Blog

Product news and other information from the developers of Portfolio.
Showing 1 - 5 of 134
  • Enabled e-portal OIDC-based login method

    Posted by: Robin Smidsrød 9. Aug 2021 17:03

    Today's update (568f91c) brings with it the following changes:

    Bugfixes

    • Fixed issue related to e-portal external identifier during e-portal OIDC login.
    You must be logged in to read or post comments
  • New e-portal OIDC-based login and various bugfixes

    Posted by: Robin Smidsrød 6. Jul 2021 19:21

    Today's update (29bf398) brings with it the following changes:

    Security issues

    • Secure application better against XML-based attack vectors.
    • Explicitly use Samesite=Lax cookie policy on insecure cookies.

    New features

    • Added login and authorization feature against e-portal, based on OpenID Connect workflow. Disabled until e-portal is fully configured.
    • Added Log in using e-portal-button to standard right hand side menu. Disabled until e-portal is fully configured.
    • Added eportal template function, giving access to issuer, API and logout URLs, making it possible to use these variables in templates.
    • User details, institution memberships, groups, roles, course access and student/supervisor relationships are automatically provisioned when logging in using e-portal.
    • User identity token (claims collection) from e-portal is verified by signature using JWT semantics. Reduces attack surface. Verification only allows RSA, ECC and Ed algorithms. Decoded identity claims are available in a session variable for use by templates.
    • During login using e-portal, the user is redirected to a common Portfolio site before being redirected back to the original site. This is normal and part of the e-portal login process.
    • Users without any email registered in e-portal will get an auto-generated email address associated with their Portfolio account.
    • If no username has been defined in e-portal, existing users will keep their existing Portfolio username when they login using e-portal.
    • If an institution with no owner is imported using e-portal, the owner is set to the orphan user.
    • Information from e-portal is cached for a short while to decrease load on e-portal API during login.
    • When logging out a session authenticated using e-portal, e-portal session is also logged out.

    Enhancements

    • Set HTTP user-agent so that when Portfolio is operating as an HTTP client, it can be more easily identified in remote systems.
    • Use contact manager UI for adding user in event log report.

    Bugfixes

    • Logout and redirect to front page when deleting your own account, to avoid a weird login issue.
    • Changed the logout request handler to be available to anonymous, so that when you explicitly try to logout when your session is already expired, it doesn't show a login prompt followed by an immediate logout.
    • Fixed issue with negative time intervals in time usage reports causing skewed reports.
    • Fixed grammar inconsistency with regards to the phrase "login/logout" being used as a verb, when it should be phrased as "log in/log out".
    • Ensure consistent phrasing of the word e-portal.
    You must be logged in to read or post comments
  • Another hotpatch to fix recipient issue when forwarding message

    Posted by: Robin Smidsrød 19. Jan 2021 09:44

    Today's hotpatch update (91deaac) brings with it the following changes:

    Bugfixes

    • Fixed issue with removing existing recipient when forwarding message.

    Documentation

    • Added or cleaned up reference documentation for the following modules: Portfolio::Context::Request, Portfolio::PlacementTest::CSVParser, Portfolio::Variable, placement_test(t)
    You must be logged in to read or post comments
  • Hotpatch: Fix invisible recipient in message system

    Posted by: Robin Smidsrød 15. Jan 2021 09:26

    A hotpatch (dcf5929) was deployed today. It contains the following changes:

    Bugfixes

    • Fixed issue with recipient not visible when replying or forwarding messages.
    You must be logged in to read or post comments
  • Contact manager is now used in more places and more documentation available

    Posted by: Robin Smidsrød 15. Jan 2021 09:26

    Today's update (b81e7aa) brings with it the following changes:

    Performance improvements

    • Students and supervisor relationship table now uses pagination, which increases performance.
    • Contact manager has changed backend API from XML to JSON.

    Enhancements

    • Improved the user experience in new message feature. It is now possible to add recipient using contact manager, and recipient auto-complete is better looking and more accessible.
    • Permission editor (for objects and containers) is now using contact manager.
    • Added contact manager for username lookup in file manager.
    • Reduced technical debt significantly. This means a lot of code has changed, which increases the change of regressions.

    Bugfixes

    • The message body text area is now focused when the user is replying to a message.

    Documentation improvements

    • Added more reference documentation for model classes.
    • All relevant reference documentation is now available.
    You must be logged in to read or post comments
Showing 1-5 of 134
Next Last

Login