The initial approach I took was to provide a noscript area containing the
standard input element, and to move it to a hidden input element as part of
the passwordunmask setup.
This allowed behat tests to pass both with and without JS enabled (i.e.
with Goutte and real browsers), and also ensured that the real input did
not appear on screen.
However, the standard formslib validation occurs before other page JS is
run and hooks into the elements on page during its setup.
Since noscript elements are not accessible to scripts as standard elements,
the form validation would fail for _client_ side validation and work for
server-side validation.
This change creates creates the hidden input element in the template
instead, as well as the password element in the noscript tag.
Doing this means that when JS is disabled, the form has two elements of the
same name - one hidden, and the second a visible password field.
Since the latter element will always override the former one on form
submission, and the noscript variant is last, the noscript variant wins
when JS is disabled and tests continue to pass.
When JS is enabled, the noscript variant is not a valid part of the DOM
(the browser sees it as a hidden text field essentially). The password is
not automatically entered into the hidden field, so the autocomplete
prevention continues to work as expected.
This commit change send course welcome message to a drop-down that now supports sending emails from:
- Course contact
- Enrolment key holder
- No reply address
Also moves part of the logic of handling send welcome email from to a new method get_welcome_email_contact() and unit test for this new method.
In some cases we may inspect an empty zip file. If we do open
an empty zip file, check that it changed before we attempt to write
it to disk. It may be the case that we were reading the file from
a location that we don't have write access to.
Units tests have been adjusted e.g. 'boost' instead of 'clean' in pix urls.
Some places I didn't update the test to reflect the boost markup and reset
the theme to clean. This is because the test was not testing the markup - but the
functionality (e.g. looking for specific structures to indicate an error in a form element).
This is primarily because iOS has changed something under the hood which
means that only session cookies which have an expiry are passed around the
OS.
In order to make media playable outside of the browser (e.g. a video), we
must set a session cookie timeout.
Since the session timeout is configurable, this patch sets the cookie
timeout to the session timeout plus a period of one week.
This ensures that videos continue to work, and that the expired session
message is shown on the login page, but without requiring excessively long
session times.
This version:
* should work with the Behat Goutte driver
* should not suffer from password autofill anxiety
* should allow unmasking (and masking) of a password
* should allow editing of passwords in either masked, or unmasked form
AMOS BEGIN
MOV [revealpassword,core_form],[passwordunmaskrevealhint,core_form]
AMOS END
If the quiz attempt use popup window with Javascript security it will
show to the user misleading message that he is going to lose entered
data.
To avoid this we should mark form as submitted to turn off browser`s
pop-up window when user confirms finishing attempt.
Also we need to check if core_formchangechecker is present on a page.
Remove all cleanup and exception test references. We expect plugin just to
respond with scanning result constant and notice where applicable.
Add tests for \core\antivirus\manager.
In the initial implementation, infected file cleanup and exception throwing
was done at the plugin level. This is somewhat incorrect from plugin
responsibility perspective. The patch moves cleanup and exception logic to
the manager. Antivirus plugin responsibility is limited to perform scanning
and respond with one of the result statuses defined in the
\core\antivirus\scanner.
Due to configurable nature of scanning method selection, unit test needs to
be updated to always point to commadline method. There is no need to write
separate tests for socket scanning method, as the scanning method needs to
be mocked anyway (i.e. will be identical to commandline scanning from test
perspective).
