-
-
Notifications
You must be signed in to change notification settings - Fork 165
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cookie code refactor, Use CGI::Cookie and support samesite - PR # 1149 - for revisions #1253
Closed
taniwallach
wants to merge
130
commits into
openwebwork:master
from
taniwallach:cookie-refactor-same-site
Closed
Cookie code refactor, Use CGI::Cookie and support samesite - PR # 1149 - for revisions #1253
taniwallach
wants to merge
130
commits into
openwebwork:master
from
taniwallach:cookie-refactor-same-site
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
WeBWork-2.15 commits up to August 30
- Capture answer submissions (Assessment Submitted & AssessmentItem Completed events) for normal and gateway problem sets - Attempt durations for gateway problem sets are only stored in the overall Assessment (not individual assessment item completed events) due to multiple problems being on a page at a time - Additionally capture Assessment Paused event for gateway problems sets (sent when changing pages to help track overall time spend on task) - Capture login/logout events Added new `HTTP::Async` (libnet-https-nb-perl & libhttp-async-perl) dependency so that events can be emitted asynchronous (very important for gateway problems sets since many AssessmentItem Completed are created at once)
Webwork 2.15 into develop
to point to develop instead of to 2.15
external convert program.
instructor/ta and has unanswered parts of the question.
…gs-develop Fix feedback warnings with hidden answer blanks
I think this typo is harmless since it is repeated the only time the array is used. But it's distracting when reviewing this file.
using the new WeBWorK::Utils::AttemptsTable. That table looks better, and this aligns the homework and quiz/test experience.
the more condensed view the gateway quizzes had before. Also add an option to the attempts table to show the header line, and don't show that line in gateway quizzes.
typo in array name
This has the benefit of not needing to deal with escaping special characters that may appear in the variable $recordID. Switch from using attr to prop as that is the proper thing to use in this situation. Change from the "None Specified" text input value to using a placeholder. These things are all discussed in my review of pull request openwebwork#988.
It is certain that adding the hasDatepicker class is not what should be happening there. The date fields already have the class, and other text inputs shouldn't get it. Instead implement better handling of the 'changed' class for the datepicker input fields. If a date is changed from its original value the input shows changed, and if it is changed back to its original value it shows as not changed. The code is removed from perl and implemented in datepicker.js.
done while we are fixing things here.
to use MathQuill answer boxes is enabled. Currently the input is hidden and no MathQuill answer box is injected.
…ing-Vectors fixing typo in vector input help file
an object is being created or when the mouse cursor is hovering over a defining point for an object.
little before for the javascript graph. This generally looks better. Particularly if there are fills on the board.
graphtool. This makes it possible to cancel graphing an object at any point in an incomplete construction.
will allow for ease of extension of the options for later development.
"availableTools" option to the graphTool method that makes it possible to select which tools are available for the students to use in a problem.
javascript for parserGraphTool.pl. Some browsers seem to have issues with this.
…ols. Also, make the focused object orange, instead of blue like the other graphed objects, so that it is distinguished by more than just its points becoming visible.
with the graphTool code, and adds some nice features that will probably be needed at some point.
for the jsxgraph board. This puts the board back to the default svg renderer. This option was needed with the older version of jsxgraph as errors would frequently occur with the svg renderer and this resulted in only a white div being displayed. With the newer version of jsxgraph this seems to be fixed, and works better.
Slight fix to errors reported by DB::validateKeyfieldValue
Fix typo in warning message in SubmitGrade.pm
Graphtool macro for interactive graphing in problems via javascript (javascript for PG PR openwebwork#484)
Fix typo ENABLE_UTF8MB -> ENABLE_UTF8MB4
1. Use CGI::Cookie instead of Apache2:Cookie, as the new code needs support for the samesite attribute. 2. Added CGI::Cookie to bin/check_modules.pl and Dockerfile. Note: The support for samesite dates to June 2019 in CGI::Cookie 4.45. 3. Remove obsolete, commented out, code using cookies from lib/WeBWorK/ContentGenerator/Logout.pm. 4. Drop the constant COOKIE_LIFESPAN and instead allow setting cookie lifespan using site / course environment configuration variables. $CookieLifeTime - for when cookie based session management IS in use - default to 6 hours. $CookieLifeTime2 - for when cookie based session management is NOT in use, defaults to 30 days. 5. Allow setting value of cookies samesite and secure attribute using site / course environment configuration variable: $CookieSameSite $CookieSecure
…ays exist + use cookie_timestamp+CookieLifeTime to set timestampValid when using secure cookies and session_cookie session management.
taniwallach
added
Do Not Merge Yet
PR to allow others to inspect -- not ready for prime time
Enhancement
enhances the software
priority2 (moderate)
labels
Mar 17, 2021
Closing. Need to rebase. Sorry |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Do Not Merge Yet
PR to allow others to inspect -- not ready for prime time
Enhancement
enhances the software
priority2 (moderate)
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a resubmit of #1149 to add secure cookie support and support for "same-site" as it was decided that additional fixes are needed.
Please see the discussion at #1149 .
Main points = refactor the Cookie code:
CGI::Cookie
instead ofApache2:Cookie
, as the new code needs support for thesamesite
attribute.lib/WeBWorK/ContentGenerator/Logout.pm
.COOKIE_LIFESPAN
and instead allow setting cookie lifespan using site / course environment configuration variables.$CookieLifeTime
- for when cookie based session management is in use - default to 6 hours.$CookieLifeTime2
- for when cookie based session management is not in use, defaults to 30 days.samesite
andsecure
attribute using site / course environment configuration variable:$CookieSameSite
$CookieSecure