Cookie code refactor, Use CGI::Cookie and support samesite - PR # 1149 - for revisions #1253
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
WeBWork-2.15 commits up to August 30
- Capture answer submissions (Assessment Submitted & AssessmentItem Completed events) for normal and gateway problem sets - Attempt durations for gateway problem sets are only stored in the overall Assessment (not individual assessment item completed events) due to multiple problems being on a page at a time - Additionally capture Assessment Paused event for gateway problems sets (sent when changing pages to help track overall time spend on task) - Capture login/logout events Added new `HTTP::Async` (libnet-https-nb-perl & libhttp-async-perl) dependency so that events can be emitted asynchronous (very important for gateway problems sets since many AssessmentItem Completed are created at once)
Webwork 2.15 into develop
to point to develop instead of to 2.15
external convert program.
instructor/ta and has unanswered parts of the question.
…gs-develop Fix feedback warnings with hidden answer blanks
I think this typo is harmless since it is repeated the only time the array is used. But it's distracting when reviewing this file.
using the new WeBWorK::Utils::AttemptsTable. That table looks better, and this aligns the homework and quiz/test experience.
the more condensed view the gateway quizzes had before. Also add an option to the attempts table to show the header line, and don't show that line in gateway quizzes.
typo in array name
This has the benefit of not needing to deal with escaping special characters that may appear in the variable $recordID. Switch from using attr to prop as that is the proper thing to use in this situation. Change from the "None Specified" text input value to using a placeholder. These things are all discussed in my review of pull request openwebwork#988.
It is certain that adding the hasDatepicker class is not what should be happening there. The date fields already have the class, and other text inputs shouldn't get it. Instead implement better handling of the 'changed' class for the datepicker input fields. If a date is changed from its original value the input shows changed, and if it is changed back to its original value it shows as not changed. The code is removed from perl and implemented in datepicker.js.
done while we are fixing things here.
to use MathQuill answer boxes is enabled. Currently the input is hidden and no MathQuill answer box is injected.
…ing-Vectors fixing typo in vector input help file
an object is being created or when the mouse cursor is hovering over a defining point for an object.
little before for the javascript graph. This generally looks better. Particularly if there are fills on the board.
graphtool. This makes it possible to cancel graphing an object at any point in an incomplete construction.
will allow for ease of extension of the options for later development.
"availableTools" option to the graphTool method that makes it possible to select which tools are available for the students to use in a problem.
javascript for parserGraphTool.pl. Some browsers seem to have issues with this.
…ols. Also, make the focused object orange, instead of blue like the other graphed objects, so that it is distinguished by more than just its points becoming visible.
with the graphTool code, and adds some nice features that will probably be needed at some point.
for the jsxgraph board. This puts the board back to the default svg renderer. This option was needed with the older version of jsxgraph as errors would frequently occur with the svg renderer and this resulted in only a white div being displayed. With the newer version of jsxgraph this seems to be fixed, and works better.
Slight fix to errors reported by DB::validateKeyfieldValue
Fix typo in warning message in SubmitGrade.pm
Graphtool macro for interactive graphing in problems via javascript (javascript for PG PR openwebwork#484)
Fix typo ENABLE_UTF8MB -> ENABLE_UTF8MB4
1. Use CGI::Cookie instead of Apache2:Cookie, as the new code needs
support for the samesite attribute.
2. Added CGI::Cookie to bin/check_modules.pl and Dockerfile.
Note: The support for samesite dates to June 2019 in CGI::Cookie 4.45.
3. Remove obsolete, commented out, code using cookies from
lib/WeBWorK/ContentGenerator/Logout.pm.
4. Drop the constant COOKIE_LIFESPAN and instead allow setting cookie
lifespan using site / course environment configuration variables.
$CookieLifeTime - for when cookie based session management IS
in use - default to 6 hours.
$CookieLifeTime2 - for when cookie based session management is NOT
in use, defaults to 30 days.
5. Allow setting value of cookies samesite and secure attribute using
site / course environment configuration variable:
$CookieSameSite
$CookieSecure
…ays exist + use cookie_timestamp+CookieLifeTime to set timestampValid when using secure cookies and session_cookie session management.
taniwallach
added
Do Not Merge Yet
|
Closing. Need to rebase. Sorry |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a resubmit of #1149 to add secure cookie support and support for "same-site" as it was decided that additional fixes are needed.
Please see the discussion at #1149 .
Main points = refactor the Cookie code:
CGI::Cookieinstead ofApache2:Cookie, as the new code needs support for thesamesiteattribute.lib/WeBWorK/ContentGenerator/Logout.pm.COOKIE_LIFESPANand instead allow setting cookie lifespan using site / course environment configuration variables.$CookieLifeTime- for when cookie based session management is in use - default to 6 hours.$CookieLifeTime2- for when cookie based session management is not in use, defaults to 30 days.samesiteandsecureattribute using site / course environment configuration variable:$CookieSameSite$CookieSecure