1. 08 Feb, 2018 1 commit
    • Maria Sorica's avatar
      Bug 1734169: Suspend user if privacy statement is refused · 382e5f7e
      Maria Sorica authored
      If a privacy switch has the value 'No', a confirmation
      form will be displayed to make sure this is really the
      users decision.
      If yes, the users account is suspended.
      
      behatnotneeded
      
      Change-Id: Ifa7c175569cbad780a449c8431d4d9f981839c21
      382e5f7e
  2. 05 Feb, 2018 1 commit
    • Maria Sorica's avatar
      Bug 1734174: Add the after login privacy page · 44a6284e
      Maria Sorica authored
      Upon login, if the user has not yet agreed to the most
      recent Privacy statement versions, he will be redirected
      to this page.
      
      On install admin user accepts default privacy
      
      behatnotneeded
      
      Change-Id: I6afc3d4d4db0676782a8b1501a962862108eab6b
      44a6284e
  3. 26 Nov, 2017 1 commit
  4. 19 Nov, 2017 1 commit
  5. 09 Nov, 2017 1 commit
  6. 27 Oct, 2017 1 commit
    • Cecilia Vela Gurovic's avatar
      Security Bug 1701978: fix session cookie issues · d02855fc
      Cecilia Vela Gurovic authored
      1. when a user logs in it clears any obsolete
         usr_session cookies for the user
      2. recording the user-agent of the session
         and if it changes to prompt the user to
         login again
      3. when self adding / editing email address(es)
         send 2 emails
      	- one to the new email address asking user to confirm address
      	- and one to the primary email address to alert user
      	that a new email is being added to their account and
      	if this is bad how to contact their admin about the problem.
      
      behatnotneeded
      Change-Id: Ia44b66cf831abd553b72aa8b1d58d2a2634863b8
      d02855fc
  7. 24 Oct, 2017 1 commit
  8. 21 Sep, 2017 1 commit
  9. 18 Sep, 2017 1 commit
  10. 13 Sep, 2017 1 commit
  11. 10 Sep, 2017 1 commit
  12. 27 Mar, 2017 1 commit
  13. 15 Feb, 2017 1 commit
  14. 01 Feb, 2017 1 commit
  15. 26 Jan, 2017 1 commit
  16. 16 Jan, 2017 1 commit
  17. 26 Oct, 2016 1 commit
  18. 11 Oct, 2016 2 commits
  19. 26 Sep, 2016 1 commit
    • Aaron Wells's avatar
      Bug 1533377: Browserid end-of-life migration script · cfef0ff9
      Aaron Wells authored
      This patch removes all authentication functionality
      from the browserid auth plugin. It adds a script,
      accessible through the plugin's configuration page,
      to migrate user accounts from browserid to
      internal auth.
      
      Also includes changes to allow users to be searched
      by authtype, and to prevent non-useable plugins
      from being enabled on the plugin config page.
      
      Change-Id: I4e8bd9fc4d2fb2ccaa1845fda533c9373ec251bd
      behatnotneeded: Can't test with behat
      cfef0ff9
  20. 01 Aug, 2016 1 commit
    • Jono Mingard's avatar
      Purge MochiKit from mahara.js (Bug #1323920) · 174ca581
      Jono Mingard authored
      Replace all MochiKit function calls with either jQuery or rewritten
      versions. Also remove some old functions which aren't needed or
      weren't being used
      
      behatnotneeded: should be functionally identical
      
      Change-Id: Ie48032009b14adddfecbe8c381f4ff692afafe70
      174ca581
  21. 07 Jul, 2016 1 commit
    • Robert Lyon's avatar
      Bug 1580399: Stop users logging in to suspended/expired institutions · c10a36bc
      Robert Lyon authored
      Moving the code from LiveUser->login() to
      ensure_user_account_is_active() so that internal and external logins
      can use the same code. This means the check now will fall after
      LiveUser->authenticate() so a user's lastlogin values will be updated.
      but that should be ok as the login was successful, it's just they
      can't go any further as their institution is not active.
      
      behatnotneeded
      
      Change-Id: Ie78a60978d5936f78af5a962ca3efdcdee148b93
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      c10a36bc
  22. 06 Jul, 2016 1 commit
    • Aaron Wells's avatar
      Bug 1597957: Handle language select form on non-public pages · 61448e52
      Aaron Wells authored
      By moving the language select form's handler into
      a Pieforms submit method, we ensure that the form
      can be properly handled on any page that displays it.
      
      behatnotneeded: Can't test multi-language with behat yet
      
      Change-Id: I04aea40b9ba1000f75fc08ef7015fd00de3bc9da
      61448e52
  23. 14 Jun, 2016 1 commit
  24. 08 Jun, 2016 1 commit
    • Aaron Wells's avatar
      Bug 1590293: Correcting inconsistencies in session expiration · 4bed19a1
      Aaron Wells authored
      1. Add some documentation to session.php explaining what
      the session.gc_maxlifetime ini setting does.
      
      2. If we can't access $CFG->session_timeout, use a timeout of
      an hour instead of the PHP default of 24 minutes.
      
      3. Limit $CFG->session_timeout to 30 days, because we're already
      enforcing that limit in session.php
      
      4. Add "usr_session.mtime" column so that we can delete old sessions
      based on inactivity instead of creation date.
      
      5. Make the cron delete old session files as soon as they've expired,
      rather than padding that an additional two days.
      
      Change-Id: I9da2b26217774566b1131e997724359715edb2fe
      behatnotneeded: Covered by existing tests
      4bed19a1
  25. 27 Apr, 2016 1 commit
  26. 18 Apr, 2016 1 commit
    • Aaron Wells's avatar
      Bug 1570744: Fixing session bugs · 83ec33f2
      Aaron Wells authored
      This patch does 2 things:
      
      1. It loads the session much earlier during init.php. We wind
      up creating one on *every* script load anyway, due to LiveUser's
      constructor. Sometimes it gets created earlier if other code
      tries to use it before then, which adds some unpredictability
      to things. Moving it up to the top of init.php reduces that
      unpredictability.
      
      2. It turns out that in PHP 5.3, using header_remove('Set-Cookie')
      to only doesn't remove session headers. But header_remove()
      (with no params) to remove *all* cookies does remove them. So
      I'm changing remove_duplicate_cookies() to use that instead.
      
      3. Also in PHP 5.3, session headers are visible in headers_list().
      In situations where your session id changes (due to session_destroy()
      and session_regenerate_id()), our use of array_unique() meant we
      would preserve the old and new session IDs and send both back
      to the browser. This patch makes remove_duplicate_cookies() aware
      of the current session ID, and it only preserves that one.
      
      Change-Id: I7a90b8692a5f97429415aa9a17451a44cd2109dd
      behatnotneeded: Covered by existing tests
      83ec33f2
  27. 14 Apr, 2016 1 commit
  28. 21 Mar, 2016 1 commit
    • Robert Lyon's avatar
      Bug 1539262: Removing unnecessary $smarty PAGEHEADING lines · e82c0fcb
      Robert Lyon authored
      As they are set to TITLE we can just assign TITLE to PAGEHEADING in
      the smarty function call.
      
      We can later override the PAGEHRADING with
      $smarty->assign('PAGEHEADING', string); if we need to.
      
      Have also updated a few files where TITLE was not defined.
      
      behatnotneeded - everything should work as before
      
      Change-Id: I3ea592cd37344e68c6e90a3c64947cf99db59471
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      e82c0fcb
  29. 09 Dec, 2015 2 commits
  30. 19 Oct, 2015 1 commit
  31. 07 Oct, 2015 1 commit
  32. 02 Oct, 2015 1 commit
    • Aaron Wells's avatar
      Remove unnecessary cached form from the session · e2d001a8
      Aaron Wells authored
      Bug 1495200 & Bug 1496681
      
      behatnotneeded: Well, we could test this, but it would
      require a 60-second wait for the session to timeout (since
      the least you can set the session timeout via the UI
      is 1 minute)
      
      Change-Id: Ia5c861c16b6c893ada9d5eb2111f0b6a9aee49ad
      (cherry picked from commit aee374c0)
      (cherry picked from commit 784dbf9d)
      e2d001a8
  33. 01 Oct, 2015 1 commit
  34. 24 Sep, 2015 1 commit
  35. 20 Sep, 2015 1 commit
  36. 11 Sep, 2015 1 commit
  37. 07 Sep, 2015 1 commit
    • Pat Kira's avatar
      Block detail links - comment, add comment, detail links (BUG 1465107) · 17894563
      Pat Kira authored
      Minor fixes - style login panel,
      display block without content,
      remove some styling on block heading,
      remove get link function for wall block it was duplicated
      Style SSO and Persona login buttons
      
      behatnotneeded: styling only
      
      Task 22787, 23057, 22661
      
      Change-Id: I280947a17727eb1518551bfbb8ad05a0fb2fea80
      17894563
  38. 14 Aug, 2015 1 commit
    • Pat Kira's avatar
      FIX manage collection pages · 93ac36d9
      Pat Kira authored
      And a small class change on auth/lib.php for Evonne
      
      behatnotneeded
      
      Change-Id: I2cfab3e5797598ed1d11693a79a139fbd2ba5927
      93ac36d9