Merge branch 'master' into install_master

admin/cli/generate_key.php

@@ -0,0 +1,77 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
+/**
+ * Generates a secure key for the current server (presuming it does not already exist).
+ *
+ * @package core_admin
+ * @copyright 2020 The Open University
+ * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+
+use \core\encryption;
+
+define('CLI_SCRIPT', true);
+
+require(__DIR__ . '/../../config.php');
+require_once($CFG->libdir . '/clilib.php');
+
+// Get cli options.
+[$options, $unrecognized] = cli_get_params(
+        ['help' => false, 'method' => null],
+        ['h' => 'help']);
+
+if ($unrecognized) {
+    $unrecognized = implode("\n  ", $unrecognized);
+    cli_error(get_string('cliunknowoption', 'admin', $unrecognized));
+}
+
+if ($options['help']) {
+    echo "Generate secure key
+
+This script manually creates a secure key within the secret data root folder (configured in
+config.php as \$CFG->secretdataroot). You must run it using an account with access to write
+to that folder.
+
+In normal use Moodle automatically creates the key; this script is intended when setting up
+a new Moodle system, for cases where the secure folder is not on shared storage and the key
+may be manually installed on multiple servers.
+
+Options:
+-h, --help         Print out this help
+--method <method>  Generate key for specified encryption method instead of default.
+                   * sodium
+                   * openssl-aes-256-ctr
+
+Example:
+php admin/cli/generate_key.php
+";
+    exit;
+}
+
+$method = $options['method'];
+
+if (encryption::key_exists($method)) {
+    echo 'Key already exists: ' . encryption::get_key_file($method) . "\n";
+    exit;
+}
+
+// Creates key with default permissions (no chmod).
+echo "Generating key...\n";
+encryption::create_key($method, false);
+
+echo "\nKey created: " . encryption::get_key_file($method) . "\n\n";
+echo "If the key folder is not shared storage, then key files should be copied to all servers.\n";

admin/templates/setting_encryptedpassword.mustache

@@ -0,0 +1,64 @@
+{{!
+    This file is part of Moodle - http://moodle.org/
+
+    Moodle is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    Moodle is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+}}
+{{!
+    @template core_admin/admin_setting_encryptedpassword
+
+    Admin encrypted password template.
+
+    Context variables required for this template:
+    * name - form element name
+    * set - whether it is set or empty
+    * id - element id
+
+    Example context (json):
+    {
+        "name": "test",
+        "id": "test0",
+        "set": true
+    }
+}}
+<div class="core_admin_encryptedpassword" data-encryptedpasswordid="{{ id }}"
+        {{#novalue}}data-novalue="y"{{/novalue}}>
+    {{#set}}
+        <span>{{# str }} encryptedpassword_set, admin {{/ str }}</span>
+    {{/set}}
+    {{^set}}
+        <a href="#" title="{{# str }} encryptedpassword_edit, admin {{/ str }}">
+            <span>{{# str }} novalueclicktoset, form {{/ str }}</span>
+            {{# pix }} t/passwordunmask-edit, core, {{# str }} passwordunmaskedithint, form {{/ str }}{{/ pix }}
+        </a>
+    {{/set}}
+    <input style="display: none" type="password" name="{{name}}" disabled>
+    {{!
+        Using buttons instead of links here allows them to be connected to the label, so the button
+        works if you click the label.
+    }}
+    {{#set}}
+        <button type="button" id="{{id}}" title="{{# str }} encryptedpassword_edit, admin {{/ str }}" class="btn btn-link" data-editbutton>
+            {{# pix }} t/passwordunmask-edit, core, {{/ pix }}
+        </button>
+    {{/set}}
+    <button type="button" style="display: none" title="{{# str }} cancel {{/ str }}" class="btn btn-link" data-cancelbutton>
+        <i class="icon fa fa-times"></i>
+    </button>
+</div>
+
+{{#js}}
+require(['core_form/encryptedpassword'], function(encryptedpassword) {
+    new encryptedpassword.EncryptedPassword("{{ id }}");
+});
+{{/js}}

admin/tests/behat/behat_admin.php

@@ -89,7 +89,7 @@ public function i_set_the_following_administration_settings_values(TableNode $ta
     }
 
     /**
-     * Sets the specified site settings. A table with | config | value | (optional)plugin | is expected.
+     * Sets the specified site settings. A table with | config | value | (optional)plugin | (optional)encrypted | is expected.
      *
      * @Given /^the following config values are set as admin:$/
      * @param TableNode $table
@@ -103,11 +103,20 @@ public function the_following_config_values_are_set_as_admin(TableNode $table) {
         foreach ($data as $config => $value) {
             // Default plugin value is null.
             $plugin = null;
+            $encrypted = false;
 
             if (is_array($value)) {
                 $plugin = $value[1];
+                if (array_key_exists(2, $value)) {
+                    $encrypted = $value[2] === 'encrypted';
+                }
                 $value = $value[0];
             }
+
+            if ($encrypted) {
+                $value = \core\encryption::encrypt($value);
+            }
+
             set_config($config, $value, $plugin);
         }
     }

admin/tool/behat/tests/behat/edit_permissions.feature

@@ -6,14 +6,18 @@ Feature: Edit capabilities
 
   Background:
     Given the following "users" exist:
-      | username | firstname | lastname | email |
-      | teacher1 | Teacher | 1 | teacher1@example.com |
+      | username | firstname | lastname  |
+      | teacher1 | Teacher   | 1         |
+      | tutor    | Teaching  | Assistant |
+      | student  | Student   | One       |
     And the following "courses" exist:
-      | fullname | shortname | category |
-      | Course 1 | C1 | 0 |
+      | fullname | shortname |
+      | Course 1 | C1        |
     And the following "course enrolments" exist:
-      | user | course | role |
-      | teacher1 | C1 | editingteacher |
+      | user     | course | role           |
+      | teacher1 | C1     | editingteacher |
+      | tutor    | C1     | teacher        |
+      | student  | C1     | student        |
 
   Scenario: Default system capabilities modification
     Given I log in as "admin"
@@ -60,3 +64,25 @@ Feature: Edit capabilities
     Then "mod/forum:deleteanypost" capability has "Prohibit" permission
     And "mod/forum:editanypost" capability has "Prevent" permission
     And "mod/forum:addquestion" capability has "Allow" permission
+
+  @javascript
+  Scenario: Edit permissions escapes role names correctly
+    When I am on the "C1" "Course" page logged in as "admin"
+    And I navigate to "Edit settings" in current page administration
+    And I set the following fields to these values:
+      | Your word for 'Teacher'             | Teacher >= editing  |
+      | Your word for 'Non-editing teacher' | Teacher < "editing" |
+      | Your word for 'Student'             | Studier & 'learner' |
+    And I press "Save and display"
+    And I navigate to course participants
+    Then I should see "Teacher >= editing (Teacher)" in the "Teacher 1" "table_row"
+    And I should see "Teacher < \"editing\" (Non-editing teacher)" in the "Teaching Assistant" "table_row"
+    And I should see "Studier & 'learner' (Student)" in the "Student One" "table_row"
+    And I navigate to "Users > Permissions" in current page administration
+    And I should see "Teacher >= editing" in the "mod/forum:replypost" "table_row"
+    And I should see "Teacher < \"editing\"" in the "mod/forum:replypost" "table_row"
+    And I should see "Studier & 'learner'" in the "mod/forum:replypost" "table_row"
+    And I follow "Prohibit"
+    And "Teacher >= editing" "button" in the "Prohibit role" "dialogue" should be visible
+    And "Teacher < \"editing\"" "button" in the "Prohibit role" "dialogue" should be visible
+    And "Studier & 'learner'" "button" in the "Prohibit role" "dialogue" should be visible

admin/tool/behat/tests/behat/keyboard.feature

@@ -28,15 +28,16 @@ Feature: Verify that keyboard steps work as expected
     And I press the shift tab key
     And the focused element is "Username" "field"
 
-  @javascript
-  Scenario: Using the arrow keys allows me to navigate through menus
-    Given the following "users" exist:
-      | username | email                        | firstname | lastname |
-      | saffronr | saffron.rutledge@example.com | Saffron   | Rutledge |
-    And I log in as "saffronr"
-    And I click on "Saffron Rutledge" "link" in the ".usermenu" "css_element"
-    When I press the up key
-    Then the focused element is "Log out" "link"
+#  TODO: Uncomment the following when MDL-66979 is integrated.
+#  @javascript
+#  Scenario: Using the arrow keys allows me to navigate through menus
+#    Given the following "users" exist:
+#      | username | email                        | firstname | lastname |
+#      | saffronr | [email protected] | Saffron   | Rutledge |
+#    And I log in as "saffronr"
+#    And I click on "Saffron Rutledge" "link" in the ".usermenu" "css_element"
+#    When I press the up key
+#    Then the focused element is "Log out" "link"
 
   @javascript
   Scenario: The escape key can be used to close a dialogue

admin/upgrade.txt

@@ -1,5 +1,10 @@
 This files describes API changes in /admin/*.
 
+=== 3.11 ===
+
+* New admin setting admin_setting_encryptedpassword allows passwords in admin settings to be
+  encrypted (with the new \core\encryption API) so that even the admin cannot read them.
+
 === 3.9 ===
 
 * The following functions, previously used (exclusively) by upgrade steps are not available anymore because of the upgrade cleanup performed for this version. See MDL-65809 for more info:

analytics/classes/manager.php

@@ -603,8 +603,8 @@ public static function get_prediction($predictionid, $requirelogin = false) {
      */
     public static function add_builtin_models() {
 
-        debugging('core_analytics\manager::add_builtin_models() has been deprecated. Core models are now automatically '.
-            'updated according to their declaration in the lib/db/analytics.php file.', DEBUG_DEVELOPER);
+        throw new \coding_exception('core_analytics\manager::add_builtin_models() has been removed. Core models ' .
+                        'are now automatically updated according to their declaration in the lib/db/analytics.php file.');
     }
 
     /**

analytics/upgrade.txt

@@ -4,6 +4,10 @@ information provided here is intended especially for developers.
 === 3.11 ===
 * Final deprecation get_enabled_time_splitting_methods. Method has been removed. Use
   get_time_splitting_methods_for_evaluation instead.
+* Final deprecation add_builtin_models. Method has been removed. The functionality
+  has been replaced with automatic update of models provided by the core moodle component.
+  There is no need to call this method explicitly any more. Instead, adding new models can be achieved
+  by updating the lib/db/analytics.php file and bumping the core version.
 
 === 3.8 ===
 

config-dist.php

@@ -727,6 +727,22 @@
 //
 // $CFG->maxcoursesincategory = 10000;
 //
+// Admin setting encryption
+//
+//      $CFG->secretdataroot = '/var/www/my_secret_folder';
+//
+// Location to store encryption keys. By default this is $CFG->dataroot/secret; set this if
+// you want to use a different location for increased security (e.g. if too many people have access
+// to the main dataroot, or if you want to avoid using shared storage). Your web server user needs
+// read access to this location, and write access unless you manually create the keys.
+//
+//      $CFG->nokeygeneration = false;
+//
+// If you change this to true then the server will give an error if keys don't exist, instead of
+// automatically generating them. This is only needed if you want to ensure that keys are consistent
+// across a cluster when not using shared storage. If you stop the server generating keys, you will
+// need to manually generate them by running 'php admin/cli/generate_key.php'.
+
 //=========================================================================
 // 7. SETTINGS FOR DEVELOPMENT SERVERS - not intended for production use!!!
 //=========================================================================