fixes CNVS-5794
links to an access token to get the proper ARN
test plan:
* set up an SNS app in AWS
* configure your credentials in sns.yml
* set sns_arn on a developer key to be the ARN of the app in SNS
* using an access token created from that developer key,
you should be able to create a push channel
* you should see that channel in your profile (named after your developer
key)
Change-Id: I183241d02715252bf558c495d72d4995cea4232d
Reviewed-on: https://gerrit.instructure.com/25281
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
this reverts commit c8a4c453ff.
while the gem *appears* recent, it hasn't merged upstream changes from
http://github.com/rails/rails_xss since before we vendored it, so we
can't make the switch after all.
instead, I've just silenced the rails3 warning and left a TODO marker.
Change-Id: I8957e676c38ef7cdeac0e6266f2cac3288b1ec7d
Reviewed-on: https://gerrit.instructure.com/26374
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Bryan Madsen <bryan@instructure.com>
Product-Review: Jacob Fugal <jacob@instructure.com>
QA-Review: Jacob Fugal <jacob@instructure.com>
It wasn't getting loaded when development and test gem groups were
excluded, breaking production mode.
fixes CNVS-9503
Change-Id: I4dded45e4e066c4f0f479304566b8ae93431801d
Reviewed-on: https://gerrit.instructure.com/26388
Product-Review: Bryan Madsen <bryan@instructure.com>
Tested-by: Bryan Madsen <bryan@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: Brian Palmer <brianp@instructure.com>
chages:
fixes issue with class reloading
add created at timestamp to recordings
update logic to determine if a conference is active
*test plan
canvas should work with class caching turned off
recordings for webex should have timestamps
conference alerts should only show up for active conferences
Change-Id: I8a2fa935733e68b83dbab59811c613a9782ecdde
Reviewed-on: https://gerrit.instructure.com/26034
Reviewed-by: Brandon Broschinsky <brandonbr@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: Adam Phillipps <adam@instructure.com>
QA-Review: Adam Phillipps <adam@instructure.com>
closes CNVS-9074
In rails2, we explicitly override `render :json` to use Oj and the
ParamsParser middleware to parse with Oj.
In rails3, we enable the oj backend for ActiveSupport::JSON. However,
sadly that's not enough because of the screwy state of JSON in Rails 3
and Rails 4.0.x. So we pull in the rails-patch-json-encode gem to fix
performance. If this ends up causing issues as we continue working
toward Rails 3.2, we'll remove this gem. A good explantion of the issues
is in the README: https://github.com/GoodLife/rails-patch-json-encode
In my local (rails2) benchmarking, json response generation is 12-14x faster
*with stringify ids* enabled. It'll be slightly faster without, but
stringify is becoming the norm. json parsing is a smaller win, 2-3x
faster, but still significant enough to warrant patching ParamsParser
(said patch goes away in rails3).
test plan:
* no behavior changes are expected
* regression testing of the api, both the json responses and sending
json to put/post requests
* regression testing of the web ui in areas that use the api and ajax
calls
Change-Id: I632549baaa4e51dd0ee67dede911941877911102
Reviewed-on: https://gerrit.instructure.com/25458
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>
fixes PS-799
test plan:
* you can use external emails in webex conferences
Change-Id: I3c0ec2e964c3d9861d0176e1ac18d4d2c73ee291
Reviewed-on: https://gerrit.instructure.com/25898
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: Adam Phillipps <adam@instructure.com>
QA-Review: Adam Phillipps <adam@instructure.com>
Reviewed-by: Brandon Broschinsky <brandonbr@instructure.com>
refs PS-778
test plan
*webex conference should allow non latin chars
Change-Id: I5eb7eae4ec4e2012986eaca7b8e20bcbab6990f3
Reviewed-on: https://gerrit.instructure.com/25828
Product-Review: Adam Phillipps <adam@instructure.com>
QA-Review: Adam Phillipps <adam@instructure.com>
Reviewed-by: Brandon Broschinsky <brandonbr@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
refs PS-691
test plan
* you should be able to use webex in canvas web conferences
Change-Id: Ia4f427ca961791d178f8225000a83667731c8a39
Reviewed-on: https://gerrit.instructure.com/25630
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: Adam Phillipps <adam@instructure.com>
QA-Review: Adam Phillipps <adam@instructure.com>
Reviewed-by: Brandon Broschinsky <brandonbr@instructure.com>
fixes CNVS-8748
needed for routing_concerns. part of this includes a (required) upgrade
to mail 2.5.4, that makes some of our tweaks to it unnecessary.
test-plan:
ensure the following still work under rails 2.3.18 (which is currently
the default environment)
- common cartridge export
- internationalization
- mail sending and processing
Change-Id: I423860d1e1e59d91068df44c0972ffb58fd5b330
Reviewed-on: https://gerrit.instructure.com/25113
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Nick Cloward <ncloward@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Jacob Fugal <jacob@instructure.com>
rather than CANVAS_RAILS3 or Rails.version
this is to be consistent, and to reinforce that any "special" branches
are for rails 2.3 backwards compatibility while trying to target rails
3, rather than rails 3 "forwards compatibility".
Change-Id: I4494b65e3f71108a43d09032c1569c478646a828
Reviewed-on: https://gerrit.instructure.com/24998
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Product-Review: Jacob Fugal <jacob@instructure.com>
QA-Review: Jacob Fugal <jacob@instructure.com>
fixes CNVS-8317
test plan:
* have a separate queue config, with a slave environment that uses
a separate host
* in script/console, execute the following:
* Delayed::Job.connection_pool.spec.config
* Shackles.activate!(:slave)
* Delayed::Job.connection_pool.spec.config
* Shackles.activate!(:master)
* Delayed::Job.connection_pool.spec.config
* The config output for the first and third should be identical; for
the second time, the host key should be the one for the slave
Change-Id: Ied6ec2bea1ff0e07a47434a5ad6d80ccd06e3bee
Reviewed-on: https://gerrit.instructure.com/24819
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
Define the cost of a request as (user cpu + time spent in db queries),
then store that using a leaky bucket algorithm in redis. The algorithm
is slightly modified from a normal leaky bucket, see the comments in the
code.
The parameters (maximum, hwm, outflow) are configurable Settings.
Because this code path is hit on every request, I've tried to keep the
added latency to a minimum.
Uses lua scripting in redis to avoid the latency of an extra round trip
(two round trips with lua, one at the beginning of the request and one
at the end, vs at least three without lua).
closes CNVS-7008
test plan:
* Given the default params, you're not going to ever hit the throttling
limit without making multiple requests in parallel. Normally local dev
environments won't process parallel requests, so you'll want to tweak
the config params.
* Setting.set('request_throttle.hwm', '2')
* Setting.set('request_throttle.outflow', '0.1')
* Make canvas http requests as a logged in user, and verify that after a
few requests in quick succession, you get a 403 response. After
waiting a second for your bucket to fall back below the threshold, you
can make requests again.
* Do the same using the api and sending your access token in the query
string or http auth header.
* This should work correctly with a clustered redis as well.
* If possible it'd be good to test parallel requests as well. The code
should handle this correctly and combine the cost of the parallel
requests, rather than stomping on the values.
Change-Id: I1fdfd4e009d81bd6525bcf45a93437f4c395f129
Reviewed-on: https://gerrit.instructure.com/24256
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>
We'd like to re-use some of this code elsewhere, and there's nothing
canvas-specific about it.
refs CNVS-7008
test plan: redis delayed job specs still pass
Change-Id: Iaa19ee60419d01bb451cccf2861a1015a7ba087a
Reviewed-on: https://gerrit.instructure.com/24255
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>
We have a fix on master that is not yet in a release gem
refs CNVS-7945
test plan: notifications should still be successfully sent in all situations,
such as replying to discussions. this new version of the gem also fixes
an issue where <img> tags weren't getting replaced with their alt text
in some situations, which is an unrelated bug "fix". this doesn't appear
to affect canvas negatively in my testing.
Change-Id: Idbf52aa006d04252b7870cd0a3208d7bdc0e20e3
Reviewed-on: https://gerrit.instructure.com/24024
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>
fixes CNVS-7379
test plan:
1. Log in as a student who has taken quizzes and has had assignments graded.
2. On the main and course pages, try to click on an Assignment/ Quiz link under Recent Feedback
3. The links should work without error
Change-Id: I669c057add5fc14df891608054a997b33939fd0c
Reviewed-on: https://gerrit.instructure.com/23242
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>
some bugfixes, esp. around timezones and DST
Change-Id: I53df7f7e8d9af38dd300828795d017df7f304a57
test-plan: N/A
Reviewed-on: https://gerrit.instructure.com/23126
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Product-Review: Jeremy Stanley <jeremy@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Jacob Fugal <jacob@instructure.com>
closes CNVS-7093
the changelog from rails 2.3.18 is at https://github.com/makandra/rails/commits/2-3-lts
so far it's mostly packaging changes, with explict config options to opt
out of some stuff like enable_xml_parsing
test plan:
* without RAILS_LTS file, specs should pass, general regression testing
* ditto with RAILS_LTS file pointing at the private gem repo (ask for
creds, we aren't allowed to share them publicly)
Change-Id: I3526c57ce5769dd73c84ffe8055fa084874b2bd5
Reviewed-on: https://gerrit.instructure.com/21654
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>
QA-Review: Brian Palmer <brianp@instructure.com>
fixes CNVS-6734
also displays errors encountered when joining
a conference rather than leaving it unhandled
testing steps:
* a legacy conference should work to start or join
after the update
* prior performing the update, create a conference
that is not yet started
* prior performing the update, create a conference
that has started but not yet ended
* verify both conferences can be started or joined
* new conferences should work to create and join
* conference unique ID clashes should error gracefully
* create a new conference, in a console, change the
setting :meeting_url_id to be set to an existing
meetings meeting_url_id and verify attempts to join
it fail with a nicer error message.
* in the console:
c = WebConference.find [insert ID of meeting]
c.settings[:meeting_url_id] = 'canvas-meeting-[ID of legacy meeting]'
c.save
* reload the conferences web page and attempt to join
the meeting
Change-Id: I39085eba54f1cfe51335d3df5c81df1930791a8e
Reviewed-on: https://gerrit.instructure.com/22196
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jon Willesen <jonw@instructure.com>
QA-Review: Cam Theriault <cam@instructure.com>
Product-Review: Mark Ericksen <marke@instructure.com>
refs gh-319
if we have pg_collkey, use the current locale instead of 'root', but
only if the current locale differs (so pg can still use the index
as much as possible)
test plan:
* add three users to a course, named "n", "na", and "ñ"
* set your language to English
* the people page of the course should sort as "n", "ñ",
"na"
* set your language to Spanish
* the people page of the course should sort as "n", "na",
"ñ"
Change-Id: Id01be92cb2dc103cc5f9e651da43cba6597bab22
Reviewed-on: https://gerrit.instructure.com/21648
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
This allows us to upgrade our routes file to rails 3 syntax while still
staying compatible with rails 2.3
refs CNVS-5146
test plan:
This affects literally every URL in Canvas, but shouldn't introduce any
new behavior. The automated integration and selenium tests still pass,
which is a good smoke test. Other than that, it's really just making
sure that routes are generated and recognized as before (regression
testing).
Change-Id: I443d006e3fcb5a0a0f8d6db46a8873a498ae7fd4
Reviewed-on: https://gerrit.instructure.com/21729
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>
QA-Review: Brian Palmer <brianp@instructure.com>
* disable i18nema until we're on rails 3.2
* fix how we access session_options
* fix how we access the basic auth header
* fix attachment_fu callbacks
test plan: none of these fixes should affect rails 2
Change-Id: I7f9b6f18c04d51284ec3e5e9fdd39fb93539c91b
Reviewed-on: https://gerrit.instructure.com/21728
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>
QA-Review: Brian Palmer <brianp@instructure.com>
test plan:
1. specs should pass
2. run canvas with RAILS_LOAD_ALL_LOCALES=1
3. you should be able to switch locales and see translations
4. run i18n:generate on the parent commit and on this commit, the
resulting config/locales/generated/en.yml should be identical
Change-Id: I5164943dc6e682c663145e91d7a9791331e9b4cc
Reviewed-on: https://gerrit.instructure.com/21014
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: Marc LeGendre <marc@instructure.com>
Product-Review: Marc LeGendre <marc@instructure.com>
jammit can use sass to minify css. this is great
because now we don't need the yui-compressor.
which means that we don't need java.
Change-Id: I22d0f35340077a866ffe1000443bc5a061a9e613
Reviewed-on: https://gerrit.instructure.com/11588
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Product-Review: Bryan Madsen <bryan@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
test plan:
* create and join an adobe connect conference; verify
that it works as expected.
Change-Id: I30a1748e4c04da478bfbe8ddde2802efa90022df
Reviewed-on: https://gerrit.instructure.com/20512
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Joel Hough <joel@instructure.com>
Product-Review: Marc LeGendre <marc@instructure.com>
QA-Review: Marc LeGendre <marc@instructure.com>
fixes CNVS-5493
test steps:
Trigger the following emails and ensure that the HTML and plain text
versions of the email appear proper.
* conversation message received
* new announcement
* new discussion entry
* new discussion topic
* updated wiki page
* summary (daily or weekly)
Change-Id: I9638badb500eeb6cb23e4a83bd8395cd5dc40608
Reviewed-on: https://gerrit.instructure.com/20296
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: Eric Berry <ericb@instructure.com>
QA-Review: Eric Berry <ericb@instructure.com>
- Pulls in latest fixes to LogOutRequest signatures
- Includes XML certificate in signed LogOutRequest
refs CNVS-5576
Test Plan:
- Set up shibboleth as per instructions in the wiki
- Using old code, log in as test user
- Watching SAML debugging, observe that Shibboleth responds to log out
message with error code
- Restart canvas with updated ruby-saml-mod gem
- Log in again as test user
- Verify that shibboleth accepts log out request signature
Change-Id: I1a700fc1c27738812b4ee6773500240c63d39735
Reviewed-on: https://gerrit.instructure.com/20444
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
Reviewed-by: Paul Hinze <paulh@instructure.com>
Product-Review: Paul Hinze <paulh@instructure.com>
when a user explicitly logs out of one pseudonym session, invalidate all
the others
fixes CNVS-1923
test-plan:
- create a user in two different accounts
- log them in to both accounts
- click "log out" in one account
- should be logged out of both accounts
Change-Id: I79e70017d753c8201429901421e015f5d20e2000
Reviewed-on: https://gerrit.instructure.com/20096
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>
The combination of these two changes fixes an issue with using extended
utf-8 chars in cql queries (including inserts)
fixes CNVS-5719
test plan: enable cassandra page views, and from a script/console run a
test query with extended utf-8 data, for instance:
PageView::EventStream.database.execute("SELECT * FROM page_views WHERE request_id = ?", "test \xEF\xBF\xBD one")
This will return no results since that request id isn't a UUID, but the
key is it shouldn't error.
Change-Id: I1dafb6165cdda65ab64267edbf9fabc4fccd783c
Reviewed-on: https://gerrit.instructure.com/20397
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>
Cody Cutrer