If there is a required custom field that the user can fill by editing
their profile, and that field is missing, the user should be considered
as not fully set up. Instead, we want to redirect them to edit their
profile first.
There are some exceptions when we want to fall back to the previous
behaviour and check just the name and email fields. These exceptional
cases include checking remote user data in incoming MNet request (no
user id, no custom fields supported) and calls to require_login() with
redirecting disabled (typically ajax filepicker requests on profile
editing page itself).
Additional plugins that call the function user_not_fully_set_up()
themselves, should perform the strict check in most/typical cases. So
the strict mode is enabled by default even if it changes the behaviour
slightly. In improbable case of additional plugins relying on the
previous behaviour of the function, they can use the $strict parameter
and keep performing the lax check. However, I am sure the correct fix in
that case will likely be to stop abusing this function.
Note that custom fields are not currently transferred during the MNet
roaming. So having custom fields configured as required on MNet service
provider site (where users can't edit their profiles) is expected to
display an error (as the site is considered as misconfigured).
This commit replace as much as possible of clean_param and PARAM_ usages related to user object.
Also few unit tests has been changed to match the new validation
Moodle does not fire user_created event while creating user via MNET.
That makes impossible to hook on user creation when user land into a host via MNET for the 1st time.
dn with fine grained password should be used
to get msds-maximumpasswordage attribute.
No checks should be used to see if the array
key is set as entry should always return them.
This just deletes all the upgrade steps previous to 2.7.0. Some
small adjustments, like adding missing MOODLE_INTERNAL or tweaking
globals can also be applied when needed.
Next commit will get rid of/deprecate all the upgradelib functions
not used anymore in codebase.
Sheduled tasks for syncing users with external sources for auth_ldap
and auth_cas. Using task is simplier than setting separate cron
job for running cli script. Task are disabled by default.
This patch replace all usages of HTTP_RAW_POST_DATA that was deprecated on PHP 5.6 by
file_get_contents('php://input'). Only the TinyMCE library has not been updated.