Commit Graph

42 Commits

Author SHA1 Message Date
Simon Williams fe51f2493f fix disable mfa button
fixes CORE-989

test plan:
- basic regression test of user profile page
- make sure disable mfa button works

Change-Id: I04b3d0e658c2762e0cd331f5e26012f0da035bec
Reviewed-on: https://gerrit.instructure.com/141514
Tested-by: Jenkins
Reviewed-by: Ryan Shaw <ryan@instructure.com>
QA-Review: Tucker McKnight <tmcknight@instructure.com>
Product-Review: Simon Williams <simon@instructure.com>
2018-02-28 17:15:23 +00:00
Ryan Shaw b91fed2744 use relative imports in public/javscripts
Closes:  CNVS-37112

Test plan:
This doesn’t actually change anything. If web pack
builds, it should be fine

Change-Id: Ie356875e8a2a4bdfbefc1482b7e728290b0fe6e5
Reviewed-on: https://gerrit.instructure.com/112972
Tested-by: Jenkins
Reviewed-by: Felix Milea-Ciobanu <fmileaciobanu@instructure.com>
Product-Review: Ryan Shaw <ryan@instructure.com>
QA-Review: Ryan Shaw <ryan@instructure.com>
2017-05-25 15:07:48 +00:00
Ryan Shaw b2700d45b6 [ci coverage] convert public/js w/ no ‘export’s to ‘import’
closes: CNVS-35922

now that we pass all of public/javascripts through
babel, istanbul/esprima should not choke on `import`
in our JS tooling.

test plan:
* run `yarn test` w/ COVERAGE=1
* it should work

Change-Id: Ia19deb547350245b7cae54e76e56ae6355f61b2c
Reviewed-on: https://gerrit.instructure.com/105962
Tested-by: Jenkins
Reviewed-by: Jon Jensen <jon@instructure.com>
Product-Review: Ryan Shaw <ryan@instructure.com>
QA-Review: Ryan Shaw <ryan@instructure.com>
2017-05-19 19:11:12 +00:00
Cody Cutrer 0571277626 MFA backup code support
fixes CNVS-35623

test plan:
 * disable redis
 * configure MFA; do not remember this computer
 * on your profile, there should be a link to MFA backup codes
 * follow it; it should show 10 codes
 * log out and log back in, using one of those codes
 * go back to your backup code list; the one you used should be
   crossed out
 * log out and log back in, attempting to use the same code;
   it should not allow you to
 * log in with another code
 * make note of one of the unused backup codes
 * regenerate your backup codes; it should give you 10 new codes,
   all unused
 * log out, and attempt to log in with one of the old unused codes;
   it should not allow you to
 * log in with one of the new backup codes; it should work
 * make note of backup codes
 * reconfigure MFA
 * look at your backup codes again; they should be different
 * make note of them again
 * disable MFA, and then configure it again
 * your backup codes should be different again

Change-Id: I20b1da102ef4cb757c80e1f46e276f88fdfb21b4
Reviewed-on: https://gerrit.instructure.com/21614
QA-Review: Tucker McKnight <tmcknight@instructure.com>
Tested-by: Jenkins
Reviewed-by: Simon Williams <simon@instructure.com>
Product-Review: McCall Smith <mcsmith@instructure.com>
2017-05-02 16:08:53 +00:00
Landon Wilkins 1649b7e30c da licença part 51
add consistent license headers to all source files

Change-Id: Ie6f2d48e5615052512ee19bf090bcd06bcb8e11f
Reviewed-on: https://gerrit.instructure.com/110162
Tested-by: Jenkins
Reviewed-by: Jon Jensen <jon@instructure.com>
Product-Review: Jon Jensen <jon@instructure.com>
QA-Review: Jon Jensen <jon@instructure.com>
2017-04-28 19:05:00 +00:00
Steven Burnett 1221908f38 remove loading spinner from profile page
fixes CNVS-32128

Test Plan:
1. Go to the Account Profile page
2. Click "Edit Settings" on the right side
3.  Change the time zone
4.  Hit "Save"
5 Note how the spinner is gone

Change-Id: I5fe6102698d7b87e5ef14d66040632cdb7261508
Reviewed-on: https://gerrit.instructure.com/90993
Reviewed-by: Joel Hough <joel@instructure.com>
Tested-by: Jenkins
QA-Review: David Tan <dtan@instructure.com>
Product-Review: Chris Ward <cward@instructure.com>
2016-09-22 21:55:25 +00:00
Jeremy Stanley 6b51602d68 focus the first focusable element when editing user settings
it may not be a text element if the account disallows users
editing their names

test plan:
 - on the user settings page (/profile/settings), ensure that
   the screenreader notices you are editing a setting after
   you click on "Edit Settings" button, regardless of whether
   "Users can edit their name" is enabled in account settings.

fixes CNVS-29829

Change-Id: Id7fd729dfddf9bc248781cf72087ea1b1f200fd2
Reviewed-on: https://gerrit.instructure.com/81817
Tested-by: Jenkins
Reviewed-by: Andrew Huff <ahuff@instructure.com>
QA-Review: Deepeeca Soundarrajan <dsoundarrajan@instructure.com>
Product-Review: Jeremy Stanley <jeremy@instructure.com>
2016-06-14 18:29:43 +00:00
Jeremy Stanley b806578368 fix keyboard focus issues around API token management
test plan:
 - go to profile settings page
 - create some access tokens
 - hit the details link next to a token
   and ensure the dialog that opens has keyboard focus inside it
 - delete an access token and ensure
   1. the previous token's delete button is focused if it exists;
   2. the next token's delete button is focused if the first
      token is deleted;
   3. the "New Access Token" button is focused if the only
      access token is deleted

fixes CNVS-26601
fixes CNVS-26604

Change-Id: I62d75b5e01040db848873af1217cf8d329c73fe6
Reviewed-on: https://gerrit.instructure.com/71875
Tested-by: Jenkins
Reviewed-by: Clay Diffrient <cdiffrient@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
Product-Review: Jeremy Stanley <jeremy@instructure.com>
2016-02-10 20:26:21 +00:00
Matthew Berns ef7a7b474b set default focus to close button on 'other services' modal
fixes CNVS-19245

test plan:
- go to user settings page
- use keyboard nav to get to the buttons under 'other services'
- when opening the modal for a given service, focus should be on close button

Change-Id: Ie9dc206802642a96ec11217bc5e03331fc9f5229
Reviewed-on: https://gerrit.instructure.com/52095
Tested-by: Jenkins
Reviewed-by: Clay Diffrient <cdiffrient@instructure.com>
QA-Review: Nathan Rogowski <nathan@instructure.com>
Product-Review: Matt Berns <mberns@instructure.com>
2015-04-14 17:00:05 +00:00
Simon Williams ba2718ea60 remove horizontal scroll in token creation dialog
fixes CNVS-17772

test plan:
- go to your user profile page
- generate an access token
- it should be displayed in the dialog, and you shouldn't have to scroll
  horizontally to see the whole thing.

Change-Id: I1b7b1165f2e79e0575b326c974868937758a4b11
Reviewed-on: https://gerrit.instructure.com/46594
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Benjamin Porter <bporter@instructure.com>
QA-Review: Adam Stone <astone@instructure.com>
Product-Review: Simon Williams <simon@instructure.com>
2015-01-07 20:15:36 +00:00
Matt Wheeler 61fced4f3d Conversations inbox opt out
Closes CNVS-11854

Test Plan:
1) Restart  your server after checking out this code (there is new feature flag)
2) As a user, visit /profile/settings and see that there is no option
   for disabling the inbox
3) As an instructure employee viewing settings for the root account,
   turn "on" the inbox opt out feature flag. If the button says "allow"
   instead of "on", you are in the wrong place and want to be on the
   account's settings, not the site admin settings.
4) As a user, visit your settings again: /profile/settings
5) See that you can now disable the inbox.
6) Do so.
7) Check the that conversations notification settings no longer appear
   at /profile/communication
8) Check that when you have new conversation messages, the unread
   messages badging doesn't display on the inbox link in the main nav
9) Visit your settings a 3rd time, and un-disable the inbox
10) check that the inverse of 7 & 8 are now true

Change-Id: I061e2d3ab9052a7809fb43f80d8e2e92d99316ee
Reviewed-on: https://gerrit.instructure.com/38313
Reviewed-by: Joel Hough <joel@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: Matthew Wheeler <mwheeler@instructure.com>
QA-Review: David Josse <david@instructure.com>
2014-08-06 23:12:26 +00:00
Jacob Fugal 24e2f3ab57 goodbye, $.parseFromISO
the vast majority of calls were only to access:

 * the parsed-then-fudged value; this can be accomplished with just
   fudgeDateForProfileTimezone (given an ISO string it will parse it,
   format it relative to the profile timezone (without tz info), then parse
   it relative to the browser timezone. unfudging this result will give
   you back a time accurately representing the original string)

 * one or more formattings of the parsed value; use the appropriate
   formatter (if multiple are used, parse with tz.parse() first for
   efficiency)

one notable exception was in the gradebook (both regular and
screenreader). it was using parseFromISO to parse the ISO string
received from the server, but then only sometimes treating that as a
object while other times assuming (incorrectly) that it had a Date
object or timestamp. we make it always be a Date object, and fix the
places that assumed it needed to be a parseFromISO result object.

Change-Id: I86c077c046e74760a538849ce58f2952ada1fb99
Reviewed-on: https://gerrit.instructure.com/32110
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Anthus Williams <awilliams@instructure.com>
Product-Review: Jacob Fugal <jacob@instructure.com>
QA-Review: Jacob Fugal <jacob@instructure.com>
2014-03-27 17:28:27 +00:00
Mark Ericksen 79e9e1c77b better message when new access token "purpose" is required
fixes CNVS-6446

testing steps:
- on /profile/settings page, click the
  "New Access Token" at the bottom
- without setting the "Purpose" value,
  hit the "Generate Token" button
- verify the error box displays
  "Purpose is required"

Change-Id: I939a6bd27ac50d850257d67c2a49c285a6ce44f6
Reviewed-on: https://gerrit.instructure.com/23814
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: Marc LeGendre <marc@instructure.com>
QA-Review: Marc LeGendre <marc@instructure.com>
Reviewed-by: Landon Wilkins <lwilkins@instructure.com>
2013-08-29 21:21:16 +00:00
Landon Wilkins 836bbb9634 accessibility fixes for user setting dialogs
fixes CNVS-6439

test plan:
1) navigate to profile settings (http://localhost:3000/profile/settings)
2) click on "New Access Token" and verify that upon tabbing for the
     first time, the X of the dialog is focused. This X will be focused
     upon the first tab because the dialog gains focus (rather than the
     embedded link) upon its opening event.
3) click on "Add Email Address", enter an email address
4) click "Register Email", this will cause a new dialog to pop up
5) for this new dialog, verify that upon tabbing for the first time,
     the X of the dialog is focused

Change-Id: Idc5130fcfa306d02acf126596f4091bbbde00ca9
Reviewed-on: https://gerrit.instructure.com/22897
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Mark Ericksen <marke@instructure.com>
Product-Review: Marc LeGendre <marc@instructure.com>
QA-Review: Marc LeGendre <marc@instructure.com>
2013-08-02 21:23:00 +00:00
Zach Pendleton d7bc1b2b6e add avatar editing to profile page.
fixes CNVS-4888

migrates old profile picture chooser code from
javascript to coffeescript, and abstracts it into the
AvatarWidget class.

additionally, only load the avatar widget code when the
user mouses within 150 pixels of his/her avatar.

test plan:
  * on user settings page, conduct regression test of user
    avatar functions (click, change, upload);
  * on user profile page, verify that the user's avatar now
    functions in the same way it did on the settings page;
  * verify that a user can only edit his/her own avatar, and
    that clicking on the avatar of another user's profile
    page does nothing.

Change-Id: If30908697042ddb522ba2de6391b40e8bc3c025e
Reviewed-on: https://gerrit.instructure.com/21388
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jon Willesen <jonw@instructure.com>
QA-Review: Cam Theriault <cam@instructure.com>
Product-Review: Zach Pendleton <zachp@instructure.com>
2013-06-13 20:54:28 +00:00
Jon Jensen 2f17a059e7 account-level password policy support, fixes CNVS-4211
test plan:
1. set up a new password policy via the console, e.g.
   a = Account.default
   a.settings[:password_policy] = {:min_length=>6, :max_sequence=>3, :max_repeats=>3, :disallow_common_passwords=>true}
   a.save!
2. go to /register and sign up as a student
3. make sure the password policy is enforced, i.e.
   1. confirm that the password must be at least 6 chars
   2. confirm that the password cannot be a common one (e.g. football)
   3. confirm that the password cannot contain a run of 4 or more chars
      (e.g. abc123lol is ok, abcd1234 is not)
   4. confirm that the password cannot have the same char repeated 4 or
      more times (e.g. aaa000bb is ok aaaabbbb is not)
4. verify the password policy is enforced when changing your password as
   an existing user (via user profile/settings)
5. verify the password policy is enforced when adding a login for a user
6. verify the password policy is enforced when resetting your password
   (via forgot password on login page)
7. invite a new user into a course, and as that user verify the password
   policy is enforced when you set up your account

Change-Id: Ie619fc255dc940249676bf5e510ce68eaf17441c
Reviewed-on: https://gerrit.instructure.com/19104
Reviewed-by: Brian Palmer <brianp@instructure.com>
Product-Review: Jon Jensen <jon@instructure.com>
Tested-by: Jon Jensen <jon@instructure.com>
QA-Review: Cam Theriault <cam@instructure.com>
2013-04-05 20:13:26 +00:00
Jon Jensen dad25a633f remove some unused code
birthdate stuff got removed, this got overlooked

test plan:
1. edit profile form should still work

Change-Id: I9653587e00625153e01f8b107512495376d07e74
Reviewed-on: https://gerrit.instructure.com/19084
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Joe Tanner <joe@instructure.com>
QA-Review: Cam Theriault <cam@instructure.com>
Product-Review: Jon Jensen <jon@instructure.com>
2013-03-29 19:54:57 +00:00
Joe Tanner 0959e72e7f require choosing a file before adding a profile pic
closes #CNVS-2450

test plan:
- go to /profile/settings
- click on the profile picture
- in the popup click 'Upload a new Image'
- then click 'Add File' without choosing a file
- an error message should show up over 'Choose File'

Change-Id: Id68fb3176d292ff3f612e0d2976d21bf2ba92162
Reviewed-on: https://gerrit.instructure.com/16923
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Cam Theriault <cam@instructure.com>
Reviewed-by: Ryan Florence <ryanf@instructure.com>
2013-01-21 13:36:09 -07:00
Chris Hart 171b05a4f7 update dialog box button appearance to conform with styleguide
fixes #10236

test plan:

check each updated form to ensure it looks correct and works

Change-Id: I073c3bff5860bab0b892fecbf61a41a8e9c5ec76
Reviewed-on: https://gerrit.instructure.com/13904
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Ryan Shaw <ryan@instructure.com>
2012-11-13 13:00:36 -07:00
Joe Tanner a499d2cb23 password change failure in IE8, fixes #11089
Change-Id: Id18c7cc00ffc5a010dfeda912c0fe9a29afba5b6
Reviewed-on: https://gerrit.instructure.com/15082
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
Reviewed-by: Cam Theriault <cam@instructure.com>
2012-11-09 13:36:24 -07:00
Jon Jensen 841aed6063 fix variable hoisting issue and brittle spec
gravatar now proxies fallback urls, meaning they don't work for private
hosts/ips (e.g. dev or test). the profile pic ui tries to remove broken
images, so depending on gravatar's behavior the number of images in the
dom could vary. so we remove that check, since we don't really need it.

also fix a related issue where if one of the images is missing, the last
one in the list will get removed (variable hoisting). incidentally this
fixes a sporadic failure

test plan:
1. run specs, they should pass
2. run canvas locally
3. upload a profile pic and click "Select Image"
4. reload the page and go to edit profile pics again
5. the uploaded pic should not get removed (the broken gravatar one should)

Change-Id: I31c82a983ba6451d7abc4465e7ca345ddaa5697f
Reviewed-on: https://gerrit.instructure.com/13975
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jake Sorce <jake@instructure.com>
Reviewed-by: Zach Pendleton <zachp@instructure.com>
2012-09-27 12:31:33 -06:00
Jon Jensen a59a4e7196 direct-to-s3 profile pic uploads, fixes #10578
don't proxy profile pic uploads through canvas

ensure s3_success returns the same JSON as create

fix issue with upload_only prepared uploads (success callback was not
getting the submitParam)

test plan:

1. w/ s3 storage, upload a profile pic
2. it should work
3. w/ local storage, upload a profile pic
4. it should work

Change-Id: I606ad761ea3e4a3e3023ebc199f2df06dfaaeb83
Reviewed-on: https://gerrit.instructure.com/13699
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
2012-09-26 16:26:14 -06:00
Jake Sorce 3fd9e9dcd1 fix wrong password input focus on profile page, fixes #9823
test plan:
  1. log in as a user
  2. click 'Settings' on the top right of the page
  3. click 'Edit Settings' middle right of the page
  4. click the 'Change Password' checkbox
  5. notice the focus is in the old password box and
     not the confirm password box

Change-Id: I03ea8c91ada3e5d3c0f4f4734f8c5efdfc33d4b7
Reviewed-on: https://gerrit.instructure.com/13842
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Joe Tanner <joe@instructure.com>
2012-09-21 10:30:56 -06:00
Jake Sorce 93b78549e9 change wording on user settings page
fixes #10244

test plan:
  1. login
  2. click on Settings link at the top right
  3. verify page title says User Settings
  4. verify wording changed in breadcrumb
  5. verify wording changed in header
  6. click Edit Settings link and verify
     link hides
  7. verify button says Update Settings
  8. verify delete link says Delete My Account
  9. click the Cancel link
  10. verify Edit Settings link shows again
  11. click Edit Settings, edit a setting
      click Update Settings link
  12. verify Update Settings button shows
      after a new page load

Change-Id: Id200db687d79f24cceca8c2f93a720903b76471f
Reviewed-on: https://gerrit.instructure.com/13321
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Bryan Madsen <bryan@instructure.com>
2012-08-31 11:03:12 -06:00
Cody Cutrer b7b407248f multi-factor authentication closes #9532
test plan:
 * enable optional MFA, and check the following:
   * normal log in should not be affected
   * you can enroll in MFA from your profile page
   * you can re-enroll in MFA from your profile page
   * you can disable MFA from your profile page
   * MFA can be reset by an admin on your user page
   * when enrolled, you are asked for verification code after
     username/password when logging in
   * you can't access any other part of the site directly until
     until entering your verification code
 * enable required MFA, and check the following
   * when not enrolled in MFA, and you log in, you are forced to
     enroll
   * you cannot disable MFA from your profile page
   * you can re-enroll in MFA from your profile page
   * an admin (other than himself) can reset MFA from the user page
 * for enrolling in MFA
   * use Google Authenticator and scan the QR code; you should have
     30-seconds or so of extra leeway to enter your code
   * having no SMS communication channels on your profile, the
     enrollment page should just have a form to add a new phone
   * having one or more SMS communication channels on your profile,
     the enrollment page should list them, or allow you to create
     a new one (and switch back)
   * having more than one SMS communication channel on your profile,
     the enrollment page should remember which one you have selected
     after you click "send"
   * an unconfirmed SMS channel should go to confirmed when it's used
     to enroll in MFA
   * you should not be able to go directly to /login/otp to enroll
     if you used "Remember me" token to log in
 * MFA login flow
   * if configured with SMS, it should send you an SMS after you
     put in your username/password; you should have about 5 minutes
     of leeway to put it in
   * if you don't check "remember computer" checkbox, you should have
     to enter a verification code each time you log in
   * if you do check it, you shouldn't have to enter your code
     anymore (for three days). it also shouldn't SMS you a
     verification code each time you log in
 * setting MFA to required for admins should make it required for
   admins, optional for other users
 * with MFA enabled, directly go to /login/otp after entering
   username/password but before entering a verification code; it
   should send you back to the main login page
 * if you enrolled via SMS, you should not be able to remove that
   SMS from your profile
 * there should not be a reset MFA link on a user page if they
   haven't enrolled
 * test a login or required enrollment sequence with CAS and/or SAML

Change-Id: I692de7405bf7ca023183e717930ee940ccf0d5e6
Reviewed-on: https://gerrit.instructure.com/12700
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
2012-08-16 13:09:07 -06:00
Ryan Shaw 81dc9b769e don't call jquery UI methods an elements with no widget initialized
aka: no more .dialog('close').dialog({}).dialog('open')
(does not actually change any behavior visible to end user)

test plan:

as far as manual testing goes, try to go to a bunch of pages that have dialogs
and open and close them.

For engineers, if you can think of other places where we might try to set options
on a UI widget before we initialize one (like sortables or something), check that too.

Change-Id: I7415c00d8c15b562ac12eeef83fa041aff1dfb35
Reviewed-on: https://gerrit.instructure.com/12810
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
2012-08-13 10:16:54 -06:00
Jeremy Stanley bccd3cff33 don't accept partial birthdates or clear them; fixes #9569
test plan:
  0. Start with a user with no birthdate stored
  1. go to the profile page
   - click Edit
   - leave the birthdate fields alone
   - click Update
   - profile should save
  2. click Edit again
   - choose some, but not all birth date fields
     (i.e., leave year, month, and/or day blank, but not all three)
   - press Update
   - you should get prompt(s) telling you to fill in the missing
     birthdate field(s)
  3. fill in the missing field(s)
   - press Update
   - profile should save
  4. click Edit again
   - verify that you cannot blank out any of the three
     birthdate fields

Change-Id: I4eab732b9bd03b85b468100a8e803996f3cf0eb2
Reviewed-on: https://gerrit.instructure.com/12486
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
2012-07-30 10:32:13 -06:00
Jon Jensen 5249178632 sensible year range for birth date, fixes #9553
* fix year range in birth date input
* localize display of birth date
* fix javascript to display changes to birth date
* fix es.yml mis-translation (those symbols shouldn't be translated, but
  we do want per-locale ordering)

test plan:
1. edit your profile
2. confirm you can set your birth date to something sensible (last year,
   all the way back to 125 years ago)
3. confirm that when you set the birth date, the ui reflects it after you
   save
4. confirm that you can clear out the birth date

Change-Id: Ic9894070076a0d5b23f2005b36effee32c2fefc2
Reviewed-on: https://gerrit.instructure.com/12399
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
2012-07-20 16:56:20 -06:00
Simon Williams a246ffa0ef fix avatar image uploads to non-local storage; fixes #8447
we were building tokens on the raw url, which could include dynamic
expires/signature parameters that cause tokens not to match from run
to run.

test plan:
- (if testing locally) enable s3 storage
- make sure you can successfully upload a new avatar image
- make sure you can set your avatar to an attached file, and that it persists
  across page refreshes.

Change-Id: Ia506b82ad3a071fd35068f8633d12758d1005c10
Reviewed-on: https://gerrit.instructure.com/10555
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
2012-05-07 09:08:32 -06:00
Simon Williams 9cd67f277f user avatar api; refs #7763
this commit provides a new api endpoint that exposes the possible profile
pictures of a given user that can be set as her avatar. it also modifies the
existing user update api to allow the avatar image to be set. this permission
is given to the user herself and any account admin that has manage student
permissions

test-plan:
- make sure editing a user from the /users/x page and the /profile page still
  works.
- with the api, try querying the users profile pictures, and setting a new
  avatar.
- make sure to exercise different permissions:
  * look up and change your own avatar => should succeed
  * as an admin, look up and change a student's avatar => should succeed
  * as a student, try to change another student's avatar => should return 401

Change-Id: Idefe8549a92e109a248936970f9e3ef2bc414a59
Reviewed-on: https://gerrit.instructure.com/9645
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Zach Pendleton <zachp@instructure.com>
2012-04-27 14:23:16 -06:00
Ryan Shaw 605231a418 upgrade jquery to 1.7.2
when you require ['jquery'] you are now getting the
version of jquery that has our patches applied to it
you should not need to think about the patching as
you write code.

this also applies to jqueryui/dialog, that will return
the patched version of it.

test plan:
make sure javascript still works on our site ;)

Change-Id: I237fa8da5f93167140c4d42b80eb3ef17d95c1e6
Reviewed-on: https://gerrit.instructure.com/9878
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Pendleton <zachp@instructure.com>
Reviewed-by: Ryan Florence <ryanf@instructure.com>
2012-04-24 10:57:38 -06:00
Ryan Florence 5642e3a366 require -> define in public/javascripts
Change-Id: I66f37744c278fac29fcf6f8e85326c84512da468
Reviewed-on: https://gerrit.instructure.com/9174
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
2012-03-05 14:19:50 -07:00
Jon Jensen 0871657faf don't try to validate name if it's not editable, fixes #7081
only validate user.name in the form if it's editable (i.e. present in
the form)

test plan:
1. edit your profile and attempt to blank out your name
2. confirm that the validation doesn't let you proceed
3. uncheck the "Users can edit display name" account setting
4. edit your profile and attempt to change your language, time zone,
   and/or password
5. confirm that it works and you don't get a form validation error

Change-Id: Iad1cfc2928a1482f0df3b51bbcf18f1d81829426
Reviewed-on: https://gerrit.instructure.com/8827
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Ryan Shaw <ryan@instructure.com>
2012-02-21 14:16:32 -07:00
Ryan Florence a1e31c8c9a AMD Conversion
"Trivial" JavaScript / CoffeeScript changes
--------------------------------------------------

For the most part, all javascript was simply
wrapped in `require` or `define`. The dependencies
were found with a script that matched regexes in
the files, it errs on the side of listing too many
dependencies, so its worth double checking each
file's dependencies (over time, anyway).

i18n API changes
--------------------------------------------------

No longer have to do I18n.scoped calls, just
list i18n as a dependency with the scope and it's
imported already scoped

  require ['i18n!some_scope'], (I18n) ->
    I18n.t 'im_scoped', 'I'm scoped!'

JS bundling now done with r.js, not Jammit
--------------------------------------------------

We don't use jammit to bundle JS anymore. Simply
list dependencies for your JS modules in the file
and RequireJS handles the rest.

To optimize the JavaScript, first make sure you
have node.js 0.4.12+ installed and then run:

  $ rake js:build

The app defaults to the optimized build in
production. You can use non-optimized in
production by putting ?debug_assets=true in the
url just like before.

You can also test the optimized JavaScript in
development with ?optimized_js=true.

Significant changes
--------------------------------------------------

These files have "real" changes to them (unlike
the JavaScript that is simply wrapped in require
and define).  Worth taking a really close look at:

- app/helpers/application_helper.rb
- app/views/layouts/application.html.erb
- config/assets.yml
- config/build.js
- lib/handlebars/handlebars.rb
- lib/i18n_extraction/js_extractor.rb
- lib/tasks/canvas.rake
- lib/tasks/i18n.rake
- lib/tasks/js.rake

Change-Id: I4bc5ecb1231f331aaded0fef2bcc1f3a9fe482a7
Reviewed-on: https://gerrit.instructure.com/6986
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Ryan Florence <ryanf@instructure.com>
2012-02-06 16:41:40 -07:00
Jon Jensen e65c5f97ba fix service visibility updating, closes #6675
test plan:

ensure you can turn service visibility on/off in the various places in
the ui

Change-Id: I0c59405a419aba73a881d70fd368e34d50cacac5
Reviewed-on: https://gerrit.instructure.com/8246
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
2012-01-23 19:25:50 -07:00
Jon Jensen 35d3f16e57 don't request thumbnail until it's ready, fixes #5800
thumbnail creation is asynchronous in production, so when uploading a
new image we will now wait until it has been generated before we link
to it (since that gets cached for 30 minutes)... we'll just keep
showing the loading icon in the interim.

implemented a simple ajax backoff poller

Change-Id: I5f19265caad2f86b72611e91e17c85147a2a6d7a
Reviewed-on: https://gerrit.instructure.com/6567
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
2011-11-09 17:59:28 -07:00
Cody Cutrer 3f3f72637a expose sortable name to user, fixes #5317
* expose sortable name directly to the user
 * don't downcase it
 * use a LOWER(sortable_name) index for postgres
 * set sortable name as "last_name, first_name" explicitly for SIS imports
 * populate sortable name intelligently in the UI

Change-Id: I476641f4817e27a11b573d91f102c5a74d3eba26
Reviewed-on: https://gerrit.instructure.com/6512
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
Reviewed-by: Ryan Florence <ryanf@instructure.com>
2011-10-31 12:22:08 -06:00
Zach Wily 10f8bb16b5 fix uploading profile pictures
also switched to storing profile pictures in a new folder ("profile pictures")
so that users will not see a ton of unrelated pictures.

Change-Id: Ia2fd55e1c090db886349319613a7d5ecb33805ac
Reviewed-on: https://gerrit.instructure.com/4950
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
2011-08-04 16:18:31 -06:00
Jon Jensen 5e66286c14 locale detection and selection, refs #4994
Change-Id: I0f1e50d912ba7ac81b9ceb3ae95baaba3a12425b
Reviewed-on: https://gerrit.instructure.com/4661
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
2011-07-20 09:24:55 -06:00
Jacob Fugal 774a5d7735 localize Profile
Change-Id: Ifa944757f5656157aa3c360666ccc88ca12dbaf0
Reviewed-on: https://gerrit.instructure.com/4343
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
2011-06-24 09:32:53 -06:00
Brian Palmer 50c4687c84 oauth 2 requests via access tokens
Added support for oauth 2 API requests.  HTTP Basic
only works for Canvas-auth and LDAP accounts, but
oauth 2 will also work with SSO accounts.  Also added
ability for users to create access tokens from the
profile page.

Change-Id: I13581b4e77bfa77bf11dbb732900012dd1e50ede
Reviewed-on: https://gerrit.instructure.com/3775
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
2011-06-02 09:15:11 -06:00
Brian Whitmer 8b8173dcc9 Initial commit.
closes #6988138
2011-01-31 18:57:29 -07:00