WeBWorK 2.21 Release Candidate#2940
Open
drgrice1 wants to merge 367 commits into
Open
Conversation
There have been requests to either remove this extension or at least make it so that those editing problems do not have it loaded, as it makes it easier to determine what is wrong with TeX in a problem. This pull request makes it so that these errors are only shown in the PG problem editor. Actually they are shown any time the renderRPC endpoint is used and the `showMathJaxErrors` parameter is set to a true value, but the only time that webwork2 now does this is in the problem editor. This still includes thhe change from the `webwork_url` to the `webwork_js_config` method in the `WeBWorK::ContentGenerator` module. There is also a `webwork_url` method in the `Mojolicious::WeBWorK` module that is already available for all controller modules (since it is a Mojolicious helper method), and having this other one overrides that one and it is confusing to have both that return almost the same value. The only difference is that `WeBWorK::ContentGenerator` method called the `location` helper which returns the empty string if the root URL is '/', and the `webwork_url` helper returns '/' in that case. I don't know what I was thinking creating the `WeBWorK::ContentGenerator` method which was really just an alies for the `location` helper method anyway.
The `webwork2.sty` file currently creates this link using the `\url` command. That command attempts to detect the link type. In this case that results in a file link. Depending on the PDF viewer used, that results in different behavior. In Firefox's PDF viewer it behaves as if it is not a link at all, but just text. Clicking on it does nothing. In Google Chrome's PDF viewer or Evince it is a link, but clicking on it results in a message being displayed that the file does not exist. So this switches to using the `\href` command instead. That requires that both the link URL and link text explicitly be given, but reliably results in a working link.
Fix the openwebwork.org link in hardcopy.
…browser. There have been several complaints about Contrib problems being listed first in the library browser. Perhaps this will help to quiet those complaints. This is done at the database level, and so should be rather efficient.
The `@openwebwork/pg-codemirror-editor` and its dependency packages `@openwebwork/codemirror-lang-pg`, `codemirror-lang-perl`, and `codemirror-lang-mt` have all had all dependencies updated, and the bracket matching issue reported in openwebwork/codemirror-lang-pg#1 fixed. The resulting changes have also been published. This just updates webwork2's dependency so that those updated packages can be used by webwork2. Note, I did take some liberty by pushing the updates for the `@openwebwork/pg-codemirror-editor` and `@openwebwork/codemirror-lang-perl` packages without going through the pull request process. But with the tiered depencies here that would be tedious to go through the approval process from bottom to top.
…ary browser persistent. The status of the checks is saved to local storage and updated when the page loads. So whatever state they had the last time the page was open is restored. Note that the settings are saved per user id and course. So you can set the checks differently for each course. This was (essentially) asked for in issue #2857.
Currently if `$permissionLevels{login} = 'professor'` and a user signs
in via LTI that would be assigned the role of "student", then webwork2
creates the user and signs the user in. However, on subsequent LTI
logins authentication fails. This refuses to create a user if the
requested role would not have permission to login.
Clean up the error messages some. There is a lot of work left to
do on this. The LTIAdvance.pm module has an extremely poor design for
error handling and messaging to go with those errors. The
LTIAdvantage.pm module is only a tad better (I largely just copied the
poor design of the LTIAdvanced.pm module). The `log_error` key is set
and appended to numerous times, frequently resulting in a long run on
message that doesn't really make sense. Also, there were some of these
errors that were adding "LOGIN FAILED". That was removed because The
`Authen.pm` code always prepends that and that resulted in logs with
"LOGIN FAILED LOGIN FAILED ...".
The `authenticate` method is expected to return either 1 or a message
indicating the failure. Currently it returns either 1 or 0. As a
result the messages that are set in the `authenticate` method go into
the abyss. Those messages should be returned instead of setting
`$self->{error}`. Note that the method can still return 0 if no message
should be set (as in the case of the OAuth token failing to verify for
LTI 1.1).
For LTI 1.3 make sure that the fallback_source_of_username is set before
attempting to use it. Otherwise the claim extraction fails and it
results in a database error later.
Fix a minor issue in the authen_LTI.conf.dist file. The
permissionLevels lines should end with semicolons, not commas.
The option is `extra_ssl_headers` in the `conf/webwork2.mojolicious.yml` file. It works just like the `extra_headers` option, except that the headers are only added to responses to secure requests. This is to address a need to add the `Strict-Transport-Security` header to SSL request responses that was brought up in the forums. See https://forums.openwebwork.org/mod/forum/discuss.php?d=8782#p22468. That header should not be added to non SSL requests.
This is simply the result of executing `npx update-browserslist-db@latest`.
Don't create users for LTI users that do not have permission to login.
When MathQuill was switched to a published npm package instead of being used from the Github repository, the `node_modules` location changed. This was all updated on the PG side of things, but I forgot to do it for the problem grader (which is the only place MathQuill is used for webwork2).
Instead of erroring out due to hash keys not existing, just give a message "You do not have permission to list assignments in this course." when when a user doesn't have the `navigation_allowed` permission but `LTI` is not configured.
Instead of greying out the "Use Achievement Reward" button when acting as another user, which only lists the available achievement items to use, grey out the actual use button to let an instructor be able to view which items a student could use on that assignment. It is still not possible to actually use an achievement as another user if that button was active, and further the form tags are also removed from the list of items. This address #2856.
Fix the MathQuill usage on the problem grader page.
Add message when navigation is not allowed and LTI is not configured.
Allow viewing achievement items when acting as another user.
Order problems from the OPL before those from Contrib in the library browser.
Make the "Include OPL" and "Include Contrib" check states in the library browser persistent.
Update the browserslist-db to eliminate the warning to do so.
Update the @openwebwork/pg-codemirror-editor dependency.
Add an option to add headers to only SSL request responses.
This is another case where a URL parameter is inserted directly into the page without being escaped. This just escapes the parameter value to prevent the possibility of an XSS attack.
Remove Cosign authentication module
prompt email recipient to use reply-all when there were multiple reci…
The packages and TikZ libraries that are used by pg are all tested (including the TikZ spath library that is going to be used once openwebwork/pg#1336 is merged). Note that the "active" option was removed from the preview package in the check_latex_article.tex and check_latex_exam.tex files because that suppresses output. It is enough to test that the preview package loads, and this makes the more important things that are being tested more like they are for actual hardcopy generation and not for equation generation. We really need to remove images mode.
Remove a symbolic link accidentally added in #2979.
Improve the speed of the database user retrieval for the student nav.
I used the wrong thing in #2975.
Fix the test nav.
Add `$achievementExtensionFactor` setting that is used to configure the length of extensions. This works as a multiplicative factor, by multiplying the base time (either 24 or 48 hours) by the factor. The extension time is always rounded to the nearest hour, and cannot be less than a single hour (two hours for the super extensions). This affects all items that have an extension time. * ExtendDueDate * ExtendDueDateGW * ExtendReducedDate * ReducedCred * RessurectGW * RessurectHW * SuperExtendDueDate * SuperExtendReducedDate
Store the setID of all completed sets in the globalHash when evaluating achievements. This allows achievements to use this data vs just counting the number of completed sets. One use case is being able to exclude optional sets, such as review sets, from some achievements without completely excluding them from all achievements. In addition saving all the setIDs can avoid a double counting completed sets, as there is currently no check to ensure a set is not counted multiple times.
The code and rendering panels are now not only vertically resizable, but are horizontally resizable when the window with is at or above the large breakpoint (992 pixels). Furthermore, resizing does not work with the native browser resize via the css `resize` property. Instead it is controlled with JavaScript. The resize grips (which are much more visible now) can be also be focused with the keyboard and when focused the arrow keys can be used to resize the code and render panels. Note that if `Ctrl` is pressed with an arrow key a 1 pixel resize occurs, and if `Alt` is pressed with an arrow key a 50 pixel resize occurs. Without a modifier key the arrow keys perform a 20 pixel resize. In addition, the dimensions are saved to local storage and persist when the page reloads. Unfortunately there will be some flickering of content as the resize occurs after the page loads. Note that the css `resize` property is actually not supported in all browsers, so this actually makes resizing work for those browsers as well. The browsers that do not support the css `resize` property include Firefox for Android, and Safari on IOS. Yeah, those are for mobile devices, and who edits problems on a mobile device? In any case, this makes the resize grips more evident. The native resize grip is rather small in the lower right corner of the CodeMirror editor panel, and many probably don't even know it is there. Note that the code panel has a minmimum width of 400 pixels, and the rendering panel a minimum width of 300 pixels. This works out so that when the window size is 992 pixels the two panels can't really be resized much or at all (when the site navigation menu width of 250 pixels is taken into account) depending on the browser. But at larger window widths resizing can be done. I thought about making it so that the resizing could go all the way to the right and the rendering panel be resized to a width of 0, but decided against it. If that were done, then the rendering would still be occuring even though you can't see it, and that doesn't seem good. I think that this should at least alleviate the request(s) to hide the rendering panel (which I don't think is really a good idea).
Add extension time factor setting.
Better keep track of which sets are complete in achievements.
Rework resizing of the problem editor.
This replaces the Grades page for students with a new layout designed for students. The old grades table is still available to instructors under "Student Progress". Being a grade page for students, instructors see the same info a student would (no hidden sets or grades are shown for instructors acting as a student). The only difference for an instructor is the student navigation menu is shown to switch which student to act as. The assignments are split into categories. Open assignments, reduced scoring assignments (if reduced scoring is enabled), and closed assignments. Assignments are ordered using the same `byUrgency` logic as the ProblemSets page. The total grade, if configured to be shown, is shown at the top of the page for all sets that are past the open date. Each assignment is a list item which shows the total score. For tests the best test version score is shown if the student can see the score. Then a table which includes the total score and status for each problem in the set. For just in time, only top level problems are shown. For tests, only the best test version is shown. The old Grades page code is moved into StudentProgress.pm where it is still used.
Suggested by @Alex-Jordan, add the weights to the grade page and then add buttons to hide/show the weights. The buttons use local storage to save the state. The default state is to have the weights and attempts hidden. Since the toggle happens at page load the change is noticed when the page loads if not using the defaults. Also put the version and score on a single row to save height and a little bit of refactoring of adding the problems for each set to save duplication of code.
* Add "mb-3" to give a bottom margin on the list group items+ * Indent code properly. * Make versions taken statement a parenthetical. * Remove version count and 'for' from link. * Remove use of DOM content loaded event.
Replace the student grades page.
Cleanup and update the default achievements in the modelCourse.
* Remove the same comment from the bottom of all evaluators.
This is hard to maintain, instead put all the information in
achievements_readme.txt and point to this file from other
evaluators.
* Cleanup the achievement evaluators:
* Simplify the code, don't use else statements when there was
a return inside the previous if. Clean up some of the logic.
* Take advantage of the new $globalData->{completedSetIds} hash
to avoid looping through all problems to determine if a
set is completed.
* Ran perltidy on them using an 80 character limit.
* Remove some evaluator duplication. The complete n problems
or n sets can all be done using a single evaluator, since
the only difference is the $maxCounter setting from the
achievement.
* Remove all unused achievement evaluators. There are lots of
these that are really just the same example achievement over
and over again to see if particular problems from particular
sets were completed. The images are still available for
helping people think of names, but the evaluators don't need
to be included. Instead provide four example evaluators for
completing specific problems and/or sets.
* Add perltidy of .at achievement files to the run-perltidy
dev_script and the github workflow.
All are updated to the latest versions except for iframe-resizer (which we are locking at the current version for now). There are no changes to the code needed for our usage of these libraries. The Bootstrap `if` usage in sass is deprecated and warnings about that needed to be silenced.
This seems to be needed for the latest updates.
Update npm dependencies to latest versions.
Cleanup modelCourse achievements.
update the Student Orientation for MathJax 4
…nager. First there was a typo in the name of the form permission for the reset_2fa form. As a result the permission was never actually checked since if a form does not have a permission in the `FORM_PERMS` has it is assumed that no permission is needed. Also, if a user does not have a password record in the database then don't try to reset the OTP secret. The user doesn't have one anyway, and attempting to access the non-existing database record throws an exception.
The `write_log_entry` method is imported from the `WeBWorK::Authen` package in `lib/WeBWorK/ContentGenerator/Logout.pm` (via the `use WeBWorK::Authen qw(write_log_entry)` call). However, the `WeBWorK::Authen` package does not define the `import` method (since it does not derive from the `Exporter` package). As a result warnings occur when this package is loaded. These warnings have become more prevalant recently (perhaps the perl 5.40 is more strict on this?). Also, the `write_log_entry` is incorrectly called later in that package. The `write_log_entry` method is an object method and there is no need for the package name in the call.
Fix issues with reseting two-factor authentication in the accounts manager.
Lockfile version 3 has been supported since node version 18 (and npm version 7). So there is no need to stay with lockfile version 2 anymore. The only real change it seems is that the `dependencies` section is removed. This means that the file is about 1500 lines shorter!
Remove the `CAPA_Graphics` link. I missed this when everything else CAPA related was removed before. (grep doesn't show it!) Also remove the `crossdomain.xml` file. I don't think this is not used with the current approaches for serving webwork2, and if it is, it is most likely a security vulnerability.
Fix an invalid import that is causing warnings.
Switch `package-lock.json` to lockfile version 3.
Minor clean up in the htdocs directory.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is the release candidate for WeBWorK 2.21. Please re-target any pull requests that you want to get into the release for this branch.