test plan:
* enable optional MFA, and check the following:
* normal log in should not be affected
* you can enroll in MFA from your profile page
* you can re-enroll in MFA from your profile page
* you can disable MFA from your profile page
* MFA can be reset by an admin on your user page
* when enrolled, you are asked for verification code after
username/password when logging in
* you can't access any other part of the site directly until
until entering your verification code
* enable required MFA, and check the following
* when not enrolled in MFA, and you log in, you are forced to
enroll
* you cannot disable MFA from your profile page
* you can re-enroll in MFA from your profile page
* an admin (other than himself) can reset MFA from the user page
* for enrolling in MFA
* use Google Authenticator and scan the QR code; you should have
30-seconds or so of extra leeway to enter your code
* having no SMS communication channels on your profile, the
enrollment page should just have a form to add a new phone
* having one or more SMS communication channels on your profile,
the enrollment page should list them, or allow you to create
a new one (and switch back)
* having more than one SMS communication channel on your profile,
the enrollment page should remember which one you have selected
after you click "send"
* an unconfirmed SMS channel should go to confirmed when it's used
to enroll in MFA
* you should not be able to go directly to /login/otp to enroll
if you used "Remember me" token to log in
* MFA login flow
* if configured with SMS, it should send you an SMS after you
put in your username/password; you should have about 5 minutes
of leeway to put it in
* if you don't check "remember computer" checkbox, you should have
to enter a verification code each time you log in
* if you do check it, you shouldn't have to enter your code
anymore (for three days). it also shouldn't SMS you a
verification code each time you log in
* setting MFA to required for admins should make it required for
admins, optional for other users
* with MFA enabled, directly go to /login/otp after entering
username/password but before entering a verification code; it
should send you back to the main login page
* if you enrolled via SMS, you should not be able to remove that
SMS from your profile
* there should not be a reset MFA link on a user page if they
haven't enrolled
* test a login or required enrollment sequence with CAS and/or SAML
Change-Id: I692de7405bf7ca023183e717930ee940ccf0d5e6
Reviewed-on: https://gerrit.instructure.com/12700
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
minimum to not accidentally blow away more than 2 configs
test plan:
* in script/console, add more than 2 ldap configs to an account
* the UI should show them all, and they should be editable
* you should not be able to add more, or delete any individual
config
* normal editing of one or two configs should work just fine
Change-Id: I66b31f1b800b40aa490fd05b051bec23be9ef0bb
Reviewed-on: https://gerrit.instructure.com/12879
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Cody Cutrer <cody@instructure.com>
refs #8120
test plan
- be an admin in a course with at least one other user
- /users/1/admin_merge
- enter your own id into the text box -> should get an error about not
being able to merge an account with itself
- enter a user id that doesnt exist -> should get an error about not
being able to find the user
- enter text and punctuation -> should get an error about invalid text
being entered
Change-Id: Iaaef29ffb733edf4508b22ffbcc5030e05ffd245
Reviewed-on: https://gerrit.instructure.com/12793
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
make start tls the default if not otherwise specified in the API, and
the default for new integrations in the UI. still support booleans
in the API.
test plan:
* test non-tls, simple tls, and start tls LDAP servers
* ensure new LDAP settings default to start tls
Change-Id: I60b2f2d6cbdd32beff14d198c92efbfd6705b041
Reviewed-on: https://gerrit.instructure.com/12923
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Cody Cutrer <cody@instructure.com>
test plan:
* set up an LDAP search filter like
(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(sAMAccountName={{login}}))
and ensure you don't get a page error trying to log in
Change-Id: I7b431783f646cbdaf2b1c78778a05224e9c88183
Reviewed-on: https://gerrit.instructure.com/12913
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Cody Cutrer <cody@instructure.com>
previously, descriptions longer than 177px in calendar2 events
were overflowing beyond the modal onto the page. this fix adds a
scrollbar for those descriptions.
test plan:
* create an assignment with a really long description and a due date
(so it shows up in calendar2);
* as a user in the same class as the assignment, visit the calendar2
page and click on the assignment;
* verify that the description is scrollable and does not overflow
beyond the modal.
Change-Id: I6522f4712b31a879473bc63066cbd4854731b3b9
Reviewed-on: https://gerrit.instructure.com/12954
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
fixes#9966
refs #9901
there was a bug where policies for non-default channels were being considered
when deciding whether a default policy needed to be created, to show on the
communication preferences page.
also prevent an exception from being thrown when a user has no communication
channels, and visits the notification preferences page. We still need some
better UI here explaining why you can't do anything on the page.
test plan:
(for #9966)
- create a new user with an email, and setup some notification preferences
- add a new email address and retire the first one
- go to the notification preferences page
- you should have default preferences for the (new) default channel
(for #9901)
- as a user with no communication channels
- go to the notification preferences page
- it should not break
Change-Id: Iecd544571d6fece2a23c24b547ae434e8b57daae
Reviewed-on: https://gerrit.instructure.com/12952
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
some malformed imports are missing an indent on response_label
tags. we should just ignore these instead of failing on import.
test plan:
* run specs
Change-Id: I82914f1ff279b921ae5668c38b80ac4616595a29
Reviewed-on: https://gerrit.instructure.com/12950
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
This ensures that conferences on different shards won't accidentaly
share a voice bridge.
test plan: ensure that voice chat in Big Blue Button conferences still
works as expected.
Change-Id: I3e995943a33a2b18e6574c8f60f094e53f5a2753
Reviewed-on: https://gerrit.instructure.com/12945
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
fixes#9942
notifications is an unsharded table, so we can't join it again notification
policies. switch to include to get expected behavior
test plan:
- on a non-default shard
- change all of your notification frequencies
- they should stay changed.
Change-Id: Ife74a2124567381e3d1898f1d34ca09904d7376d
Reviewed-on: https://gerrit.instructure.com/12937
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
This adds an alternative method for uploading files by giving Canvas a
public URL in the first step, rather than uploading the file data directly.
test plan:
- create a course file via the API upload mechanism
- make sure the return values are as documented
- make sure the file was correctly uploaded
- create a course file via the URL approach
- make sure the return values are as documented
- make sure the file status endpoint returns valid responses
- make sure the file was correctly stored in Canvas
- repeat that process with a file that has at least one redirect
- repeat that process but creating a homework submission file
- try to create a course file with a malformed URL
- confirm that the appropriate error message is returned
- try to create a course file with a relative URL
- confirm that the appropriate error message is returned
- try to create a course file with a URL that doesn't return 200
- confirm that the appropriate error message is returned
Change-Id: I2dcf711347ec4ef26d767ae1c1fa0bb056986651
Reviewed-on: https://gerrit.instructure.com/12143
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
fixes#9878
test plan:
1. go to any users profile page
2. notice under unregistered services
each buttons text align is left instead
of center
Change-Id: I27f93d3a17c832c16df9afea43cbcc6d9aadc48a
Reviewed-on: https://gerrit.instructure.com/12900
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Bryan Madsen <bryan@instructure.com>
when a new user signs up, we don't want the form to be reenabled during
the window between the ajax response and the redirect to the dashboard
test plan:
1. go to /register
2. submit the form with missing/invalid data
3. it should be disabled, and then reenabled with appropriate error boxes
4. submit the form with valid data
5. it should remain disabled until you are redirected to the dashboard
Change-Id: If6a65db71ecbbcabdb747214cee181e25a5cff52
Reviewed-on: https://gerrit.instructure.com/12922
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
fixes#9873
The previous method for making this happen was just setting scribd_doc
to nil on the attachment before serializing it (wut?), but
Attachment#scribd_doc is overridden to return the root_attachment's
scribd_doc if there isn't one on this attachment.
The new strategy is to just use our filter_attributes_for_user stuff to
remove the secret info if the user doesn't have permission.
test plan: Upload a pdf or something, set it as locked, link to it from
a wiki page. As a student in that course, you shouldn't be able to
preview the document in-line. Then copy the course. In the new course,
you also shouldn't be able to preview the document in-line.
Change-Id: I66dc3a55a4e0371337846eb82179e6638a7d3852
Reviewed-on: https://gerrit.instructure.com/12921
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
fixes#8221
test plan: no user visible changes in behavior, so this is a regression
test. repeat this test plan once for s3 files and once for local
files:
* verify file uploads on /courses/X/files and /dashboard/files
* upload to other folders
* upload multiple files
* zip uploads
* weird characters in filenames, duplicate filenames
* verify other places we upload files like content imports and sis
imports
Change-Id: I01b7805eb947097b250bf9be944a9347ecc4ff5e
test plan:
1. go to the style guide or some place that uses the ui-icon-info class
2. it should have the blue info icon
Change-Id: I3c16e7add2d444982fc010f1dbc833a7f6749db4
Reviewed-on: https://gerrit.instructure.com/12912
Reviewed-by: Ryan Shaw <ryan@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
when users sign up via open registration, they can use canvas before
confirming their email address (and setting a password). since we show
a "Configure Communication Preferences" button, it makes sense to let them
actually do it (instead of getting a big scary warning). notifications
won't actually be sent until the communication channel gets confirmed, so
we warn them about that.
test plan:
1. sign up as a teacher via /register
2. when you get to the dashboard, click the "Configure Communication
Preferences" button
3. you should see notification preferences
4. you should be able to update them
5. you should see a reminder to confirm your email
6. the "re-send email" link in the reminder should work
Change-Id: I585a69b8667ef82eb2e4c3005179bc14377e467b
Reviewed-on: https://gerrit.instructure.com/12911
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Ryan Shaw <ryan@instructure.com>
fixes#9816
test plan: create a question bank, add a couple questions, and delete at
least one question. copy the course, verify that the new course doesn't
have the deleted question in the bank, but has the others.
Change-Id: Icdbe4cf4a8a98d04aa755e1f89b0f87538b08023
Reviewed-on: https://gerrit.instructure.com/12908
Reviewed-by: Simon Williams <simon@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
fixes regression in gradebook around default turnitin icon (and brings gb2
in line)
test plan:
1. set up turnitin on an account and assignment
2. submit homework as a student
3. as a teacher, check gradebook and gradebook2
4. you should see a gray turnitin icon (until the turnitin report gets
generated)
Change-Id: I3ac470c7e669f6933ece611595cef5673a847c7c
Reviewed-on: https://gerrit.instructure.com/12882
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
store whether the new user is a teacher/student/observer (if specified)
test plan:
1. sign up as a teacher/student/observer
2. it should work
3. the user record should have the correct initial_enrollment_type
Change-Id: I6200d677f2da946b05d6f90c89617b3476ed390b
Reviewed-on: https://gerrit.instructure.com/12873
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
ensure legacy API route is still available (and added spec). minor doc
tweaks/fixes
test plan:
1. find conversation recipients through the web UI
2. find recipients by hitting the following URLs directly:
* /api/v1/search/recipients
* /api/v1/conversations/find_recipients
3. find recipients using the iPad app
4. it should all work
Change-Id: Ic283b3f5bacb22aba7b077e300d96c07565b8cd0
Reviewed-on: https://gerrit.instructure.com/12887
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
return students and teachers/TAs 50 users at a time, and
display them in an infinitely scrolling div. also update
the styling of the scrolling divs to better reflect that they
are scrollable to users w/o permanent scrollbars (e.g. OS X).
test plan:
* create a course with over 50 student or teacher/ta
enrollments;
* view the course people page and verify that student
and teacher enrollments load as expected;
* scroll the field with the most enrollments and verify
that when the bottom is reached more enrollments load;
* verify that when all enrollments have loaded, the div
no longer attempts to load new enrollments;
* create a new course section and add enrollments to it;
* as a user with permissions limited to section, verify
that only enrollments in the allowed section are
displayed.
Change-Id: I2e6485a2edf950acf58f5ccbc75c2965297aed04
Reviewed-on: https://gerrit.instructure.com/12680
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Zach Pendleton <zachp@instructure.com>
fixes#9854
the load more scrolling in the recently logged in user section of course
statistics wasn't working very well in chrome and firefox, because the
scrollContainer that listens for events was being initialized after the event
listeners were added.
test plan:
- in all browsers, in a course with > 30 users
- go to the course statistics page, users tab
- make sure scrolling down auto loads more users until all have been loaded.
Change-Id: I1e9d62b4cceb189caf647e686d8996e20f0b9da3
Reviewed-on: https://gerrit.instructure.com/12835
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Ryan Shaw <ryan@instructure.com>
test-plan:
open /styleguide
hover over all the links/buttons with tooltips on the bottom of the page
and make sure they look good.
Change-Id: Ib0c00293a12dde2c58577d894eb380bf9ee1aaf6
Reviewed-on: https://gerrit.instructure.com/12455
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Mark Ericksen <marke@instructure.com>
wins:
* we now have a tooltip widget
* no more having both jqueryui 1.8 and alpha 1.9
stuff on the same page
for more info:
http://blog.jqueryui.com/2012/06/jquery-ui-1-9-beta/
info about tooltips:
http://wiki.jqueryui.com/w/page/12138112/Tooltip
test plan:
interact with as many jquery ui widgets as possible
e.g.: wiki sidebar (the tabs and accordion), gradebook2
(and all of its dialogs), date pickers, help dialog, etc
Change-Id: I2c1c0d761a99c972fd8ae704ee3782140955ce3c
Reviewed-on: https://gerrit.instructure.com/12258
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
aka: no more .dialog('close').dialog({}).dialog('open')
(does not actually change any behavior visible to end user)
test plan:
as far as manual testing goes, try to go to a bunch of pages that have dialogs
and open and close them.
For engineers, if you can think of other places where we might try to set options
on a UI widget before we initialize one (like sortables or something), check that too.
Change-Id: I7415c00d8c15b562ac12eeef83fa041aff1dfb35
Reviewed-on: https://gerrit.instructure.com/12810
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
older versions of sass would silently ignore the invalid & here. this is
actually how we want it to behave, since the li is inside the
.view_switcher
for the rubrics one, there is no hover element, so the generated sass is
equivalent
test plan:
1. run bundle update
2. it should work
3. go to a discussion topic
4. the icons in the view switcher ("Expand Unread", etc.) should be
correctly aligned
Change-Id: I418d902f124f754f000f4dd19df8875ea60b3d77
Reviewed-on: https://gerrit.instructure.com/12877
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Ryan Shaw <ryan@instructure.com>
fixes#9886
there was a css conflict which caused the unused left nav bar tabs to be hidden
on the course settings page. this made the page inconsistent with other course
pages, when viewing as a teacher/admin.
test plan:
- go to a course settings page
- make sure both used + unused tabs show up
Change-Id: I1671dcbc8aefd9ba58295b1912e651032469ab8d
Reviewed-on: https://gerrit.instructure.com/12866
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Zach Pendleton <zachp@instructure.com>
fixes#9840
when users are connecting oauth services from the profile, redirect them back
to the page they came from, rather than the new profile page.
test plan:
- go to /profile/settings
- register an oauth service, like google docs
- you should end up back at /profile/settings
Change-Id: I3ef69c3b77af3b2524782aa9e2c6999ac88c78f6
Reviewed-on: https://gerrit.instructure.com/12840
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
fixes#8377
preventing student view enrollments from being inactive allows the fake student
to view/use the course as a regular student would before the term starts.
test plan:
- in a course in a term that hasn't strated yet
- enter student view
- you should be able to post to discussions
Change-Id: I31e92fc654b7dd9c79872714f26daef35ac3ec49
Reviewed-on: https://gerrit.instructure.com/12839
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
test plan:
1. go a user-in-a-course page
2. w/o new profiles enabled, observe its the old
page
3. turn on profiles
4. observe its the new page
Change-Id: Iea06e0687cb4ba5ff561252282b783987796551e
Reviewed-on: https://gerrit.instructure.com/12788
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cameron Matheson <cameron@instructure.com>
test plan:
- consult the Pages documentation; ensure it renders properly.
- exercise the following endpoints:
- GET /api/v1/courses/:course_id/pages
- GET /api/v1/courses/:course_id/pages/:url
- GET /api/v1/groups/:group_id/pages
- GET /api/v1/groups/:group_id/pages/:url
- verify students can't see hidden pages
- verify permissions are respected
Change-Id: I2911e42a3c276301a0170917871c6648aded4a79
Reviewed-on: https://gerrit.instructure.com/12838
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
don't allow changing/adding a designer's section, fixes#9760
test plan:
- in a course with a few of each type of enrollment
- go to the course settings page / users tab
- as a ta (and then again as a designer)
- you shouldn't be able to remove a teacher, designer, or ta
- but you should be able to remove a student or an observer
- also notice that there is no option to edit sections on a designer
Change-Id: I8a630d447b858a276830033fa507cf11ca5ce5a2
Reviewed-on: https://gerrit.instructure.com/12771
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Zach Pendleton <zachp@instructure.com>
Don't call "fixColumnReordering" in init(). Unnecessary and causes bug.
Testing Plan:
* Using gradebook2, drag and re-arrange assignment columns.
* After dragging, the total columns should remain visible.
Change-Id: I610910f85f3edcdd7cbae64a568dadcc11a57c9e
Reviewed-on: https://gerrit.instructure.com/12492
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Ryan Shaw <ryan@instructure.com>
fixes#9829
users without any enrollments weren't included in
User.messageable_users, but messaging yourself should always be allowed.
Test plan:
* log in as a user without any enrollments
- Go to your inbox. You should be able to message yourself by
searching for your name.
OR
- Go to your profile page on an account with profiles enabled. You
should be able to see your profile.
Change-Id: If5182d807fe2f3150999d442d30202c22dffa4d1
Reviewed-on: https://gerrit.instructure.com/12819
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
no .fixed_warning elements get created, it uses
the .element_toggler stuff. code did nothing.
Change-Id: I7c1a4c4a4b4316fbb003d44dfd1063789d35e300
Reviewed-on: https://gerrit.instructure.com/12786
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
Cody Cutrer