1095 Commits

Author SHA1 Message Date
Dan Poltawski
7718d3fba4 Merge branch 'MDL-50925-master' of git://github.com/andrewnicols/moodle 2017-07-18 08:53:43 +01:00
Andrew Nicols
8d46ce8107 MDL-50925 auth: Remove old README
This is much better and more accurately documented in the Moodle Docs at
https://docs.moodle.org/dev/Authentication_plugins.
2017-07-18 14:49:09 +08:00
Andrew Nicols
abc25c01b8 MDL-50925 auth_imap: Remove from core and into plugins DB 2017-07-18 14:49:08 +08:00
Andrew Nicols
36eaa96332 MDL-50925 auth_pop3: Remove from core and into plugins DB 2017-07-18 14:48:51 +08:00
Andrew Nicols
f9d12a2d1e MDL-50925 auth_pam: Remove from core and into plugins DB 2017-07-18 14:48:38 +08:00
Andrew Nicols
db6ba96510 MDL-50925 auth_nntp: Remove from core and into plugins DB 2017-07-18 14:48:23 +08:00
Andrew Nicols
032194970b MDL-50925 auth_fc: Remove from core and into plugins DB 2017-07-18 14:47:56 +08:00
Dan Poltawski
efc1d2bb6b Merge branch 'MDL-59475-master-cas' of git://github.com/lameze/moodle 2017-07-17 14:18:21 +01:00
Simey Lameze
2a6224c273 MDL-59475 auth_cas: update phpCAS to version 1.3.5 2017-07-14 12:19:30 +08:00
Eloy Lafuente (stronk7)
f84bdb4347 Merge branch 'MDL-57432-master' of git://github.com/danpoltawski/moodle 2017-07-11 10:44:06 +02:00
Eloy Lafuente (stronk7)
29af7b0b4c MDL-57432 upgrade: clean < 3.0.0 upgrade steps
This just deletes all the upgrade steps previous to 3.0.0. Some
small adjustments, like adding missing MOODLE_INTERNAL or tweaking
globals can also be applied when needed.

Also includes an upgrade step to prevent upgrading from any
version < 2015111600 (v3.0.0) as anti-cheating measure.

Next commit will get rid of/deprecate all the upgradelib functions
not used anymore in codebase.
2017-07-10 09:16:55 +01:00
Dan Poltawski
04d1f77644 Merge branch 'MDL-58544-master' of git://github.com/damyon/moodle 2017-07-10 08:36:40 +01:00
Simey Lameze
b9e9ff8830 MDL-59456 auth_cas: patch phpCAS auth bypass vulnerability 2017-07-06 09:30:53 +01:00
Juan Leyva
b6f70a3745 MDL-58716 auth: New ajax WS core_auth_request_password_reset 2017-07-04 11:40:12 +01:00
Damyon Wiese
859e2033cb MDL-58544 oauth2: Allow trusted issuers
Add a setting to each issuer that skips the email confirmation when creating and linking accounts.
2017-06-27 16:50:27 +08:00
Simey Lameze
92c8cb9d98 MDL-59275 auth: prevent user login failed coding error 2017-06-27 13:04:02 +08:00
Jun Pataleta
e037a6a126 Merge branch 'MDL-59012-master-linkurl' of git://github.com/mudrd8mz/moodle 2017-06-14 12:32:03 +01:00
Jun Pataleta
1ff50be21f Merge branch 'MDL-58908-master' of git://github.com/damyon/moodle 2017-06-06 17:15:41 +08:00
David Mudrák
97cc7e0969 MDL-59012 auth_oauth2: Do not escape URL in plain text emails 2017-05-23 13:28:27 +02:00
Eloy Lafuente (stronk7)
5e27228335 MDL-58933 upgrade: add 3.3.0 separation line to all upgrade scripts 2017-05-19 19:22:07 +02:00
Iñaki Arenaza
67bebb69eb MDL-57558 ldap: fix ldap_get_entries_moodle()
While ldap_get_entries_moodle() PHPdocs state that it returns "array
ldap-entries with lower-cased attributes as indexes.", this is not true. It
uses ldap_get_attributes() internally, which returns both numerically indexed
attribute names, and dictionary-like entries indexed by attribute names.

Current code lowercases the dictionary-like entries, but then uses the
numerically indexed entries for the attribute names used as keys in the
returned array. The numerically indexed names might or might not be lowercased,
depending on the LDAP server and PHP version) version. E.g., OpenLDAP 2.x,
Novell eDirectory 8.x and MS Active Directory return mixed-cased attribute
names, and PHP 5.x and PHP 7.x don't lowercase them inside ldap_get_entries().

This is probably why all calls to ldap_get_entries_moodle() are followed by
calls to array_change_key_case(), even if that shouldn't be necessary.

So make sure we always return lower-cased attributs as indexes and add some
unit tests to avoid regressions in the future.
2017-05-16 10:48:27 +01:00
David Monllao
56fb39316f MDL-58905 auth_oauth2: Return if no issuers allow login 2017-05-12 14:52:07 +08:00
David Monllao
ac8a0c4077 MDL-58905 auth_oauth2: Add plugin enabled checkings 2017-05-12 14:36:01 +08:00
David Monllao
011591a148 MDL-58905 auth_oauth2: No linked accounts if the plugin is not enabled 2017-05-12 14:36:01 +08:00
Andrew Nicols
2c69d24037 Merge branch 'MDL-58898-master' of https://github.com/xow/moodle 2017-05-12 12:32:23 +08:00
John Okely
081aad9986 MDL-58898 oauth: Cover orphaned linked logins in unit tests 2017-05-12 12:26:39 +08:00
John Okely
4c8727bad6 MDL-58898 oauth: Remove orphaned linked logins 2017-05-12 12:18:17 +08:00
Jun Pataleta
0e01f68e3c Merge branch 'MDL-58899-master' of https://github.com/snake/moodle 2017-05-12 12:00:52 +08:00
Jake Dallimore
5ffe41b6c5 MDL-58899 auth: improve lang strings for confirmation failures in oauth 2017-05-12 11:45:36 +08:00
Damyon Wiese
95e13556df MDL-58908 auth_oauth2: Don't kill gravatar
If gravatar is enabled, don't update profile pictures.
2017-05-12 11:43:47 +08:00
Andrew Nicols
95dd5e3bd6 MDL-58774 auth_oauth2: Only check unexpired accounts for same issuer
It shoudl be possible to link multiple OAuth2 sources which have the
same e-mail address to an account.

This patch makes the check for an existing linked account stricter so
that it only checks for linked account records which match the same
issuer, and which do not have expired confirmation tokens.
2017-05-12 09:44:48 +08:00
Dan Poltawski
e838654b4e Merge branch 'MDL-58877-master-enfix' of git://github.com/mudrd8mz/moodle 2017-05-10 12:01:08 +01:00
Helen Foster
0d86195e8d MDL-58877 lang: Merge English strings from the en_fix language pack
Significant string changes:

* loginerror_cannotcreateaccounts in auth_oauth2 - more understandable
  error message
* config_keep_groups_and_groupings and config_keep_roles_and_enrolments
  in core_backup - switch fix
2017-05-10 12:24:36 +02:00
Dan Poltawski
fd8d1648a7 Merge branch 'MDL-58836-master' of git://github.com/damyon/moodle 2017-05-10 06:56:42 +01:00
David Monllao
396ae85082 Merge branch 'MDL-58774-master' of git://github.com/damyon/moodle 2017-05-10 10:43:58 +08:00
Damyon Wiese
4f705f5d0d MDL-58774 auth_oauth2: Prevent duplicate linked logins 2017-05-10 10:17:56 +08:00
Eloy Lafuente (stronk7)
d989ee1e03 MDL-58853 versions: bump all versions and requires near release
version = 2017051500 release version
requires= 2017050500 current rc1 version
2017-05-09 02:58:28 +02:00
David Mudrák
2b948c204a MDL-58793 auth: Do not report migrated settings as new ones on upgrade
As a result of fixing the auth plugins config storage in MDL-12689, many
settings would be falsely reported as new ones by
admin/upgradesettings.php. We do not want to confuse admins so we try to
reduce the bewilderment by pre-populating the config_plugins table with
default values. This should be done only for disabled auth methods. The
enabled methods have their settings already stored, so reporting actual
new settings for them is valid.
2017-05-08 11:51:55 +02:00
David Mudrák
9f29e45e15 MDL-58793 auth: Fix invalid access to $this in settings.php files
It has never been guaranteed that settings.php would always be included
from inside the core\plugininfo\auth::load_settings() scope only.
Alternative fix would be to use $plugininfo->name but I think it is
better to be explicit here (same as we are explicit with setting names,
strings etc).
2017-05-08 11:47:29 +02:00
Damyon Wiese
406b92c6fd MDL-58836 auth: Improve backwards compatibility
Auth plugins with custom signup forms may not be using renderables / renderers - or
even if they are they may return a renderable that can only be rendered with the renderer from the auth
plugin.

This change checks if the signup form is a renderable - if so try the plugin renderer or fall back on the general renderer.
Otherwise call display() from the mform which is the previous way of rendering an mform.
2017-05-08 16:14:01 +08:00
Damyon Wiese
e0abc2e405 MDL-58774 auth_oauth2: Cleanup on user delete. 2017-05-08 14:26:44 +08:00
Jun Pataleta
1e324a4a88 Merge branch 'MDL-58749-master-enfix' of git://github.com/mudrd8mz/moodle 2017-05-04 14:45:08 +08:00
Helen Foster
06d0aa4432 MDL-58749 lang: Merge English strings from the en_fix language pack
Significant string changes:

* errorinvalidbyhour,core_calendar - correcting number from 59 to 23
* cron_help,core_admin - updated recommendation to run cron every minute
* tour1_content_end, tour1_content_welcome, tour2_content_end,
  tour2_content_welcome all in tool_usertours - removing reference to
  3.2
* invalidsesskey,core_error and invalidsesskey,mod_wiki - more
  understandable error message
* pluginname_help and pluginnamesummary in qtype_essay - explaining that
  the question type can be used for file uploads
* formatnoinline, mustattach and mustrequire in qtype_essay - changing
  the word 'inline' to 'online'
2017-05-03 22:05:51 +02:00
David Mudrák
31bd102316 MDL-58692 auth: Improve the migration of auth setting names
Some auth plugins used to have a mix of the legacy style of plugin names
in config_plugins table (such as 'auth/mnet') and the new correct
style (such as 'auth_mnet'). Attempting to rename the setting plugin via
low level SQL UPDATE could lead to duplicate key violation.

The patch introduces a new helper function to safely migrate the old
settings to the new ones, eventually informing the admin about the
values mismatch.
2017-05-03 12:02:43 +02:00
David Mudrák
1cb5c7b31f MDL-58631 auth: Clarify documentation of changes in loginpage_idp_list()
This should clarify the new 'iconurl' key returned by the auth plugin's
loginpage_idp_list() method.
2017-04-18 17:00:40 +02:00
David Monllao
bb17eafab0 Merge branch 'MDL-58478-master' of git://github.com/damyon/moodle 2017-04-17 14:44:39 +02:00
Martin Gauk
8abec10d55 MDL-58244 shibboleth: handle users who are logged out
If the user is (already) logged out, do not access $USER->auth and redirect him to the return URL.
2017-04-13 10:05:39 +00:00
Jun Pataleta
627ea5b10e MDL-58400 auth: New helper methods for identity providers
* get_identity_providers(): Retrieves available auth identity providers
* prepare_identity_providers_for_output(): Prepares auth identity
    provider data for output (e.g. to templates, WS, etc)
* Use these helpers for the login renderer
2017-04-10 11:12:03 +08:00
Jun Pataleta
7e4a4d30df NOBUG: Fixed file access permissions 2017-04-07 12:45:45 +08:00
David Monllao
2a69ffd212 MDL-12689 auth_shibboleth: No remote updates 2017-04-06 15:51:27 +02:00