fixes#11004
Test plan:
* open a crocodoc submission in speed grader, and/or the submission
details page
- you should be able to see/make annotations
* open the same submission in the user's files area
- you shouldn't be able to see or make annotations
Change-Id: I2755079dedd057a1db326cf4cc865ac5a36debd0
Reviewed-on: https://gerrit.instructure.com/14029
Reviewed-by: Simon Williams <simon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
closes#10956
Test plan:
* make a crocodocable homework submission
* preview the file in the user file's page and make sure it opens in
crocodoc (not google docs)
Change-Id: Ifa9557dbfba2f1253fa02b99ece20de7a7f9cd21
Reviewed-on: https://gerrit.instructure.com/14006
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
notifications were happening on monday because
TimeWithZone.advance(:days => x) does nothing. move them to saturday for
real and also spread them over the Eastern-time day instead of lumping
them all at 8pm (admittedly by timezone, but that's only 4 hours for the
continental US, which is the current majority of users).
add an indicator to the notification preference page to show a rough
time block in which they can expect their weekly messages to be sent.
fixes#8296
test-plan:
setup:
- create two accounts the same id but on different shards (shard ids
should not differ by a multiple of four)
- in each a account, create a user with a communication channel; call
them Alice and Bob.
- create a third account on the same shard as Bob's account but with a
different id (account ids should not differ by a multiple of four)
- in this account create two users with a communication channel each;
call them Charles and David.
- for each of the four users, assign a notification to deliver to the
user's communication channel weekly
- on Friday, trigger the associated notifications for each user
- on Sunday, trigger David's notification again
expectations:
- each user should receive the messages on saturday (Eastern-time),
not monday
- Alice's and Bob's emails should arrive in different "quarter days"
- Bob's and Charle's emails should arrive in different "quarter days"
- Charles' email and David's first email should arrive in the same
"quarter day" but in different hours
- David's emails should come a week apart, but in the same hour both
times
UI:
- go to the notifications preference page
- should see note at bottom indicating two hour block during which
their weekly notifications will be sent
- actual send time of weekly notifications should fall within that
block
Change-Id: I97bb75762ef8c03fae99ad5499b441f7c026d2c8
Reviewed-on: https://gerrit.instructure.com/13963
Reviewed-by: Cody Cutrer <cody@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
fixes#10880
when joining a self-signup group, permissions were being incorrectly cached
causing a 'membership pending' page to be shown.
test plan:
- as a teacher, create a set of course groups, and allow self-signup
- as a student, join one of these groups
- it should not say 'membership pending'
- it should say 'you joined the group'
Change-Id: Ic11cdeead8db23293e64faa0dc3c803310e426cc
Reviewed-on: https://gerrit.instructure.com/13959
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
fixes#10885
Test plan:
* submit a document that crocodoc fails to convert
* make sure the document is eventually submitted to scribd
(this should happen in 5 minutes on beta/production or after calling
CrocodocDocument.update_process_states)
Change-Id: I9b59182068370d65bdc694fa41a1c1cbf030be31
Reviewed-on: https://gerrit.instructure.com/13947
Reviewed-by: Simon Williams <simon@instructure.com>
Tested-by: Bryan Madsen <bryan@instructure.com>
fixes#10865
Test plan:
* submit an assignment
* annotate the homework as the teacher and student
* add peer reviewers
- peer reviewers should only see annotations they have made themselves
* mute the assignment
- the student now only see his own annotations
Change-Id: I07f15565f2f87786812d206bfbff0c8b2f2e8712
Reviewed-on: https://gerrit.instructure.com/13921
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
implement background message sending in the inbox. when sending any
message, the form now unlocks right away and a progress bar appears
at the top. you can potentially have several messages sending at once,
each with its own progress bar. determinate progress bars (i.e. for
bulk private messages) will still be on the page if you reload (assuming
they haven't finished sending).
also implement client-side form validations so that users are prompted to
put in recipients and a message
progress bar should be aria compliant. refs #9237
test plan:
1. send a new message to a single recipient
2. there should be an indeterminate progress bar as it sends, and the ui
should be unlocked
3. send a new group message
4. see step 2.
5. send a bulk private message
6. there should be a determinate progress bar as it sends, and it should
move with a relatively consistent velocity. the ui should be unlocked
7. send a message on an existing conversation
8. see step 2.
9. repeat steps 1-8 with attachments
10. try sending messages without a body or recipients. you should get red
error boxes
Change-Id: I1e4641505c3e4c42f840b292d739c78cb1c2baff
Reviewed-on: https://gerrit.instructure.com/13617
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Zach Pendleton <zachp@instructure.com>
fixes#10876
test plan:
1. login as a admin and go to the default account
2. click 'Settings on the left hand nav
3. scroll down and click 'Enable Profiles' checkbox
4. scroll up to the top and click on the user name link
5. click 'Edit Profile'
6. try to add a new link with a title that is longer than 255 characters
7. try to add a url that is longer than 255 characters
8. the title should not let you go over 255 characters and the url
should be able to go over 255 characters without a DB error
Change-Id: Icc73941e37365df3a64176b93a31cf9c768ffc68
Reviewed-on: https://gerrit.instructure.com/13910
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Makes crocodoc upload jobs low priority and puts them in their own
strand.
Change-Id: I5ee69321e72dc2efbd446896c16a8c83bf0c4c03
Reviewed-on: https://gerrit.instructure.com/13886
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Adds support for optionally viewing documents with Crocodoc.
closes#9865
Test plan:
* configure the crocodoc plugin
* add an assignment that allows file uploads
* make a submission for that assignment with a pdf or doc or ppt
- on the 'submission details' page, opening a preview of the
assignment should display it in crocodoc
- speedgrader should display the submission in crocodoc too
* make a submission with odt or rtf
- the submission should be displayed with scribd or google docs
* if you disable the crocodoc plugin, submissions could continue being
previewed in google docs or scribd
Change-Id: I7dd2547f8e2d907c98ebe894a7f1ee9d58f1e030
Reviewed-on: https://gerrit.instructure.com/13668
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
added migration to oauth requests to allow longer
return urls
test plan user settings:
1. login as a user
2. click on the user name in the top right
3. click Edit Settings button
4. try to enter a string larger than 255 characters
in full name, display name, and sortable name
5. should stop text entry at 255 characters
test plan user groups:
1. login as a teacher
2. go into a course
3. click 'People' on left nav
4. click 'View User Groups' on right nav
5. click 'Make a New Set of Groups' on right nav
6. try to enter a group name longer than 255 characters
7. should stop text at 255 characters
Change-Id: I9be845a611357eed6512aba73a491a3d16af0e03
Reviewed-on: https://gerrit.instructure.com/13772
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Reviewed-by: Joe Tanner <joe@instructure.com>
test plan:
* make sure page views are still processed
Change-Id: I07ead6c075823c2021fdcc0cc1f1fddf70f695d0
Reviewed-on: https://gerrit.instructure.com/13810
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
So we can control how many will run in parallel
closes#10821
test plan: submitting to turnitin should still work properly. using the
"turnitin_num_strands" Setting should allow you to control how many jobs
will run in parallel.
Change-Id: Idabe8cc042c200dd92a5bfea221ae0aa13a79d07
Reviewed-on: https://gerrit.instructure.com/13865
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
test plan:
1. log in as a teacher and click 'Create a New Course'
2. try to enter a string longer than 255 characters into course name
3. try to enter a string longer than 255 characters into short name
4. validate inputs don't allow strings over 255 characters
Change-Id: I3bb4655cf351960bd7dafdf99a81eeee631f261d
Reviewed-on: https://gerrit.instructure.com/13836
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
clean out existing non-observer enrollments with an
associated_user_id, and add a validation check preventing
these from being created in the future
refs #10652
Change-Id: Id1887789786fd09f2df64bc6432c81bbffb7e136
Reviewed-on: https://gerrit.instructure.com/13786
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
fixes#10422
test plan:
* set up daily or weekly notifications to an address
for a certain notification category
* delete that address
* set up a different address, and set notifications
for the same category to "never"
* make sure the notification to the old address
is not received
note that the old/new addresses could conceivably be the same
(they are in the ticket), but that's tricky to set up because
the UI will prefer to reactivate the old address rather than
create a new one with the same name
Change-Id: I908d37ae4d587afad38eb9332df4ab7c31f36f7a
Reviewed-on: https://gerrit.instructure.com/13778
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
when a user visits the /courses page, display all of their
future enrollments, meaning their enrollments in any published
courses with start_at dates > Time.now.
test plan:
* create a course with a start_at date in the future and enroll
a student;
* as the student, accept the enrollment and visit the /courses
page;
* verify that the course appears under the header 'Future
Enrollments;'
* test courses without a start_at date and courses that are not
published; verify that they do not appear in the future
enrollments section.
Change-Id: Ieada1f4d7418e69e7d611516f196cb2d1b25117f
Reviewed-on: https://gerrit.instructure.com/13265
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Ryan Shaw <ryan@instructure.com>
closes#10671
it now sends only the user and submission data
needed by the speedgrader app instead of
everything
test plan:
1. speed grader should behave as it always has
2. inspect window.jsonData, look at the user and
submission data and make sure it doesn't have
every column
Change-Id: If2d79766756249c6f715eb8ee4334bee973ed891
Reviewed-on: https://gerrit.instructure.com/13700
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
closes#10292
Test plan:
1) enable calendar2 on an account
2) set up a user to prefer the old calendar
3) set the 'calendar2_only' setting to true on the account
4) go to the calendar as the user from step 2, you should be
redirected to calendar2
* there should be no way to get to the old calendar
Change-Id: I6280caf2878d04ef3f73efdbc61187906aeb5113
Reviewed-on: https://gerrit.instructure.com/13756
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Joe Tanner <joe@instructure.com>
test plan:
* enter valid ldap settings, except for filter
* test them, but don't put in a username and password
* you should get an error about invalid filter syntax
Change-Id: I61339085cbd902ba6e1234a098181db32cd42385
Reviewed-on: https://gerrit.instructure.com/13754
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
test plan:
* set up an LDAP config with invalid filter syntax
* try to log in with a user that exists
* go to /error_reports; you should see the error, report, and it
should have a link to the account
Change-Id: I2d89befbfeb4672fc6fdcb5653b16bd5f04fd795
Reviewed-on: https://gerrit.instructure.com/13761
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
also modifies the discussion topic and assignment API
controllers to make sure "must_view" requirements are
fulfilled
test plan:
* check the API documentation; ensure it looks okay
* create a course with module items of each supported type
* set completion criteria of each supported type
* create another module, so you can set prerequisites
* use the list modules API and verify its output matches
the course and the documentation
* as a teacher, "state" should be missing
* as a student, "state" should be "locked", "unlocked",
"started", or "completed"
* use the show module API and verify the correct information
is returned for a single module
* use the list module items API and verify the output
* as a teacher, the "completion_requirement" omits the
"completed" flag
* as a student, "completed" should be true or false,
depending on whether the requirement was met
* use the show module API and verify the correct information
is returned for a single module item
* last but not least, verify "must view" requirements can
be fulfilled through the api_data_endpoints supplied
for files, pages, discussions, and assignments
* files are viewed when downloading their content
* pages are viewed by the show action (where content
is returned)
* discussions are viewed when marked read via the
mark_topic_read or mark_all_read actions
* assignments are viewed by the show action
(where description is returned). they are not viewed
if the assignment is locked and the user does not
have access to the content yet.
Change-Id: I0cbbbc542f69215e7b396a501d4d86ff2f76c149
Reviewed-on: https://gerrit.instructure.com/13626
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
test plan
* hide final grades in a course
* the should be shown in the get course api
* create a course with hide final grades set to
true through the api
* update the hide final grades through the api
* all api calls should reflect course UI setting
Change-Id: Iebd4c42ebb7c8f11285c5c85d1749348331fa8f8
Reviewed-on: https://gerrit.instructure.com/13685
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Cody Cutrer <cody@instructure.com>
test plan: create a file config/test.yml that contains nothing but
whitespace. in a console, run Setting.from_config('test') and verify nil
is returned, no error is raised.
Change-Id: Ibc276626c50ac2d719021dcec82ae02f8459df98
Reviewed-on: https://gerrit.instructure.com/13722
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
the problem was, the same calendar event object was placed in
course.imported_migration_items twice, and thus had the date
shifted twice, moving it further in the future than it should go.
test plan:
* copy the course referenced in #9514, shifting the dates
forward (but still start on a Sunday, and end on the Tuesday
two weeks and two days later)
* the calendar events should stay on the same days as the
assignment events with the same number
Change-Id: I220003dcae596ec895cc04e4f7e7323246cde96f
Reviewed-on: https://gerrit.instructure.com/13669
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
fixes#10583
see also #6233, the same bug, but non-zip case. this changeset
makes zip uploads go through the same Attachment#handle_duplicates
workflow (but keeps the ability to batch-delete overwritten files).
test plan:
* have a module with file items
* overwrite the files via zip upload
* make sure the module items don't disappear, and that they
refer to the new version of the file
Change-Id: Ib5f530021285da3303b64bbd8d4b5b2746206ef6
Reviewed-on: https://gerrit.instructure.com/13720
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Files weren't being replaced if they had a filename different
from their display_name.
The content_tags for modules are cleared before they are
imported so that only the items aren't duplicated.
Test Plan:
* Import a package twice
* The modules should be correct and not have 2 items for each item
* The files should also not be duplicated
closes#10405
Change-Id: I3cb15c2530734185675a2b8bb9017bdf6ac35202
Reviewed-on: https://gerrit.instructure.com/13695
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
test plan:
- try to create a new rubric with a title longer than 255 characters
Change-Id: I83f17aafbd6e322132a9af67a10971aff5382d0a
Reviewed-on: https://gerrit.instructure.com/13707
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
fixes gh#211
test plan:
* use the /api/v1/courses/{courseId}/recent_students endpoint with
a mysql backend
Change-Id: Id19944044cf6cce1e11a847b60c7d7294dd33c89
Reviewed-on: https://gerrit.instructure.com/13628
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
only grant observer permissions if the user is tied to the student as an
observer, and in the same course. do not grant observer permissions if
the user is tied to the student via a StudentEnrollment (how does this
tie get created?) or if the user is tied to the student as an observer
in a different course.
fixes#10508
test-plan:
- enroll students John and Jane in course A and course B
- set Jane as the associated_user_id on John's StudentEnrollment
- John should not be able to read Jane's grades
- add Bob as an observer of Jane in course A and as an observer of John
in course B.
- Bob should not be able to read Jane's grades in course B nor John's
grades in course A.
Change-Id: I292e518fe9fbebeaf9e36ee0c85d97279049ae55
Reviewed-on: https://gerrit.instructure.com/13659
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
set_need_notify is called in a before_save. don't let it fail and
prevent the update when the attachment doesn't have a folder.
fixed#10402
test-plan:
- perform an action that creates an attachment with no folder
(e.g. try to download the grades csv for an assignment)
- attempt to modify and then save the attachment (via console, or e.g.
the ContentZipper job triggered by downloading the grades csv for an
assignment)
- should not raise an error
Change-Id: I04f854c0fe9b7e554e62f4ecb35b537048b60a75
Reviewed-on: https://gerrit.instructure.com/13666
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
currently this only works for the user's calendar feed, not the
individual course calendar feed, since that feed doesn't include any
information on which user is requesting the data. that's a further TODO.
fixes#9647
test plan:
* create a course event in calendar2 which has different times for
different sections in the course.
* go to /calendar and load the Calendar Feed as a teacher, verify that
two separate individual events are shown one for each section, just
like in the web ui.
* go to /calendar and load the Calendar Feed as a student, verify that
just the one event for that section is shown
* in both cases, there shouldn't be a separate copy of the event that
spans both time periods, like there is on prod right now
Change-Id: I3244121ef3ff911eac043a5f69bb5944556a828a
Reviewed-on: https://gerrit.instructure.com/13394
Reviewed-by: Bryan Madsen <bryan@instructure.com>
Tested-by: Bryan Madsen <bryan@instructure.com>
test plan:
* enable caching
* load a page a few times
* verify that PluginSetting isn't queried each time (in the logs)
Change-Id: Id49f2001c4077f3351d96957c8681c7e91aec30c
Reviewed-on: https://gerrit.instructure.com/13595
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Brian Palmer <brianp@instructure.com>
Rather than submitting all scribdable files to scribd, when this setting
is enabled, only files for assignment submissions are submitted to
scribd.
test plan: Setting.set("filter_scribd_submits", "true")
Then upload a .doc, .pdf or other scribdable file to your course
or user files. Verify the file isn't submitted to scribd, not even a job
is created.
The upload a file as an assignment submission, verify it's still
submitted to scribd and the scribd preview works in the speed grader
(once it's processed)
Change-Id: Ib5378e12b9630b40483d5cb14c80c699762ffd1a
Reviewed-on: https://gerrit.instructure.com/13301
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Reviewed-by: Cameron Matheson <cameron@instructure.com>
test plan:
* enable caching
* visit a few pages
* there should not be a db query with each request for
site admin and default accounts
Change-Id: I8bbd8026dea289d057edb7b22f8f5605ebc4b16f
Reviewed-on: https://gerrit.instructure.com/13438
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
fixes#7939
this change adds an account setting which tracks the sub-account responsible
for containing manually created courses. this was being tracked by name, which
caused duplication problems if the account was renamed or the locale was
changed.
test plan:
- in an account that already had a "Manually-Created Courses" sub-account
- create a new manual course and make sure it goes into that sub-account
- change the account locale to be non-english
- create another manual course and make sure it still goes there
- change back to english and rename the account to something else entirely
- create a final manual course and make sure it still goes to that sub-account
Change-Id: Iaa01eae15cf5e4c7707a049e704fb079f77e0a21
Reviewed-on: https://gerrit.instructure.com/13445
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Test plan:
- make an external tool with course navigation
- retrieve the external tool with the api and make sure the
course_navigation section is present
Change-Id: Icb0bc77c97f0ce8b967866449ef9964189b068fd
Reviewed-on: https://gerrit.instructure.com/13415
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
fixes#10386
test plan:
- try setting a file to be hidden in the api
- it should succeed
Change-Id: I9f389d394a2a1deba4580711c69ce90a6dd2d969
Reviewed-on: https://gerrit.instructure.com/13455
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
fixes#10268
group invite wasn't searching in the correct account when trying to match user
emails passed in to users. group membership creation was broken for
non-community account level groups to to a missing permission.
test plan:
- create an account level group
- invite someone who belongs to that account to the group with the api
- they should be added (it should not create a temporary user)
- now add someone else directly with the api be creating a membership for them
- it should work
Change-Id: I7bb7a22b83e13ed6e9575aa059e3e3463e0541f9
Reviewed-on: https://gerrit.instructure.com/13337
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
now that we also cache group permissions (in addition to course ones),
start grabbing the permissions in load_all_contexts. although we cache all
of them, only return ones that are requested (to keep js ENV etc. small)
slight refactor of conversations around permission stuff, and added the
ability to specify an :if check for a permission (i.e. the permission is
only on for a user if the policy says so *and* the :if method returns
true)
test plan:
n/a, see specs (new one, plus existing ones that exercise
load_all_contexts in its various capacities)
Change-Id: I82f4f71edf221c6c859a15156224d8e5b719edc5
Reviewed-on: https://gerrit.instructure.com/12983
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
* fix some invalid syntax that's snuck in recently
* fix an issue with initializing tempfiles in Canvas::HTTP
* fix some "can't modify frozen object" errors in specs
* upgrade mocha to 0.12.3
Change-Id: I6b6f25bcfff2466774e2941d35fafb7af7c50569
Reviewed-on: https://gerrit.instructure.com/13344
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
test plan:
- In a course where "Let Students attach files to Discussion Posts"
check box is checked (under "more options" when editing course details)
- Create a group and add a student to the group
- Log in as the student and create a new discussion or reply to a discussion
- Click on the choose file button and attach something
- The attachment should be saved
- Also verify that the student doesn't have the option to attach
a file when the above checkbox is not checked
Change-Id: I56f4e2e29a8350a50a85a926f8ca9493a1c3fd0c
Reviewed-on: https://gerrit.instructure.com/13365
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Bryan Madsen <bryan@instructure.com>
test plan:
- Create a new discussion. Can be threaded or not.
- Post several replies on the discussion, some replying directly to the topic, some replying to the replies.
- Note the number of comments that are direct replies to the main topic.
- Go back to the discussion topics page.
- The number of replies listed should equal the total number of
replies and sub-replies.
Change-Id: Ie960eb27c96fa319c7c2a914d9ba862e6055e2e9
Reviewed-on: https://gerrit.instructure.com/13263
Reviewed-by: Mark Ericksen <marke@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
When a quiz is set to not show correct answers, a teacher, while reviewing
a student submission, should see the "Correct Answer" arrows and feedback.
However, when a teacher is reviewing their own submission or doing a preview,
it should respect the quiz setting and not display the correct answer feedback.
Also in this commit is a minor display fix to inputs where the width was set too
narrow on the results page.
Testing Notes:
==========
* As a teacher, setup a quiz to NOT show correct answers
to students.
* As the teacher, take the quiz and verify that it this setting is respected
when viewing the teacher's own submission or when previewing the quiz.
* As the teacher, review a student's submission and verify that the
quiz displays the "correct answer" feedback even though the quiz
is configured to not display it.
* Verify that the "correct answer" feedback shows up for a quiz
that is configured to display it.
Change-Id: Ibc939918db22c3add8fc00f18a50de03123d811a
Reviewed-on: https://gerrit.instructure.com/13368
Reviewed-by: Zach Wily <zach@instructure.com>
Tested-by: Zach Wily <zach@instructure.com>
The logic here was causing inappropriate deletions to happen.
Also scope the SubmissionComment#destroy to only look in the current
assignment's submissions.
fixes#10280
test plan: as a teacher leave a comment on a group assignment
submission. also leave the same comment on another submission. then
delete the first comment, verify all copies are deleted for that group
but not outside that group.
Change-Id: I413c19becfbbd855c64fe162cb698c4df14aee2e
Reviewed-on: https://gerrit.instructure.com/13358
Reviewed-by: Simon Williams <simon@instructure.com>
Tested-by: Brian Palmer <brianp@instructure.com>
fixes#10227
test plan: add an external feed from the course announcements page,
verify that the feed is created successfully, and gets
processed as expected to add announcements to the course once the
background job runs.
Change-Id: I18285b78a09eb20e177b91eeb3ed3ed5507d86cb
Reviewed-on: https://gerrit.instructure.com/13326
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Brian Palmer <brianp@instructure.com>
Ideally these would expire if changed, but this is a quick
optimization because of other current limitations.
Change-Id: I8ef54a0161a754f407a5b939c576b6bbdfa485de
Reviewed-on: https://gerrit.instructure.com/13236
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
If an incomplete utf-8 byte sequence comes at the end of an input
string, Iconv with //IGNORE will still include that incomplete sequence
in the output, causing psql errors among other problems. This new method
pads the string with spaces to work around the problem.
refs #10188
Change-Id: Idacae010462f2b98c02afbe4103974f39c0f24c1
Reviewed-on: https://gerrit.instructure.com/13258
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
fixes: #10158
in g/13073 ( 1f4434ccd7 ) i changed the
relation used in discussions#index action
so it only showed discussions OR announcements
but that broke the order in which they show up because
this relation didn't have the order by clause.
test plan:
load discussion/announcement index page
make sure they show up in correct order and don't
see any announcements on the discussions page or
vice versa
Change-Id: Ie499530486df32142f3a41e36f5b3e38d363c77b
Reviewed-on: https://gerrit.instructure.com/13221
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
when a teacher or account admin has a quiz submission, they should
not receive a submission graded notification.
fixes#8820
test plan:
* create a quiz and take it as a teacher or admin with a
communication channel;
* verify that no submission graded notification is sent.
Change-Id: I02fb4e17ca2f63308ca94ac7f0ba405ada70dae3
Reviewed-on: https://gerrit.instructure.com/13250
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cameron Matheson <cameron@instructure.com>
no user visible change
test plan:
* smoke test with and without caching configured
Change-Id: Ia21a996988021d647e56f85cd8ce818b64001681
Reviewed-on: https://gerrit.instructure.com/13248
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
added uber_scope fu to override association :select/:order. slight
refactor of order_by_sortable_name (which incidentally makes it so custom
:select's get respected rather than getting all columns)
test plan:
1. go to a course with more than 20 concluded enrollments
2. go the prior enrollments page
3. it should be paginated
4. spot check other places that order_by_sortable_name (e.g. user_notes)
5. they should work
Change-Id: I3176876383a03d38950b2159cbb73931017d1cc1
Reviewed-on: https://gerrit.instructure.com/13167
Reviewed-by: Zach Pendleton <zachp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
closes#10051
eliminate some n+1 queries in the users api by being consistent about
preloading necessary associations. also refactor the user api docs so that
they follow the new @object/@returns model
test plan:
- make sure user api docs look good (and user parts of course api docs)
- there should be no noticiable changes to api behavior
- in dev, tail the logs, make some queries with lots of users, and make sure
they are reasonable.
Change-Id: I4a3b0b94bbce4c62cdbfc83941b79b25773ba904
Reviewed-on: https://gerrit.instructure.com/13022
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
refs #9889, refs #8592
This commit removes support for twitter and linkedin profile pictures,
as they are too small.
Test plan:
* rake db:migrate
* go view some profile pages
* the profile pics should not be ghetto-scaled
Change-Id: Ibea84420351cabbb496b1a8e5860d6e5834bb8ac
Reviewed-on: https://gerrit.instructure.com/13030
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
test plan: visit a canvas course as a new user who has their browser set
to a non-en locale. you shouldn't see a page error.
Change-Id: I5f0447faaec4971a08082de9819d9be79f19935f
Reviewed-on: https://gerrit.instructure.com/13062
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
This will bypass a lot of extra rails requests on things like discusison
topic pages.
refs #9679
test plan: load a discussion topic with lots of user avatars of
different types, veryify they still display correctly.
Change-Id: I29829806da30410c6b938ff3bcf54329a58698c4
Reviewed-on: https://gerrit.instructure.com/13050
Reviewed-by: Simon Williams <simon@instructure.com>
Tested-by: Brian Palmer <brianp@instructure.com>
fixes#6233
test plan:
* add a file to a module
* upload a new file with the same name, overwriting the old one
* make sure the file still appears in the module
* make sure the new content is downloaded
Change-Id: Ic861cfd89aa30436f2abcf5d52e00efbcfb935e9
Reviewed-on: https://gerrit.instructure.com/12851
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
test plan: no visible change in behavior, attachments should still get
root attachments assigned when appropriate.
Change-Id: I866a81b6da81a744483fcadb2bff5b74d229619b
Reviewed-on: https://gerrit.instructure.com/13041
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Brian Palmer <brianp@instructure.com>
test plan:
* get some notifications for discussions, conversations, etc.
* delete the root account
* reply to the notifications via e-mail
* undelete the root account
* the replies should not show up
Change-Id: I2afe5de256cbd55ca360a4327150871ea40d7493
Reviewed-on: https://gerrit.instructure.com/12902
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
test plan:
* with a read-only slave environment
* create a new course
* go to the course
* it should not error
Change-Id: Ie0003cec2b684fca1400e6efbcca434a540d5c7a
Reviewed-on: https://gerrit.instructure.com/13032
Reviewed-by: Zach Wily <zach@instructure.com>
Tested-by: Cody Cutrer <cody@instructure.com>
test plan:
* visit several different courses
Change-Id: I19e8fbefba6164392269d6688df2c58d25e0f34b
Reviewed-on: https://gerrit.instructure.com/13027
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Brian Palmer <brianp@instructure.com>
* calendar events in the .ics feed
* searching for users in an account
* user's recent stream items
test plan: verify that these functions still work, both with and without
a slave db configured
Change-Id: Ia596d388642cc9df16e471472406d447a5eb1cf0
Reviewed-on: https://gerrit.instructure.com/13025
Reviewed-by: Zach Wily <zach@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Brian Palmer <brianp@instructure.com>
test plan: as a site admin, or another user who has no account
association but can view an account, visit an account that you aren't linked to.
you shouldn't see a page error.
Change-Id: Ib9544d188ff0e5cb3deb4753967fd69ab485b859
Reviewed-on: https://gerrit.instructure.com/13019
Reviewed-by: Bryan Madsen <bryan@instructure.com>
Tested-by: Brian Palmer <brianp@instructure.com>
fixes#9993; fixes#10034
we were caching the user's common account chain, but this was occasionally
caching all of the accounts loaded associations, which wasn't unmarshaling
properly.
the new strategy is to cache the global asset paths that should be used for
different contexts.
test plan:
- no visual changes in sub-account branding
- shouldn't generate any caching errors (these were intermittent and we never
had solid steps to reproduce)
Change-Id: I37cc58a609ed7f90d967d6ebde74e849c754c0e8
Reviewed-on: https://gerrit.instructure.com/13017
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
fixes#9995
also validates_as_url the redirect_uri, sometimes people were leaving
off the http:// part when setting up the key
test plan: set up a developer key with a given domain. kick off an oauth
request flow with redirect_uri equal to that domain, it should be
accepted. use a sub-domain of that domain, it should also be accepted.
use a higher-level domain, it should not be accepted.
Change-Id: I55510f463b1faa3339b9908f9941715d93de5a16
Reviewed-on: https://gerrit.instructure.com/12980
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
fixes#10007
when reordering content in a module, all the content has to be resaved with
its new position. each of these saves was touching the module, which could
cause a huge number of duplicate updates in a big module
test plan:
- reordering items in a module should have no visible changes
- tail the logs while reordering items
- you should only see one call of the form UPDATE "context_modules" SET
"updated_at" ...
Change-Id: I860c88dad3fd5fde63a2317dacf557acd02729ff
Reviewed-on: https://gerrit.instructure.com/12993
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
fixes#6347
* logs more information on ldap failures and passes it down to the browser in
the ajax response.
* fixes a crazy javascript bug where we were accidentally using a reserved
global var in webkit, 'status', which is a string, which interacted strangely
with our use of it as a boolean. this fixes the tester for firefox/ie
test plan:
(for #6347)
- use the tester in firefox and ie, it should work
(for error messages)
- one at a time, change the fields of a config, and run the tester
- you should get (slightly) more helpful error messages about what is failing,
based on status returned from the server.
Change-Id: Ic0837d7ff9f6283d615ddd4bbeef5a957dbd6553
Reviewed-on: https://gerrit.instructure.com/12880
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
fixes#9879
The profile nav link should only be shown when @domain_root_account has
profiles enabled.
Test plan:
* make sure caching is enabled
* go to to your user settings on an account with profiles enabled
- you should see a profile link in the sidebar
* switch to an account that doesn't have profiles
- you should no longer see the profile tab in the sidebar
Change-Id: If502829ef9d0bfa8117df82e241beb8cd61e03a9
Reviewed-on: https://gerrit.instructure.com/12935
Reviewed-by: Jon Jensen <jon@instructure.com>
Reviewed-by: Bryan Madsen <bryan@instructure.com>
Tested-by: Bryan Madsen <bryan@instructure.com>
fixes#9451
rack's request.scheme doesn't take x-forwarded-proto into account, so it
was returning http. Using request.protocol correctly handles ssl
termination, it just means we have to chop off the "://" part of the
protocol.
test plan: In an environment using ssl behind a load balancer, load the
avatar for a user that doesn't have one. verify that the gravatar
request redirects back to canvas using https, not http.
Change-Id: Ifb5f42e91379cfe591d29e07cd2ccf1f9d2b19fa
Reviewed-on: https://gerrit.instructure.com/12865
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
fixes#9872
on the course settings page, the 'end this course' button should not
display for courses whose terms have already ended.
test plan:
* create a course inside of a term whose end_at date has already
passed;
* visit the course settings page and verify that the 'end this course'
button is not visible in the sidebar.
Change-Id: I8f8ddc1cd495a3488fda6989de28d45abd67b6cd
Reviewed-on: https://gerrit.instructure.com/12893
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
disabling canvas auth also force-disables open registration, and
makes LDAP auth act like full delegated auth (CAS or SAML)
test plan:
* configure LDAP, CAS, or SAML. MAKE SURE YOU CAN LOG IN.
* go to account settings, and disable "Canvas Authentication"
* open registration should no longer show up on account settings
page (after saving)
* ensure you can no longer log in with your Canvas credentials, but
you can with LDAP, CAS, or SAML credentials.
* remove LDAP, CAS, or SAML from the account
* "Canvas Authentication" should no longer show up on the account
settings page, open registration should
* your Canvas credentials should start working again
* add LDAP, CAS, or SAML back
* "Canvas Authentication" should be back on in account settings
Change-Id: Ic7475623e5139bb545a87d8e5b1014dabaf4e854
Reviewed-on: https://gerrit.instructure.com/12850
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
test plan:
* enable optional MFA, and check the following:
* normal log in should not be affected
* you can enroll in MFA from your profile page
* you can re-enroll in MFA from your profile page
* you can disable MFA from your profile page
* MFA can be reset by an admin on your user page
* when enrolled, you are asked for verification code after
username/password when logging in
* you can't access any other part of the site directly until
until entering your verification code
* enable required MFA, and check the following
* when not enrolled in MFA, and you log in, you are forced to
enroll
* you cannot disable MFA from your profile page
* you can re-enroll in MFA from your profile page
* an admin (other than himself) can reset MFA from the user page
* for enrolling in MFA
* use Google Authenticator and scan the QR code; you should have
30-seconds or so of extra leeway to enter your code
* having no SMS communication channels on your profile, the
enrollment page should just have a form to add a new phone
* having one or more SMS communication channels on your profile,
the enrollment page should list them, or allow you to create
a new one (and switch back)
* having more than one SMS communication channel on your profile,
the enrollment page should remember which one you have selected
after you click "send"
* an unconfirmed SMS channel should go to confirmed when it's used
to enroll in MFA
* you should not be able to go directly to /login/otp to enroll
if you used "Remember me" token to log in
* MFA login flow
* if configured with SMS, it should send you an SMS after you
put in your username/password; you should have about 5 minutes
of leeway to put it in
* if you don't check "remember computer" checkbox, you should have
to enter a verification code each time you log in
* if you do check it, you shouldn't have to enter your code
anymore (for three days). it also shouldn't SMS you a
verification code each time you log in
* setting MFA to required for admins should make it required for
admins, optional for other users
* with MFA enabled, directly go to /login/otp after entering
username/password but before entering a verification code; it
should send you back to the main login page
* if you enrolled via SMS, you should not be able to remove that
SMS from your profile
* there should not be a reset MFA link on a user page if they
haven't enrolled
* test a login or required enrollment sequence with CAS and/or SAML
Change-Id: I692de7405bf7ca023183e717930ee940ccf0d5e6
Reviewed-on: https://gerrit.instructure.com/12700
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
make start tls the default if not otherwise specified in the API, and
the default for new integrations in the UI. still support booleans
in the API.
test plan:
* test non-tls, simple tls, and start tls LDAP servers
* ensure new LDAP settings default to start tls
Change-Id: I60b2f2d6cbdd32beff14d198c92efbfd6705b041
Reviewed-on: https://gerrit.instructure.com/12923
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Cody Cutrer <cody@instructure.com>
fixes#9966
refs #9901
there was a bug where policies for non-default channels were being considered
when deciding whether a default policy needed to be created, to show on the
communication preferences page.
also prevent an exception from being thrown when a user has no communication
channels, and visits the notification preferences page. We still need some
better UI here explaining why you can't do anything on the page.
test plan:
(for #9966)
- create a new user with an email, and setup some notification preferences
- add a new email address and retire the first one
- go to the notification preferences page
- you should have default preferences for the (new) default channel
(for #9901)
- as a user with no communication channels
- go to the notification preferences page
- it should not break
Change-Id: Iecd544571d6fece2a23c24b547ae434e8b57daae
Reviewed-on: https://gerrit.instructure.com/12952
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
This ensures that conferences on different shards won't accidentaly
share a voice bridge.
test plan: ensure that voice chat in Big Blue Button conferences still
works as expected.
Change-Id: I3e995943a33a2b18e6574c8f60f094e53f5a2753
Reviewed-on: https://gerrit.instructure.com/12945
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
fixes#9942
notifications is an unsharded table, so we can't join it again notification
policies. switch to include to get expected behavior
test plan:
- on a non-default shard
- change all of your notification frequencies
- they should stay changed.
Change-Id: Ife74a2124567381e3d1898f1d34ca09904d7376d
Reviewed-on: https://gerrit.instructure.com/12937
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
This adds an alternative method for uploading files by giving Canvas a
public URL in the first step, rather than uploading the file data directly.
test plan:
- create a course file via the API upload mechanism
- make sure the return values are as documented
- make sure the file was correctly uploaded
- create a course file via the URL approach
- make sure the return values are as documented
- make sure the file status endpoint returns valid responses
- make sure the file was correctly stored in Canvas
- repeat that process with a file that has at least one redirect
- repeat that process but creating a homework submission file
- try to create a course file with a malformed URL
- confirm that the appropriate error message is returned
- try to create a course file with a relative URL
- confirm that the appropriate error message is returned
- try to create a course file with a URL that doesn't return 200
- confirm that the appropriate error message is returned
Change-Id: I2dcf711347ec4ef26d767ae1c1fa0bb056986651
Reviewed-on: https://gerrit.instructure.com/12143
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
fixes#9873
The previous method for making this happen was just setting scribd_doc
to nil on the attachment before serializing it (wut?), but
Attachment#scribd_doc is overridden to return the root_attachment's
scribd_doc if there isn't one on this attachment.
The new strategy is to just use our filter_attributes_for_user stuff to
remove the secret info if the user doesn't have permission.
test plan: Upload a pdf or something, set it as locked, link to it from
a wiki page. As a student in that course, you shouldn't be able to
preview the document in-line. Then copy the course. In the new course,
you also shouldn't be able to preview the document in-line.
Change-Id: I66dc3a55a4e0371337846eb82179e6638a7d3852
Reviewed-on: https://gerrit.instructure.com/12921
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
fixes#8221
test plan: no user visible changes in behavior, so this is a regression
test. repeat this test plan once for s3 files and once for local
files:
* verify file uploads on /courses/X/files and /dashboard/files
* upload to other folders
* upload multiple files
* zip uploads
* weird characters in filenames, duplicate filenames
* verify other places we upload files like content imports and sis
imports
Change-Id: I01b7805eb947097b250bf9be944a9347ecc4ff5e
when users sign up via open registration, they can use canvas before
confirming their email address (and setting a password). since we show
a "Configure Communication Preferences" button, it makes sense to let them
actually do it (instead of getting a big scary warning). notifications
won't actually be sent until the communication channel gets confirmed, so
we warn them about that.
test plan:
1. sign up as a teacher via /register
2. when you get to the dashboard, click the "Configure Communication
Preferences" button
3. you should see notification preferences
4. you should be able to update them
5. you should see a reminder to confirm your email
6. the "re-send email" link in the reminder should work
Change-Id: I585a69b8667ef82eb2e4c3005179bc14377e467b
Reviewed-on: https://gerrit.instructure.com/12911
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Ryan Shaw <ryan@instructure.com>
store whether the new user is a teacher/student/observer (if specified)
test plan:
1. sign up as a teacher/student/observer
2. it should work
3. the user record should have the correct initial_enrollment_type
Change-Id: I6200d677f2da946b05d6f90c89617b3476ed390b
Reviewed-on: https://gerrit.instructure.com/12873
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
fixes#8377
preventing student view enrollments from being inactive allows the fake student
to view/use the course as a regular student would before the term starts.
test plan:
- in a course in a term that hasn't strated yet
- enter student view
- you should be able to post to discussions
Change-Id: I31e92fc654b7dd9c79872714f26daef35ac3ec49
Reviewed-on: https://gerrit.instructure.com/12839
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
test plan:
- consult the Pages documentation; ensure it renders properly.
- exercise the following endpoints:
- GET /api/v1/courses/:course_id/pages
- GET /api/v1/courses/:course_id/pages/:url
- GET /api/v1/groups/:group_id/pages
- GET /api/v1/groups/:group_id/pages/:url
- verify students can't see hidden pages
- verify permissions are respected
Change-Id: I2911e42a3c276301a0170917871c6648aded4a79
Reviewed-on: https://gerrit.instructure.com/12838
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
fixes#9829
users without any enrollments weren't included in
User.messageable_users, but messaging yourself should always be allowed.
Test plan:
* log in as a user without any enrollments
- Go to your inbox. You should be able to message yourself by
searching for your name.
OR
- Go to your profile page on an account with profiles enabled. You
should be able to see your profile.
Change-Id: If5182d807fe2f3150999d442d30202c22dffa4d1
Reviewed-on: https://gerrit.instructure.com/12819
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
test plan
* create quiz statistics_csv for anonymous survey
* results should not include user information
Change-Id: I1c7c9047fde337b7af0ae8f7bae6f0abb70a76e3
Reviewed-on: https://gerrit.instructure.com/12822
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
The user was getting marshalled when caching the profile tabs.
Test plan:
* Go to your profile page on an account with profiles enabled
* The profile tab should still work
Change-Id: I60b4882859396fd3e9cc63416b75ae831f7fe4f0
Reviewed-on: https://gerrit.instructure.com/12804
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
fixes#9634
test plan:
* saml should still work
* some problematic SAML IDPs (e.g., shibboleth) should now work
Change-Id: Ie4307d0bc5490af5117055b0b342f5b4e3266984
Reviewed-on: https://gerrit.instructure.com/12731
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
Cameron Matheson