refs #5948
adjust specs so that if a login does inject themselves in by adding
additonal redirects, we keep following them
Change-Id: I16e616066ea1bef1aa5ed97718cbd8ddbd2c27c5
Reviewed-on: https://gerrit.instructure.com/6536
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
new stuff
---------
- added curl.js AMD module loader
- converted existing js specs to use QUnit
- removed jasmine stuff
- added rake task to run js specs
dependencies!
-------------
you'll need to install http://www.phantomjs.org/
if you want to run the specs.
next step is to incorporate curl.js into our app
environment.
Change-Id: I0ba97bc9abe1494f87fdfc0eca51d987a759bc85
Reviewed-on: https://gerrit.instructure.com/6477
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Ryan Shaw <ryan@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
closes#5880
We track failed attempts for both (pseudonym) and (pseudonym, ip) in
Redis, the latter with a lower threshold. If either threshold is
exceeded, the user can't attempt to login for a given time period
(default 5 minutes). This protects against brute force auth attacks.
We've hooked into Authlogic for this, so it should apply to everywhere a
user is logged in -- login screen, API basic auth, Respondus API, etc.
It doesn't apply to SSO auth, where the SSO authority is assumed to have
existing protection of its own.
I refactored the Respondus SOAP API to use Authlogic in a more standard
manner, to make this work.
Change-Id: I569823f83c5c2855526464da270426275eb857cd
Reviewed-on: https://gerrit.instructure.com/6428
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
This shaves about 0.8 seconds off canvas startup time in dev mode on my
MBP. Not a lot, but it's something.
Change-Id: I1e835e5a97a122b2f4a5c5dcd9d86d6a4c0369b0
Reviewed-on: https://gerrit.instructure.com/6472
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
Features
--------
- The course menu shows the top 12 courses in
alphabetical order
- Users with > 12 courses will get a button to
edit the courses in their menu. Any courses
they add become favorites and will remain
in the course menu, and visa versa for those
they remove
- Users can reset the menu to the default 12
Noteworthy Ruby changes:
------------------------
- Added Favorites model
Favorites are polymorphic so we can save other
contexts as favorites in the future.
- Added FavoritesController
- Added User#menu_courses
This opens up some room to remove lots of code
that's used to build the main menu, but that
isn't in this commit. Gives a list of all the
courses that show up in the user's menu.
- Added User#favorites
- Added User#favorite_courses
- Refactored Enrollment::readable_type to cache
Noteworthy JavaScript changes:
------------------------------
- Jasmine specs are totally working
- Added CustomList constructor
- Added courseList (CustomList instance)
- Added objectCollection
Utility function that extends an array with
methods useful for collections of objects.
Used to manage the data state in CustomList
Fixes#4827
Change-Id: I59468e517ad07678741402bf9cf479cba1dfeaa1
Reviewed-on: https://gerrit.instructure.com/5982
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
changes to a grade were appearing in grade history only
on the date of the first grade. grade changes now display
once on each day that they occur.
Change-Id: I66e84a23f28757e3433e2bcbbe437a9a6ff046d8
Reviewed-on: https://gerrit.instructure.com/6373
Reviewed-by: Ryan Shaw <ryan@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
fixes#5573, #5572, #5753
* communication channels are now only unique within a single user
* UserList changes
* Always resolve pseudonym#unique_ids
* Support looking up by SMS CCs
* Option to either require e-mails match an existing CC,
or e-mails that don't match a Pseudonym will always be
returned unattached (relying on better merging behavior
to not have a gazillion accounts created)
* Method to return users, creating new ones (*without* a
Pseudonym) if necessary. (can't create with a pseudonym,
since Pseudonym#unique_id is still unique, I can't have
multiple outstanding users with the same unique_id)
* EnrollmentsFromUserList is mostly gutted, now using UserList's
functionality directy.
* Use UserList for adding account admins, removing the now
unused Account#add_admin => User#find_by_email/User#assert_by_email
codepath
* Update UsersController#create to not worry about duplicate
communication channels
* Remove AccountsController#add_user, and just use
UsersController#create
* Change SIS::UserImporter to send out a merge opportunity
e-mail if a conflicting CC is found (but still create the CC)
* In /profile, don't worry about conflicting CCs (the CC confirmation
process will now allow merging)
* Remove CommunicationChannelsController#try_merge and #merge
* For the non-simple case of CoursesController#enrollment_invitation
redirect to /register (CommunicationsChannelController#confirm)
* Remove CoursesController#transfer_enrollment
* Move PseudonymsController#registration_confirmation to
CommunicationChannelsController#confirm (have to be able to
register an account without a Pseudonym yet)
* Fold the old direct confirm functionality in, if there are
no available merge opportunities
* Allow merging the new account with the currently logged in user
* Allow changing the Pseudonym#unique_id when registering a new
account (since there might be conflicts)
* Display a list of merge opportunities based on conflicting
communication channels
* Provide link(s) to log in as the other user,
redirecting back to the registration page after login is
complete (to complete the merge as the current user)
* Remove several assert_* methods that are no longer needed
* Update PseudonymSessionsController a bit to deal with the new
way of dealing with conflicting CCs (especially CCs from LDAP),
and to redirect back to the registration/confirmation page when
attempting to do a merge
* Expose the open_registration setting; use it to control if
inviting users to a course is able to create new users
Change-Id: If2f38818a71af656854d3bf8431ddbf5dcb84691
Reviewed-on: https://gerrit.instructure.com/6149
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Admins can now masquerade users by giving an SIS id in
the as_user_id param, e.g.: as_user_id=sis_user_id:1234.
Change-Id: I9bb03ecf53c4ceba574dd4d196c0281ac8dd3141
Reviewed-on: https://gerrit.instructure.com/6335
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
Also added a spec that tests the entire message processing stack (at least
with STDIN). An earlier refactor to do a more targeted test resulted in this
breakage.
Change-Id: Ic23eebaceccd2d4a615d9452675a66a1b925a387
Reviewed-on: https://gerrit.instructure.com/6212
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
This doesn't play well with the selenium specs, which modify the test
env domain config when spawning a forked server.
This reverts the forced config, but keeps the domain_config refactoring.
Change-Id: I4ebf8983264adf99c37dd7097d28bdd1773bc2ec
Reviewed-on: https://gerrit.instructure.com/6169
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
prior to this commit, submission was only saving the
most current version, so grade_history didn't have any
record of previous grades.
now saves a new version on grade update. only displays
the most recent grade change/version on the history page.
Change-Id: I96d70c1a0cbaebbf1bbebfbd8690cc53e7292c28
Reviewed-on: https://gerrit.instructure.com/5925
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Pendleton <zachp@instructure.com>
jammit was blowing up because it was getting js that
looked like:
})()(function() {
adding the semicolon will fix it so it looks like
})();
(function() {
which will actually work
Change-Id: I6a990259982d85f2c276c877d8fee362e4aad1df
Reviewed-on: https://gerrit.instructure.com/6133
Reviewed-by: Jon Jensen <jon@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
fastercsv is not supported in 1.9, instead csv in the stdlib has been
modified to be api compatible with fastercsv. in this first step, we
alias CSV to FasterCSV when running under 1.9. This allows 1.8.7 to
continue working with no changes.
Change-Id: I34c3a9031b6f4946380510e4833203e29a05073a
Reviewed-on: https://gerrit.instructure.com/5835
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
no real changes, just moved/renamed things a bit prior to creating a
HandlebarsExtractor
Change-Id: I47fa3bbc8d3bcbb926b92a4f42f704b9373c38f7
Reviewed-on: https://gerrit.instructure.com/6086
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Ryan Shaw <ryan@instructure.com>
file links get translated to direct file download links, and media
comments into embedded html video tags.
use this to add assignment description to the assignment json response.
closes#5739, closes#4742
Change-Id: Iccfc517014ed2777686c355a382ded290ae4d8b8
Reviewed-on: https://gerrit.instructure.com/6030
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
One in course copy, and one in common cartridge export.
refs #5739
Change-Id: I4ba016f643a22f0cf3f6dbbe6b00dcd7d228a10a
Reviewed-on: https://gerrit.instructure.com/5979
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
fixes#5737
There is one situation where a session is still desireable -- if the
attachment data includes links, for instance a html file attachment,
then a session will be needed to view the links from that file. The
limited safefiles session will still be created when downloading the
file, so apps can optionally use the session to support that
functionality.
Change-Id: I48558c4a3217ebea92118f8f08d1254041bd65e5
Reviewed-on: https://gerrit.instructure.com/5860
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
There are a couple small changes for the bulk migration tool
refs #5449
Change-Id: I357f69c8ccdc3ef7e08cfb274091ebd3a222105c
Reviewed-on: https://gerrit.instructure.com/6023
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
if the 'total_scores' include argument is included in a Course API
/courses.json call, include the computed_current_score,
computed_final_score, and computed_final_grade for any returned student
enrollments. closes#4747
Change-Id: I84f77c9bf09324b11d26d88bf23600d73c65f2ed
Reviewed-on: https://gerrit.instructure.com/6027
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
Authlogic has already read it out of the database at this point, so
the cache doesn't gain us anything.
Change-Id: I4bd21ddf17dbbe0efe288a26a4281440e6e932ad
Reviewed-on: https://gerrit.instructure.com/5972
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
makes for saner templates and easier string extraction
Change-Id: Ic3039ca54c28bffb042996fdcf0ce14a76586e9a
Reviewed-on: https://gerrit.instructure.com/5983
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
Cody Cutrer