Merge pull request #407 from oat-sa/release-2.23.0

Release 2.23.0
oat-sa · Apr 4, 2016 · 7fb44b0 · 7fb44b0
2 parents 21175a7 + 7213d0a
commit 7fb44b0
Show file tree

Hide file tree

Showing 13 changed files with 87 additions and 45 deletions.
diff --git a/actions/class.Runner.php b/actions/class.Runner.php
@@ -114,21 +114,26 @@ protected function getServiceContext($check = true, $checkToken = true)
             $testCompilation = $this->getRequestParameter('testCompilation');
 
             if ($checkToken) {
-                $csrfToken = $this->getRequestParameter('X-Auth-Token');
-                if (!$this->getCsrf()->checkCsrfToken($csrfToken)) {
-                    \common_Logger::w("CSRF attempt! The token $csrfToken is no longer valid!");
-                    throw new \common_exception_Unauthorized();
+
+                $config = $this->runnerService->getTestConfig()->getConfigValue('security');
+                if(isset($config['csrfToken']) && $config['csrfToken'] == true){
+
+                    $csrfToken = $this->getRequestParameter('X-Auth-Token');
+                    if (!$this->getCsrf()->checkCsrfToken($csrfToken)) {
+                        \common_Logger::w("CSRF attempt! The token $csrfToken is no longer valid!");
+                        throw new \common_exception_Unauthorized();
+                    }
                 }
             }
 
             if ($this->hasRequestParameter('testServiceCallId')) {
                 $testExecution = $this->getRequestParameter('testServiceCallId');
             } else {
                 $testExecution = $this->getRequestParameter('serviceCallId');
-            }  
+            }
             $this->serviceContext = $this->runnerService->getServiceContext($testDefinition, $testCompilation, $testExecution, $check);
         }
-        
+
         return $this->serviceContext;
     }
 

diff --git a/config/default/testRunner.conf.php b/config/default/testRunner.conf.php
@@ -133,4 +133,11 @@
      * @type array
      */
     'plugins' => null,
+
+
+    /**
+     * Enable the cross site request forgery token
+     * @type boolean
+     */
+    'csrf-token' => true
 );
diff --git a/helpers/class.TestSession.php b/helpers/class.TestSession.php
@@ -581,12 +581,6 @@ public function closeTimer($identifier, $type = null)
             $placeId = $source->getIdentifier();
             if ($placeId === $identifier) {
                 if (($timeLimits = $source->getTimeLimits()) !== null && ($maxTime = $timeLimits->getMaxTime()) !== null) {
-                    $placeDuration = $this[$placeId . '.duration'];
-                    if ($placeDuration instanceof Duration) {
-                        $placeDuration->sub($placeDuration);
-                        $placeDuration->add($maxTime);
-                    }
-
                     $constraintDuration = $constraint->getDuration();
                     if ($constraintDuration instanceof Duration) {
                         $constraintDuration->sub($constraintDuration);

diff --git a/manifest.php b/manifest.php
@@ -33,7 +33,7 @@
     'label' => 'QTI test model',
 	'description' => 'TAO QTI test implementation',
     'license' => 'GPL-2.0',
-    'version' => '2.21.1',
+    'version' => '2.23.0',
 	'author' => 'Open Assessment Technologies',
     'requires' => array(
         'taoTests' => '>=2.13',

diff --git a/models/classes/runner/config/QtiRunnerConfig.php b/models/classes/runner/config/QtiRunnerConfig.php
@@ -66,6 +66,9 @@ public function getConfig()
                 'nextSection' => !empty($rawConfig['next-section']),
                 'resetTimerAfterResume' => !empty($rawConfig['reset-timer-after-resume']),
                 'plugins' => isset($rawConfig['plugins']) ? $rawConfig['plugins'] : null,
+                'security' => [ 
+                    'csrfToken' => isset($rawConfig['csrf-token']) ? $rawConfig['csrf-token'] : false,
+                ]
             ];
         }
         return $this->config;

diff --git a/scripts/update/Updater.php b/scripts/update/Updater.php
@@ -269,5 +269,17 @@ public function update($initialVersion) {
         }
 
         $this->skip('2.20.0','2.21.1');
+
+        if ($this->isVersion('2.21.1')) {
+            $extension = \common_ext_ExtensionsManager::singleton()->getExtensionById('taoQtiTest');
+            $config = $extension->getConfig('testRunner');
+            $extension->setConfig('testRunner', array_merge($config, array(
+                'csrf-token' => true
+            )));
+
+            $this->setVersion('2.22.0');
+        }
+
+        $this->skip('2.22.0','2.23.0');
     }
 }
diff --git a/views/css/new-test-runner.css b/views/css/new-test-runner.css
diff --git a/views/css/new-test-runner.css.map b/views/css/new-test-runner.css.map
diff --git a/views/css/test-runner.css b/views/css/test-runner.css
diff --git a/views/css/test-runner.css.map b/views/css/test-runner.css.map
diff --git a/views/js/qtiTestRunner.min.js b/views/js/qtiTestRunner.min.js
diff --git a/views/js/qtiTestRunner.min.js.map b/views/js/qtiTestRunner.min.js.map
diff --git a/views/scss/inc/_navigator.scss b/views/scss/inc/_navigator.scss
@@ -132,7 +132,8 @@
     }
 
     .qti-navigator-label {
-        display: block;
+        display: inline-block;
+        min-width: 100%;
         line-height: 30px;
         padding: 0 6px;
 
@@ -228,6 +229,25 @@
 
         ul {
             padding: 4px;
+
+            .qti-navigator-label {
+                span {
+                    display: table-cell;
+                    vertical-align: middle;
+                    float: none;
+
+                    &.qti-navigator-text {
+                        padding: 0 6px;
+                        min-width: 10rem;
+                    }
+                    &.qti-navigator-icon {
+                        min-width: 2rem;
+                    }
+                    &.qti-navigator-counter {
+                        min-width: 5rem;
+                    }
+                }
+            }
         }
     }