The CAS login process relies on the standard authenticate_user_login()
call to set up the user. So we need to inject the login token to pass
the validation.
The logintoken is supposed to arrive as a part of the login form ($frm)
together with the username and password. So it should be handled the
same way - including the opportunity for the auth plugins to provide the
form data via the loginpage_hook().
This also implies that only logintoken coming as a part of the POST
request are taken into account, which is a good thing and another thin
layer in this security mechanism.
While working on the issue, I found these inline comments outdated and
confusing. The auth plugin types can implement a loginpage_hook()
method, the purpose of which is to inject the $user and/or $frm into
this login/index.php script. The new comments should make it more clear.
Note the second comment mentioned a prelogin_hook() which was an old
name of what is now called loginpage_hook(). It had nothing to do with
the existing pre_loginpage_hook() and was only confusing.
Fix some of the behat tests that are looking for generic button
names that match some of the buttons in the message drawer which
happen to appear earlier in the DOM.
* Fix bug for newly created conversations being added to overview page
* Fixed bug with use enter to send preference not updating correctly
* Fix unit tests
* Fix race condition loading new messages while conversation resetting
* Fix ordering and rendering of messages with same timestamp
* Fix missing privacy info in get_conversation web service
* Fix linting errors
* Improve bulk message rendering
* Added missing icon mappings for font-awesome
* Fixed focus on dialogue button when it opens
* Fixed UI updates on user block / unblock
* Fix jQuery syntax error when sending message with quotes
* Fix message/index.php opening drawer when no conversation found
* Fix placeholders rendered for new requests
* Fix navigation from view_contact to view_conversation on an action
such as blocking
* Fix default open message section on overview page depending on which
section has conversations
* Fix message/index.php for users who haven't yet started a
conversation
