Skip to content

LORIS Release v21.0.0

Compare
Choose a tag to compare
@driusan driusan released this 01 Aug 13:54
· 44 commits to 21.0-release since this release

This release contains several bug fixes and user interface improvements as well as a some new features and code clean-up.

It also adds the option to use the haveibeenpwned API to reject compromised passwords. This option defaults to false in order to not add a dependency on a third party service in the default install. Administrators are encouraged to enable it on any production server for increased security.

New Features

  • [Instruments] Add ability to load instrument JSON data from flag Data column (#3894)
  • [MRI] Add tables to the database to support the creation of a BIDS dataset for imaging data (#3912)
  • [Core/Scurity] Add pwned passwords API to prevent common passwords and password reuse (#3961)
  • [Core] Adding CandID Value Object (#4055)
  • [Core] Add SameSite flag to session cookie to prevent CSRF (#4083)
  • [Modules] QC Module (#4223)

Updates and Improvements

  • Reactification of most menu filter pages for better UI
  • [JS] Adding sortByValue for Selects and SearchableSelects (#3952)
  • [SQL] Split mri_protocol range columns into min & max columns (#3973)
  • [UI] Colour and styling makeover (#4007)
  • [JSX] Dicom Archive - Refactor and Clean-Up (#4097)
  • [Raisinbread] Update the dataset and clean-up of the data (#4120)
  • [Instrument Manager] Add specific permission to this module so that superuser isn't necessary (#4191)
  • [jsx] FilterableDataTable UI Redesign (#4203)
  • [Core: Candidate] Improve ID generation (CandID, PSCID, ExternalID) (#4241)

Bug Fixes

  • [Configuration] Prevent config field duplication and remove current duplicates (#3503)
  • [Core: Candidate] Fix getFirstVisit method (#4075)

Clean Up

  • [API] Remove "module API" (#3900)
  • [SQL] Remove PendingStaging from files table (#3569)
  • [SQL] Replace the Gender field with Sex in the candidate table
  • [Core] Add User to hasAccess signature (#3655)
  • [Core] Add type declarations to function signatures (Database, User, Site, Utility, Candidate, SinglepointLogin, Timepoint, BVL_Feedback_Panel, NDB_Caller, InstrumentSatus, Config, UserPermissions, Project, ProjectDefault, CouchDB, Client, Settings, NDB_factory, BVL_Feedback_Panel, NDB_Caller, InstrumentStatus, Config, Notify, State, Enail, Notifier, Breadcrumb, FeedbackMRI, MRIFile, ConflictDetector)
  • [Core] removing deprecated Log class (#3999)
  • [Core] removing deprecated Message class (#3999)
  • [Core] Rename candidate center id to registration center (#4078)
  • [Core] Remove the useProjects config setting (#4496)
  • [Core] Remove checkDate() function from Utility
  • [Core] Remove getNextVisitNo() function from Candidate (#4363)
  • [Core] Cleanup duplicated data config paths (#4314)
  • [JS] Compiled artifacts are no longer commited to the repository (#3891)
  • [JS] StaticDataTable - Replaced loris.hiddenHeaders with this.props.hiddenheaders (#3967)
  • [Database] Make pSelectRow throw error if more than 1 row is returned (#3910)
  • [Tools] Clean-up of tools and move into tools/ subdirectory (Data Dictionary Builder - #4140, Fix Candidate Age - #4141, Score Instruments - #4146)
  • [Instruments] Make getFullName and getSubtestList abstract (#4407)
  • [Training] Remove module (#4535)

Documentation

  • Add document describing new routing (#3997)

Notes for Existing Projects

  • Several changes in function signatures in library classes require updating any/all overrides done in projects' classes and PHP instruments. Existing instruments must be updated to ensure their signature matches the base class.
  • The functions relating to getting the instrument's full name and getting the instrument's pages have been made abstract and must now be explicitly implemented to return the name string and pages array, rather than retrieving them from the database. The "LegacyInstrumentTrait" trait implements the old behaviour which can be restored by adding use LegacyInstrumentTrait; near the top of an instrument class. (This change is primarily motivated by an issue of cyclic dependencies while installing instruments, so there are no ill effects of using the trait on instruments which are already installed on a LORIS instance.)
  • LORIS API version 0.0.1 was removed. (v0.0.2 is a superset of v0.0.1, so only the URL should have to change in any scripts using the API.)
  • Calls to pSelectRow will fail if more than 1 row is returned from the database. Make sure your select criterias match at most 1 row in the database.
  • The Log and Message library classes have been removed.
  • The following tool scripts' location has been changed and their code cleaned up (Data Dictionary Builder - #4140, Fix Candidate Age - #4141, Score Instruments - #4146).
  • The mincPath and data Config settings have been removed.
  • The checkDate() function has been removed from the Utility class.
  • The getNextVisitNo() function has been removed from the Candidate class.
  • The Training module has been removed.
  • The menu item for the old reliability modle has been removed.
  • The useProjects configuration setting has been removed. Projects are now mandatory, if no projects are defined in the database's Project table, a new default loris project will be created and all candidates will be affiliated with it. If projects are defined in the table before execution of the patches, no changes will occur.

Upgrade Process

Several steps are involved in this LORIS release upgrade, due to database schema constraints.

Your LORIS must be updated to 20.3.0 before beginning this upgrade.

  1. Get the latest release code (download and extract)
  2. Run make from the Loris root directory to update all dependencies.
  3. Source the 20.3_To_21.0_upgrade.sql SQL file into the database
  4. Run the script data_dictionary_cleaner.php from the tools/single_use/ directory and fix reported issues in the database.
  5. Run the script normalize_mri_protocol_range_data.php from the tools/single_use/ directory to populate the new min/max fields in the mri_protocol table of the database.

Strongly Recommended: Security

  • A bug was discovered in LORIS where passwords could be logged in the history table in plaintext.
    This data is not exposed directly in the LORIS frontend, but an administrator could view them in the backend, or they could be exposed in the event of a data breach. The script tools/single_use/remove_logged_passwords.php
    should be run to delete all those logged. The script will expire the password of users who are affected
    and print a report of which users should be warned along with their email address.

Optional: Upgrades

  • Instruments JSON Data
    This release adds support for loading and saving instrument data into the Data column of the flag table rather than dedicated SQL tables (#3894). This change is still considered experimental and should not be used for important data. It can be enabled/disabled using the jsonData property of the instrument class. This feature can be enabled independently on each instrument by following the steps below.
    • Run the script migrate_sql_to_json.php from the tools/single_use/ directory by specifying the name of the instrument you would like to convert as the first argument.
    • In the instrument, set the class variable $this->jsonData = true; in the setup() function.

Optional: Cleanup

  • Check for duplicated configuration items and make sure their values are identical and correct to avoid being left with an incorrect value once duplicates are removed. Remove duplicated configurations using 2018-02-20_remove_duplicate_value_from_Config.sql from the SQL/Archive/21.0/Cleanup directory.
  • Run the 2018-04-05_RemovePendingStagingFromFiles.sql from the SQL/Archive/21.0/Cleanup directory.
  • Remove unused field CurrentGUITable by running 2018-11-20-remove_currentGUITable_field.sql from the SQL/Archive/21.0/Cleanup directory.
  • Remove all references to the Training module by running 2019-05-13-RemoveTraining.sql from the SQL/Archive/21.0/Cleanup directory.
  • Remove leftover link to the old Reliability module in the menu by running 2019-05-15-Reliability_link.sql from the SQL/Archive/21.0/Cleanup directory.