- Pulls in latest fixes to LogOutRequest signatures
- Includes XML certificate in signed LogOutRequest
refs CNVS-5576
Test Plan:
- Set up shibboleth as per instructions in the wiki
- Using old code, log in as test user
- Watching SAML debugging, observe that Shibboleth responds to log out
message with error code
- Restart canvas with updated ruby-saml-mod gem
- Log in again as test user
- Verify that shibboleth accepts log out request signature
Change-Id: I1a700fc1c27738812b4ee6773500240c63d39735
Reviewed-on: https://gerrit.instructure.com/20444
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
Reviewed-by: Paul Hinze <paulh@instructure.com>
Product-Review: Paul Hinze <paulh@instructure.com>
when a user explicitly logs out of one pseudonym session, invalidate all
the others
fixes CNVS-1923
test-plan:
- create a user in two different accounts
- log them in to both accounts
- click "log out" in one account
- should be logged out of both accounts
Change-Id: I79e70017d753c8201429901421e015f5d20e2000
Reviewed-on: https://gerrit.instructure.com/20096
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>
The combination of these two changes fixes an issue with using extended
utf-8 chars in cql queries (including inserts)
fixes CNVS-5719
test plan: enable cassandra page views, and from a script/console run a
test query with extended utf-8 data, for instance:
PageView::EventStream.database.execute("SELECT * FROM page_views WHERE request_id = ?", "test \xEF\xBF\xBD one")
This will return no results since that request id isn't a UUID, but the
key is it shouldn't error.
Change-Id: I1dafb6165cdda65ab64267edbf9fabc4fccd783c
Reviewed-on: https://gerrit.instructure.com/20397
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>
also remove the need for Guardfile within plugins (and stop including
them)
note that guard still can't detect changes to files in symlinked plugins
on the mac (due to fsevent), though you can hit enter to recompile everything
test plan:
1. clone a plugin into vendor/plugins
2. start up guard
3. edit a coffee file in the plugin
4. guard should detect it and compile it in the right place
5. edit a coffee spec file in the plugin
6. guard should detect it and compile it in the right place
7. edit a handlebars file in the plugin
8. guard should detect it and compile it in the right place
9. hit enter
10. guard should compile all coffee/handlebars files in the right place
Change-Id: I1e7c12f1368af66dee024e258899412526bb3fd2
Reviewed-on: https://gerrit.instructure.com/20219
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Ryan Florence <ryanf@instructure.com>
Product-Review: Jon Jensen <jon@instructure.com>
QA-Review: Jon Jensen <jon@instructure.com>
This gem is a no-op in ruby 1.9, it only applies to 1.8.7
Change-Id: Ibea9808ea4981e581988e05dfde824dd8304dd8e
Reviewed-on: https://gerrit.instructure.com/20345
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>
QA-Review: Brian Palmer <brianp@instructure.com>
- update the Gemfile to be 1.9 only, and raise an exception on wrong
ruby version
- remove RUBY_VERSION checks, replacing with the applicable code
- remove the FasterCSV compatibility shim, just use CSV now
test plan: trying to bundle install on ruby 1.8 or 2.0 should raise an
exception, specs should pass, canvas should work as normal on 1.9
Change-Id: I49088e9d227c59c6d5d5acb417c2df971129474a
Reviewed-on: https://gerrit.instructure.com/19806
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>
replaced the mailman gem with custom code with more error
handling. this will allow the incoming message processor to
continue processing messages after encountering a message with
an encoding or parsing error. the broken messages will be moved
aside to a separate folder for later inspection.
fixes CNVS-4970
test plan:
- read up on the new incoming_mail.yml configuration settings.
- configure incoming_mail.yml with the test imap accounts
using legacy settings and check for regressions.
- reconfigure incoming_mail.yml to read from a directory.
- copy some testing email files into the configured directory.
test files should be a mix of:
- emails with encoding errors
- emails with syntax errors
- normal emails
- all of the normal emails should be processed normally
- all of the error emails should be moved into the error
subdirectory
Change-Id: I0f946a56b41492f007db2775aa6da3cdfa4fdd3f
Reviewed-on: https://gerrit.instructure.com/19729
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Zach Pendleton <zachp@instructure.com>
Product-Review: Marc LeGendre <marc@instructure.com>
QA-Review: Marc LeGendre <marc@instructure.com>
fixes CNVS-5367
this allows hairtrigger and our i18n extraction code to parse 1.9 syntax
correctly.
also fixed a issue with the i18n rake tasks, so symlinks in
vendor/plugins are now followed.
test plan: without this commit, run rake i18n:generate. then copy
config/locales/generated/en.yml somewhere.
then apply this commit, update your bundle, and run rake i18n:generate again.
compare the new en.yml against the saved one, they should be the same
(unless you have symlinks in vendor/plugins, in which case the new one
will have more strings but existing strings should be the same)
Change-Id: If0df5eae25c59822a9d3c2738fe9549a756ff9e9
Reviewed-on: https://gerrit.instructure.com/19693
Reviewed-by: Brian Palmer <brianp@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>
extracted out of canvas-lms
refs CNVS-4713
test plan:
* actions that use a slave should still work (dashboard render)
* you should be able to switch envs and users in console
Change-Id: I07dda8057cf94383bc4579f1ef6b5a4b3ffc20b5
Reviewed-on: https://gerrit.instructure.com/19287
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
This will help immensely when debugging slow or misbehaving queries.
Thanks to 37signals: https://github.com/37signals/marginalia
closes CNVS-5108
test plan:
cp config/marginalia.yml.example config/marginalia.yml
then edit config/marginalia.yml to uncomment the production block and
change "production" to "development".
run Canvas, and see in your log file how SQL statements have some extra,
useful information in a comment at the end. Run delayed jobs, and you'll
also see useful info on SQL statements in the log -- including job tag,
and context_id in this case will be job id.
Change-Id: I7988a9afaf674bd00c3edc6adafccaf51e7ff60f
Reviewed-on: https://gerrit.instructure.com/16008
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
QA-Review: Clare Hetherington <clare@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>
test plan:
1. start guard
2. save a file in app/stylesheets
- styleguide should be created (guard will
tell you)
3. hit enter
- styleguide should be created
Change-Id: I891a906602b6df0f964f2e502f124f5d05b4b796
Reviewed-on: https://gerrit.instructure.com/19525
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: Ryan Florence <ryanf@instructure.com>
QA-Review: Ryan Florence <ryanf@instructure.com>
also added styles to make .form-controls look
good in dialogs.
closes #CNVS-4302
Change-Id: Ibe54ee4046ac255b0b0ea83d32afc88e4a820464
Reviewed-on: https://gerrit.instructure.com/19331
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
QA-Review: Ryan Florence <ryanf@instructure.com>
Product-Review: Ryan Florence <ryanf@instructure.com>
>= 0.11.0 passes all params on to libpq, so need to restrict our initializer
to restrict the params from database.yml to avoid errors
Change-Id: Ie7cab5163a960b05eb3feb4c8487f0a1a36ae4a1
Reviewed-on: https://gerrit.instructure.com/19370
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
QA-Review: Clare Hetherington <clare@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
delayed job workers segfault often when using libxml2 and ruby 1.9
these issues are not present when using version 2.9.0 of libxml2,
however, newer versions of nokogiri and libxml-ruby are required in
order to compile against the newer libxml2
fixes #CNVS-4669
Change-Id: I5100ba6e0f4779da49bce471cff03cb83b3c06b2
Reviewed-on: https://gerrit.instructure.com/18658
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Product-Review: Bracken Mosbacker <bracken@instructure.com>
QA-Review: Adam Phillipps <adam@instructure.com>
fixes CNVS-4745
changelog is at https://github.com/rails/rails/commits/v2.3.18
Change-Id: Ice2b9ab302965ca69b3e59f336900b106d694605
Reviewed-on: https://gerrit.instructure.com/18957
Reviewed-by: Brian Palmer <brianp@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>
QA-Review: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
test plan:
- make sure you have the coffee binary from npm:
`npm install -g coffee-script@1.6.2`
- run rake js:generate, make sure all coffeescript still compiles
correctly
- open a coffeescript file and make sure it still gets automatically
compiled when saved by guard.
- rejoice at the arrival of source maps.
Change-Id: I06ce9e83a76be9d4cc0e2b2c80566a0db19f9d7e
Reviewed-on: https://gerrit.instructure.com/18842
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Ryan Florence <ryanf@instructure.com>
Product-Review: Stanley Stuart <stanley@instructure.com>
QA-Review: Stanley Stuart <stanley@instructure.com>
This can successfully load rails console and rails server. There are
many, many problems still. The idea is this won't change anything under
rails 2.3, it's all backwards compatible.
closes CNVS-4711
test plan: `touch RAILS3` in your Canvas Rails.root directory. The run
`bundle update` and verify that you get rails 3 installed. Run `bundle
exec rails c` to load console or `bundle exec rails s` to start a
webrick server. You can login, though the dashboard currently breaks.
Also jammit isn't working yet.
But more importantly, Rails 2.3 should still work same as ever. All
tests should pass, and a basic regression sanity check would be good too.
Change-Id: Idd6f35de88adde84cd2db3a650f44b71bd6e9684
Reviewed-on: https://gerrit.instructure.com/18453
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Clare Hetherington <clare@instructure.com>
Product-Review: Bracken Mosbacker <bracken@instructure.com>
closes CNVS-4705
* use the fake_arel gem to get a good portion of the way there
* override fake_arel's AR override even more to get proper behavior
of select and group merging
* add even more Rails 3 query methods to Scope (except, reorder,
pluck, uniq)
* fix some spots in our code that break with the new semantics
test plan:
* test all the things!
Change-Id: I4290d00db407f3250570df4e89c8c78283fe5f5f
Reviewed-on: https://gerrit.instructure.com/18427
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Clare Hetherington <clare@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
it's functionally the same as 9, it just removes a bunch of
deprecated stuff we're not using
Change-Id: Iee9b6f0ae57607bbf481f6c90fd0007a3b3d9133
Reviewed-on: https://gerrit.instructure.com/18679
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
this sets us to to be able to rotate the SAML keypair without breaking
existing integrations that use encrypted assertions.
refs CNVS-4354
test plan:
- set up openam/canvas saml authentication with a 1024-bit key
- turn on assertion encryption in openam, should work fine
- generate new 2048-bit saml key and restart canvas (keep old keypair)
- openam integration should break since it's encrypting with wrong key
- add old private key under additional_private keys, restart canvas
- openam integration should work again
Change-Id: I8b4d71e4942a93184097fdb444621bdd0aca25ed
Reviewed-on: https://gerrit.instructure.com/18425
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
QA-Review: Clare Hetherington <clare@instructure.com>
fixes CNVS-4455
you can never have too much context
also, apparently this is the first integration spec that uses the
API from a session (not an access token), so fix API forgery
protection to respect the allow_forgery_protection option
(what's set for specs to not have to worry about forgery
protection), and clean up enabling of it in specs to use
stubbing
test plan:
* do an action that counts as participating, but wasn't a GET
(i.e. comment on a discussion)
* you should see a page view for the user in that course
Change-Id: I8714de45575123d6877e0265623e0fcaf9e7fa58
Reviewed-on: https://gerrit.instructure.com/18504
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
QA-Review: Clare Hetherington <clare@instructure.com>
Change-Id: I6229d7476c5d66afcd0ec4c283b154e4b48bf835
Reviewed-on: https://gerrit.instructure.com/18584
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Simon Williams <simon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
test plan:
1. use canvas in any supported browser (including mobile)
2. you should not see a warning
3. use canvas in an unsupported browser (e.g. ie8, old firefox)
4. you should see an orangish warning at the top of every page
5. it should not be dismissable
Change-Id: I092455c416a754d102ddadbda99280856b4082de
Reviewed-on: https://gerrit.instructure.com/18524
QA-Review: Jon Jensen <jon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Joe Tanner <joe@instructure.com>
closes CNVS-4248
this gains us EU region support, and no longer using a forked aws-s3 gem
in the process, setting bucket_name via a plugin is no longer supported
test plan:
* should be able to upload new files via various methods
* should be able to download old and new files still
Change-Id: If32fa5f381f5a4ac493948fa32230175a695f51e
Reviewed-on: https://gerrit.instructure.com/18282
QA-Review: Clare Hetherington <clare@instructure.com>
Tested-by: Cody Cutrer <cody@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
fixes CNVS-4374
update mail gem to 2.5.3 for ruby 1.9, and patch the
broken parse_message method in it.
test plan:
* send a mail message with non-ASCII characters in it;
* verify that it is processed and doesn't throw any
errors re: encoding.
Change-Id: Iaa5a992b4bb9b6c183c02f43201f8aeb9515d92c
Reviewed-on: https://gerrit.instructure.com/18235
Reviewed-by: Zach Wily <zach@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jon Willesen <jonw@instructure.com>
QA-Review: Marc LeGendre <marc@instructure.com>
this commit does the following:
* upgrade bootstrap-sass gem to most recent version
* switches to using bootstrap's normalize.css and forms.css
which fixes a whole bunch of misformatting of how bootstrap
stuff is supposed to look, but changing those 2 affects
a lot of our old stylesheets.
* gets rid of unified_buttons.sass and just uses bootstraps buttons.
.ui-button @extends these because we still have to support .ui-button
for modals & buttonsets. but .button is no longer supported.
* a lot of css file reorganization (there's no more 'blue' and
'normal canvas', there's just canvas)
* a bunch of files had to be tweaked to look good with these changes.
test plan:
This change touches every page in canvas so, no kidding, we need to make
sure every page looks OK. In order to do that:
1. each sprint team needs to give a +1 after they make sure all the
pages in the features they are over look good.
2. the QA person on each team needs to look at the pages for their
teams features for a QA +1
things to look for specifically when testing:
* buttons: this gets rid of all those red 'cancel' links
that are actually buttons, make sure all the buttons you see
look right. if you see 2 plain gray buttons next to each other
like [Save] [Cancel], we should make the primary one blue (by
adding the .btn-primary class)
* Forms: a lot of this change has to do with how form elements look,
especially <select>s, <input>s and <label>s. look at the diffs
for the ones that have the most changes and make sure those look
good, but also check for the ones I missed and make sure those
look good too.
* and just random style changes, if something looks ugly or broken
(and it didn't before), we should fix that.
Also:
just use a link instead of a drop-menu for adding event from sidebar
we used to have a drop down menu for adding events
to cal2 from the sidebar where you'd hit a cog
and it'd ask you if you wanted to add an event or
an assignment. this just simplifies it to an add
icon.
this: http://cl.ly/image/133a2A3q3q1M
instead of: http://cl.ly/image/46463o2s3W0g
Change-Id: I384fe273934bca96bf28423afb1402c7792d8766
Reviewed-on: https://gerrit.instructure.com/15422
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Ryan Florence <ryanf@instructure.com>
QA-Review: Ryan Florence <ryanf@instructure.com>
latest version of gem (0.0.8) fixes the issue with the
Canvas::Plugins::AdobeConnect superclass mismatch
test steps:
- perform a bundle install
- disable all cacheing (development-local.rb)
- navigate around the app and ensure that there are no errors containing
Canvas::Plugins::AdobeConnect in the logs.
Change-Id: I2a4d13b1ad927a4bd73db5c7ee66ac052edb5225
Reviewed-on: https://gerrit.instructure.com/17824
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Zach Pendleton <zachp@instructure.com>
QA-Review: Marc LeGendre <marc@instructure.com>
closes #CNVS-2900
this change is because Moscow/St. Petersburg no longer observe
Daylight Savings
test plan:
- go to /profile/settings and click 'Edit Settings'
- the Time Zone dropdown entries for Moscow and St. Petersburg
should be (+04:00) instead of (+03:00)
Change-Id: I4ef3665cbb265a557906c9475242a54b1bcfebf1
Reviewed-on: https://gerrit.instructure.com/17982
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Cam Theriault <cam@instructure.com>
v2.5.3 of the gem has a regex parsing error where it performs
negative lookahead on whitespace after the blank link that
separates the header from the body. This means that it will
misparse a message when the body starts with whitespace.
There is a fix on the master branch of the gem's repository, so
the next version of the gem should work. We should stick to
2.4.4 until we drop 1.8 support and the new gem has been
released.
fixes CNVS-4026
test plan:
- bundle update and make sure bundler installs and uses
version 2.4.4 of the mail gem
Change-Id: I4f3d2405e742a724e217fc803945e15c906f0f37
Reviewed-on: https://gerrit.instructure.com/17947
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Zach Pendleton <zachp@instructure.com>
QA-Review: Zach Pendleton <zachp@instructure.com>
Updates to version 0.1.20 of the ruby-saml-mod gem which will cause us
to start signing SAML log out requests.
Fixes CNVS-1765
Test Plan:
- set up a SAML identity provider like SimpleSAMLPHP or OpenAM
- configure the provider to expect log out requests to be signed
- logging out from Canvas should still work
Change-Id: I1cefb02140a692e496079bd2badc713fcfdf4164
Reviewed-on: https://gerrit.instructure.com/17780
QA-Review: Clare Hetherington <clare@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Includes the safe_yaml gem, which replaces YAML.load and friends with a "safe"
version by default, that does not create arbitrary objects.
DelayedJobs was modified to use unsafe_load, as it relies on deserializing
ruby objects.
The biggest impact is with serialized columns - many of those store
non-simple data types. Most commonly HashWithIndifferentAccess, but
there are a few others as well. Our version of the safe_yaml gem allows
for whitelisting certain classes.
The I18nExtraction::SafeYAML class was also removed, as it's no longer
needed. The extraction task was updated to call YAML.safe_load to be
explicit.
Currently, Gemfile is pointing to the Instructure fork of the safe_yaml
gem on github. This needs to be released as a gem.
Closes CNVS-3784
test plan: If any serialized YAML columns contain a class that we missed
in our whitelist, then that column will fail to deserialize and the
model will behave incorrectly. It's difficult to say what exactly should
be tested, as all the classes should be whitelisted. A general
regression test on migrations, course copy, scribd, and quizzes would
cover most of it.
Change-Id: I3e1a95e101ada3a1b2366ff1ca70db6d17742cce
Reviewed-on: https://gerrit.instructure.com/17404
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
QA-Review: Clare Hetherington <clare@instructure.com>
fixes CNVS-3418
test plan:
- create a conference room and start/enter it
- in a different browser (or private) log in as someone else and
join the same conference
- ensure that both people can connect to the conference
Change-Id: Id043e2c69a1fea13197cccffc8fda5f41b798718
Reviewed-on: https://gerrit.instructure.com/17709
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Zach Pendleton <zachp@instructure.com>
QA-Review: Myller de Araujo <myller@instructure.com>
Fixes #CNVS-3710
Testing Notes:
===========
* Using an editor like RubyMine, add an environment setting for development
called DISABLE_RUBY_DEBUGGING with a value of something like "1". Specific
value is unimportant.
* Start a 'debug' session and set breakpoints and verify they fire.
* Using console based debugging, verify that the execution pauses
when a DEBUG statement is reached.
Change-Id: Iec59efeb291827ee600b7184bce3990145189b47
Reviewed-on: https://gerrit.instructure.com/17540
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jon Willesen <jonw@instructure.com>
QA-Review: Marc LeGendre <marc@instructure.com>
Useful things the commit brings:
1. Source documentation can now include images and out-of-source examples
2. Source documentation can now be supplemented by "appendixes" for
documenting advanced or uncommon usage, auxiliary examples, or any
supplementary content
3. An implementation of the YARD @see tag that utilizes the canvas
YARD linkify helper
Necessary changes for integration were:
* Gemfile now includes 'yard-appendix'
* Rake task for generating API docs (doc:api) made more readable and
now supports asset migration (images and examples)
* Canvas YARD 'api' template now handles :appendix sections provided
by the plugin
* Canvas YARD 'linkify' helper modified:
* uses a shared linker to look up a topic and controller
* overrides default handling of 'Appendix: ' links
* defaults to using the @object title as the link body when no title
was explicitly passed instead of the path.to.object
* Canvas YARD 'fulldoc' handler respects a
DOC_OPTIONS[:all_resource_appendixes] that when turned on would
generate appendix entries in the All Resources section[1]
[1] I've already implemented this functionality because I misread the
requirement (as seen in PB 6) so I thought we could keep it around and
toggle it if need be. The options are inside lib/tasks/docs.rake
---
Testing:
To verify that the changes do not alter or affect the current API docs,
fire up a terminal and do the following (inline comments for directions):
```bash
cd /path/to/canvas;
# generate the original docs before pulling these changes
bundle exec rake doc:api
mv public/doc public/doc_original
# checkout these changes into a branch... after that:
bundle install
bundle exec rake doc:api
diff -r -y -q public/doc_original/api public/doc/api
```
The output of the last command should look like this:
Only in doc/api: examples
Only in doc/api: images
To test the actual @!appendix functionality:
* see https://github.com/amireh/yard-appendix for directions on how to
define Appendix entries
* write an Appendix in any controller, optionally reference it in some
method (using @see or {link})
* Appendix entry should be shown at the bottom of the controller's doc
page
* reference to the appendix entry should take you to it
Alternatively, you can check-out the gerrit change 17454 at
https://gerrit.instructure.com/#/c/17454/ which utilizes this
functionality.
Change-Id: Id667b77ff8d36b0f503e0f6752045e3d05bc3649
Reviewed-on: https://gerrit.instructure.com/17453
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
QA-Review: Simon Williams <simon@instructure.com>
https://github.com/travisjeffery/timecop
Timecop allows you to freeze time at a specific point for a block in a
time-sensitive spec, making it more resilient to sporatic failures based
on the local time of the box running tests.
Included the gem in the Gemfile as well as an initial usage to fix a
spec that was failing for me locally in late night MST.
Change-Id: Ia3635be16d3cc65697a20ccdcebde8d8df07bbe4
Reviewed-on: https://gerrit.instructure.com/17271
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
QA-Review: Stanley Stuart <stanley@instructure.com>
test plan:
- import a Canvas course containing attachments with non-ASCII
filenames, on ruby 1.9 (there must be at least two attachments)
fixes #CNVS-3195
Change-Id: I0c7f19b6f7a477858bfba3cd2501bcbf16ba0567
Reviewed-on: https://gerrit.instructure.com/17006
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
QA-Review: Adam Phillipps <adam@instructure.com>
update to 0.0.2 for better compatibility with a wider range
of connect instances.
Change-Id: Ide388541e55151f07ea77be36fc70fc4d92203e1
Reviewed-on: https://gerrit.instructure.com/17009
Reviewed-by: Joel Hough <joel@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Marc LeGendre <marc@instructure.com>
test plan:
* bundle install and verify that canvas_connect is
installed;
* as a site or account admin, navigate to /plugins and
verify that the adobe connect plugin is visible.
Change-Id: I60eac7abbc7f014b79d86a04e77c197c0e1eb976
Reviewed-on: https://gerrit.instructure.com/16256
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Marc LeGendre <marc@instructure.com>
Reviewed-by: Jon Willesen <jonw@instructure.com>
Closes #CNVS-2691
test plan: In theory this could affect most anything. However, most of
the differences between 2.3.14 and 2.3.15 were security patches that
we'd already applied manually. See
https://github.com/rails/rails/commit/v2.3.15
Change-Id: I60626ba66a2b257674cb3e412282979558464954
Reviewed-on: https://gerrit.instructure.com/16641
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Clare Hetherington <clare@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
also include notification libraries for all platforms to
avoid polling.
test plan:
* run guard (bundle exec guard);
* edit a coffeescript file and verify that it is properly
compiled.
Change-Id: I125c744b2d342eaeb5550ce10cd089a64272b44f
Reviewed-on: https://gerrit.instructure.com/16361
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Ryan Florence <ryanf@instructure.com>
QA-Review: Marc LeGendre <marc@instructure.com>
this commit in the 2.5+ versions of the mail gem breaks things in 1.8
Change-Id: I146550ecd2d1c45aedf17e55a41fc5bfd473c773
Reviewed-on: https://gerrit.instructure.com/15581
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
This new version only has one change, adding ECONNRESET to the list of
exceptions to retry uploading on.
fixes#11818
Change-Id: I13775e98f1f745cd0545a34914e4d86d9c0b8ccd
Reviewed-on: https://gerrit.instructure.com/15356
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
fixes#11388
This should work for single and multiple accounts.
You can now enable a plugin that lets you set
how long (in minutes) before users on your account
are automatically logged of because of inactivity.
You are required to set this to at least 20
minutes or more.
Test Plan
Steps:
1. log in as a site admin
2. [plugins]
3. [Sessions]
4. on the account drop down menu, select all
accounts, then enter a time in the text field
in minutes. At least 20 minutes
5. [Apply]
6. log out
7. go to /login and make sure the
"stay signed in" checkbox is checked
8. log in with any user that can get on the
account you enabled the plugin to work for
9. wait for a little longer than the amount of
time you set the plugin for
10. try to complete an action, like clicking on
course or the canvas home page logo
You should be logged out
Thanks Adam for writing this test plan.
Change-Id: If7dc772e4a1a59e646645c698d732308d3e0a19f
Reviewed-on: https://gerrit.instructure.com/15231
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
The new version contains a fix to treat TypeErrors during unmarshalling
as a cache miss, to help facilitate the 1.8 -> 1.9 transition.
refs #11768
Change-Id: If8ddf3636fb7b09f60e48c36767cfc576b09a91c
Reviewed-on: https://gerrit.instructure.com/15322
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Stanley Stuart <stanley+gerrit@instructure.com>
This new version has a ruby 1.9 fix
Change-Id: Ie9deb4a24a9575130b779f9a43331ffce2a6b508
Reviewed-on: https://gerrit.instructure.com/15095
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Adds a new back-end store for page_views, using a Cassandra cluster. All
the current page view queries are supported, many using denormalized
views on the data.
test plan:
first, canvas instances that are currently using AR page views
should function as before.
by Setting.set('enable_page_views', 'cassandra') and restarting, you will
switch to cassandra page views. a script to migrate the AR page views to
Cassandra is coming. all page view functionality should work as before.
note that the format of the pagination headers in the
/api/v1/users/X/page_views endpoint has changed.
Change-Id: I2d1feb4d83b06a0c852e49508e85e8dce87507b4
Reviewed-on: https://gerrit.instructure.com/14258
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
sass is no longer going to be included in the haml
gem, and trying to do so is deprecated.
test plan: run bundle exec compass compile --force
and make sure pages look good in the app
Change-Id: Iba268de061d196d29b012ab4d2b48a4f945e17d2
Reviewed-on: https://gerrit.instructure.com/13936
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Zach Pendleton <zachp@instructure.com>
Reviewed-by: Joe Tanner <joe@instructure.com>
An account can now have multiple SAML configurations, and
can set an auth discovery url.
The old AAC API has been deprecated and this adds a normal
resource API for AACs
Test Plan:
* Test the api be doing lots of things
* Create two saml configurations
* Test the individual login urls for each (/login/{id}) and verify they work
* Test that the new SAML AAC UI works.
* Test that the SAML configuration in position 1 is used as the default
closes#10497
Change-Id: Ibe35fcf788d9506542b1079cc7420912a1e9d9a2
Reviewed-on: https://gerrit.instructure.com/14042
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Adds support for optionally viewing documents with Crocodoc.
closes#9865
Test plan:
* configure the crocodoc plugin
* add an assignment that allows file uploads
* make a submission for that assignment with a pdf or doc or ppt
- on the 'submission details' page, opening a preview of the
assignment should display it in crocodoc
- speedgrader should display the submission in crocodoc too
* make a submission with odt or rtf
- the submission should be displayed with scribd or google docs
* if you disable the crocodoc plugin, submissions could continue being
previewed in google docs or scribd
Change-Id: I7dd2547f8e2d907c98ebe894a7f1ee9d58f1e030
Reviewed-on: https://gerrit.instructure.com/13668
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
* fix some invalid syntax that's snuck in recently
* fix an issue with initializing tempfiles in Canvas::HTTP
* fix some "can't modify frozen object" errors in specs
* upgrade mocha to 0.12.3
Change-Id: I6b6f25bcfff2466774e2941d35fafb7af7c50569
Reviewed-on: https://gerrit.instructure.com/13344
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
This new gem version supports SSL over IMAP. The advantage of using IMAP
for mailman instead of POP3 is that messages are deleted one-by-one as
they are processed for IMAP, rather than all at once at the end with
POP3. So if the processing of messages gets aborted by an exception or a
killed process, the messages won't get processed again the next time
IncomingMessageProcessor runs.
test plan: test that incoming emails are still processed with the
current config. then change the config to use imap with ssl, and verify
that messages are still processed.
Change-Id: I3af158de66051f4c93068cde3da17a670493787b
Reviewed-on: https://gerrit.instructure.com/13352
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
test plan:
* enable optional MFA, and check the following:
* normal log in should not be affected
* you can enroll in MFA from your profile page
* you can re-enroll in MFA from your profile page
* you can disable MFA from your profile page
* MFA can be reset by an admin on your user page
* when enrolled, you are asked for verification code after
username/password when logging in
* you can't access any other part of the site directly until
until entering your verification code
* enable required MFA, and check the following
* when not enrolled in MFA, and you log in, you are forced to
enroll
* you cannot disable MFA from your profile page
* you can re-enroll in MFA from your profile page
* an admin (other than himself) can reset MFA from the user page
* for enrolling in MFA
* use Google Authenticator and scan the QR code; you should have
30-seconds or so of extra leeway to enter your code
* having no SMS communication channels on your profile, the
enrollment page should just have a form to add a new phone
* having one or more SMS communication channels on your profile,
the enrollment page should list them, or allow you to create
a new one (and switch back)
* having more than one SMS communication channel on your profile,
the enrollment page should remember which one you have selected
after you click "send"
* an unconfirmed SMS channel should go to confirmed when it's used
to enroll in MFA
* you should not be able to go directly to /login/otp to enroll
if you used "Remember me" token to log in
* MFA login flow
* if configured with SMS, it should send you an SMS after you
put in your username/password; you should have about 5 minutes
of leeway to put it in
* if you don't check "remember computer" checkbox, you should have
to enter a verification code each time you log in
* if you do check it, you shouldn't have to enter your code
anymore (for three days). it also shouldn't SMS you a
verification code each time you log in
* setting MFA to required for admins should make it required for
admins, optional for other users
* with MFA enabled, directly go to /login/otp after entering
username/password but before entering a verification code; it
should send you back to the main login page
* if you enrolled via SMS, you should not be able to remove that
SMS from your profile
* there should not be a reset MFA link on a user page if they
haven't enrolled
* test a login or required enrollment sequence with CAS and/or SAML
Change-Id: I692de7405bf7ca023183e717930ee940ccf0d5e6
Reviewed-on: https://gerrit.instructure.com/12700
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
test plan:
* set up an LDAP search filter like
(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(sAMAccountName={{login}}))
and ensure you don't get a page error trying to log in
Change-Id: I7b431783f646cbdaf2b1c78778a05224e9c88183
Reviewed-on: https://gerrit.instructure.com/12913
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Cody Cutrer <cody@instructure.com>
fixes#9634
test plan:
* saml should still work
* some problematic SAML IDPs (e.g., shibboleth) should now work
Change-Id: Ie4307d0bc5490af5117055b0b342f5b4e3266984
Reviewed-on: https://gerrit.instructure.com/12731
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
Adds an infrastructure for using statsd (configured with
config/statsd.yml) and uses it to track a few basic stats. Stat names
are appended with the hostname.
test plan: without statsd enabled, make sure no errors are raised when
doing requests. add a statsd.yml configuration, restart the server, and
verify that stats are sent over UDP to the given host/port (this could
even be checked without statsd available, by monitoring UDP traffic)
Change-Id: Ie8c3ece7e08ff48616ffd968069bd760300e4fd2
Reviewed-on: https://gerrit.instructure.com/12673
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
This isn't currently used and won't be used in this way even once we
start using it.
Change-Id: Iba86bd4da6e7a7b08d5a73066f74994dbc667e51
Reviewed-on: https://gerrit.instructure.com/12596
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
This required building our own fork of the redis-store gem so that we
could update its dependency, and fix one small issue with redis connect
strings getting nil instead of the default value for the port number.
The redis 3.0.x gem now catches all Errno and Timeout errors and
re-raises them as subclasses of Redis::BaseConnectionError. It also now
handles EAGAIN internally, retrying when appropriate. So we've modified
our redis failure handling code to match.
test plan: verify the redis failure handling code still works (specs
pass). for instance, stop redis locally and see that canvas works in the
degraded state. make sure that redis still works for both caching and
non-caching code such as login attempts.
Change-Id: I9e8d3929afa06c522656d30f71efc0427e4ef7cc
Reviewed-on: https://gerrit.instructure.com/11521
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
This way the i18n:generate rake task can be run from production
environments as well
test plan: run rake i18n:generate, it should still output the new yml
file as before.
Change-Id: I17104686e5c7de3bacbfae9d164a9709182e2499
Reviewed-on: https://gerrit.instructure.com/11557
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
The new 1.1.x series throws a ton of warnings
Change-Id: Icae6554dc192241678a08d279c8c9967cd762603
Reviewed-on: https://gerrit.instructure.com/11508
Reviewed-by: Cameron Matheson <cameron@instructure.com>
Tested-by: Brian Palmer <brianp@instructure.com>
test plan:
* wait for your session to expire, and refresh the page
* it shouldn't page error
Change-Id: Ic2c8f3f26dfd14dc5cf98d180ba9b233c37d04d9
Reviewed-on: https://gerrit.instructure.com/10901
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Canvas will use this to pull the data about a link before creating a
collection item (currently uses embed.ly)
test plan: not possible to test this through the UI yet
Change-Id: Ie248be4081871aa3aa747510d96edc3c7cc3a0a6
Reviewed-on: https://gerrit.instructure.com/10777
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Ryan Shaw <ryan@instructure.com>
test plan:
* log in
* accept a course invitation
* add google docs to your profile
* everything should work, including flash notices
* if you keep refreshing the same page, the server should only send
the cookie once every five minutes
* if you haven't visited any page in 1 day, and you click go back,
you should be logged out
Change-Id: Iee283829f6d81b241b87a50ae0e8fa18c051b89a
Reviewed-on: https://gerrit.instructure.com/10632
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
This version fixes the case where a SAML response arrives that doesn't have a
signature around the whole thing, but has a signature in the encrypted
portion.
test plan: Set up SAML and configure it to not sign the entire response, and
to encrypt assertions. Make sure you can still log in.
Change-Id: I3306b5595b82750c344a3c4a229aff1d86bbdde6
Reviewed-on: https://gerrit.instructure.com/10735
Reviewed-by: Simon Williams <simon@instructure.com>
Tested-by: Zach Wily <zach@instructure.com>
It appears that ruby-debug is mostly no longer maintained. debugger is a fork
that appears to get regular updates, for now.
Change-Id: I026dabbede9404c6fc6a505e8ff2dca19d8961d5
Reviewed-on: https://gerrit.instructure.com/10710
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
The new version fixes a problem where the correct canonicalization algorithm
is not always used.
Change-Id: I2d5e93ec544dd51f0de480c0d60e9676d2c2e5e7
Reviewed-on: https://gerrit.instructure.com/10717
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Zach Wily <zach@instructure.com>
The updated gem fixes a problem with assertions with multiple signatures.
test plan: set up shibboleth and configure it to sign several parts of your
assertions. make sure you can use that to log into canvas. good luck. :)
Change-Id: I2cd675230ad89545b010f39dae3a9e09744d21d8
Reviewed-on: https://gerrit.instructure.com/10714
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Tested-by: Zach Wily <zach@instructure.com>
* gemfile tweaks
* removed ruby-debug (since it's broken in 1.9.3)
* removed colons from case statements
* turned off whiny nils for tests (they cause a 2X perf hit)
* added utf-8 encoding markers to files with multibyte chars
* removed an instance of calling String#map, which no longer works
* fixed an issue in the assets file where the yaml emitter doesn't output the
same whitespace as it did in 1.8.7
* fix call to .map without block
* fix yaml engine initialization for delayed jobs (was happening too late)
* fix rspec instafail
* fix UserProfile#id calls
* fix ModelCache for instance_methods now returning symbols
* fix user_spec collection not seeing the new objects
* fix course specs where POST lines are slightly different in 1.9
* fix utc_datetime in the time initializer
Change-Id: Ic95dda23cb910579e2828fb448323d4fc18902a2
Reviewed-on: https://gerrit.instructure.com/10705
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Zach Wily <zach@instructure.com>
also add the test-unit library for rspec in 1.9
Change-Id: I1be6d3c97421d9664cbbd46bc045b608694d1026
Reviewed-on: https://gerrit.instructure.com/5840
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
* add the foreigner gem so plugins can begin adding foreign keys
immediately
* add an extension to do less locking when creating foreign keys
on postgres 9.1+
* fix a few pieces of code that either don't properly clean up
foreign dependencies, or create objects in the wrong order
to maintain referential integrity
* change the specs to truncate all tables in a single command
for postgres (to avoid referential integrity errors; also
slightly faster)
test plan:
* no user visible functionality should change
Change-Id: I185e478b99fbe598d408912053c34a064aa9c461
Reviewed-on: https://gerrit.instructure.com/10580
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
* Allow linking to individual endpoints on the page.
* Give each endpoint a summary string, and list the summaries at the top
of the page, with links to the endpoint details.
* Make an omnibus "all resources reference" page, which has been a
common request. This only includes the endpoint details, not the
summary descriptions of the resources.
* Syntax highlighting for JSON
test plan: visit /doc/api/index.html and see the changes (run rake
doc:api first if on a dev box)
Change-Id: Ib126805825d40770c36b3688668c62938348412d
Reviewed-on: https://gerrit.instructure.com/10516
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
a faster rake js:generate, js:build, canvas:compile_assets, and guard
will use 'coffee' binary if installed
even if it doesn't use 'coffee' binary it will be
a lot faster
`time rake js:generate`
before => real 0m29.960s
with 'coffee' binary => real 0m4.342s
without => real 0m8.202s
test plan:
* run bundle exec guard; ensure coffeescripts are compiled to the
correct directories
* run rake js:generate; ditto
Change-Id: I8fc4d4a415e5c77d1efa910c0922588d3095446b
Reviewed-on: https://gerrit.instructure.com/9989
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Ryan Shaw <ryan@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
you have to do rake js:generate or run guard anyway
for handlebars (which also does CS),
so no sense in slowing dev environment by also doing
cs with barista
Change-Id: Ieca9f6808ae042b325f253e3c10334fc1839d282
Reviewed-on: https://gerrit.instructure.com/9512
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
there seems to be an upstream issue with the new 0.0.6 release
Change-Id: Ibefbef601d81ae3479e700fdaf016438e866a45f
Reviewed-on: https://gerrit.instructure.com/8949
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
This just gathers all the information for a single saml
login attempt so that an admin can try to debug faulty
configurations
Test Plan:
* Setup a SAML configuration
* Click "Start Debugging" on Authentication page
* Login with a user on that account
* Hit "Refresh" and observe the beautiful xml
closes#5232
Change-Id: Ic6dd2e828196d0bcbde2e301c5326d77fe55cb71
Reviewed-on: https://gerrit.instructure.com/8368
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
"Trivial" JavaScript / CoffeeScript changes
--------------------------------------------------
For the most part, all javascript was simply
wrapped in `require` or `define`. The dependencies
were found with a script that matched regexes in
the files, it errs on the side of listing too many
dependencies, so its worth double checking each
file's dependencies (over time, anyway).
i18n API changes
--------------------------------------------------
No longer have to do I18n.scoped calls, just
list i18n as a dependency with the scope and it's
imported already scoped
require ['i18n!some_scope'], (I18n) ->
I18n.t 'im_scoped', 'I'm scoped!'
JS bundling now done with r.js, not Jammit
--------------------------------------------------
We don't use jammit to bundle JS anymore. Simply
list dependencies for your JS modules in the file
and RequireJS handles the rest.
To optimize the JavaScript, first make sure you
have node.js 0.4.12+ installed and then run:
$ rake js:build
The app defaults to the optimized build in
production. You can use non-optimized in
production by putting ?debug_assets=true in the
url just like before.
You can also test the optimized JavaScript in
development with ?optimized_js=true.
Significant changes
--------------------------------------------------
These files have "real" changes to them (unlike
the JavaScript that is simply wrapped in require
and define). Worth taking a really close look at:
- app/helpers/application_helper.rb
- app/views/layouts/application.html.erb
- config/assets.yml
- config/build.js
- lib/handlebars/handlebars.rb
- lib/i18n_extraction/js_extractor.rb
- lib/tasks/canvas.rake
- lib/tasks/i18n.rake
- lib/tasks/js.rake
Change-Id: I4bc5ecb1231f331aaded0fef2bcc1f3a9fe482a7
Reviewed-on: https://gerrit.instructure.com/6986
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Ryan Florence <ryanf@instructure.com>
Test Plan
* Try a SAML login with the value set to secure password
* Try a SAML login with the value set to no value
Change-Id: I72ff456b7ce6a6ff691f9447a7b6684e8793ec16
Reviewed-on: https://gerrit.instructure.com/8350
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
there was a bug when logging failures
Change-Id: I6672e5b5157268d2f7ddf2df042bf3877e6840eb
Reviewed-on: https://gerrit.instructure.com/8378
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jake Sorce <jake@instructure.com>
this commit makes submission first-class citizens in conversations. this
means that when submission comments are added/deleted, or assignments are
unmuted, conversations and messages will be updated accordingly
the main impacts in the ui are:
1. submissions can be deleted from conversations. if a new comment is
added, they will reappear
2. submissions factor into the message total for the conversation. each
submission counts as a single message, even if there are multiple
comments
3. submission messages affect unread-ness, and are reflected in the
timestamp and text in the conversation preview
test plan:
1. confirm submissions appear in the appropriate conversations, i.e.
* submissions with no comments should not appear in any conversations
* submissions where there are comments but not by instructors:
* should appear in each instructor's private conversation with the
submitter
* should not appear in the submitter's private conversations with
anyone
* submissions where there are comments by instructors:
* should appear in each commenting instructor's private conversation
with the submitter
* should appear in submitter's private conversations with each
commenting instructor
adding or removing submission comments should update private
conversations accordingly (e.g. when one teacher comments on a
submission, it should be removed from the other teachers' private
conversations with the submitter).
2. for each scenario above where the submission comments are added and
appear in conversations, ensure that the submission as a whole behaves
like a single conversation message, i.e.
* the unread conversations count is incremented and the private
conversation is marked as unread (if it didn't exist or was already
read)
* the latest submission comment and timestamp should be reflected in
the conversation pane on the left side
* you can delete the submission from the conversation. if new comments
are posted on the submission, the submission should reappear in the
conversation (provided it still matches the criteria in 1.). note
that submission can not be forwarded to other conversations.
3. submissions should differ from traditional conversation messages in
that:
* they should not trigger conversation notifications
* they should not create/bump conversation stream items. if a
conversation has non-submission messages, the submission and its
comments should appear in the stream item, but they should not
cause it to jump to the top
migration:
existing submissions/comments will be migrated in, but not necessarily
through a traditional rails migration. to bring in those messages, run
the following from the rails console:
Submission.find_each{ |s| s.create_or_update_conversations!(:migrate) }
Change-Id: I06dcb8728402a6c4c613d445b80432a1f2973b73
Reviewed-on: https://gerrit.instructure.com/8086
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Updating to nokogiri 1.5.0 requires updating to sanitize 2.0.3 as well.
Since the API for sanitize changed, we take this opportunity to remove
the monkey patching in config/initializers, and use the actual
transformers plugin interface for sanitize.
The changes to html in the specs are due to nokogiri making a couple
changes around empty tags -- html5 wants <img> , not <img />
test plan: The existing specs exercise both gems, to ensure
compatibility.
Change-Id: Id04d017dda056e03205b373ac9bfbf71bd338cb9
Reviewed-on: https://gerrit.instructure.com/7988
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
This fixes a segfault we're hitting, https://github.com/tenderlove/nokogiri/issues/439
(We can't upgrade to nokogiri 1.5.x without bumping sanitize from 1.x to 2.x)
explanation of spec changes:
* the first xss spec started failing because nokogiri no longer drops
xml directives. however, it's not exploitable.
* the second xss spec started failing due to nokogiri now properly
the selected honoring charset. it's also not exploitable, since
canvas doesn't use utf-7.
* the final spec change is because nokogiri now strips out the invalid
newline, where it left it in before.
test plan: specs will exercise the upgraded nokogiri gem for
compatibility in our use cases
Change-Id: Ie152c8c60f3df5150ee4f14ab41dfee95a342fa8
Reviewed-on: https://gerrit.instructure.com/7958
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Brian Palmer <brianp@instructure.com>
test plan:
* checkout patchset 1 from https://gerrit.instructure.com/7469
* symlink the canvalytics repo into vendor/plugins/
* symlink public/plugins/canvalytics to vendor/plugins/canvalytics/public/
* run guard, regenerate all files
* make sure the route /analytics/course/<id>/user/<id> renders handlebars
unit tests not provided for this scaffolding stuff
Change-Id: Ibf626555cbb79a5a97d67286ef4a7d8f28f53de8
Reviewed-on: https://gerrit.instructure.com/7470
Reviewed-by: Ryan Florence <ryanf@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
We like instafail, but we like the nested formatter too. Imagine those
powers combined!
Change-Id: I54a332c3f294e109f796909afe3d6b67f759237a
Reviewed-on: https://gerrit.instructure.com/7718
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: JT Olds <jt@instructure.com>
I added general code to the spec helper to try and prevent this
happening again. I had to bump the json gem version because 1.5.1 has a
bug preventing the object_class option from working with subclasses of
Hash.
test plan: hit /api/v1/users/self/profile , the response json shouldn't
list login_id twice
Change-Id: Ie52401843896f46828e624f10f8a8091c10ce25b
Reviewed-on: https://gerrit.instructure.com/7320
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
now we don't need to manually copy the test files to the remote server
testplan: run the conversations specs against a remote selenium server
that doesn't have C:\testfiles, they should still pass.
Change-Id: Icf3a2e685858ef5605512895e9be25bcab86931d
Reviewed-on: https://gerrit.instructure.com/7235
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
closes#6382
Previously, the "stay logged in" cookie just used the authlogic default
implementation, which is the pseudonym persistence_token. This is a
problem, because that persistence_token only ever changes when the
pseudonym password changes, so it's the same everywhere; so if that
cookie is stolen, it's valid for a very long time.
This switches us to one-time-use tokens that expire as soon as the token
logs the user in once. Each user agent also gets a different
one-time-use token.
Change-Id: I4f20cd7759fd74590e82ed55797552e342243d49
testplan:
* Check that no token is set at all when "stay logged in" isn't
selected.
* Check "stay logged in", and verify:
* That you don't have to login again after restarting your browser,
but your _normandy_session got reset.
* That if you save and try to replay using the same
pseudonym_credentials, they don't work the second time.
* That a second browser will get a different pseudonym_credentials
value, and using one token doesn't affect the other.
* That once the token is used, a new one is generated and set in
your cookies. Verify this new token works as well.
* That logging out removes the pseudonym_credentials cookie in your
browser. And also that manually restoring this cookie still
doesn't log you in, since it was removed server-side as well.
* Change your password, and verify that the existing "stay logged in"
tokens no longer work.
* Delete your pseudonym, and verify the same.
Reviewed-on: https://gerrit.instructure.com/7093
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
fixes the behavior such that we only toggle ungraded assignment counts
related to a particular user when his active enrollments in a given
course go from zero to one and vice versa.
also fixes performance issues in mysql. this required a custom trigger
body. see https://github.com/jenseng/hair_trigger/commit/326a10c for
the related hairtrigger commit to support this
Change-Id: Ie36b3d33ced69321f3a87468ab56480b1378d235
Reviewed-on: https://gerrit.instructure.com/6808
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
This gem update required updating our twitter, linkedin, and gdocs
integrations to correctly provide the redirect uri and use the oauth
verifier on return, which we weren't doing before.
As a consequence, google no longer displays a big scary warning about
Canvas not being secure in its oauth usage.
Facebook uses oauth 2.0, so no changes were needed there.
refs #5892
refs #6127 (this stuff needs refactoring)
Change-Id: I04289638915b84dbe439bd57b36da90151c662b9
Reviewed-on: https://gerrit.instructure.com/6585
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
This doesn't work with our current deploy process, so it'll need to be
in devs' local Gemfile for now
Change-Id: Ia918672fac851b132c2e688a27bf9f20555f65c3
Reviewed-on: https://gerrit.instructure.com/6598
Reviewed-by: Ryan Shaw <ryan@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
new stuff
---------
- added curl.js AMD module loader
- converted existing js specs to use QUnit
- removed jasmine stuff
- added rake task to run js specs
dependencies!
-------------
you'll need to install http://www.phantomjs.org/
if you want to run the specs.
next step is to incorporate curl.js into our app
environment.
Change-Id: I0ba97bc9abe1494f87fdfc0eca51d987a759bc85
Reviewed-on: https://gerrit.instructure.com/6477
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Ryan Shaw <ryan@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
when downloading a file (attachment) that's on S3, include the
response-content-disposition parameter in the redirect url so that the user
will get a Content-Disposition header from S3 giving the file the correct
disposition (attachment, not in-browser) and the correct filename (the
'natural' filename in S3 is that of the first copy of the file uploaded;
someone else may have uploaded it again with a different filename; we want them
to see the correct filename in the download).
CAVEATS:
* in the case of duplicate files with different filenames, the content
disposition will cause the correct filename to be used by the browser in
saving/prompting-to-save the file, but the actual S3 filename will still be
present in the URL if inspected.
* the filename in the content-disposition is correctly quoted as per RFC 2616
for ASCII, but a lot of browsers do it wrong. we are making no attempt to
accomodate their idiosyncracies.
* the http quoting we do is ghetto and doesn't account for multi-byte
characters.
fixes#4473
Change-Id: I468a6ecdaee2946ab89172984adacf20b491d541
Reviewed-on: https://gerrit.instructure.com/6506
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
fastercsv is not supported in 1.9, instead csv in the stdlib has been
modified to be api compatible with fastercsv. in this first step, we
alias CSV to FasterCSV when running under 1.9. This allows 1.8.7 to
continue working with no changes.
Change-Id: I34c3a9031b6f4946380510e4833203e29a05073a
Reviewed-on: https://gerrit.instructure.com/5835
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
use src from <content> element to download, instead of constructing our
own url (fragile!). also, use https instead of http.
Change-Id: I9e2ca48558b63522bc730309d64411208ad92f9c
Reviewed-on: https://gerrit.instructure.com/5922
Reviewed-by: Zach Wily <zach@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jacob Fugal <jacob@instructure.com>
now we can have things like
app/coffeescripts/lib/myWidget.cofffee
(also changed to regex watch pattern to get rid
of deprecation warning)
Change-Id: Ia6561dcb57215b2b1b405bcd64c43d7fd2ded85d
Reviewed-on: https://gerrit.instructure.com/5894
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Ryan Florence <ryanf@instructure.com>
- New rake task `rake jst:compile` to precompile
JavaScript templates into functions.
Add handlebars templates to app/views/jst and
they'll get compiled to public/javascripts/jst
- New rake task `rake jasmine` and `jasmine:ci` to
run JavaScript specs.
Add specs to spec/coffeescripts and they'll get
compiled into spec/javascripts
- Added Guard gem `$ guard` that watches
coffeescript and handlebars files and compiles
them when changes are made.
- Created Handlebars Ruby class that precompiles
the templates into JavaScript functions
- Added JS Template constructor to abstract
our tempting API
Change-Id: Ie993d0fc50d49b161ed94dbc066c4475cefdc427
Reviewed-on: https://gerrit.instructure.com/5813
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Ryan Shaw <ryan@instructure.com>
and add a before check to make sure that the screen size is large enough
to successfully run the specs
Change-Id: I8ea55528add155d805047347965f93c45d64a00a
Reviewed-on: https://gerrit.instructure.com/4644
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Zach Wily <zach@instructure.com>