Up to [LON-CAPA] / loncom
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
Current tag: MAIN
- Internal name for conditional portfolio sharing for specific IP addresses ranges when set by a user is now userip, to distinguish from those set for externalresponse (inrenal name: ip). - Portfolio shareability setting in domain defaults (by affiliation), with possible override for an individual user will apply to portfolio file requests to a LON-CAPA node running 2.11, when the file owner's homeserver is 2.12 (or later).
- Remove duplicate line added in rev 1.22
- Bugs 6754 and 6907 - Return of grades to launcher CMS supported for resources or folders accessed via LTI-mediated deep link. - Support option: "Encrypt stored consumer secrets defined in domain" - Signing of LTI payloads for roster retrieval, passback of grades, and callback to logput launcher CMS session all now occur on primary library server for course's domain.
- Bug 6754 - Can select from tool definitions set in course's domain or in course itself when using External > "External Tool" in Course Editor. - DC's configuration for allowed use of esternal tools within course types (can be overridden for specific course(s)) determines which External Tool types (if any) may be added to a course. - Signing of LTI payload used to launch an external tool now carried out on course's home server.
- Bug 6907 - Link Protectors for deep-linking from launch from LTI Consumer can be configured at both a domain level and a course level. - Support encryption of link protection secrets set in a domain. - Requires perl-Crypt-CBC
- Bug 6907 - Support encryption of link protection secrets set in a course. - Requires perl-Crypt-CBC
- Bug 6907 - Rename "LTI Provider" domain config item. - Add three additional sections: "Encryption of shared secrets", "Rules for shared secrets" and Link Protectors (domain). - Keys used in domain for a particular library server may only be set in a session on that server (and use Lond.pm and not lonc/lond). - Min and max length and character requirements can be set for secrets used for LTI-based link protection for deep-links.
- Bug 6907 - Extraction of LTI itemID based on consumer key in signed LTI payload, and verification with available secret moved from ltiauth.pm to Lond.pm. - Verification will now occur on course's home server or domain's primary library server, for course-defined LTI ID, and domain-defined LTI ID respectively. - Setting and modifying link protection key and secret now requires user session on course's home server. - Display of existing LTI key only available of course's home server. - Display of stored LTI secret eliminated so a Course Coordinator will need to record it offline or commit it to memory.
- Use fully qualified subroutine name for logthis() to eliminate ISE, since lonnet.pm does not export the logthis function.
- Bug 6585 get_domain_handler() and encrypted_get_domain_handler() in lond now use get_dom() routine in Lond.pm
- Information about Certificate Revocations List included in SSL Certificates status report. LONCAPA-prerequisites needs perl-Crypt-X509-CRL.
- LON-CAPA SSL certificate status incudes issuer comparison for CA cert and Connections and Replication certs.
- Common Name for "Connections Certificate" is host's "serverhomeID".
- LON-CAPA SSL certificate verification - Detect revoked or expired certs, or certs with incorrect Common Name. - If host cert or hostname cert are not OK, check if a valid CSR exists, and if so, report status of that. - perl-Crypt-PKCS10 needs to be added to LONCAPA-prerequisites.
- Fewer calls to courseiddump() to check if something is a course.
- Only translate SSL key and certificate status if target is web. - Include additional status types for SSL certificates (host and hostname) -- nokey and otherkey -- if key is missing, or certificate uses another key.
- Use Server Name Indication (SNI) and SSL when replicating content from /raw/. - Domain status screen has link to show status of LON-CAPA SSL certificates. - "SSL" domain config for (a) "internal" LON-CAPA SSL connection to servers/VMs in other domain, (b) Replication of domain's resources to other domains. - Replication can use name-based virtual hosts with SSL, with verification of client certificate (cert: /home/httpd/lonCerts/lonhostnamecert.pem, signed by LON-CAPA CA, with Common Name of internal-<server hostname>, same IP address as server hostname).
- Need to unescape things that were escaped.
- Support checking of course cloning rights based on (a) domain defaults (where no course-specific rights set), or (b) course specific rights for official courses, based on institutional code category/ies set in courseprefs, e.g., department=phy etc.
- Access to information about courses in a domain with six character unique codes (html, xml or csv format). - Initial use case is for a separate portal (token-based auth) where students enter the code to sign up for a specific "textbook" course.
Corrected wording typos Updated related phrases in German translation file
Saving my work (preliminary). changes related to BZ 6585 - moved dump_course_id_handler into Lond.pm - moved dump_profile_database into Lond.pm
changes related to BZ 6585 lond: - moved get_courseinfo_hash into Lond.pm
changes related to BZ 6585 lond: - $clientversion is now also set for clients < 2.9. Subroutines can rely on $clientversion instead of checking for empty string followed by a look up in %loncaparevs. - moved functional body of dump_with_regexp into Lond.pm - moved check_homecourses, releasereqd_check and useable_role into Lond.pm Lond.pm: - incorporated changes that have been made to lond 1.491 (removal of $extra parameter) - clean up
*work in progress* BZ #6585 Outsource functional aspects of lond into a separate module Lond.pm. Functionality in Lond.pm will be used in lond and lonnet. lond will continue to handle data transfer across the network while lonnet will handle requests (e.g. dump) in cases where the request originates from the library server that hosts the data. Thus avoiding serialization and IPC through several sockets (lonnet <unix socket> lonc <inet socket> lond <- file.db becomes lonnet <- file.db). This greatly improves performance on library servers that are also used as access servers. See Bugzilla 6585 for details.