By prematurely loading custom profile data in the constructor, under
specific circumstances it would happen before the page was fully
initialised which meant that any attempt at applying filters when
formatting profile field data would result in thrown exception.
While this change is not 100% required now, it's good habit
and we are checking for it since Moodle 4.4.
All the changes in this commit have been applied automatically
using the moodle.PHPUnit.TestReturnType sniff and are, exclusively
adding the ": void" return types when missing.
There are inherent issues with task blocking which mean that it has
never worked properly. It is also very buggy and can lead to massive
performance issues with task processing.
It is almost impossible to deprecate this in a staged fashion because
various APIs use the methods and it is not possible to determine which
are API uses and which are other valid uses.
In reality there has been little-to-no uptake on the use of this feature
and it should just be removed.
The MoodleSession cookie is already set this way when using Chrome, but
not for Firefox. This is a decision made in \core\session\manager. When
Firefox eventually defaults to SameSite=Lax when the SameSite attribute
is omitted from the Set-Cookie headers, the MoodleSession cookie won't
be sent. This change ensures the cookies used during LTI launches will
continue to work if/when this happens, and despite any changes which may
be made to core's sessionlib in future.
To be integrated as part of MDL-81266
When running PHPUnit 9.6 we get the following deprecation warnings:
"assertObjectNotHasAttribute() is deprecated and will be removed in PHPUnit
10. Refactor your test to use assertObjectNotHasProperty() instead."
So we replace all instances of assertObjectNotHasAttribute with
assertObjectNotHasProperty.
PHPUnit justifies the change with:
> PHPUnit currently refers to "fields" (see above) as "attributes". This
> is (or will become) confusing considering the introduction of
> attributes in PHP 8 and their support in PHPUnit. PHPUnit will be
> changed to use the term "property" instead of "attribute" where "field"
> is meant.
Signed-off-by: Daniel Ziegenberg <daniel@ziegenberg.at>
Adds the property that is required by Chrome to opt-in to its 3rd party
cookie partitioning solution, CHIPS. This specific change to auth_lti is
to ensure the MoodleSession Set-Cookie header resulting from
complete_user_login() calls (in auth.php) have this property set.
To opt a cookie in to Chrome's 3rd party cookie partitioning solution,
CHIPS, the property 'Partitioned;' needs to be set. This adds a helper
class supporting this, for a given cookie(s).
Note also, PHP's native
cookie APIs (setcookie, etc) don't support this cookie property yet -
(https://github.com/php/php-src/issues/12646).
Since this class is intended to allow existing Set-Cookie headers to be
modified before being sent (e.g. allowing clients to set a property on a
cookie set elsewhere in code), it deals with the headers directly anyway
but it means that new cookies must also use this helper to opt-in,
instead of relying on setcookie(). E.g. where the intent is to add
partitioning support to a new cookie, that cookie must first be set
(setcookie) and then it may opt-in to partitioning via this helper;
partitioning support cannot be achieved directly through setcookie and
friends yet.
- Replace .form-group Boostrap helper class with .mb-3. The .form-group class was only
adding margin bottom styles, so it is an straightforward change.
- Replace .form-group references in SCSS files with .fitem now .form-group has been removed.
- There were some other .form-group occurrences in the code that were using it not for styling
but incorrectly for managing some logic. These have been also replaced with .fitem or removed.
This has been generated running the following Sniffs, all
them part of the Moodle's CodeSniffer standard:
- PSR12.Functions.ReturnTypeDeclaration
- PSR12.Functions.NullableTypeDeclaration
- moodle.Methods.MethodDeclarationSpacing
- Squiz.Whitespace.ScopeKeywordSpacing
All them are, exclusively, about correct spacing, so the changes
are, all them, only white space changes.
Only exceptions to the above are 3 changes what were setting the
return type in a new line, and, when that happens, the closing
parenthesis (bracket) has to go to the same line than the colon.
Browsers are phasing out 3rd party cookies. Those which can be set are
partitioned to the top level embedding site, so piggybacking is
prevented. This will break the account linking process. This fix swaps
the piggyback for a login round trip, as originally intended, which
resolves the issue.
Extracted code from sync_users() into separate functions
in order to enable ad-hoc sheduling, and chunking.
Co-authored-by: David Woloszyn <david.woloszyn@moodle.com>
If an existing session is active at the time of launch, that user id
appears in the user_updated log. This log should show the launching user
updating their own record, not someone else. To resolve this, auth the
user before making any record updates so that the event gets the correct
user id.
If an existing session is active at the time of launch, that user id
appears in the user_created log, incorrectly (it should be system/0).
This patch makes sure that any existing session is terminated before
creation of a new user during launches.
With the new flow, users can go to the login page from the confirmed page,
and if the user successfully logs in, the user will be directed to the confirmed page.
To avoid that, the confirmed page can only be seen by users who are not logged in.
