Storage of session metadata has moved into the session handler class.
This allows for other classes to fully control session handling and
removes the dependancy on the core sessions database table.
Previously, the standard method of interaction with the
session metadata was direct DB calls; this may break other plugins as there
are now proper APIs available through the session manager.
Co-authored-by: Darren Cocco <moodle@darren.cocco.id.au>
Co-authored-by: Trisha Milan <trishamilan@catalyst-au.net>
Co-authored-by: Andrew Nicols <andrew@nicols.co.uk>
With MDL-81031 psr/log was added to moodle core, so amending the instructions
in readme_moodle.txt accordingly.
Notable upstream changes:
- With the upstream PR #422 the file `source/CAS.php` is now also
autoloaded.
- With the upstream PR #428 the list of composer ignored files got
updated. So we can now remove some of the upgrade steps in the
readme_moodle.txt
Signed-off-by: Daniel Ziegenberg <daniel@ziegenberg.at>
Some email body strings use first names as greetings,
some use full names, and some do not.
Using the first name for greeting makes it consistent and
a bit more "personal".
By prematurely loading custom profile data in the constructor, under
specific circumstances it would happen before the page was fully
initialised which meant that any attempt at applying filters when
formatting profile field data would result in thrown exception.
All setUp(), tearDown(), setUpBeforeClass() and tearDownAfterClass()
must, always, call to parent, to ensure that everything is properly
set and cleaned.
While in a lot of situations this is not needed (parents may not
have anything to run), with PHPUnit >= 10 this can become more
important because we are going to move the reset code from current
placement @ runBare() to setUp()/tearDown().
Note that all the changes performed in this commit have been detected
and fixed by moodle-cs (ParentSetUpTearDownSniffTest).
While this change is not 100% required now, it's good habit
and we are checking for it since Moodle 4.4.
All the changes in this commit have been applied automatically
using the moodle.PHPUnit.TestReturnType sniff and are, exclusively
adding the ": void" return types when missing.
There are inherent issues with task blocking which mean that it has
never worked properly. It is also very buggy and can lead to massive
performance issues with task processing.
It is almost impossible to deprecate this in a staged fashion because
various APIs use the methods and it is not possible to determine which
are API uses and which are other valid uses.
In reality there has been little-to-no uptake on the use of this feature
and it should just be removed.
The MoodleSession cookie is already set this way when using Chrome, but
not for Firefox. This is a decision made in \core\session\manager. When
Firefox eventually defaults to SameSite=Lax when the SameSite attribute
is omitted from the Set-Cookie headers, the MoodleSession cookie won't
be sent. This change ensures the cookies used during LTI launches will
continue to work if/when this happens, and despite any changes which may
be made to core's sessionlib in future.
To be integrated as part of MDL-81266
When running PHPUnit 9.6 we get the following deprecation warnings:
"assertObjectNotHasAttribute() is deprecated and will be removed in PHPUnit
10. Refactor your test to use assertObjectNotHasProperty() instead."
So we replace all instances of assertObjectNotHasAttribute with
assertObjectNotHasProperty.
PHPUnit justifies the change with:
> PHPUnit currently refers to "fields" (see above) as "attributes". This
> is (or will become) confusing considering the introduction of
> attributes in PHP 8 and their support in PHPUnit. PHPUnit will be
> changed to use the term "property" instead of "attribute" where "field"
> is meant.
Signed-off-by: Daniel Ziegenberg <daniel@ziegenberg.at>
Adds the property that is required by Chrome to opt-in to its 3rd party
cookie partitioning solution, CHIPS. This specific change to auth_lti is
to ensure the MoodleSession Set-Cookie header resulting from
complete_user_login() calls (in auth.php) have this property set.
To opt a cookie in to Chrome's 3rd party cookie partitioning solution,
CHIPS, the property 'Partitioned;' needs to be set. This adds a helper
class supporting this, for a given cookie(s).
Note also, PHP's native
cookie APIs (setcookie, etc) don't support this cookie property yet -
(https://github.com/php/php-src/issues/12646).
Since this class is intended to allow existing Set-Cookie headers to be
modified before being sent (e.g. allowing clients to set a property on a
cookie set elsewhere in code), it deals with the headers directly anyway
but it means that new cookies must also use this helper to opt-in,
instead of relying on setcookie(). E.g. where the intent is to add
partitioning support to a new cookie, that cookie must first be set
(setcookie) and then it may opt-in to partitioning via this helper;
partitioning support cannot be achieved directly through setcookie and
friends yet.
- Replace .form-group Boostrap helper class with .mb-3. The .form-group class was only
adding margin bottom styles, so it is an straightforward change.
- Replace .form-group references in SCSS files with .fitem now .form-group has been removed.
- There were some other .form-group occurrences in the code that were using it not for styling
but incorrectly for managing some logic. These have been also replaced with .fitem or removed.
This has been generated running the following Sniffs, all
them part of the Moodle's CodeSniffer standard:
- PSR12.Functions.ReturnTypeDeclaration
- PSR12.Functions.NullableTypeDeclaration
- moodle.Methods.MethodDeclarationSpacing
- Squiz.Whitespace.ScopeKeywordSpacing
All them are, exclusively, about correct spacing, so the changes
are, all them, only white space changes.
Only exceptions to the above are 3 changes what were setting the
return type in a new line, and, when that happens, the closing
parenthesis (bracket) has to go to the same line than the colon.
Browsers are phasing out 3rd party cookies. Those which can be set are
partitioned to the top level embedding site, so piggybacking is
prevented. This will break the account linking process. This fix swaps
the piggyback for a login round trip, as originally intended, which
resolves the issue.
Extracted code from sync_users() into separate functions
in order to enable ad-hoc sheduling, and chunking.
Co-authored-by: David Woloszyn <david.woloszyn@moodle.com>
