Commit Graph

1475 Commits

Author SHA1 Message Date
Juan Leyva e09930bab6 MDL-81405 session: New core cookie helper utility class 2024-04-06 12:20:59 +02:00
Andrew Nicols d1613e331f Merge branch 'MDL-79712-main' of https://github.com/snake/moodle 2024-04-02 17:43:42 +11:00
Jake Dallimore 30e2af60f1 MDL-79712 auth_lti: ensure MoodleSession uses SameSite=None Secure
The MoodleSession cookie is already set this way when using Chrome, but
not for Firefox. This is a decision made in \core\session\manager. When
Firefox eventually defaults to SameSite=Lax when the SameSite attribute
is omitted from the Set-Cookie headers, the MoodleSession cookie won't
be sent. This change ensures the cookies used during LTI launches will
continue to work if/when this happens, and despite any changes which may
be made to core's sessionlib in future.
2024-04-02 11:38:40 +08:00
Brendan Heywood 2d286ef8f8 MDL-80612 auth: Allow plugins to identify Moodle users on the CLI 2024-03-27 21:58:04 +11:00
Daniel Ziegenberg 87267da39d MDL-81281 phpunit: assertObjectNotHasAttribute is deprecated
To be integrated as part of MDL-81266

When running PHPUnit 9.6 we get the following deprecation warnings:
"assertObjectNotHasAttribute() is deprecated and will be removed in PHPUnit
10. Refactor your test to use assertObjectNotHasProperty() instead."

So we replace all instances of assertObjectNotHasAttribute with
assertObjectNotHasProperty.

PHPUnit justifies the change with:
> PHPUnit currently refers to "fields" (see above) as "attributes". This
> is (or will become) confusing considering the introduction of
> attributes in PHP 8 and their support in PHPUnit.  PHPUnit will be
> changed to use the term "property" instead of "attribute" where "field"
> is meant.

Signed-off-by: Daniel Ziegenberg <daniel@ziegenberg.at>
2024-03-25 16:21:07 +01:00
Sara Arjona 1e1d6d8be8 Merge branch 'MDL-71734' of https://github.com/paulholden/moodle 2024-03-21 16:11:40 +01:00
Paul Holden 011619dbd3 MDL-71734 lang: final removal of deprecated 400 strings. 2024-03-21 09:44:15 +00:00
Jake Dallimore 7e56b46abc MDL-80835 auth_lti: fix bad cast breaking samesite LTI usage 2024-03-21 15:35:48 +08:00
Jake Dallimore 18e26b5abe MDL-80835 auth_lti: add partitioning to post-auth MoodleSession cookie
Adds the property that is required by Chrome to opt-in to its 3rd party
cookie partitioning solution, CHIPS. This specific change to auth_lti is
to ensure the MoodleSession Set-Cookie header resulting from
complete_user_login() calls (in auth.php) have this property set.
2024-03-21 15:35:48 +08:00
Jake Dallimore a92f780b23 MDL-80835 auth_lti: add cookie helper facilitating CHIPS opt-in
To opt a cookie in to Chrome's 3rd party cookie partitioning solution,
CHIPS, the property 'Partitioned;' needs to be set. This adds a helper
class supporting this, for a given cookie(s).

Note also, PHP's native
cookie APIs (setcookie, etc) don't support this cookie property yet -
(https://github.com/php/php-src/issues/12646).

Since this class is intended to allow existing Set-Cookie headers to be
modified before being sent (e.g. allowing clients to set a property on a
cookie set elsewhere in code), it deals with the headers directly anyway
but it means that new cookies must also use this helper to opt-in,
instead of relying on setcookie(). E.g. where the intent is to add
partitioning support to a new cookie, that cookie must first be set
(setcookie) and then it may opt-in to partitioning via this helper;
partitioning support cannot be achieved directly through setcookie and
friends yet.
2024-03-21 15:35:48 +08:00
Huong Nguyen 88dc0f5010 Merge branch 'MDL-79769-master' of https://github.com/davewoloszyn/moodle 2024-03-12 09:18:10 +07:00
David Woloszyn cb6acfc46a MDL-79769 login: Add password toggle icon to the login screen 2024-03-08 15:54:11 +11:00
Jun Pataleta 3278ce7aba Merge branch 'MDL-65292' of https://github.com/stronk7/moodle 2024-03-08 08:00:41 +08:00
Huong Nguyen 32b445a47c Merge branch 'MDL-80836-main' of https://github.com/snake/moodle 2024-03-05 10:23:59 +07:00
Mikel Martín 4ce883ae21 MDL-75670 theme: Refactor form-group helper class dropped in BS5
- Replace .form-group Boostrap helper class with .mb-3. The .form-group class was only
adding margin bottom styles, so it is an straightforward change.
- Replace .form-group references in SCSS files with .fitem now .form-group has been removed.
- There were some other .form-group occurrences in the code that were using it not for styling
but incorrectly for managing some logic. These have been also replaced with .fitem or removed.
2024-02-29 13:55:37 +01:00
Eloy Lafuente (stronk7) ba1f804ffa MDL-65292 style: Fix all function declarations white space
This has been generated running the following Sniffs, all
them part of the Moodle's CodeSniffer standard:
- PSR12.Functions.ReturnTypeDeclaration
- PSR12.Functions.NullableTypeDeclaration
- moodle.Methods.MethodDeclarationSpacing
- Squiz.Whitespace.ScopeKeywordSpacing

All them are, exclusively, about correct spacing, so the changes
are, all them, only white space changes.

Only exceptions to the above are 3 changes what were setting the
return type in a new line, and, when that happens, the closing
parenthesis (bracket) has to go to the same line than the colon.
2024-02-28 23:33:26 +01:00
Jake Dallimore 0498f008bc MDL-80836 auth_lti: deprecate no auth notice
This notice was specific to the session piggyback method and is no
longer relevant.
2024-02-15 12:27:20 +08:00
Jake Dallimore faf084ff00 MDL-80836 auth_lti: take user through login instead of sesspiggyback
Browsers are phasing out 3rd party cookies. Those which can be set are
partitioned to the top level embedding site, so piggybacking is
prevented. This will break the account linking process. This fix swaps
the piggyback for a login round trip, as originally intended, which
resolves the issue.
2024-02-15 12:27:20 +08:00
Paul Holden a5133df5bb Merge branch 'MDL-80708-main' of https://github.com/rmady/moodle into main 2024-02-08 15:32:27 +08:00
Rodrigo Mady 9c9fbb262c MDL-80708 auth_email: Extendedusernamechars return get_signup_settings 2024-02-07 11:39:18 -03:00
Ilya Tregubov fa91b1e12a Merge branch 'MDL-73703-master' of https://github.com/davewoloszyn/moodle 2024-02-06 12:37:51 +08:00
Srdjan 3079896480 MDL-73703 auth_ldap: Break apart sync_task
Extracted code from sync_users() into separate functions
in order to enable ad-hoc sheduling, and chunking.

Co-authored-by: David Woloszyn <david.woloszyn@moodle.com>
2024-01-24 12:17:53 +11:00
Huong Nguyen 06946991d2 Merge branch 'MDL-67053-main' of https://github.com/davewoloszyn/moodle 2024-01-23 16:14:27 +07:00
Jake Dallimore a724bb8fae MDL-78219 auth_lti: ensure user updates happen after authentication
If an existing session is active at the time of launch, that user id
appears in the user_updated log. This log should show the launching user
updating their own record, not someone else. To resolve this, auth the
user before making any record updates so that the event gets the correct
user id.
2024-01-15 15:41:52 +08:00
Jake Dallimore 47703c1109 MDL-78219 auth_lti: force empty session before launch user creation
If an existing session is active at the time of launch, that user id
appears in the user_created log, incorrectly (it should be system/0).
This patch makes sure that any existing session is terminated before
creation of a new user during launches.
2024-01-15 15:41:52 +08:00
Huong Nguyen a3654984c1 Merge branch 'MDL-79296-main' of https://github.com/rmady/moodle 2024-01-11 09:42:52 +07:00
Jwalit Shah 53f28d1f51 MDL-67053 login: Allow bypassing alternateurl config 2023-12-11 09:45:27 +11:00
Rodrigo Mady 5a7afb727e MDL-79296 auth_email: Add extendedusernamechars to get_signup_settings 2023-12-01 09:25:33 -03:00
Benjamin Walker b833927648 MDL-74417 admin: Remove sesskey from test settings links 2023-12-01 18:41:50 +10:00
Ilya Tregubov 42f5a6a022 Merge branch 'MDL-78849' of https://github.com/paulholden/moodle 2023-11-30 10:37:28 +08:00
Andrew Nicols 525212f2d2 MDL-78496 core: Address phpcs issues with upgrade.php files 2023-11-19 21:20:53 +08:00
Andrew Nicols 545b36cd4a MDL-78496 upgrade: remove all the < 4.1.0 upgrade steps
Also includes an upgrade step to prevent upgrading from any
version < 2021112802 (v4.1.0) as anti-cheating measure.
2023-11-17 23:25:36 +08:00
Paul Holden 2f213c96ce MDL-78849 user: correct logical operator behaviour for guest button.
Apart from being banned per MDL-74990, it causes a subtle bug here
due to operator precedence.

Co-authored-by: Tom Mayfield <tmayfield@costrack.com>
2023-11-16 11:30:39 +00:00
Jun Pataleta 9beff03a96 MDL-79626 upgrade: add the 4.3.0 separation line to all upgrade scripts 2023-10-10 10:44:17 +08:00
Sara Arjona 9877a06246 Merge branch 'MDL-79551-master-rc' of https://github.com/junpataleta/moodle 2023-10-04 12:28:14 +02:00
Jun Pataleta d5d7835a0a MDL-79551 versions: Make CiBoT happy
* Use array short syntax for $plugin->dependencies
* Add trailing comma for multi-line $plugin->dependencies array
2023-10-04 14:04:29 +08:00
Jun Pataleta 94bc2cd38b MDL-79551 versions: bump all versions and requires near release 2023-10-04 13:57:17 +08:00
meirzamoodle 0adb58ec9c MDL-78969 oauth2: remove auto-login after successful confirmation
With the new flow, users can go to the login page from the confirmed page,
and if the user successfully logs in, the user will be directed to the confirmed page.
To avoid that, the confirmed page can only be seen by users who are not logged in.
2023-10-04 01:24:19 +00:00
Sara Arjona 458172696f Merge branch 'MDL-79511-master' of https://github.com/meirzamoodle/moodle 2023-09-28 16:15:47 +02:00
Meirza 5dd79c7781 MDL-79511 auth: Avoid errors on the dynamic properties creation
Currently, Moodle uses fetchOBject() from ADOdb to get the table columns.
Sadly, the current ADOdb, especially the fetchObject() function, still creates dynamic properties.
Altering the fetchObject() with fetchRow() to avoid the dynamic properties deprecation error on PHP 8.2
2023-09-27 16:43:15 +07:00
Sara Arjona cc9430929d MDL-77708 docs: Update references from docs.moodle.org/dev 2023-09-26 10:30:19 +02:00
Jun Pataleta 1eb8ee32bb MDL-78806 core: Remove redundant site name
MDL-78806 core: Remove redundant site name on page titles

* With the site name now being appended to the page titles, there
is no need to manually append the page titles.
2023-09-09 08:58:54 +08:00
Jun Pataleta 29ec472284 Merge branch 'MDL-53368-master-3' of https://github.com/HuongNV13/moodle 2023-08-24 22:51:26 +08:00
Huong Nguyen 0cd29afb6f MDL-53368 core_auth: Implement reCaptcha on login page 2023-08-24 15:18:31 +07:00
Cameron Ball 230fcddd62 MDL-78630 auth: Display lock/unlock messages 2023-08-15 10:59:09 +08:00
meirzamoodle 3d3dd827fa MDL-78685 auth_oauth2: Added logged-in status check 2023-08-10 18:32:23 +07:00
Jake Dallimore c25857a73f MDL-76842 auth_lti: remove redundant conditional logic and cast 2023-06-08 10:27:19 +08:00
Jake Dallimore d9fbe7c866 MDL-76842 auth_lti: don't update the user unless data has changed
When receiving data from the LTI launch, or service call, only update
the user record when we know something has changed. This prevents the
creation of many \core\event\user_updated events.
2023-06-08 09:29:56 +08:00
Jake Dallimore 3208e7f182 MDL-76842 auth_lti: don't update the user after membership creation
This isn't required and generates excess events. The only thing update
does, other than update the user fields, is to update the picture, but
in this case, that's unset in membership-based auths anyway, so it's
entirely safe to remove this.
2023-06-08 09:29:56 +08:00
Jake Dallimore dd507afe4b MDL-76842 auth_lti: test confirming the erroneous user_updated events
This test will fail until the fix - only updating users when data has
changed - is put in place in the following commit.
2023-06-08 09:29:56 +08:00