-08-16 09:02:01 +12:00
Petr Škoda 2f1e464a88 MDL-40438 migrate all collatorlib:: and textlib:: uses 2013-08-06 21:04:35 +02:00
Mark Nelson 9b29f68648 MDL-27953 auth: introduced new function can_be_manually_set() to the authentication base class 2013-07-29 17:06:08 +08:00
Sam Hemelryk 93b4d2658a Merge branch 'master_MDL-20867' of git://github.com/danmarsden/moodle 2013-07-10 11:07:00 +12:00
Damyon Wiese 8a011a9f0a Merge branch 'w28_MDL-40243_m26_ldapsuspend' of https://github.com/skodak/moodle 2013-07-09 13:44:01 +08:00
Tim Lock a9166e8210 MDL-40436: auth_ldap: Fixed warning when adding new LDAP users 2013-07-08 22:57:25 +08:00
Petr Škoda d03e450857 MDL-40243 use suspended flag in auth_enrol instead of nologin auth 2013-07-07 14:40:46 +02:00
Dan Marsden d962e8143d MDL-20867 LDAP NTLM fast path - allow FF to use NTLM when fastpath
enabled
2013-07-05 13:05:47 +12:00
Rajesh Taneja d8372b54b9 MDL-16982 Administration: Moved bulk action outside loop and using profile api to save data 2013-06-17 12:55:09 +08:00
Rajesh Taneja d836e3ed1f MDL-16982 Administration: Integrated Inaki's suggestions 2013-06-11 10:27:43 +08:00
Rajesh Taneja 57d135a1c6 MDL-16982 Administration: Cleaned whitespaces and alignment in orignal patch 2013-06-11 10:27:43 +08:00
Gilles-Philippe Leblanc b88adb55fc MDL-16982 Administration: Adding data mapping for custom user fields 2013-06-11 10:27:37 +08:00
Eloy Lafuente (stronk7) 0288c5ffe1 Merge branch 'MDL-39166-m25' of https://github.com/jfilip/moodle 2013-06-03 23:51:22 +02:00
Petr Škoda 60d7078adf MDL-39387 normalise MOODLE_INTERNAL 2013-04-27 15:09:05 +02:00
Petr Škoda a2f10958ff MDL-39387 fix /auth phpdocs 2013-04-27 15:06:40 +02:00
Justin Filip 9b8e4952d4 MDL-39166 auth_ldap Add triggers for user created/updated events. 2013-04-24 16:16:52 -04:00
Iñaki Arenaza 4bcb0396c2 MDL-38262 auth/{ldap,cas}: Fix undefined property notification on first config
Just move the test after we've set the default configuration values if
they are not defined.

Signed-off-by: Iñaki Arenaza <iarenaza@mondragon.edu>
2013-03-03 21:22:19 +01:00
Simon Coggins ec2d8ceb88 MDL-35332 lib: Improve security of hashed passwords 2013-02-09 06:47:57 +13:00
Dan Poltawski 6c74a228f3 Merge branch 'wip_master_mdl-3941_add_support_for_LDAP_TLS' of git://github.com/iarenaza/moodle 2013-01-08 16:40:50 +08:00
Dan Poltawski 81a38f50fb Merge branch 'wip_master_mdl-28585_ldap_auth_doesnt_handle_password_expiration' of https://github.com/iarenaza/moodle 2013-01-08 14:40:15 +08:00
Sam Hemelryk be5a3168df MDL-21342 auth: tidy up pre-integration 2013-01-08 13:41:22 +13:00
Petr Škoda b28247fe90 MDL-21342 add user login lockout 2013-01-04 15:12:31 +01:00
Iñaki Arenaza cd37c1dad8 MDL-28585 LDAP Auth doesn't handle password expiration
All credit goes to Mark Ward for proposing the initial patch.

Signed-off-by: Iñaki Arenaza <iarenaza@mondragon.edu>
2012-12-14 00:10:09 +01:00
Iñaki Arenaza a5428e15b2 MDL-37088 auth_ldap: bad operator in ldap sync_user() method 2012-12-10 16:52:42 +01:00
Iñaki Arenaza 326929d54a MDL-3941 auth/cas auth/ldap enrol/ldap Add support for LDAP-TLS.
Credit goes to Chris Bandy for proposing the initial patch.
2012-12-04 12:11:06 +01:00
Dan Poltawski ee943e7311 MDL-36119 - fix trailing whitespace 2012-11-08 10:18:06 +08:00
Iñaki Arenaza c090d7c90e MDL-36119: auth_{ldap,cas}: LDAP Sync - implement paged results
Thanks to Jerome Charaoui for the original patch.
2012-11-07 19:13:10 +01:00
Iñaki Arenaza 34b10e26c6 MDL-31968 Make NTLM REMOTE_USER format configurable by the admin
Signed-off-by: Iñaki Arenaza <iarenaza@mondragon.edu>
2012-10-02 16:56:10 +02:00
Petr Škoda fcb46048c1 MDL-34901 fix user login times handling 2012-08-19 15:33:31 +02:00
Ankit Agarwal bf0f06b1be MDL-34471 libraries: Replace all uses of get_context_instance() with respective context_XXXX::instance() method 2012-08-02 15:37:38 +08:00
Dan Poltawski 4e25e4696b Merge branch 'wip_mdl-31540-master' of https://github.com/iarenaza/moodle
Conflicts:
	auth/ldap/auth.php
2012-04-23 13:55:00 +08:00
Petr Skoda a66b2ae4f4 MDL-32434 deprecate drop_temp_table() in favour of drop_table() 2012-04-15 12:23:15 +02:00
Iñaki Arenaza ca769fa7f8 MDL-31540 Try to remove duplicates before storing LDAP search contexts
If the user specifies the same LDAP search context more than once,
when we sync users we retrieve the same set of users twice. When we
try to insert the "duplicated" user in the temp table again, the db
barfs and the db layer aborts the whole transaction.

So we try to detect and remove duplicates. This is a bit tricky (LDAP
is such a complex and wonderful protocol) as the contexts are
distinguished names and the matching/comparison rules are complex. But
assuming that we only use the attribute types used in 99.999% of the
distinguished names used for contexts out there (that is: dc, ou, cn,
o, l and c), and also assuming that the user is not using different
encodings/escapings for the same context, we can lower case the
contexts to compare them (and remove duplicates).

This is safe according to RFC-4517 (section 4.2.15. distinguishedNameMatch)
and RFC-4519 (where the EQUAILITY property is defined for the
different user application attribute types).

This shouldn't break any configuration that wasn't broken before :)

Signed-off-by: Iñaki Arenaza <iarenaza@mondragon.edu>
2012-03-08 21:57:59 +01:00
Petr Skoda 6f3451e540 MDL-31301 remove all uses of moodle_strtolower() and deprecated it 2012-03-03 11:46:26 +01:00
Petr Skoda f8311defeb MDL-31301 use static textlib methods 2012-03-03 11:46:13 +01:00
Iñaki Arenaza fa5f5c206f MDL-28402 LDAP configuration values being stored in lower case, causing misconfiguration
It looks like array_change_key_case() does not work recursively, so we
were not actually lowercasing the expiration attribute key. As the
configuration setting is always lowercase they didn't match.
2011-08-29 01:07:30 +02:00
Petr Skoda f91f3f63a7 MDL-28182 always use full user object when deleting users 2011-07-22 22:46:32 +02:00
Iñaki Arenaza 971db6a110 MDL-24666 sync_users.php can throw db exception on sites upgraded from 1.x
From 2.0 on we lowercase all the settings related to LDAP attributes
to cope with differences in LDAP servers when returning attribute
names as array indices (some lowercase them, some leave them as
specified in the query, some normalize them, etc.).

But we only lowercase them when saving the settings page. So on sites
that have been migrated from 1.x, it may happen that we still have
mixed-case attribute names. And this is fatal for the user_attribute
setting, as we might not detect it in the returned array from LDAP and
it will be empty (and the db layer throws and exception).

So we just make sure the attribute name is lowercased (and trimmed,
in case it's got some white space around it).

Signed-off-by: Iñaki Arenaza <iarenaza@mondragon.edu>
2011-07-04 21:47:43 +02:00
Petr Skoda c6a074f867 MDL-26795 fix incorrect location of email change strings
AMOS BEGIN
 MOV [auth_emailchangecancel,auth_email],[emailchangecancel,core_auth]
 MOV [auth_emailchangepending,auth_email],[emailchangepending,core_auth]
 MOV [auth_emailupdate,auth_email],[emailupdate,core_auth]
 MOV [auth_emailnowexists,auth_email],[emailnowexists,core_auth]
 MOV [auth_emailupdatemessage,auth_email],[emailupdatemessage,core_auth]
 MOV [auth_emailupdatesuccess,auth_email],[emailupdatesuccess,core_auth]
 MOV [auth_emailupdatetitle,auth_email],[emailupdatetitle,core_auth]
 CPY [auth_emailnoemail,auth_email],[noemail,auth_ldap]
AMOS END
2011-03-27 17:19:23 +02:00
Petr Skoda 9449d0c5e8 MDL-25778 fix default country and city on user upload form and revert change in auth plugins
Auth plugins should have separate defaults from site defaults).
2011-02-15 09:13:33 +01:00
Petr Skoda fa7f750c60 MDL-25778 add defaultcity option
This is based on patch by Jonathan Harker.
2011-02-14 20:10:50 +01:00
Petr Skoda 17c70aa007 MDL-16723 automatic redirects to https when loginhttps enabled - this solves accidental usage of http version + it also solves recent navigation regressions + fixed regression from PAGE conversions + deprecated old httpsrequired() and $HTTPSPAGEREQUIRED 2010-10-10 15:04:19 +00:00
Petr Skoda 1dffbae2da MDL-24321 switching to stdClass in /auth/ 2010-09-21 08:09:22 +00:00