GitLab

This commit changes a couple of places where it's possible to check
for installed plugins using plugins_installed() instead of a new db
query.

Change-Id: I3e769a0858d8db776bf7d8e14102c49b5b9f7b07
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Change-Id: I79ced22f29ace3e4a566cb53d8ec6c2784376c56
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

* changes:
  Add a new exception that can be used by auth plugins that auto-create users
  Better error message in the case of Authentication errors

Commit 0cdaaa1d

 introduced a lot of calls to display_default_name.
Unfortunately this bypasses the user record caching that happens
inside display_name, so it produced a lot of new queries, most notably
on profile pages, where a single user's name gets displayed several
times.

This change moves the caching of user records into another function,
so it can be shared by display_name, display_default_name, and
profile_icon_url.

The search_user function is also modified to fetch the admin status
and profileicon id, to stop profile_icon_url producing more queries.

Change-Id: Id1993decf164e7d0563a7d277444402fc6350b3a
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Existing users can now login through BrowserID using one of their
confirmed email addresses as long as one of the institutions they
belong to has enabled BrowserID. We are ignoring the auth
instance that these user accounts are tied to.

Automatic creation of accounts is enabled. The only outstanding
issue is to figure out what authinstance we should use for
creating accounts. However that's a general problem with the
authentication system in Mahara, it's not specific to this
plugin. Currently, we make sure that it is an institution that:

- has registrations enabled
- is not full

When an account is automatically provisioned, the username
is set to the user's email address since that's the only piece
of information we can reliably get from BrowserID.

Change-Id: I12e59271449654d2bb394511d5ce5adfb081aa11
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

Change-Id: I0f98dcdef3b454f68f7d6e4296713f6227a5297c
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

Many of the authentication plugins allow automatic creation of accounts.
We should warn institution admins that they need to watch out for that
too if they want to prevent all new accounts.

This was suggested by Richard on https://reviews.mahara.org/938



Change-Id: I8205ae3c6cee863eee692fa7e606fc9124d9ede2
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

Instead of displaying "Mahara: Site unavailable", it can be
useful to let users know that it's an authentication error.

Change-Id: I8b875aa57ae089b8bea1042861212fa42deca4cb
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

* changes:
  Expire inactive users before sending warning emails
  Don't deactivate the root user
  Reset inactivemailsent flag when users reactivate themselves on login
  Allow reactivation of expired users from suspended users page (bug #914072)
  Expire users when they've been inactive for too long (bug #890929)
  Remove unused inactive check from login code (bug #890929)
  Use json_reply in suspended users json script
  Convert all time fields in get_user (bug #907919)

Processing the actual inactive users before sending the email warnings
will stop users from receiving warnings when it's already too late for
them to do anything about it.

Change-Id: Ie3d160b858e339d78da068adbc6e2d8b4658ed5a
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

This user is handled as a special case almost everywhere, and
shouldn't be activated/deactivated, sent warning emails.

Change-Id: I0bc0ee35fde1cb20229c37f2e3b824b29c106db4
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Users who are about to expire due to inactivity can reactivate
themselves by logging in and thereby updating the lastlogin time.
However, the inactivemailsent flag is never reset, so users who
reactivate themselves in this way could never receive another
inactivity warning email in future.

Change-Id: Iffffd008dc10a6c62987dd38d2e7f18344c8b597
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Modifies the suspended users page so that the admin can browse expired
users too, and unexpire multiple users at once.

Change-Id: I55489776998a898e4c8f7c08de8b8ff5bcbd81e6
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

The "Default account inactivity time" setting allows the admin to
specify a time period after which users who have not used the site
will be unable to login, but this is not currently enforced.

This change modifies the inactivity cron job to set the expiry date to
the current date for any user who has been inactive for longer than
the 'defaultaccountinactiveexpire' period.  It also now considers the
lastaccess and ctime fields as well as the lastlogin field.

This allows the admin to reactivate inactive users by resetting their
expiry dates in account settings.

The active column on the user table is currently only used to decide
whether users should be displayed in search results, and users are set
to inactive whenever they are deleted, suspended, or expire.

Change-Id: Ieaf7a0b36865af726fc2526895146373efbb2741
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

This code was never run because the $oldlastlogin variable was
hardcoded to 0.  The code can be removed altogether, and instead rely
on cron to set expiry dates on inactive users.

Change-Id: I9883a7720960f2337edf060197346cd17f0193c5
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

This ensures performance logging will happen if enabled.

Change-Id: Id422998a0cbf83fc98a9ae1c7c03d6c37e922f84
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

The get_user function only converts two of the timestamp db columns
into unix timestamps.  None of the additional fields are used yet, but
all should be converted the same way to avoid nasty surprises.

Change-Id: Ie40797136c68ea7501aace3b0fa41f75bbba64f7
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Commit 725ba929

 tries to reload
certain admin-settable fields from the database into a LiveUser when
committing, but fails to convert the expiry date to a timestamp when
doing so.  This causes logins to fail for users who have an expiry
date set in the future.

Change-Id: I53e962a0f5bab56ab130e1945b251f70447e9411
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Change-Id: I604345f53e31df9e4ff35b8480bc9d04c7c52070
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

The status messages in cron.php are logged at the debug level, which
makes it difficult to separate them from some of the more trivial
messages that we may want to output - for example, when deleting old
cached files from disk.  It's more helpful to log the status messages
at the info level instead, so that people can add log_debug calls more
freely.

Change-Id: Ibdca949d770b84ff910f7aa6a8446c001ed5bbc6
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

When updating the progress bar during unzip, call_user_func_array was
being passed an integer instead of an array, which causes warnings and
fails to update the progress bar in PHP 5.3.

Change-Id: I59646f1e0734602885e3836edb2bcba4a9a1970c
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

* changes:
  Improvements to artefact base render_self function
  Fix textareas on wallpost and registration reason forms
  Use smarty_core() not smarty() in pieform elements (bug #906619)