1. 30 Oct, 2017 1 commit
    • Cecilia Vela Gurovic's avatar
      Security Bug 1701978: fix session cookie issues · 69bcdb52
      Cecilia Vela Gurovic authored
      1. when a user logs in it clears any obsolete
         usr_session cookies for the user
      2. recording the user-agent of the session
         and if it changes to prompt the user to
         login again
      3. when self adding / editing email address(es)
         send 2 emails
      	- one to the new email address asking user to confirm address
      	- and one to the primary email address to alert user
      	that a new email is being added to their account and
      	if this is bad how to contact their admin about the problem.
      
      behatnotneeded
      Change-Id: Ia44b66cf831abd553b72aa8b1d58d2a2634863b8
      69bcdb52
  2. 29 Oct, 2017 1 commit
  3. 23 Sep, 2017 1 commit
  4. 10 Sep, 2017 1 commit
  5. 08 Feb, 2017 1 commit
  6. 01 Nov, 2016 1 commit
  7. 12 Oct, 2016 1 commit
    • Aaron Wells's avatar
      Bug 1620879: Make SAML auth return to initial URL after login · 89147cce
      Aaron Wells authored
      This is needed specifically for the
      module/mobileapi/tokenform.php script
      
      Also adding an anchor "#sso" at the extra login elements,
      to allow the app to scroll that part into view.
      
      behatnotneeded: Can't test in Behat (yet)
      
      Change-Id: I4363976522b8339542002535d8ba57fdc70496ac
      (cherry picked from commit 2c8761b2)
      89147cce
  8. 11 Oct, 2016 1 commit
  9. 27 Sep, 2016 1 commit
    • Aaron Wells's avatar
      Bug 1533377: Browserid end-of-life migration script · 8ffe7776
      Aaron Wells authored
      This patch removes all authentication functionality
      from the browserid auth plugin. It adds a script,
      accessible through the plugin's configuration page,
      to migrate user accounts from browserid to
      internal auth.
      
      Also includes changes to allow users to be searched
      by authtype, and to prevent non-useable plugins
      from being enabled on the plugin config page.
      
      Change-Id: I4e8bd9fc4d2fb2ccaa1845fda533c9373ec251bd
      behatnotneeded: Can't test with behat
      (cherry picked from commit cfef0ff9)
      8ffe7776
  10. 01 Aug, 2016 1 commit
    • Jono Mingard's avatar
      Purge MochiKit from mahara.js (Bug #1323920) · 174ca581
      Jono Mingard authored
      Replace all MochiKit function calls with either jQuery or rewritten
      versions. Also remove some old functions which aren't needed or
      weren't being used
      
      behatnotneeded: should be functionally identical
      
      Change-Id: Ie48032009b14adddfecbe8c381f4ff692afafe70
      174ca581
  11. 07 Jul, 2016 1 commit
    • Robert Lyon's avatar
      Bug 1580399: Stop users logging in to suspended/expired institutions · c10a36bc
      Robert Lyon authored
      Moving the code from LiveUser->login() to
      ensure_user_account_is_active() so that internal and external logins
      can use the same code. This means the check now will fall after
      LiveUser->authenticate() so a user's lastlogin values will be updated.
      but that should be ok as the login was successful, it's just they
      can't go any further as their institution is not active.
      
      behatnotneeded
      
      Change-Id: Ie78a60978d5936f78af5a962ca3efdcdee148b93
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      c10a36bc
  12. 06 Jul, 2016 1 commit
    • Aaron Wells's avatar
      Bug 1597957: Handle language select form on non-public pages · 61448e52
      Aaron Wells authored
      By moving the language select form's handler into
      a Pieforms submit method, we ensure that the form
      can be properly handled on any page that displays it.
      
      behatnotneeded: Can't test multi-language with behat yet
      
      Change-Id: I04aea40b9ba1000f75fc08ef7015fd00de3bc9da
      61448e52
  13. 14 Jun, 2016 1 commit
  14. 08 Jun, 2016 1 commit
    • Aaron Wells's avatar
      Bug 1590293: Correcting inconsistencies in session expiration · 4bed19a1
      Aaron Wells authored
      1. Add some documentation to session.php explaining what
      the session.gc_maxlifetime ini setting does.
      
      2. If we can't access $CFG->session_timeout, use a timeout of
      an hour instead of the PHP default of 24 minutes.
      
      3. Limit $CFG->session_timeout to 30 days, because we're already
      enforcing that limit in session.php
      
      4. Add "usr_session.mtime" column so that we can delete old sessions
      based on inactivity instead of creation date.
      
      5. Make the cron delete old session files as soon as they've expired,
      rather than padding that an additional two days.
      
      Change-Id: I9da2b26217774566b1131e997724359715edb2fe
      behatnotneeded: Covered by existing tests
      4bed19a1
  15. 27 Apr, 2016 1 commit
  16. 18 Apr, 2016 1 commit
    • Aaron Wells's avatar
      Bug 1570744: Fixing session bugs · 83ec33f2
      Aaron Wells authored
      This patch does 2 things:
      
      1. It loads the session much earlier during init.php. We wind
      up creating one on *every* script load anyway, due to LiveUser's
      constructor. Sometimes it gets created earlier if other code
      tries to use it before then, which adds some unpredictability
      to things. Moving it up to the top of init.php reduces that
      unpredictability.
      
      2. It turns out that in PHP 5.3, using header_remove('Set-Cookie')
      to only doesn't remove session headers. But header_remove()
      (with no params) to remove *all* cookies does remove them. So
      I'm changing remove_duplicate_cookies() to use that instead.
      
      3. Also in PHP 5.3, session headers are visible in headers_list().
      In situations where your session id changes (due to session_destroy()
      and session_regenerate_id()), our use of array_unique() meant we
      would preserve the old and new session IDs and send both back
      to the browser. This patch makes remove_duplicate_cookies() aware
      of the current session ID, and it only preserves that one.
      
      Change-Id: I7a90b8692a5f97429415aa9a17451a44cd2109dd
      behatnotneeded: Covered by existing tests
      83ec33f2
  17. 14 Apr, 2016 1 commit
  18. 21 Mar, 2016 1 commit
    • Robert Lyon's avatar
      Bug 1539262: Removing unnecessary $smarty PAGEHEADING lines · e82c0fcb
      Robert Lyon authored
      As they are set to TITLE we can just assign TITLE to PAGEHEADING in
      the smarty function call.
      
      We can later override the PAGEHRADING with
      $smarty->assign('PAGEHEADING', string); if we need to.
      
      Have also updated a few files where TITLE was not defined.
      
      behatnotneeded - everything should work as before
      
      Change-Id: I3ea592cd37344e68c6e90a3c64947cf99db59471
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      e82c0fcb
  19. 09 Dec, 2015 2 commits
  20. 19 Oct, 2015 1 commit
  21. 07 Oct, 2015 1 commit
  22. 02 Oct, 2015 1 commit
    • Aaron Wells's avatar
      Remove unnecessary cached form from the session · e2d001a8
      Aaron Wells authored
      Bug 1495200 & Bug 1496681
      
      behatnotneeded: Well, we could test this, but it would
      require a 60-second wait for the session to timeout (since
      the least you can set the session timeout via the UI
      is 1 minute)
      
      Change-Id: Ia5c861c16b6c893ada9d5eb2111f0b6a9aee49ad
      (cherry picked from commit aee374c0)
      (cherry picked from commit 784dbf9d)
      e2d001a8
  23. 01 Oct, 2015 1 commit
  24. 24 Sep, 2015 1 commit
  25. 20 Sep, 2015 1 commit
  26. 11 Sep, 2015 1 commit
  27. 07 Sep, 2015 1 commit
    • Pat Kira's avatar
      Block detail links - comment, add comment, detail links (BUG 1465107) · 17894563
      Pat Kira authored
      Minor fixes - style login panel,
      display block without content,
      remove some styling on block heading,
      remove get link function for wall block it was duplicated
      Style SSO and Persona login buttons
      
      behatnotneeded: styling only
      
      Task 22787, 23057, 22661
      
      Change-Id: I280947a17727eb1518551bfbb8ad05a0fb2fea80
      17894563
  28. 14 Aug, 2015 1 commit
    • Pat Kira's avatar
      FIX manage collection pages · 93ac36d9
      Pat Kira authored
      And a small class change on auth/lib.php for Evonne
      
      behatnotneeded
      
      Change-Id: I2cfab3e5797598ed1d11693a79a139fbd2ba5927
      93ac36d9
  29. 11 Aug, 2015 1 commit
  30. 30 Jul, 2015 2 commits
  31. 16 Jul, 2015 1 commit
  32. 05 Jul, 2015 1 commit
  33. 03 Jul, 2015 1 commit
  34. 15 Jun, 2015 5 commits