Test Plan:
* Have canvas and delayed jobs running
* Create a course with some assignments
* Give scores to some students
* Before muting an assignment download the CSV and make sure it's same as UI
* Mute an assignment
* Download CSV again and the final/current scores should be different than UI
* In gradebook UI remove grades from muted assignment (so it's as if they weren't graded)
* The UI grades should now be the same as the CSV grades
closes#6578
Change-Id: I5774ecb899318278a02e1bc12caaa9d02fa3dac0
Reviewed-on: https://gerrit.instructure.com/7379
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
changes the behavior such that the only submission comments that create/
update conversations are ones by participants in the conversation.
previously, a comment on a group submission would update all private
conversations between the teacher(s) and all group members, rather than
the one(s) between the teacher(s) and the commenter. group comments by a
teacher will still go to each of his conversations with group members
test plan:
1. create a group assignment
2. submit it as a student
3. make a group comment as that student
4. ensure the student's conversation with the teacher gets updated if it
already exists
5. ensure the teacher's conversation with the student gets updated and
marked as unread (if not already)
6. ensure that no conversations between other group members and the
teacher get created/updated
7. now make a group comment as the teacher
8. ensure that the conversations get updated/created between the teacher
and all group memebrs, i.e.
1. they should be unread from the student's perspective
2. for everyone, the teacher's comment should be the reflected in the
left-hand conversation preview
Change-Id: I1cfac34fc7b78fad17edf93acaa50b8b97461af6
Reviewed-on: https://gerrit.instructure.com/8644
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
when sending bulk private messages, ensure that each created/updated
conversation only gets contexts that are relevant to both participants
also fix an issue where the tags were not getting cleared once the
last message was deleted
test plan:
1. test bulk private conversations
1. send a bulk private conversation to several contexts
2. ensure that only the appropriate tags show up on each
created/updated conversation
2. test clearing out
1. delete all messages from a conversation
2. ensure the tags are empty in the db
3. make sure tagging/filtering isn't generally broken
Change-Id: I416a1e809bdcb0835cd9f3d281cc71ab7df057f4
Reviewed-on: https://gerrit.instructure.com/8615
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Pendleton <zachp@instructure.com>
includes a data migration to remove duplicate messages
test plan:
1. create multiple teacher enrollments for yourself in a course
(invited/active/whatever)
2. masquerade as a student, submit homework with a comment
3. unmasquerade and go to your inbox
4. ensure that you see the submission and comment in your conversation
with the student, but only once
Change-Id: I05c1db702b328e855aa7bcd2187617fa073d7261
Reviewed-on: https://gerrit.instructure.com/8595
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Pendleton <zachp@instructure.com>
The values of "pass" and "fail" are allowed in the API, but they were
intended to be saved to the DB as "complete" and "incomplete". A bug
prevented the translation from happening for zero-point pass/fail assignments.
fixes#7234
test plan:
* create a complete/incomplete assignment worth 0 points (or leave points blank)
* using gradebook2, give a student a passing grade (green checkmark).
* this bug only affects grades given in gradebook2, not the old
* masquerade as the student and go to your grades page. you should
correctly see your grade as complete, not incomplete.
Change-Id: If5fd920af97db9181dafc0330af6aa9d8d1497a4
Reviewed-on: https://gerrit.instructure.com/8632
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
test plan:
* on an empty postgres database, run rake db:initial_setup
and ensure that no errors are thrown.
Change-Id: I2a4b43a7fa60bcb8e81c5c578b9dfccd19b38a28
Reviewed-on: https://gerrit.instructure.com/8625
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
test plan:
1. click on the sent filter
2. ensure you only see non-archived conversations where you have written
at least one message
3. ensure that the timestamp and preview on the left reflect your latest
message (not necessarily the latest in the conversation)
4. ensure the conversations are sorted by the timestamp of your most
recent message
5. ensure that when you delete the last message by you in a given
conversation, that conversation is removed from the ui
Change-Id: I85468d19122f1190bd2c53cb640145b7d14e2b42
Reviewed-on: https://gerrit.instructure.com/8416
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
This is one of the indexes that was supposed to be created long ago but
was silently skipped because of a too-long name. We have current data
that breaks this unique constraint. It'll take some time to investigate
and determine the correct course of action, so for now, we're making the
index non-unique.
Change-Id: I3e49a11db3cab49834a4a1d41d4b9effebeab4bf
Reviewed-on: https://gerrit.instructure.com/8613
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Brian Palmer <brianp@instructure.com>
also make view resilient to bad data in the future
test plan:
confirm that the dummy conversation messages go away and that people stop
getting dashboard errors
Change-Id: I2d59bf400f7b5b92debf4a4e0af2de2204878cf8
Reviewed-on: https://gerrit.instructure.com/8578
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
recently created (or resurrected) conversations with no common
contexts (explicit or inferred) did not get the tags set to '',
and this was preventing the course filter from displaying in the
ui
test plan:
ensure that the course filter shows up
Change-Id: I2c332eedab7765a9d8e3bcb2f41cae260e89a611
Reviewed-on: https://gerrit.instructure.com/8542
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
prior to b6300298d it was possible to generate multiple enrollments for
the same user+section+type through deleted enrollments. that changeset
included a cleanup migration but it wasn't complete. this completes the
cleanup.
fixes#7181
Change-Id: Ia1630fdfb2714594492b87805089c02645891796
Reviewed-on: https://gerrit.instructure.com/8525
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
Test Plan
* Try a SAML login with the value set to secure password
* Try a SAML login with the value set to no value
Change-Id: I72ff456b7ce6a6ff691f9447a7b6684e8793ec16
Reviewed-on: https://gerrit.instructure.com/8350
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
also add some code to AR to raise an exception if this happens again,
rather than just log a warning to the log file.
testplan (for all 3 supported dbs):
* run all the migrations on a new db
* no error, and check that the indexes in the new migration exist
* run the new migration on a db that is up to date
* before running, verify that the indexes in the new migration don't yet exist due to this problem
* no error, and check that the indexes in the new migration exist
Change-Id: Iaf7ebb31763bf7e5848c26d0daf179a0b31c6625
Reviewed-on: https://gerrit.instructure.com/7162
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
fixes#6585, #7096
by normalizing, it's impossible to not maintain a column that isn't
there (yes, triple negative is intended in that sentence), thus
preventing sending notifications to the wrong user after a merge
or any other bugs that would have missing maintaining the
denormalization.
test plan:
* test notifications in general
* merge two active users together - their notification preferences
should survive the merge
Change-Id: I239d810c5499b94550b65128cac71c42cedd11ba
Reviewed-on: https://gerrit.instructure.com/8013
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
test plan:
* import the same deleted enrollment several times; only one should be
in the db
Change-Id: If067578fc1b42e501e4c43243f9745654b633701
Reviewed-on: https://gerrit.instructure.com/8417
Reviewed-by: Zach Wily <zach@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
fixes#5968
test plan:
- create a homework assignment with online text entry (or file upload)
- as a student, comment on the homework assignment (don't answer it
though)
- the teacher should not see a todo item for grading the homework
- the assignment page should not show a submission needing grading
Change-Id: Ibfd35b41ced27e59d865f42e823a0d9d46d25dac
Reviewed-on: https://gerrit.instructure.com/8273
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Pendleton <zachp@instructure.com>
Tested-by: Zach Pendleton <zachp@instructure.com>
we use content-disposition to force a filename. but we don't always want
the attachment disposition. split cacheable_s3_url into two explicit
methods (cacheable_s3_download_url and cacheable_s3_inline_url) and use
the one at each call site that matches what the non-s3 code uses. refs #5433
while we're at it, switch to using rails caching (redis, memcache, etc.)
instead of the cached_s3_url db column (dropped, along with
s3_url_cached_at).
test-plan:
- turn on s3 file storage.
- put files into s3 then get them out again
- places a download (vs. inline) is expected, should get a download
prompt
- places an inline (vs. download; e.g. speedgrader) is expected,
should not get a download prompt
Change-Id: I34045279ebcf20f0fb0ba0d215b4fdd182176b24
Reviewed-on: https://gerrit.instructure.com/8220
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
test plan:
confirm that a previously labeled conversation is now starred, and that
they save without any errors
Change-Id: I36fab3f0406318fc2dd259c6db4f2da96cde9a48
Reviewed-on: https://gerrit.instructure.com/8330
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
test plan:
ensure the data was migrated
Change-Id: I12ddd6610ac563ab52c0236b8456a8d3bd1c6dd1
Reviewed-on: https://gerrit.instructure.com/8296
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
implemented generic tags for conversations (and messages), but currently those
only track course/group asset strings. conversations are automatically tagged
with the most relevant courses/groups, i.e.
1. if a specific course/group is a recipient, it will be added as a tag
2. if a course can be inferred, it will be added as a tag. this can happen
several ways:
* if a user is added by browsing/searching under a course
* if a synthetic context or section is a recipient (e.g. course_1_students)
* if a group is a recipient
3. if there are no explicit or inferred tags, we do the old behavior (tag
courses/groups that are shared by > 50% of the audience)
some notes:
1. as was the previous behavior, you can only see tags (courses/groups) that
you belong to. for example, a teacher could send a message to a student
group, but the teacher would not see the group as a tag (though the
students would)
2. tags can be added as recipients are added (though we still just show <= 2
in the UI). a private conversation may get new tags if a bare PM is sent
and a different context can be inferred (see below)
3. private conversations may have tags removed, since we also track them at
a message level. the scenario is if you have a bunch of messages from your
Spanish 101 teacher. the course ends and you then take Spanish 102 from the
same teacher, and the teacher sends the class a bunch of PMs. if you delete
the old messages, your view of the conversation will lose the Spanish 101
tags.
added a course filter dropdown in the ui. currently this is limited to active
enrollments, and only returns courses (no groups)
test plan:
1. test automatic tagging for new conversations
* ensure explicit tags work (course as recipient)
* ensure inferred tags work (e.g. user under a course)
* ensure default tags work (e.g. send a PM to someone you have a class with)
2. test automatic tagging for adding recipients (same as above)
3. test automatic tagging for a new message on a private conversation, i.e.
1. find a user you share 2+ contexts with
2. start a private conversation w/ a single inferred tag, ensure that only
that tag is on the conversation
3. start another private conversation w/ a different inferred tag (this will
reuse the existing conversation), ensure it has both tags
4. test private conversation tag recalculation, i.e. perform test 3, remove a
message, and ensure there is just one tag again
5. test conversation filtering in the UI
migration:
there is no traditional migration per se, rather we will run something like:
Conversation.find_each{ |c| c.migrate_context_tags! }
Change-Id: If467c8739ef39a655ef5a528b0da77213130e825
Reviewed-on: https://gerrit.instructure.com/8225
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
this commit makes submission first-class citizens in conversations. this
means that when submission comments are added/deleted, or assignments are
unmuted, conversations and messages will be updated accordingly
the main impacts in the ui are:
1. submissions can be deleted from conversations. if a new comment is
added, they will reappear
2. submissions factor into the message total for the conversation. each
submission counts as a single message, even if there are multiple
comments
3. submission messages affect unread-ness, and are reflected in the
timestamp and text in the conversation preview
test plan:
1. confirm submissions appear in the appropriate conversations, i.e.
* submissions with no comments should not appear in any conversations
* submissions where there are comments but not by instructors:
* should appear in each instructor's private conversation with the
submitter
* should not appear in the submitter's private conversations with
anyone
* submissions where there are comments by instructors:
* should appear in each commenting instructor's private conversation
with the submitter
* should appear in submitter's private conversations with each
commenting instructor
adding or removing submission comments should update private
conversations accordingly (e.g. when one teacher comments on a
submission, it should be removed from the other teachers' private
conversations with the submitter).
2. for each scenario above where the submission comments are added and
appear in conversations, ensure that the submission as a whole behaves
like a single conversation message, i.e.
* the unread conversations count is incremented and the private
conversation is marked as unread (if it didn't exist or was already
read)
* the latest submission comment and timestamp should be reflected in
the conversation pane on the left side
* you can delete the submission from the conversation. if new comments
are posted on the submission, the submission should reappear in the
conversation (provided it still matches the criteria in 1.). note
that submission can not be forwarded to other conversations.
3. submissions should differ from traditional conversation messages in
that:
* they should not trigger conversation notifications
* they should not create/bump conversation stream items. if a
conversation has non-submission messages, the submission and its
comments should appear in the stream item, but they should not
cause it to jump to the top
migration:
existing submissions/comments will be migrated in, but not necessarily
through a traditional rails migration. to bring in those messages, run
the following from the rails console:
Submission.find_each{ |s| s.create_or_update_conversations!(:migrate) }
Change-Id: I06dcb8728402a6c4c613d445b80432a1f2973b73
Reviewed-on: https://gerrit.instructure.com/8086
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
We optimize one index to leave out null values, and drop a bunch of
indexes that aren't used, or aren't generally used.
Dropping the unused stream_items.user_id column also drops two more
large unused indexes.
test plan: n/a
Change-Id: I3872365151676e5ce0867f7d6826e5a0d4447bbd
Reviewed-on: https://gerrit.instructure.com/8200
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Ben Chobot <bench@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
ContentZipper for some reason was allowing fetching all files (as if a
teacher) when user was not specified. This fixes that and requires correct
permissions when zipping up a folder.
It also runs a migration which will delete existing folder zip files for
anonymous users, since those are cached.
test plan:
* Create a public course and put some files in it.
* Lock and hide some of those files.
* Log out and browse to the course files.
* Choose "download zip file".
* Verify that the zip file you get only has visible files in it.
Change-Id: Icf5929f7d1dbc4a7f2122337aff9ed6ae003af12
Reviewed-on: https://gerrit.instructure.com/8085
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
test plan:
* run the migration
* redo the migration
* do a batch mode sis import
Change-Id: I0204256f3825ffe0b4d252bbb83a0604d7a58942
Reviewed-on: https://gerrit.instructure.com/7904
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Reviewed-by: Ben Chobot <bench@instructure.com>
AccountAuthorizationConfigs now require the entity_id to
be set for SAML configs. It will be set to the domain of
the account. For existing SAML configs, the entity_id will
be set to what is in the SAML config file if there is one.
This commit also allows SAML meta data to show up for all
domains even if they're not configured for SAML. This helps
admins set up initial SAML configurations.
Test Plan:
* Create a saml configuration for an account
* Look at the metadata, the entity_id should be set to the domain/saml2 and not what is in the saml config file
* Try loading the meta data for an account with no SAML config. It should load and have the proper entity_id
closes#6713
Change-Id: Ia98543c996285d9b1febd788c3f3ec072b672b12
Reviewed-on: https://gerrit.instructure.com/7967
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
these are unused since we refactored sis stickiness
test plan: run the migration
Change-Id: Ie898cefa796b2b2391caf780ad5e5481a05ee5c0
Reviewed-on: https://gerrit.instructure.com/7899
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
test plan: run the migration
Change-Id: I75184edd64ddee384de485c443d4c7eee45cc26f
Reviewed-on: https://gerrit.instructure.com/7895
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
allow points in rubric criteria and ratings to have decimal values. in working
with brian, we're operating under the following assumptions:
- round to 2 decimal places
- splitting always gives you a integer by default (you can change it yourself after)
- if there's not room to split with an integer, repeat the low value
test plan
- create a new rubric
- change a criterial value to something with a decimal point
- try setting specific ratings with decimals
- try to split between a large space (ie 10.5 and 0), should be 5
- try to split between a small space (ie 0.5 and 0), should be 0
closes#5355
Change-Id: I17e26fe18dda0847fa59dd40976e4d6f38851287
Reviewed-on: https://gerrit.instructure.com/7882
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Brian Palmer <brianp@instructure.com>
Reviewed-by: Ryan Florence <ryanf@instructure.com>
test plan: run the migration, then the specs
Change-Id: Idec29c0a9cf43a581e0ca9eae00248599270745c
Reviewed-on: https://gerrit.instructure.com/7896
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
the bug meant that multiple pseudonyms would point to the same
cc. with this migration we just remove the pointer from the
pseudonym that doesn't match the the user. in order to fully
repair the data, the SIS Import will need to be run again
test plan:
* run the migration, and check that
SELECT COUNT(*) FROM pseudonyms p INNER JOIN communication_channels cc ON p.sis_communication_channel_id=cc.id WHERE p.user_id<>cc.user_id;
returns 0.
Change-Id: Idb4c9bed425bb5164ada5b4bda24871a029156e1
Reviewed-on: https://gerrit.instructure.com/7845
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
also remove existing attachments that aren't in a folder from their list
test plan:
* run specs
* create sis batches - make sure their position is NULL
* destroy their associated attachment, the query logs should not indicate
an UPDATE attachments SET position = position - 1... being executed
Change-Id: I6117c2ade0ef5ec41a3ffeeb13096b9d8473f3f9
Reviewed-on: https://gerrit.instructure.com/7843
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
test plan:
* create a user via SIS import with an e-mail address
* add a different e-mail address to the user
* re-import the user via SIS, and set their e-mail address
to the second e-mail you added, but with a different case
* the user should have a single e-mail address, the one set
in the second SIS import
Change-Id: Iab6b16e0b37cfb8caac3faa453be570b99621a9e
Reviewed-on: https://gerrit.instructure.com/7784
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Reviewed-by: Zach Pendleton <zachp@instructure.com>
test plan:
* run the migration
Change-Id: I24e9895ab35087fdeb607bd3ad4a1fc569e02c1f
Reviewed-on: https://gerrit.instructure.com/7721
Reviewed-by: Ben Chobot <bench@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
enrollments previously had attribute
"limit_priveleges_to_course_section," but should
be spelled "privileges." replaced spelling in a
migration and across app.
affects: enrollments model
test plan:
* run specs
Change-Id: I15dcf9a023ead9bb1aed42abc2d1a7c233610840
Reviewed-on: https://gerrit.instructure.com/7431
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
test plan:
ensure migration runs correctly. in production this should update ~14k
rows
Change-Id: I623a3fa4fffe6faff069fb44cb2c053a97d3e4c4
Reviewed-on: https://gerrit.instructure.com/7478
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
this column is copied from quiz.points_possible whenever the submission
is updated, thus the type needs to match.
test plan:
confirm that quizzes with fractional points dislay the correct message
when you go to edit fudge points on a submission.
Change-Id: Ib3f2c920ac7392b3c4a4a92a273657fe8dfcbc43
Reviewed-on: https://gerrit.instructure.com/7111
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
When student submits a quiz with an essay question, it now
displays as ungraded in Speedgrader until the grader reviews/
grades the essay question.
test plan:
1. create a quiz with an essay question;
2. complete the quiz;
3. view the quiz assignment in speedgrader;
4. verify that assignment is marked as "not graded"
in the student dropdown menu;
5. grade the essay question;
6. verify that the assignment is now marked as "graded"
in the student dropdown menu.
Change-Id: I67ca56df2ec08380c75aa1ddf64fe8848e2b574d
Reviewed-on: https://gerrit.instructure.com/6619
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
refs #5833
delegated authentication means the user has to already have an account
in the delegated auth system in order to log in (without using
canvas_login=1), so even creating them a canvas account won't do them
much good.
test plan:
change an account to use CAS authentication (doesn't really need to be
a valid config, since as a site admin user you can still log in), and
open registration will no longer appear in account settings, and as a
teacher in the account, you can't invite users that don't already exist
Change-Id: I26cfa8c6eaffd24572e7c16f1d935163b7143d84
Reviewed-on: https://gerrit.instructure.com/7082
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: JT Olds <jt@instructure.com>
fixes#6142
test plan: Create a course and enroll some students. Move the course to
another root account. The following SQL query should return 0:
SELECT COUNT(e.id) FROM enrollments e
INNER JOIN courses c ON e.course_id = c.id
WHERE e.root_account_id != c.root_account_id
To test the migration, mess up some of the enrollment
root_account_ids:
UPDATE enrollments SET root_account_id = 99
Before migrating, the SELECT COUNT snippet above should return
false, after migrating, it should return true.
Change-Id: I9b18dded8a763a8a05f5e631907f77b4e9a1bd49
Reviewed-on: https://gerrit.instructure.com/7081
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
find links in quiz questions from courses other than the course the
question's quiz is in; find related assessment question and pull the
corresponding link from there to use instead.
Change-Id: I4dd2f0c279a6263f753ec898dc17e91e62997923
Reviewed-on: https://gerrit.instructure.com/6910
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
closes#6382
Previously, the "stay logged in" cookie just used the authlogic default
implementation, which is the pseudonym persistence_token. This is a
problem, because that persistence_token only ever changes when the
pseudonym password changes, so it's the same everywhere; so if that
cookie is stolen, it's valid for a very long time.
This switches us to one-time-use tokens that expire as soon as the token
logs the user in once. Each user agent also gets a different
one-time-use token.
Change-Id: I4f20cd7759fd74590e82ed55797552e342243d49
testplan:
* Check that no token is set at all when "stay logged in" isn't
selected.
* Check "stay logged in", and verify:
* That you don't have to login again after restarting your browser,
but your _normandy_session got reset.
* That if you save and try to replay using the same
pseudonym_credentials, they don't work the second time.
* That a second browser will get a different pseudonym_credentials
value, and using one token doesn't affect the other.
* That once the token is used, a new one is generated and set in
your cookies. Verify this new token works as well.
* That logging out removes the pseudonym_credentials cookie in your
browser. And also that manually restoring this cookie still
doesn't log you in, since it was removed server-side as well.
* Change your password, and verify that the existing "stay logged in"
tokens no longer work.
* Delete your pseudonym, and verify the same.
Reviewed-on: https://gerrit.instructure.com/7093
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
fixes the behavior such that we only toggle ungraded assignment counts
related to a particular user when his active enrollments in a given
course go from zero to one and vice versa.
also fixes performance issues in mysql. this required a custom trigger
body. see https://github.com/jenseng/hair_trigger/commit/326a10c for
the related hairtrigger commit to support this
Change-Id: Ie36b3d33ced69321f3a87468ab56480b1378d235
Reviewed-on: https://gerrit.instructure.com/6808
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
External tools weren't copied when copying a course
so that is implemented here as well
test plan:
Export/Import:
* Create an external tool assignment
* export the course
* import the course into a new course
* set the secrets on the external tool
* make sure the assignment works in the new course
Copy:
* Copy a course into a new course
* make sure the assignment works
refs #5892
Change-Id: I4aab8966b53ca2d144fddd71eefd0acbdb7c0bff
Reviewed-on: https://gerrit.instructure.com/6958
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Bracken Mosbacker