• last updated 3 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Fix typo

minor cleanup

External identity provider reform (part 3)

- logout from external identity provider, if logged in via it

- extend default login page via ADP include, when external

identity providers are configured.

  1. … 3 more files in changeset.
file external-logins.adp was initially added on branch oacs-5-10.

file external-logins.tcl was initially added on branch oacs-5-10.

simplify code

avoided subst in export_vars when not necessary

  1. … 1 more file in changeset.
Deprecate acs-subsite/www/shared/db-error and move a copy to acs-subsite/lib/shared/db-error, replace occurrences, adjust dependencies

  1. … 7 more files in changeset.
file db-error.adp was initially added on branch oacs-5-10.

Deprecate template::util::is_true, implemented as a simple string command oneliner since 2015 and inline occurrences

  1. … 33 more files in changeset.
Localize subsites UI on the homepage

150px is not enough. In general, these setting should be performed via style files.

Fixes for Oracle 19c: boolean types in query

This fixes the following bug for Oracle:

[13/Feb/2022:17:53:36][8701.7f9f62f0b700][-conn:oacs-5-10-0:default:0:0-] Error: nsoracle.c:1367:OracleSelect: error in `OCIStmtExecute ()': ORA-00920: invalid relational operator

:

: SQL:

:

: select p.package_id,

: p.instance_name,

: n.node_id,

: n.name,

: :subsite_url || n.name as url,

: (select count(*)

: from group_approved_member_map m

: where m.rel_type = 'membership_rel'

: and m.group_id = ag.group_id) as num_members,

: (select min(r2.member_state)

: from group_member_map m2,

: membership_rels r2

: where m2.group_id = ag.group_id

: and m2.member_id = :untrusted_user_id

: and r2.rel_id = m2.rel_id) as member_state,

: g.group_id,

: g.join_policy

: from site_nodes n,

: apm_packages p,

: application_groups ag,

: groups g

: where n.parent_id = :subsite_node_id

: and p.package_id = n.object_id

: and p.package_key in ('acs-subsite')

: and ag.package_id = p.package_id

: and g.group_id = ag.group_id

: and (g.join_policy !>>>!!= 'closed' or acs_permission.permission_p(p.package_id, :untrusted_user_id, 'read'))

: order by lower(instance_name)

:

Fixes for Oracle 19c: boolean types in query

This fixes the following bug for Oracle:

': ORA-00920: invalid relational operator

:

: SQL:

: select p.package_id,

: p.instance_name,

: n.node_id,

: n.name

: from site_nodes n,

: apm_packages p,

: apm_package_types t

: where n.parent_id = :subsite_node_id

: and p.package_id = n.object_id

: and t.package_key = p.package_key

: and t.package_type = 'apm_application'

: and acs_permission.permission_p(p.package_id, :user_id, 'read')

: !>>>!order by upper(instance_name)

:

improve safety of SQL queries

  1. … 4 more files in changeset.
Use the new 'email' input type widget

  1. … 1 more file in changeset.
Use the new 'url' and 'email' input type widgets

  1. … 1 more file in changeset.
improve spelling

  1. … 16 more files in changeset.
use "-varname" parameter for message_exists_p

  1. … 1 more file in changeset.
Fix remaining occurrence of "screen_name" variable used to actually tell HOW to display the screen_name

Use ad_include_contract

Add ad_include_contract

bug-fix: don't use variable "screen_name" for controlling display of ScreenName,

since it used as value for the actual screen name as well.

as a consequence, user got e.g. a value of "none" set as their acutal screen name, which

lead to a conflict with the unique screen name constraint of the data model

the conflicst with CVS: ----------------------------------------------------------------------

provde a global variable as transitional code for controlling passing of password as query variable

  1. … 2 more files in changeset.
don't pass sensitive information (e.g. password) as query variable, but use client properties instead.

see also issue #3344

  1. … 5 more files in changeset.
Add a new instance parameter 'LoginPasswordAutocomplete' with the value of the 'autocomplete' attribute of the password field of the login form, to let each subsite decide.

  1. … 1 more file in changeset.
Rework query to use permission api instead of just removed materialized views

Modernize logic for protecting against cached passwords from forms,

when users log out and other users use the back button (for Nora).

- switch to more modern caching prevention

- add CSRF protection to login form against forgery requests

- none of the cache-preventing mechanisms helps when the user

stores the password in the browser (no change to the past).

- For admins of existing sites: alter kernel parameter

"LoginPageExpirationTime" to 0 make use of this feature

  1. … 2 more files in changeset.
whitespace changes