Product news and other information from the developers of Portfolio.
Showing 1 - 5 of 133
New e-portal OIDC-based login and various bugfixes
Today's update (29bf398) brings with it the following changes:
- Secure application better against XML-based attack vectors.
- Explicitly use
- Added login and authorization feature against e-portal, based on OpenID Connect workflow. Disabled until e-portal is fully configured.
- Added Log in using e-portal-button to standard right hand side menu. Disabled until e-portal is fully configured.
eportal template function, giving access to issuer, API and logout URLs, making it possible to use these variables in templates.
- User details, institution memberships, groups, roles, course access and student/supervisor relationships are automatically provisioned when logging in using e-portal.
- User identity token (claims collection) from e-portal is verified by signature using JWT semantics. Reduces attack surface. Verification only allows RSA, ECC and Ed algorithms. Decoded identity claims are available in a session variable for use by templates.
- During login using e-portal, the user is redirected to a common Portfolio site before being redirected back to the original site. This is normal and part of the e-portal login process.
- Users without any email registered in e-portal will get an auto-generated email address associated with their Portfolio account.
- If no username has been defined in e-portal, existing users will keep their existing Portfolio username when they login using e-portal.
- If an institution with no owner is imported using e-portal, the owner is set to the orphan user.
- Information from e-portal is cached for a short while to decrease load on e-portal API during login.
- When logging out a session authenticated using e-portal, e-portal session is also logged out.
- Set HTTP user-agent so that when Portfolio is operating as an HTTP client, it can be more easily identified in remote systems.
- Use contact manager UI for adding user in event log report.
- Logout and redirect to front page when deleting your own account, to avoid a weird login issue.
- Changed the logout request handler to be available to anonymous, so that when you explicitly try to logout when your session is already expired, it doesn't show a login prompt followed by an immediate logout.
- Fixed issue with negative time intervals in time usage reports causing skewed reports.
- Fixed grammar inconsistency with regards to the phrase "login/logout" being used as a verb, when it should be phrased as "log in/log out".
- Ensure consistent phrasing of the word e-portal.
Another hotpatch to fix recipient issue when forwarding message
Today's hotpatch update (91deaac) brings with it the following changes:
- Fixed issue with removing existing recipient when forwarding message.
- Added or cleaned up reference documentation for the following modules: Portfolio::Context::Request, Portfolio::PlacementTest::CSVParser, Portfolio::Variable, placement_test(t)
Hotpatch: Fix invisible recipient in message system
A hotpatch (dcf5929) was deployed today. It contains the following changes:
- Fixed issue with recipient not visible when replying or forwarding messages.
Contact manager is now used in more places and more documentation available
Today's update (b81e7aa) brings with it the following changes:
- Students and supervisor relationship table now uses pagination, which increases performance.
- Contact manager has changed backend API from XML to JSON.
- Improved the user experience in new message feature. It is now possible to add recipient using contact manager, and recipient auto-complete is better looking and more accessible.
- Permission editor (for objects and containers) is now using contact manager.
- Added contact manager for username lookup in file manager.
- Reduced technical debt significantly. This means a lot of code has changed, which increases the change of regressions.
- The message body text area is now focused when the user is replying to a message.
- Added more reference documentation for model classes.
- All relevant reference documentation is now available.
Improved documentation and code quality
Today's update (2832387) brings with it the following changes:
- A lot of the database queries have been refactored, which should make them more robust. There is also a slightly higher risk of regressions.
- Added more test cases for better code coverage.
- Started using better tools to improve code quality and avoid bad practices.
Added reference documentation for Site, Tag and Messages model classes.
Showing 1-5 of 133