* Allow linking to individual endpoints on the page.
* Give each endpoint a summary string, and list the summaries at the top
of the page, with links to the endpoint details.
* Make an omnibus "all resources reference" page, which has been a
common request. This only includes the endpoint details, not the
summary descriptions of the resources.
* Syntax highlighting for JSON
test plan: visit /doc/api/index.html and see the changes (run rake
doc:api first if on a dev box)
Change-Id: Ib126805825d40770c36b3688668c62938348412d
Reviewed-on: https://gerrit.instructure.com/10516
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
a faster rake js:generate, js:build, canvas:compile_assets, and guard
will use 'coffee' binary if installed
even if it doesn't use 'coffee' binary it will be
a lot faster
`time rake js:generate`
before => real 0m29.960s
with 'coffee' binary => real 0m4.342s
without => real 0m8.202s
test plan:
* run bundle exec guard; ensure coffeescripts are compiled to the
correct directories
* run rake js:generate; ditto
Change-Id: I8fc4d4a415e5c77d1efa910c0922588d3095446b
Reviewed-on: https://gerrit.instructure.com/9989
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Ryan Shaw <ryan@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
you have to do rake js:generate or run guard anyway
for handlebars (which also does CS),
so no sense in slowing dev environment by also doing
cs with barista
Change-Id: Ieca9f6808ae042b325f253e3c10334fc1839d282
Reviewed-on: https://gerrit.instructure.com/9512
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
there seems to be an upstream issue with the new 0.0.6 release
Change-Id: Ibefbef601d81ae3479e700fdaf016438e866a45f
Reviewed-on: https://gerrit.instructure.com/8949
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
This just gathers all the information for a single saml
login attempt so that an admin can try to debug faulty
configurations
Test Plan:
* Setup a SAML configuration
* Click "Start Debugging" on Authentication page
* Login with a user on that account
* Hit "Refresh" and observe the beautiful xml
closes#5232
Change-Id: Ic6dd2e828196d0bcbde2e301c5326d77fe55cb71
Reviewed-on: https://gerrit.instructure.com/8368
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
"Trivial" JavaScript / CoffeeScript changes
--------------------------------------------------
For the most part, all javascript was simply
wrapped in `require` or `define`. The dependencies
were found with a script that matched regexes in
the files, it errs on the side of listing too many
dependencies, so its worth double checking each
file's dependencies (over time, anyway).
i18n API changes
--------------------------------------------------
No longer have to do I18n.scoped calls, just
list i18n as a dependency with the scope and it's
imported already scoped
require ['i18n!some_scope'], (I18n) ->
I18n.t 'im_scoped', 'I'm scoped!'
JS bundling now done with r.js, not Jammit
--------------------------------------------------
We don't use jammit to bundle JS anymore. Simply
list dependencies for your JS modules in the file
and RequireJS handles the rest.
To optimize the JavaScript, first make sure you
have node.js 0.4.12+ installed and then run:
$ rake js:build
The app defaults to the optimized build in
production. You can use non-optimized in
production by putting ?debug_assets=true in the
url just like before.
You can also test the optimized JavaScript in
development with ?optimized_js=true.
Significant changes
--------------------------------------------------
These files have "real" changes to them (unlike
the JavaScript that is simply wrapped in require
and define). Worth taking a really close look at:
- app/helpers/application_helper.rb
- app/views/layouts/application.html.erb
- config/assets.yml
- config/build.js
- lib/handlebars/handlebars.rb
- lib/i18n_extraction/js_extractor.rb
- lib/tasks/canvas.rake
- lib/tasks/i18n.rake
- lib/tasks/js.rake
Change-Id: I4bc5ecb1231f331aaded0fef2bcc1f3a9fe482a7
Reviewed-on: https://gerrit.instructure.com/6986
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Ryan Florence <ryanf@instructure.com>
Test Plan
* Try a SAML login with the value set to secure password
* Try a SAML login with the value set to no value
Change-Id: I72ff456b7ce6a6ff691f9447a7b6684e8793ec16
Reviewed-on: https://gerrit.instructure.com/8350
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
there was a bug when logging failures
Change-Id: I6672e5b5157268d2f7ddf2df042bf3877e6840eb
Reviewed-on: https://gerrit.instructure.com/8378
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jake Sorce <jake@instructure.com>
this commit makes submission first-class citizens in conversations. this
means that when submission comments are added/deleted, or assignments are
unmuted, conversations and messages will be updated accordingly
the main impacts in the ui are:
1. submissions can be deleted from conversations. if a new comment is
added, they will reappear
2. submissions factor into the message total for the conversation. each
submission counts as a single message, even if there are multiple
comments
3. submission messages affect unread-ness, and are reflected in the
timestamp and text in the conversation preview
test plan:
1. confirm submissions appear in the appropriate conversations, i.e.
* submissions with no comments should not appear in any conversations
* submissions where there are comments but not by instructors:
* should appear in each instructor's private conversation with the
submitter
* should not appear in the submitter's private conversations with
anyone
* submissions where there are comments by instructors:
* should appear in each commenting instructor's private conversation
with the submitter
* should appear in submitter's private conversations with each
commenting instructor
adding or removing submission comments should update private
conversations accordingly (e.g. when one teacher comments on a
submission, it should be removed from the other teachers' private
conversations with the submitter).
2. for each scenario above where the submission comments are added and
appear in conversations, ensure that the submission as a whole behaves
like a single conversation message, i.e.
* the unread conversations count is incremented and the private
conversation is marked as unread (if it didn't exist or was already
read)
* the latest submission comment and timestamp should be reflected in
the conversation pane on the left side
* you can delete the submission from the conversation. if new comments
are posted on the submission, the submission should reappear in the
conversation (provided it still matches the criteria in 1.). note
that submission can not be forwarded to other conversations.
3. submissions should differ from traditional conversation messages in
that:
* they should not trigger conversation notifications
* they should not create/bump conversation stream items. if a
conversation has non-submission messages, the submission and its
comments should appear in the stream item, but they should not
cause it to jump to the top
migration:
existing submissions/comments will be migrated in, but not necessarily
through a traditional rails migration. to bring in those messages, run
the following from the rails console:
Submission.find_each{ |s| s.create_or_update_conversations!(:migrate) }
Change-Id: I06dcb8728402a6c4c613d445b80432a1f2973b73
Reviewed-on: https://gerrit.instructure.com/8086
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Updating to nokogiri 1.5.0 requires updating to sanitize 2.0.3 as well.
Since the API for sanitize changed, we take this opportunity to remove
the monkey patching in config/initializers, and use the actual
transformers plugin interface for sanitize.
The changes to html in the specs are due to nokogiri making a couple
changes around empty tags -- html5 wants <img> , not <img />
test plan: The existing specs exercise both gems, to ensure
compatibility.
Change-Id: Id04d017dda056e03205b373ac9bfbf71bd338cb9
Reviewed-on: https://gerrit.instructure.com/7988
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
This fixes a segfault we're hitting, https://github.com/tenderlove/nokogiri/issues/439
(We can't upgrade to nokogiri 1.5.x without bumping sanitize from 1.x to 2.x)
explanation of spec changes:
* the first xss spec started failing because nokogiri no longer drops
xml directives. however, it's not exploitable.
* the second xss spec started failing due to nokogiri now properly
the selected honoring charset. it's also not exploitable, since
canvas doesn't use utf-7.
* the final spec change is because nokogiri now strips out the invalid
newline, where it left it in before.
test plan: specs will exercise the upgraded nokogiri gem for
compatibility in our use cases
Change-Id: Ie152c8c60f3df5150ee4f14ab41dfee95a342fa8
Reviewed-on: https://gerrit.instructure.com/7958
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Brian Palmer <brianp@instructure.com>
test plan:
* checkout patchset 1 from https://gerrit.instructure.com/7469
* symlink the canvalytics repo into vendor/plugins/
* symlink public/plugins/canvalytics to vendor/plugins/canvalytics/public/
* run guard, regenerate all files
* make sure the route /analytics/course/<id>/user/<id> renders handlebars
unit tests not provided for this scaffolding stuff
Change-Id: Ibf626555cbb79a5a97d67286ef4a7d8f28f53de8
Reviewed-on: https://gerrit.instructure.com/7470
Reviewed-by: Ryan Florence <ryanf@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
We like instafail, but we like the nested formatter too. Imagine those
powers combined!
Change-Id: I54a332c3f294e109f796909afe3d6b67f759237a
Reviewed-on: https://gerrit.instructure.com/7718
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: JT Olds <jt@instructure.com>
I added general code to the spec helper to try and prevent this
happening again. I had to bump the json gem version because 1.5.1 has a
bug preventing the object_class option from working with subclasses of
Hash.
test plan: hit /api/v1/users/self/profile , the response json shouldn't
list login_id twice
Change-Id: Ie52401843896f46828e624f10f8a8091c10ce25b
Reviewed-on: https://gerrit.instructure.com/7320
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
now we don't need to manually copy the test files to the remote server
testplan: run the conversations specs against a remote selenium server
that doesn't have C:\testfiles, they should still pass.
Change-Id: Icf3a2e685858ef5605512895e9be25bcab86931d
Reviewed-on: https://gerrit.instructure.com/7235
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
closes#6382
Previously, the "stay logged in" cookie just used the authlogic default
implementation, which is the pseudonym persistence_token. This is a
problem, because that persistence_token only ever changes when the
pseudonym password changes, so it's the same everywhere; so if that
cookie is stolen, it's valid for a very long time.
This switches us to one-time-use tokens that expire as soon as the token
logs the user in once. Each user agent also gets a different
one-time-use token.
Change-Id: I4f20cd7759fd74590e82ed55797552e342243d49
testplan:
* Check that no token is set at all when "stay logged in" isn't
selected.
* Check "stay logged in", and verify:
* That you don't have to login again after restarting your browser,
but your _normandy_session got reset.
* That if you save and try to replay using the same
pseudonym_credentials, they don't work the second time.
* That a second browser will get a different pseudonym_credentials
value, and using one token doesn't affect the other.
* That once the token is used, a new one is generated and set in
your cookies. Verify this new token works as well.
* That logging out removes the pseudonym_credentials cookie in your
browser. And also that manually restoring this cookie still
doesn't log you in, since it was removed server-side as well.
* Change your password, and verify that the existing "stay logged in"
tokens no longer work.
* Delete your pseudonym, and verify the same.
Reviewed-on: https://gerrit.instructure.com/7093
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
fixes the behavior such that we only toggle ungraded assignment counts
related to a particular user when his active enrollments in a given
course go from zero to one and vice versa.
also fixes performance issues in mysql. this required a custom trigger
body. see https://github.com/jenseng/hair_trigger/commit/326a10c for
the related hairtrigger commit to support this
Change-Id: Ie36b3d33ced69321f3a87468ab56480b1378d235
Reviewed-on: https://gerrit.instructure.com/6808
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
This gem update required updating our twitter, linkedin, and gdocs
integrations to correctly provide the redirect uri and use the oauth
verifier on return, which we weren't doing before.
As a consequence, google no longer displays a big scary warning about
Canvas not being secure in its oauth usage.
Facebook uses oauth 2.0, so no changes were needed there.
refs #5892
refs #6127 (this stuff needs refactoring)
Change-Id: I04289638915b84dbe439bd57b36da90151c662b9
Reviewed-on: https://gerrit.instructure.com/6585
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
This doesn't work with our current deploy process, so it'll need to be
in devs' local Gemfile for now
Change-Id: Ia918672fac851b132c2e688a27bf9f20555f65c3
Reviewed-on: https://gerrit.instructure.com/6598
Reviewed-by: Ryan Shaw <ryan@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
new stuff
---------
- added curl.js AMD module loader
- converted existing js specs to use QUnit
- removed jasmine stuff
- added rake task to run js specs
dependencies!
-------------
you'll need to install http://www.phantomjs.org/
if you want to run the specs.
next step is to incorporate curl.js into our app
environment.
Change-Id: I0ba97bc9abe1494f87fdfc0eca51d987a759bc85
Reviewed-on: https://gerrit.instructure.com/6477
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Ryan Shaw <ryan@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
when downloading a file (attachment) that's on S3, include the
response-content-disposition parameter in the redirect url so that the user
will get a Content-Disposition header from S3 giving the file the correct
disposition (attachment, not in-browser) and the correct filename (the
'natural' filename in S3 is that of the first copy of the file uploaded;
someone else may have uploaded it again with a different filename; we want them
to see the correct filename in the download).
CAVEATS:
* in the case of duplicate files with different filenames, the content
disposition will cause the correct filename to be used by the browser in
saving/prompting-to-save the file, but the actual S3 filename will still be
present in the URL if inspected.
* the filename in the content-disposition is correctly quoted as per RFC 2616
for ASCII, but a lot of browsers do it wrong. we are making no attempt to
accomodate their idiosyncracies.
* the http quoting we do is ghetto and doesn't account for multi-byte
characters.
fixes#4473
Change-Id: I468a6ecdaee2946ab89172984adacf20b491d541
Reviewed-on: https://gerrit.instructure.com/6506
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
fastercsv is not supported in 1.9, instead csv in the stdlib has been
modified to be api compatible with fastercsv. in this first step, we
alias CSV to FasterCSV when running under 1.9. This allows 1.8.7 to
continue working with no changes.
Change-Id: I34c3a9031b6f4946380510e4833203e29a05073a
Reviewed-on: https://gerrit.instructure.com/5835
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
Brian Palmer