LORIS Release v21.0.0
This release contains several bug fixes and user interface improvements as well as a some new features and code clean-up.
It also adds the option to use the haveibeenpwned API to reject compromised passwords. This option defaults to false in order to not add a dependency on a third party service in the default install. Administrators are encouraged to enable it on any production server for increased security.
New Features
- [Instruments] Add ability to load instrument JSON data from flag Data column (#3894)
- [MRI] Add tables to the database to support the creation of a BIDS dataset for imaging data (#3912)
- [Core/Scurity] Add pwned passwords API to prevent common passwords and password reuse (#3961)
- [Core] Adding CandID Value Object (#4055)
- [Core] Add SameSite flag to session cookie to prevent CSRF (#4083)
- [Modules] QC Module (#4223)
Updates and Improvements
- Reactification of most menu filter pages for better UI
- [JS] Adding sortByValue for Selects and SearchableSelects (#3952)
- [SQL] Split mri_protocol range columns into min & max columns (#3973)
- [UI] Colour and styling makeover (#4007)
- [JSX] Dicom Archive - Refactor and Clean-Up (#4097)
- [Raisinbread] Update the dataset and clean-up of the data (#4120)
- [Instrument Manager] Add specific permission to this module so that superuser isn't necessary (#4191)
- [jsx] FilterableDataTable UI Redesign (#4203)
- [Core: Candidate] Improve ID generation (CandID, PSCID, ExternalID) (#4241)
Bug Fixes
- [Configuration] Prevent config field duplication and remove current duplicates (#3503)
- [Core: Candidate] Fix getFirstVisit method (#4075)
Clean Up
- [API] Remove "module API" (#3900)
- [SQL] Remove
PendingStaging
from files table (#3569) - [SQL] Replace the
Gender
field withSex
in the candidate table - [Core] Add User to hasAccess signature (#3655)
- [Core] Add type declarations to function signatures (Database, User, Site, Utility, Candidate, SinglepointLogin, Timepoint, BVL_Feedback_Panel, NDB_Caller, InstrumentSatus, Config, UserPermissions, Project, ProjectDefault, CouchDB, Client, Settings, NDB_factory, BVL_Feedback_Panel, NDB_Caller, InstrumentStatus, Config, Notify, State, Enail, Notifier, Breadcrumb, FeedbackMRI, MRIFile, ConflictDetector)
- [Core] removing deprecated Log class (#3999)
- [Core] removing deprecated Message class (#3999)
- [Core] Rename candidate center id to registration center (#4078)
- [Core] Remove the useProjects config setting (#4496)
- [Core] Remove checkDate() function from Utility
- [Core] Remove getNextVisitNo() function from Candidate (#4363)
- [Core] Cleanup duplicated data config paths (#4314)
- [JS] Compiled artifacts are no longer commited to the repository (#3891)
- [JS] StaticDataTable - Replaced
loris.hiddenHeaders
withthis.props.hiddenheaders
(#3967) - [Database] Make pSelectRow throw error if more than 1 row is returned (#3910)
- [Tools] Clean-up of tools and move into
tools/
subdirectory (Data Dictionary Builder - #4140, Fix Candidate Age - #4141, Score Instruments - #4146) - [Instruments] Make getFullName and getSubtestList abstract (#4407)
- [Training] Remove module (#4535)
Documentation
- Add document describing new routing (#3997)
Notes for Existing Projects
- Several changes in function signatures in library classes require updating any/all overrides done in projects' classes and PHP instruments. Existing instruments must be updated to ensure their signature matches the base class.
- The functions relating to getting the instrument's full name and getting the instrument's pages have been made abstract and must now be explicitly implemented to return the name string and pages array, rather than retrieving them from the database. The "LegacyInstrumentTrait" trait implements the old behaviour which can be restored by adding
use LegacyInstrumentTrait;
near the top of an instrument class. (This change is primarily motivated by an issue of cyclic dependencies while installing instruments, so there are no ill effects of using the trait on instruments which are already installed on a LORIS instance.) - LORIS API version 0.0.1 was removed. (v0.0.2 is a superset of v0.0.1, so only the URL should have to change in any scripts using the API.)
- Calls to pSelectRow will fail if more than 1 row is returned from the database. Make sure your select criterias match at most 1 row in the database.
- The
Log
andMessage
library classes have been removed. - The following tool scripts' location has been changed and their code cleaned up (Data Dictionary Builder - #4140, Fix Candidate Age - #4141, Score Instruments - #4146).
- The
mincPath
anddata
Config settings have been removed. - The
checkDate()
function has been removed from the Utility class. - The
getNextVisitNo()
function has been removed from the Candidate class. - The Training module has been removed.
- The menu item for the old reliability modle has been removed.
- The
useProjects
configuration setting has been removed. Projects are now mandatory, if no projects are defined in the database'sProject
table, a new defaultloris
project will be created and all candidates will be affiliated with it. If projects are defined in the table before execution of the patches, no changes will occur.
Upgrade Process
Several steps are involved in this LORIS release upgrade, due to database schema constraints.
Your LORIS must be updated to 20.3.0 before beginning this upgrade.
- Get the latest release code (download and extract)
- Run
make
from the Loris root directory to update all dependencies. - Source the
20.3_To_21.0_upgrade.sql
SQL file into the database - Run the script
data_dictionary_cleaner.php
from thetools/single_use/
directory and fix reported issues in the database. - Run the script
normalize_mri_protocol_range_data.php
from thetools/single_use/
directory to populate the new min/max fields in themri_protocol
table of the database.
Strongly Recommended: Security
- A bug was discovered in LORIS where passwords could be logged in the history table in plaintext.
This data is not exposed directly in the LORIS frontend, but an administrator could view them in the backend, or they could be exposed in the event of a data breach. The scripttools/single_use/remove_logged_passwords.php
should be run to delete all those logged. The script will expire the password of users who are affected
and print a report of which users should be warned along with their email address.
Optional: Upgrades
- Instruments JSON Data
This release adds support for loading and saving instrument data into theData
column of theflag
table rather than dedicated SQL tables (#3894). This change is still considered experimental and should not be used for important data. It can be enabled/disabled using thejsonData
property of the instrument class. This feature can be enabled independently on each instrument by following the steps below.- Run the script
migrate_sql_to_json.php
from thetools/single_use/
directory by specifying the name of the instrument you would like to convert as the first argument. - In the instrument, set the class variable
$this->jsonData = true;
in thesetup()
function.
- Run the script
Optional: Cleanup
- Check for duplicated configuration items and make sure their values are identical and correct to avoid being left with an incorrect value once duplicates are removed. Remove duplicated configurations using
2018-02-20_remove_duplicate_value_from_Config.sql
from theSQL/Archive/21.0/Cleanup
directory. - Run the
2018-04-05_RemovePendingStagingFromFiles.sql
from theSQL/Archive/21.0/Cleanup
directory. - Remove unused field
CurrentGUITable
by running2018-11-20-remove_currentGUITable_field.sql
from theSQL/Archive/21.0/Cleanup
directory. - Remove all references to the Training module by running
2019-05-13-RemoveTraining.sql
from theSQL/Archive/21.0/Cleanup
directory. - Remove leftover link to the old Reliability module in the menu by running
2019-05-15-Reliability_link.sql
from theSQL/Archive/21.0/Cleanup
directory.