Some email body strings use first names as greetings,
some use full names, and some do not.
Using the first name for greeting makes it consistent and
a bit more "personal".
This fixes various (not all) wrong @covers annotations that
are reported as warnings by PHPUnit when it's run with
code-coverage enabled.
When possible, the preferred solution is to change to
@covers at class level, that is the recommended way.
If multiple classes are involved, then a mix of @coversDefaultClass
and @covers at method level are used (always trying to use the
minimum needed patch).
This is the first of a series of issues created as sub-tasks
of MDL-82142.
This commit includes more changes, all them also adding the :void
return type to unit tests missing them.
The difference is that all these changes, while also detected
perfectly by the moodle.PHPUnit.TestReturnType sniff, were not
auto-fixed (like the previous commit ones), because all them
do include some "return" statement and, for safety, we don't
fix them.
All the cases have been visually inspected and confirmed that
the existing "return" statements always belong to anon
functions within the test body and not the test own return statement.
While this change is not 100% required now, it's good habit
and we are checking for it since Moodle 4.4.
All the changes in this commit have been applied automatically
using the moodle.PHPUnit.TestReturnType sniff and are, exclusively
adding the ": void" return types when missing.
Applied the following changes to various testcase classes:
- Namespaced with component[\level2-API]
- Moved to level2-API subdirectory when required.
- Fixed incorrect use statements with leading backslash.
- Remove file phpdoc block
- Remove MOODLE_INTERNAL if not needed.
- Changed code to point to global scope when needed.
- Fix some relative paths and comments here and there.
- All them passing individually.
- Complete runs passing too.
Special mention to:
- The following task tests have been moved within the level2 directory:
- \core\adhoc_task_test => \core\task\adhoc_task_test
- \core\scheduled_task_test => \core\task\scheduled_task_test
- \core\calendar_cron_task_test => \core\task\calendar_cron_task_test
- \core\h5p_get_content_types_task_test => \core\task\h5p_get_content_types_task_test
- \core\task_database_logger_test => \core\task\database_logger_test
- \core\task_logging_test => \core\task\logging_test
- The following event tests have been moved within level2 directory:
- \core\event_context_locked_test => \core\event\context_locked_test
- \core\event_deprecated_test => \core\event\deprecated_test
- \core\event_grade_deleted_test => \core\event\grade_deleted_test
- \core\event_profile_field_test => \core\event\profile_field_test
- \core\event_unknown_logged_test => \core\event\unknown_logged_test
- \core\event_user_graded_test => \core\event\user_graded_test
- \core\event_user_password_updated_test => \core\event\user_password_updated_test
- The following output tests have been moved within level2 directory:
- \core\mustache_template_finder_test => \core\output\mustache_template_finder_test
- \core\mustache_template_source_loader_test => \core\output\mustache_template_source_loader_test
- \core\output_mustache_helper_collection_test => \core\output\mustache_helper_collection_test
- The following tests have been moved to their correct tests directories:
- lib/tests/time_splittings_test.php => analytics/tests/time_splittings_test.php
- All the classes and tests under lib/filebrowser and lib/filestorage
belong to core, not to core_files. Some day we should move
them to their correct subsystem.
- All the classes and tests under lib/grade belong to core, not
to core_grades. Some day we should move them to their correct
subsystem.
- The core_grades_external class and its \core\grades_external_test
unit test should belong to the grades subsystem or, alternatively,
to \core\external, they both should be moved together.
- The core_grading_external class and its \core\grading_external_test
unit test should belong to the grading subsystem or, alternatively,
to \core\external, they both should be moved together.
- The \core\message\message and \core\message\inbound (may be others)
classes, and their associated tests should go to the core_message
subsystem.
- The core_user class, and its associated tests should go to the
core_user subsystem.
- The \core\update namespace is plain wrong (update is not valid API)
and needs action 1) create it or 2) move elsewhere.
Both assertContains() and assertNotContains() are deprecated in PHPUnit 8
for operations on strings. Also the optional case parameter is. All uses
must be changed to one of:
- assertStringContainsString()
- assertStringContainsStringIgnoringCase()
- assertStringNotContainsString()
- assertStringNotContainsStringIgnoringCase()
More info: https://github.com/sebastianbergmann/phpunit/issues/3422
Regexp to find all uses:
ag 'assert(Not)?Contains\('
When searching for other users with the same email address, we perform
the case-insensitive and accent-sensitive search. That may be expensive
as some DBs such as MySQL cannot use the index in that case. Instead,
sequential scan of all the user records is performed and the comparison
uses the LOWER function to filter the matching records. This leads to
significant performance heavy queries which in turn represent a surface
for DoS attacks.
For that reason, we first perform accent-insensitive search for
potential candidates in a subselect, which can use the index. Only then
we perform the additional accent-sensitive search on this limited set or
records.
CSRF protection for the login form. The authenticate_user_login function was
extended to validate the token (in \core\session\manager) but by default it
does not perform the extra validation. Existing uses of this function from
auth plugins and features like "change password" will continue to work without
changes. New config value $CFG->disablelogintoken can bypass this check.
List of changes:
* New OOP API using PHP namespace \core\session\.
* All handlers now update the sessions table consistently.
* Experimental DB session support in Oracle.
* Full support for session file handler (filesystem locking required).
* New option for alternative session directory.
* Official memcached session handler support.
* Workaround for memcached version with non-functional gc.
* Improved security - forced session id regeneration.
* Improved compatibility with recent PHP releases.
* Fixed borked CSS during install in debug mode.
* Switched to file based sessions in new installs.
* DB session setting disappears if DB does not support sessions.
* DB session setting disappears if session handler specified in config.php.
* Fast purging of sessions used in request only.
* No legacy distinction - file, database and memcached support the same functionality.
* Session handler name included in performance info.
* Fixed user_loggedin and user_loggedout event triggering.
* Other minor bugfixing and improvements.
* Fixed database session segfault if MUC disposed before $DB.
Limitations:
* Session access time is now updated right after session start.
* Support for $CFG->sessionlockloggedinonly was removed.
* First request does not update userid in sessions table.
* The timeouts may break badly if server hosting forces PHP.ini session settings.
* The session GC is a lot slower, we do not rely on external session timeouts.
* There cannot be any hooks triggered at the session write time.
* File and memcached handlers do not support session lock acquire timeouts.
* Some low level PHP session functions can not be used directly in Moodle code.