moodle/auth/upgrade.txt

This files describes API changes in /auth/* - plugins,
information provided here is intended especially for developers.

=== 3.2 ===

* New auth hook - pre_user_login_hook() - available, triggered right after the user object is created.
  This can be used to modify the user object before any authentication errors are raised.
* The block_login now displays the loginpage_idp_list() links as well as main login page.

=== 3.0 ===

* login_signup_form::signup_captcha_enabled() now calls is_captcha_enabled() from the current auth plugin instead of from auth_email

=== 2.9 ===

* Do not update user->firstaccess from any auth plugin, the complete_user_login() does it automatically.

* Add user_add_password_history() to user_signup() method.

* New auth hook - pre_loginpage_hook() - available, triggered before redirecting to the login page.

=== 2.8 ===

* \core\session\manager::session_exists() now verifies the session is active
  instead of only checking the session data is present in low level session handler

* MNet is no longer sending logs between the client and parent sites. auth_plugin_mnet::refresh_log() is now deprecated. There is
  no alternative. Please don't use this function.

=== 2.7 ===

* If you are returning a url in method change_password_url() from config, please make sure it is set before trying to use it.

=== 2.6 ===

* can_be_manually_set() - This function was introduced in the base class and returns false by default. If overriden by
  an authentication plugin to return true, the authentication plugin will be able to be manually set for users. For example,
  when bulk uploading users you will be able to select it as the authentication method they use.

=== 2.4 ===

required changes in code:
* use role_get_name() or role_fix_names() if you need any role names, using role.name
  directly from database is not correct any more

optional - no changes needed:
* add support for custom user signup form - see auth_plugin_base::signup_form() function

=== 2.2 ===

required changes in code:
* the correct sequence to set up global $USER is:
    $user = get_complete_user_data('username', $username); // or $user = authenticate_user_login()
    enrol_check_plugins($user);
    session_set_user($user);
MDL-29602 accesslib improvements Refactoring and improvements of the accesslib.php library including prevention of access for not-logged-in users when forcelogin enabled, improved context caching, OOP refactoring of contexts, fixed context loading, deduplication of role definitions in user sessions, installation improvements, decoupling of enrolment checking from capability loading, added detection of deleted and non-existent users in has_capability(), new function accesslib test, auth and enrol upgrade notes. More details are available in tracker subtasks. 2011-10-14 12:48:00 +02:00			`This files describes API changes in /auth/* - plugins,`
			`information provided here is intended especially for developers.`

MDL-53306 auth: Add hook for auth plugins to access user object. Add a hook for auth plugins to be able to modify or check a user, before raising any authentication errors. The auth plugin needs to add a public function like this: /** * Pre user_login hook. * This method is called from authenticate_user_login() right after the user * object is generated. This gives the auth plugins an option to make adjustments * before the verification process starts. * * @param object $user user object, later used for $USER */ public function pre_user_login_hook(&$user) { // Override if needed. } 2016-03-04 11:02:34 -08:00			`=== 3.2 ===`

			`* New auth hook - pre_user_login_hook() - available, triggered right after the user object is created.`
			`This can be used to modify the user object before any authentication errors are raised.`
MDL-56082 auth: minor tweak to login block idp links No longer set the return url to $SESSION->wantsurl, it doens't make sense in this context, as the user is probably on the page they want. Also add a note about this functionality to auth/ugrade.txt 2016-10-18 17:19:03 +01:00			`* The block_login now displays the loginpage_idp_list() links as well as main login page.`
MDL-53306 auth: Add hook for auth plugins to access user object. Add a hook for auth plugins to be able to modify or check a user, before raising any authentication errors. The auth plugin needs to add a public function like this: /** * Pre user_login hook. * This method is called from authenticate_user_login() right after the user * object is generated. This gives the auth plugins an option to make adjustments * before the verification process starts. * * @param object $user user object, later used for $USER */ public function pre_user_login_hook(&$user) { // Override if needed. } 2016-03-04 11:02:34 -08:00
MDL-51217 auth: check if recaptcha enabled for current plugin 2015-09-16 15:30:04 +08:00			`=== 3.0 ===`

			`* login_signup_form::signup_captcha_enabled() now calls is_captcha_enabled() from the current auth plugin instead of from auth_email`

MDL-48282 Standardise update of user->firstaccess 2014-11-19 14:16:41 +13:00			`=== 2.9 ===`

			`* Do not update user->firstaccess from any auth plugin, the complete_user_login() does it automatically.`

MDL-47830 auth: Add pw rotation restrictions 2014-11-21 11:26:32 +13:00			`* Add user_add_password_history() to user_signup() method.`

MDL-48887 auth: added new hook to upgrade notes. 2015-04-02 00:55:47 +02:00			`* New auth hook - pre_loginpage_hook() - available, triggered before redirecting to the login page.`

MDL-46561 session: use full session validation in \core\session\manager::session_exists() 2014-08-05 12:11:43 +12:00			`=== 2.8 ===`

			`* \core\session\manager::session_exists() now verifies the session is active`
			`instead of only checking the session data is present in low level session handler`

MDL-39888 mnet: Removed tab and links to the log report. The link would include parameters which generates warnings on the log report page. 2014-08-14 16:01:43 +08:00			`* MNet is no longer sending logs between the client and parent sites. auth_plugin_mnet::refresh_log() is now deprecated. There is`
			`no alternative. Please don't use this function.`

MDL-42097 auth: Auth plugins must check passwordurl before returning it 2013-11-21 16:15:04 +08:00			`=== 2.7 ===`

			`* If you are returning a url in method change_password_url() from config, please make sure it is set before trying to use it.`

MDL-27953 auth: documented the newly introduced function can_be_manually_set() in upgrade.txt 2013-08-06 11:38:10 +08:00			`=== 2.6 ===`

			`* can_be_manually_set() - This function was introduced in the base class and returns false by default. If overriden by`
			`an authentication plugin to return true, the authentication plugin will be able to be manually set for users. For example,`
			`when bulk uploading users you will be able to select it as the authentication method they use.`
MDL-29897 Update upgrade.txt files 2011-10-30 09:28:20 +01:00
MDL-8249 add role naming related info to upgrade.txt files 2012-05-20 14:36:26 +02:00			`=== 2.4 ===`

			`required changes in code:`
			`* use role_get_name() or role_fix_names() if you need any role names, using role.name`
			`directly from database is not correct any more`

MDL-34685 auth Allow auth plugins to override user signup form 2012-08-01 15:23:05 +01:00			`optional - no changes needed:`
			`* add support for custom user signup form - see auth_plugin_base::signup_form() function`
MDL-8249 add role naming related info to upgrade.txt files 2012-05-20 14:36:26 +02:00
MDL-29602 accesslib improvements Refactoring and improvements of the accesslib.php library including prevention of access for not-logged-in users when forcelogin enabled, improved context caching, OOP refactoring of contexts, fixed context loading, deduplication of role definitions in user sessions, installation improvements, decoupling of enrolment checking from capability loading, added detection of deleted and non-existent users in has_capability(), new function accesslib test, auth and enrol upgrade notes. More details are available in tracker subtasks. 2011-10-14 12:48:00 +02:00			`=== 2.2 ===`

			`required changes in code:`
			`* the correct sequence to set up global $USER is:`
			`$user = get_complete_user_data('username', $username); // or $user = authenticate_user_login()`
			`enrol_check_plugins($user);`
			`session_set_user($user);`