fixes CNVS-34832
the arguments to these methods have not changed, just their names. and the
new methods became available in Rails 4, so we can start using them now
and prevent someone from doing old-style in the future
Change-Id: I61aa5512995dc8f25f3f7bd009a6cfa0a030e274
Reviewed-on: https://gerrit.instructure.com/101401
Reviewed-by: Rob Orton <rob@instructure.com>
Tested-by: Jenkins
Product-Review: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
* get rid of has_one
* get rid of several methods on account that are unused or trivially
replaced
Change-Id: I5a4f1e342b2bd465a240bbe701c2ab883b1f3878
Reviewed-on: https://gerrit.instructure.com/55240
Tested-by: Jenkins
Reviewed-by: Cody Cutrer <cody@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Ethan Vizitei <evizitei@instructure.com>
closes CNVS-20076
First, pull a presenter out of the AAC index
This thing needs more flexibility before introducing
multiple OAuth connectors. This commit adds a couple characterization
specs for the AAC controller, then drives out a presenter to pull
as much logic and config out of the nested views as possible.
Then, this commit refactors the
previously-somewhat-bespoke-and-presumptive sac
configuration into a workflow that shows each aac
in turn according to it's type, creating forms for
each type at the bottom, and
showing the relevant form for a new one based on
selection on the right.
Have regression tested in the browser to the level
of CRUD functionality, but also deserves solid QA
for SSO functionality post-configuration.
DONE:
-successful CAS creation/editing/deletion
-successful LDAP creation/editing/deletion
-proper differentiation between LDAP primary and secondary
-proper SAML creation/editing
-move away from "update_all" deprecated endpoint
-Selenium Spec fixes
-ensure discovery URL and debugging workflows for saml
-remove duplication from views
-tear down old JS workflow
-apply appropriate tests for new behavior
-remove presenter methods that are no longer valuable
-Moved change_password_url and login_handle_name
-up to account settings, removed them from AACs, and built
-migrations to manage the transition.
-Found and fixed all references to change_password_url on AACs
-Found and fixes all references to login_handle_name on AACs
-add datafixup for migrating AAC data to account settings
-unify repetative individual files into single form delcarations \o/
-remove old SAML editing js
-Make sure SAML still works
-Make LDAP partial flow just like SAML/CAS
-Unify position information across all types
-update "acts_as_list" to support STI classes
-move discovery URL into account auth form
-remove discover URL js management
-Unify form generation between new/existing aacs
-deprecate discovery url API endpoints
-update docs for authorization settings to deprecate their usage in AAC
api and redirect their values to current settings for now
-make delete links non-js-y to stop this silly page refresh on api
completion
-make form submissions actually submit the form rather than do this silly
page refresh on api completion
-See if anything needs “Edit Details” button, remove if not
-Wire up removing account settings by blanking out form
-Removed "cancel" button from form because fields are always open
-placate gergich
-Test removing config info
-Test population fixup on real data
-write docs for authorization settings
-fix existing specs
-fix routing and docs to not break doc generation
-fix stupid jenkins task that thinks it can’t see controls
-re-fix selenium
-fix saml debugging workflow
-write tests for acts_as_list behavior
-write tests for authorization settings
-remove auth_info types of things
-clean up and unify styles where possible
TEST PLAN:
Regression test creating/deleting/editing and logging
in with SSO solutions for CAS, LDAP, and SAML.
Should be no functional behavior modification, though
workflow will be a little more unified between the
3 currently supported types (each one will
require using the menu in the right sidebar
to add a new AAC).
Also test setting and deleting account settings through
the form underneath the configs when there are AACs in existence.
Finally, make sure that the SAML Debugging workflow still works.
Change-Id: I448db10185512d1b9469c2a425be0a3bcf9e6ebf
Reviewed-on: https://gerrit.instructure.com/53448
Tested-by: Jenkins
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Ethan Vizitei <evizitei@instructure.com>
fixes CNVS-17962
If you have self enrollments enabled and set a custom label, that
custom label should be used when doing a self enrollment
Test
Given you have self enrollments enabled for a course
And you've set up a custom label for that course (by going to
accounts/self/settings)
When you go to a self enrollment link
The login label should be set to that text
Change-Id: I0c2fc08bbb69bfd72f87674e124d0e8ca7d73fb8
Reviewed-on: https://gerrit.instructure.com/48659
Tested-by: Jenkins
Reviewed-by: Clay Diffrient <cdiffrient@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
Product-Review: Sterling Cobb <sterling@instructure.com>
test plan:
1. set up a new password policy via the console, e.g.
a = Account.default
a.settings[:password_policy] = {:min_length=>6, :max_sequence=>3, :max_repeats=>3, :disallow_common_passwords=>true}
a.save!
2. go to /register and sign up as a student
3. make sure the password policy is enforced, i.e.
1. confirm that the password must be at least 6 chars
2. confirm that the password cannot be a common one (e.g. football)
3. confirm that the password cannot contain a run of 4 or more chars
(e.g. abc123lol is ok, abcd1234 is not)
4. confirm that the password cannot have the same char repeated 4 or
more times (e.g. aaa000bb is ok aaaabbbb is not)
4. verify the password policy is enforced when changing your password as
an existing user (via user profile/settings)
5. verify the password policy is enforced when adding a login for a user
6. verify the password policy is enforced when resetting your password
(via forgot password on login page)
7. invite a new user into a course, and as that user verify the password
policy is enforced when you set up your account
Change-Id: Ie619fc255dc940249676bf5e510ce68eaf17441c
Reviewed-on: https://gerrit.instructure.com/19104
Reviewed-by: Brian Palmer <brianp@instructure.com>
Product-Review: Jon Jensen <jon@instructure.com>
Tested-by: Jon Jensen <jon@instructure.com>
QA-Review: Cam Theriault <cam@instructure.com>
test plan:
1. go to /register
2. you should not be prompted to enter a birthdate in any of the flows
3. the forms should work
4. go to your (user) settings
5. you should not see your birthdate nor be able to enter one
6. the form should work
7. go to the self enrollment page for a course as a new user
8. you should not be prompted to enter a birthdate
9. the form should work
Change-Id: I9bf92d27e208696b2aed74b4a6396d434494679c
Reviewed-on: https://gerrit.instructure.com/18143
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Ryan Florence <ryanf@instructure.com>
QA-Review: Cam Theriault <cam@instructure.com>
fixes #CNVS-2660
this snippet of code got lost in a refactor. if the account has delegated
auth and users are not authenticated, store the location and send them to
the login_url, where the delegated auth dance will happen (either they
enter the credentials, or it sees they are logged in and sends them back)
also put the "should i redirect for auth?" check into its own method for
easier reuse
lastly, override styles for embedded (popup) self enrollment form to ensure
overzealous custom styles don't make it look really bad
test plan:
1. set up an account with cas or saml
2. go to a self enrollment url when not logged in
3. it should redirect you to the login form
4. once authenticated, you should be able to self-enroll in the course
Change-Id: Ic0277ae0e11300fd43b7efea1c4edda589f42d29
Reviewed-on: https://gerrit.instructure.com/16706
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Cam Theriault <cam@instructure.com>
fixes #CNVS-1119, potentially supersedes
https://gerrit.instructure.com/14501 with a little work.
simpler flow that is more consistent with FFT signup. whether you click
the "join course" button (popup) or go to the join url, the workflow is
the same:
1. if you are authenticated, you just click the enroll button.
2. if you are not authenticated, you can either:
1. enter your (canvas/ldap) credentials and submit to join the course.
2. register and join the course (single form). you will then be
dropped on the course dashboard in the pre_registered state just
like a /register signup (you have to follow the link in your email
to set a password).
note that if open registration is turned off, option 2.2 is not available.
other items of interest:
* fix CSRF vulnerabilities where you can enroll authenticated users in
open courses, or un-enroll them if you know their enrollment's UUID
* move to shorter course-id-less route (w/ join code)
* reuse UserController#create
* handy openAsDialog behavior and embedded view mode
* better json support in PseudonymSessionsController#create
* extract markdown helper from mt
* show "you need to confirm your email" popup when you land on the course
page the first time (already showed on dashboard)
test plan:
1. test the authenticated/unauthenticated scenarios above, for both the
popup and join pages
2. regression test of /registration forms
Change-Id: I0d8351695356d437bdbba72cb66c23ed268b0d1a
Reviewed-on: https://gerrit.instructure.com/15902
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Joe Tanner <joe@instructure.com>
QA-Review: Jon Jensen <jon@instructure.com>
Landon Wilkins