1427 Commits

Author SHA1 Message Date
Juan Leyva
eb975467bd MDL-81405 session: New core cookie helper utility class 2024-04-06 12:31:50 +02:00
Jake Dallimore
7d579dd4bb
MDL-79712 auth_lti: ensure MoodleSession uses SameSite=None Secure
The MoodleSession cookie is already set this way when using Chrome, but
not for Firefox. This is a decision made in \core\session\manager. When
Firefox eventually defaults to SameSite=Lax when the SameSite attribute
is omitted from the Set-Cookie headers, the MoodleSession cookie won't
be sent. This change ensures the cookies used during LTI launches will
continue to work if/when this happens, and despite any changes which may
be made to core's sessionlib in future.
2024-04-02 11:44:28 +08:00
Jake Dallimore
318e2344c0
MDL-81353 auth_lti: fix str_contains usage in cookie_helper
This failure was being masked by Symfony\Polyfill\Php80 during unit
tests.
2024-03-26 09:28:01 +08:00
Jake Dallimore
ea49be1e61
MDL-80835 auth_lti: fix bad cast breaking samesite LTI usage 2024-03-21 15:41:16 +08:00
Jake Dallimore
dee41e0648
MDL-80835 auth_lti: add partitioning to post-auth MoodleSession cookie
Adds the property that is required by Chrome to opt-in to its 3rd party
cookie partitioning solution, CHIPS. This specific change to auth_lti is
to ensure the MoodleSession Set-Cookie header resulting from
complete_user_login() calls (in auth.php) have this property set.
2024-03-21 15:41:16 +08:00
Jake Dallimore
d63721cb15
MDL-80835 auth_lti: add cookie helper facilitating CHIPS opt-in
To opt a cookie in to Chrome's 3rd party cookie partitioning solution,
CHIPS, the property 'Partitioned;' needs to be set. This adds a helper
class supporting this, for a given cookie(s).

Note also, PHP's native
cookie APIs (setcookie, etc) don't support this cookie property yet -
(https://github.com/php/php-src/issues/12646).

Since this class is intended to allow existing Set-Cookie headers to be
modified before being sent (e.g. allowing clients to set a property on a
cookie set elsewhere in code), it deals with the headers directly anyway
but it means that new cookies must also use this helper to opt-in,
instead of relying on setcookie(). E.g. where the intent is to add
partitioning support to a new cookie, that cookie must first be set
(setcookie) and then it may opt-in to partitioning via this helper;
partitioning support cannot be achieved directly through setcookie and
friends yet.
2024-03-21 15:41:14 +08:00
Jake Dallimore
8482210209
MDL-80836 auth_lti: take user through login instead of sesspiggyback
Browsers are phasing out 3rd party cookies. Those which can be set are
partitioned to the top level embedding site, so piggybacking is
prevented. This will break the account linking process. This fix swaps
the piggyback for a login round trip, as originally intended, which
resolves the issue.
2024-02-15 10:40:05 +08:00
Paul Holden
9390787a34
MDL-78849 user: correct logical operator behaviour for guest button.
Apart from being banned per MDL-74990, it causes a subtle bug here
due to operator precedence.

Co-authored-by: Tom Mayfield <tmayfield@costrack.com>
2023-11-16 11:32:04 +00:00
meirzamoodle
c3c18bbb20 MDL-78969 oauth2: remove auto-login after successful confirmation
With the new flow, users can go to the login page from the confirmed page,
and if the user successfully logs in, the user will be directed to the confirmed page.
To avoid that, the confirmed page can only be seen by users who are not logged in.
2023-10-04 02:10:16 +02:00
Sara Arjona
54d446ce43
MDL-77708 docs: Update references from docs.moodle.org/dev 2023-09-26 10:57:33 +02:00
Jun Pataleta
49393a1608
MDL-78806 core: Remove redundant site name
MDL-78806 core: Remove redundant site name on page titles

* With the site name now being appended to the page titles, there
is no need to manually append the page titles.
2023-09-09 08:56:50 +08:00
meirzamoodle
033f742e4a
MDL-78685 auth_oauth2: Added logged-in status check 2023-08-10 18:44:29 +07:00
Jake Dallimore
0ccf800f01
MDL-76842 auth_lti: don't update the user unless data has changed
When receiving data from the LTI launch, or service call, only update
the user record when we know something has changed. This prevents the
creation of many \core\event\user_updated events.
2023-06-08 09:40:28 +08:00
Jake Dallimore
b097d38fb3
MDL-76842 auth_lti: don't update the user after membership creation
This isn't required and generates excess events. The only thing update
does, other than update the user fields, is to update the picture, but
in this case, that's unset in membership-based auths anyway, so it's
entirely safe to remove this.
2023-06-08 09:39:09 +08:00
Jake Dallimore
1858e29d23
MDL-76842 auth_lti: test confirming the erroneous user_updated events
This test will fail until the fix - only updating users when data has
changed - is put in place in the following commit.
2023-06-08 09:39:09 +08:00
Ilya Tregubov
bb5bd2eed8 Merge branch 'MDL-77436-401' of https://github.com/meirzamoodle/moodle into MOODLE_401_STABLE 2023-04-20 16:23:19 +08:00
Meirza
110ec6a703 MDL-77436 auth_oauth2: Update profile fields based on data mapping.
After the user creation, the system must call an update function to update profile_fields_*.
We also provided two functions into user/profile/lib.php to get available from other areas.
We added PHP unit testing for new public functions and
the Behat tests for custom profile fields with locked and unlocked statuses.

Co-authored-by: Matt Porritt <matt.porritt@moodle.com>
2023-03-28 11:47:23 +07:00
Matt Porritt
714764d966 MDL-77436 auth_oauth2: Allow admin to choose profile fields for mapping
Update oauth2 to allow mapping of provider attributes against
user profile fields. Fields can also be locked to prevent
user changes.

Co-Authored-By: Michael Milette <michael.milette@tngconsulting.ca>
2023-03-28 11:46:51 +07:00
Angelia Dela Cruz
084c120c79 MDL-77577 Behat: Replaced the use of "Install selected language pack(s)
Evaluated usage of "Install selected language pack(s)" in Behat and
replaced the steps to use generator to install language packs as part
of test setup.
2023-03-21 12:00:53 +08:00
David Mudrák
acd82d3a86 MDL-76739 lang: Use the fixed strings in the tests, too 2023-01-10 21:15:06 +01:00
Helen Foster
152bbd76c5 MDL-76739 lang: Import fixed English strings (en_fix) 2023-01-10 21:13:14 +01:00
Jun Pataleta
d9cd25c2fb MDL-76497 upgrade: add the 4.1.0 separation line to all upgrade scripts 2022-12-01 08:59:07 +03:00
Jun Pataleta
00bae8b8a4 MDL-76403 versions: bump all versions and requires near release 2022-11-23 09:45:23 +08:00
Paul Holden
1ad023bba6 Merge branch 'MDL-76105-master-enfix' of https://github.com/vmdef/moodle 2022-11-17 16:29:51 +00:00
Jun Pataleta
9cf92be84d MDL-75479 auth_cas: Pass base service URL for the CAS client
Since phpCAS v1.6.0, a required base service URL parameterneeds to be
passed to phpCAS::client(). This is basically the protocol, hostname,
and port number (optional) of the site connecting to the CAS server
in order for it to perform service URL discovery.
2022-11-17 22:10:35 +08:00
Helen Foster
ae2f8cfa67 MDL-76105 lang: Import fixed English strings (en_fix) 2022-11-17 09:44:35 +00:00
Jun Pataleta
0cdfceb0f7 MDL-75479 auth_cas: Bump thirdpartylibs version to 1.6.0 2022-11-17 17:16:55 +08:00
Jun Pataleta
d2bcdfea0e MDL-75479 auth_cas: Update phpCAS to v1.6.0 2022-11-17 17:16:55 +08:00
David Woloszyn
f1b39db4f0 MDL-75479 lib: Set Moodle files after phpCAS upgrade 2022-11-17 16:13:35 +08:00
David Woloszyn
86a3735220 MDL-75479 lib: Upgrade phpCAS to 1.5.0 2022-11-17 16:13:35 +08:00
Eloy Lafuente (stronk7)
621d75dbce MDL-76053 admin: Remove various warnings related to MNet
This partially reverts MDL-73270, where some useful environmental
checks and notifications in the admin UI were added to inform
about different parts of Moodle relying on the "unsupported"
php-xmlrpc extension.

Since then, some changes have happened in core, only available
for Moodle 4.1 and up (see the MDL-70889 mini-epic). Namely:

  - MNet (SSO, roaming, auth, enrol and Mahara portfolio) are not
    using the php-xmlrpc extension anymore, but a pure php library.
  - The xmlrpc webservices protocol, has been move from core to
    the plugins directory, although it continues using the php-xmlrpc
    extension.

Because of that here we are removing all the checks and notifications
related with MNet (not using the extension anymore), but keeping the
webservice plugin ones (still using the extension). Surely if some day the
protocol stops using the extension, we'll be able to remove the
corresponding checks too. But that's future.

Note the associated lang strings have been also removed (not deprecated)
because they were highly specific and hardly reusable:
  - xmlrpcmaharaenabled
  - xmlrpcmnetauthenticationenabled
  - xmlrpcmnetenabled

And very same applies, because MNet doesn't contain anything deprecated
or not supported anymore, hence, straight deletion, to the function:
  - mnet_get_deprecation_notice()

Also, related tests using any of the removed stuff above have been deleted.

In the other side, the "check_xmlrpc_usage" continues existing and
being used both by environment checks and admin notifications but,
as commented above, now it only looks for the xmlrpc webservice
protocol now.
2022-11-08 16:49:18 +01:00
Eloy Lafuente (stronk7)
478f423e2d MDL-76055 auth_mnet: Fix update_enrolments request
Basically this fixes MDL-70833 that was reproduced while
testing the update_enrolments requests. Summary:

- Fixes a typo in table name preventing it to be updated ever.
- Fix outer join that was missing records.
- Stop playing and mixing ids (local and remote).
- Better control which enrolments have to be kept (previously
  they were being deleted immediately after creating them).
- Improve the coding style of inserts.
- Modernise the deletions to use sql helper and to work with 0..n ids.
2022-11-02 15:56:38 +01:00
Eloy Lafuente (stronk7)
8c64ab98ee MDL-76055 mnet: Switch the mnet client to use library
Completely remove all uses if the xmlrpc php extension in
the client and replace them by the phpxmlrpc library.

Very noticeably, remove all the uses of the curl extension
and use phpxmlrpc own curl support.

Working ok for moodle-moodle/mahara sso and mahara portfolio export.
2022-11-02 15:56:38 +01:00
Matt Porritt
1399974bac MDL-73122 Auth: Add test settings for Oauth2
Provide a test page in authentication settings
to allow administrators to test configured oAuth2
providers and to examine the data that is passed
back on a successful test user authentication.

Co-authored-by: Matt Porritt <mattp@catalyst-au.net>
2022-10-03 09:00:44 -04:00
Ilya Tregubov
59123f7373 Merge branch 'mdl-60666-one-user-per-transaction' of https://github.com/petersistrom/moodle 2022-09-05 14:16:44 +04:00
Tomo Tsuyuki
a6a7b16846 MDL-75171 Auth: extend user logged in event
Co-authored-by: Heena Agheda <heenaagheda@catalyst-au.net>
2022-08-19 18:38:59 +10:00
Peter Sistrom
1a06546ea3 MDL-60666 auth_ldap: One transaction per user 2022-08-10 13:49:20 +10:00
Kevin Pham
aeea0b1502 MDL-49795 auth_oauth2: Add missing metadata providers for oauth2 tables 2022-08-03 15:17:05 +10:00
Andrew Nicols
547cae0a02 MDL-74697 libraries: Update all third-party libraries with more metadata 2022-07-22 07:28:47 +02:00
Jun Pataleta
3c6fdb1993 Merge branch 'MDL-71062-master' of https://github.com/sharidas/moodle 2022-07-13 11:39:08 +08:00
Sujith Haridasan
73d604369d MDL-71062 core: Step 1 deprecation of print_error function 2022-07-13 08:20:54 +05:30
Eloy Lafuente (stronk7)
58b56e2395 MDL-71747 upgrade: remove all the < 3.9.0 upgrade steps
This just deletes all the upgrade steps previous to 3.9.0. Some
small adjustments, like tweaking globals can also be applied
when needed.

Also includes an upgrade step to prevent upgrading from any
version < 2020061500 (v3.9.0) as anti-cheating measure.

The next commits will proceed to deprecate / remove functions
that were exclusively (usually belonging to upgradelib) being
used by those, now removed, upgrade steps. This is the list
of code to remove and document in upgrade.txt files:

  - upgrade_analytics_fix_contextids_defaults()
  - upgrade_convert_hub_config_site_param_names()
  - upgrade_rename_prediction_actions_useful_incorrectly_flagged()
  - \mod_forum\task\refresh_forum_post_counts adhoc task.

And these is the code that has NOT been removed
because it may be needed later (no matter there aren't uses now):

  - \core_search\manager::clean_up_non_existing_area(), used by
  - \core\task\clean_up_deleted_search_area_task adhoc task
2022-07-07 19:16:37 +02:00
Jun Pataleta
e60e8bc629 Merge branch 'MDL-73423-master' of https://github.com/marinaglancy/moodle 2022-05-26 00:18:35 +08:00
Eloy Lafuente (stronk7)
9f53b0e965 MDL-73971 phpunit: Move more tests to use correct names and namespaces
Applied the following changes to various testcase classes:

- Namespaced with component[\level2-API]
- Moved to level2-API subdirectory when required.
- Fixed incorrect use statements with leading backslash.
- Remove file phpdoc block
- Remove MOODLE_INTERNAL if not needed.
- Changed code to point to global scope when needed.
- Fix some relative paths and comments here and there.
- All them passing individually.
- Complete runs passing too.

Special mention to:

- Some fixtures, initially defined in the test files have been
  moved to new files in fixtures subdirectory, leaving the unit
  test files clearer:
  - moodle2_course_format_test.php
- Rename wrong named test:
  - baseoptiogroup_test = baseoptigroup_test
2022-05-06 18:29:11 +02:00
Marina Glancy
a0398fdde8 MDL-73423 core_privacy: Calling reset() on objects deprecated PHP8.1 2022-04-29 16:16:07 +02:00
Eloy Lafuente (stronk7)
76f5445451 MDL-74510 upgrade: add the 4.0.0 separation line to all upgrade scripts 2022-04-22 18:45:10 +02:00
Eloy Lafuente (stronk7)
95c8cb7582 MDL-74512 behat: Skip tests requiring lang install/upgrade
By adding the step:

Given remote langimport tests are enabled

We make the execution of scenarios requiring to install /
upgrade lang packs optional, based in the existence of the constant:

TOOL_LANGIMPORT_REMOTE_TESTS

That way, when we are skipping language upgrades with the CFG var:

$CFG->skiplangupgrade = true

We can decide not not execute those tests.

With other words, putting something like this in the config.php
file we will be controlling when to execute or no the behat tests:

    // Disable lang updates on upgrade.
    $CFG->skiplangupgrade = true;
    if (empty($CFG->skiplangupgrade)) {
        // Define it only if we aren't skipping lang upgrades.
        define('TOOL_LANGIMPORT_REMOTE_TESTS', true);
    }
2022-04-17 20:27:57 +02:00
Jun Pataleta
70f6b1605b MDL-74471 versions: bump all versions and requires near release 2022-04-13 10:37:36 +08:00
Eloy Lafuente (stronk7)
8f414e42a9 MDL-74279 phpunit: Tests using sqlsrv AdoDB must reset settings
AdoDB SQL*Server drivers use to modify some error and
logging preferences. As far as the connection is shared
with the main one, that implies that those settings
remain for the whole remaining execution.

We don't want his in tests, because can affect to other
tests at distance.

We are fixing this here, only for tests, because it
doesn't affect normal requests and because, once we
remove AdoDB this won't be needed anymore.
2022-03-26 18:40:11 +01:00
Jun Pataleta
616fe3ac3a Merge branch 'MDL-74138-master' of https://github.com/snake/moodle 2022-03-25 17:56:11 +08:00