1. 04 Apr, 2018 1 commit
  2. 28 Mar, 2018 1 commit
  3. 27 Mar, 2018 1 commit
  4. 08 Mar, 2018 1 commit
  5. 05 Mar, 2018 1 commit
    • Gregor Anzelj's avatar
      Bug 845263: Password policy · 9c26c145
      Gregor Anzelj authored
      Improve the password policy enforcement and configuration in Mahara.
      Have a pre-defined password policy of a minimum of 8 characters with
      type "alphanumeric mixed case + symbols".
      
      Also allow site administrators to set the desired password policy in
      Site Options > Security Settings. In all locations where password
      is set, the password input should also include a password strength
      indicator.
      
      Change-Id: I020af58a6cf1635fe295f5434783ce5b6f6daacb
      9c26c145
  6. 14 Feb, 2018 2 commits
  7. 12 Feb, 2018 4 commits
    • Maria Sorica's avatar
      Bug 1734169: Allow the user to say why he refuses the privacy · 35a117ac
      Maria Sorica authored
      Add a textare in the 'are you sure' modal where the
      user can write the reason why he refuses to consent to
      a privacy statement.
      This reason will be sent in a message to the institution
      or site admin.
      
      behatnotneeded
      
      Change-Id: I6abe4c8c7c517b1319139497bedb40525d095fcb
      35a117ac
    • Maria Sorica's avatar
      Bug 1734169: Send message to admin when user rejects the privacy · ccb01ab6
      Maria Sorica authored
      When a user doesn't consent to a privacy statement,
      a message will be sent to the institution/site admin.
      
      If the user is part of an institution,the message
      will be sent just to the inst admin. Else the
      message will be sent to the site admin.
      
      behatnotneeded
      
      Change-Id: I7b3b87a59a537a805d851d29031df9cff941863e
      ccb01ab6
    • Maria Sorica's avatar
      Bug 1734171: Revoke privacy consent · 790b2c27
      Maria Sorica authored
      1. Add the Yes/No switch to the users privacy page that will
      allow the user to withdraw their consent if they change their mind.
      2. Display the date when a user consented to a privacy statement.
      
      behatnotneeded
      
      Change-Id: If9f85125287a7384e27c1b45aefa98ad37e97776
      790b2c27
    • Maria Sorica's avatar
      Bug 1734169: Add privacy statement to the register form · 79649c70
      Maria Sorica authored
      behatnotneeded
      
      Change-Id: I9d7685dc6c3b0871fa2471ce27c0a4aa67af0b34
      79649c70
  8. 09 Feb, 2018 1 commit
  9. 08 Feb, 2018 2 commits
  10. 05 Feb, 2018 1 commit
    • Maria Sorica's avatar
      Bug 1734174: Add the after login privacy page · 44a6284e
      Maria Sorica authored
      Upon login, if the user has not yet agreed to the most
      recent Privacy statement versions, he will be redirected
      to this page.
      
      On install admin user accepts default privacy
      
      behatnotneeded
      
      Change-Id: I6afc3d4d4db0676782a8b1501a962862108eab6b
      44a6284e
  11. 15 Jan, 2018 1 commit
    • Gregor Anzelj's avatar
      Bug 1667521: Make 'Registration reason' mandatory when 'Confirm registration' is turned on · d850130c
      Gregor Anzelj authored
      We achieve this by having a new pieform rule called 'requiredby' where
      we can reference another field and when a certain value is set in that
      field it makes this field required.
      
      requiredby rule needs an array containing:
      - the 'reference', a string of the name of the related field within the same form
      - the 'required', an array containing the values of 'reference' element as keys
        and true/1 for value if this element is required.
      -- If the reference field returns true/false then required array would
         have either 'true' => 1 or 'false' => 1 depending on what setting
         is needed
      
      behatnotneeded
      
      Change-Id: I9bc5d15b4035d4a11b81b9355a32044c66ee2199
      d850130c
  12. 26 Nov, 2017 1 commit
  13. 19 Nov, 2017 1 commit
  14. 09 Nov, 2017 1 commit
  15. 27 Oct, 2017 1 commit
    • Cecilia Vela Gurovic's avatar
      Security Bug 1701978: fix session cookie issues · d02855fc
      Cecilia Vela Gurovic authored
      1. when a user logs in it clears any obsolete
         usr_session cookies for the user
      2. recording the user-agent of the session
         and if it changes to prompt the user to
         login again
      3. when self adding / editing email address(es)
         send 2 emails
      	- one to the new email address asking user to confirm address
      	- and one to the primary email address to alert user
      	that a new email is being added to their account and
      	if this is bad how to contact their admin about the problem.
      
      behatnotneeded
      Change-Id: Ia44b66cf831abd553b72aa8b1d58d2a2634863b8
      d02855fc
  16. 24 Oct, 2017 1 commit
  17. 21 Sep, 2017 1 commit
  18. 18 Sep, 2017 1 commit
  19. 13 Sep, 2017 1 commit
  20. 10 Sep, 2017 1 commit
  21. 27 Mar, 2017 1 commit
  22. 15 Feb, 2017 1 commit
  23. 01 Feb, 2017 1 commit
  24. 26 Jan, 2017 1 commit
  25. 16 Jan, 2017 1 commit
  26. 26 Oct, 2016 1 commit
  27. 11 Oct, 2016 2 commits
  28. 26 Sep, 2016 1 commit
    • Aaron Wells's avatar
      Bug 1533377: Browserid end-of-life migration script · cfef0ff9
      Aaron Wells authored
      This patch removes all authentication functionality
      from the browserid auth plugin. It adds a script,
      accessible through the plugin's configuration page,
      to migrate user accounts from browserid to
      internal auth.
      
      Also includes changes to allow users to be searched
      by authtype, and to prevent non-useable plugins
      from being enabled on the plugin config page.
      
      Change-Id: I4e8bd9fc4d2fb2ccaa1845fda533c9373ec251bd
      behatnotneeded: Can't test with behat
      cfef0ff9
  29. 01 Aug, 2016 1 commit
    • Jono Mingard's avatar
      Purge MochiKit from mahara.js (Bug #1323920) · 174ca581
      Jono Mingard authored
      Replace all MochiKit function calls with either jQuery or rewritten
      versions. Also remove some old functions which aren't needed or
      weren't being used
      
      behatnotneeded: should be functionally identical
      
      Change-Id: Ie48032009b14adddfecbe8c381f4ff692afafe70
      174ca581
  30. 07 Jul, 2016 1 commit
    • Robert Lyon's avatar
      Bug 1580399: Stop users logging in to suspended/expired institutions · c10a36bc
      Robert Lyon authored
      Moving the code from LiveUser->login() to
      ensure_user_account_is_active() so that internal and external logins
      can use the same code. This means the check now will fall after
      LiveUser->authenticate() so a user's lastlogin values will be updated.
      but that should be ok as the login was successful, it's just they
      can't go any further as their institution is not active.
      
      behatnotneeded
      
      Change-Id: Ie78a60978d5936f78af5a962ca3efdcdee148b93
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      c10a36bc
  31. 06 Jul, 2016 1 commit
    • Aaron Wells's avatar
      Bug 1597957: Handle language select form on non-public pages · 61448e52
      Aaron Wells authored
      By moving the language select form's handler into
      a Pieforms submit method, we ensure that the form
      can be properly handled on any page that displays it.
      
      behatnotneeded: Can't test multi-language with behat yet
      
      Change-Id: I04aea40b9ba1000f75fc08ef7015fd00de3bc9da
      61448e52
  32. 14 Jun, 2016 1 commit
  33. 08 Jun, 2016 1 commit
    • Aaron Wells's avatar
      Bug 1590293: Correcting inconsistencies in session expiration · 4bed19a1
      Aaron Wells authored
      1. Add some documentation to session.php explaining what
      the session.gc_maxlifetime ini setting does.
      
      2. If we can't access $CFG->session_timeout, use a timeout of
      an hour instead of the PHP default of 24 minutes.
      
      3. Limit $CFG->session_timeout to 30 days, because we're already
      enforcing that limit in session.php
      
      4. Add "usr_session.mtime" column so that we can delete old sessions
      based on inactivity instead of creation date.
      
      5. Make the cron delete old session files as soon as they've expired,
      rather than padding that an additional two days.
      
      Change-Id: I9da2b26217774566b1131e997724359715edb2fe
      behatnotneeded: Covered by existing tests
      4bed19a1
  34. 27 Apr, 2016 1 commit