Revert "Add additional parameters for enabling secure Browser"

[rohansharmasitoula]

User description

Reverts #102

---

PR Type

Enhancement

---

Description

• Simplified the secure browser configuration by removing additional parameters such as blacklisted software and screen protection settings.
• Updated the create_sb_wrapper and redirect_to_wrapper functions to remove secure browser settings.
• Modified the JavaScript startProview function to simplify parameters and remove secure browser handling.
• Reverted plugin version and dependencies to previous state.

---

Changes walkthrough 📝

	Relevant files
Enhancement	tracker.php Simplify secure browser wrapper creation                                  classes/local/api/tracker.php Removed additional secure browser parameters from create_sb_wrapper. Simplified redirect_to_wrapper function call. +5/-9      datastore.php Remove secure browser settings from datastore                        datastore.php Removed conditional logic for secure browser settings. Simplified template setup for secure browser. +0/-7      frame.php Simplify startProview function parameters                                frame.php Simplified startProview function parameters. Removed handling of secure browser settings. +3/-30
Configuration changes	version.php Revert plugin version and dependencies                                      version.php Reverted plugin version and release information. Adjusted plugin dependencies to previous state. +3/-3

---

💡 PR-Agent usage: Comment /help "your question" on any pull request to receive relevant information

[qodo-merge-pro]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

🎫 Ticket compliance analysis ❌ 102 - Not compliant Not compliant requirements: Add additional parameters for enabling secure Browser

⏱️ Estimated effort to review: 3 🔵🔵🔵⚪⚪

🧪 No relevant tests

🔒 Security concerns Potential security downgrade: The removal of secure browser features such as blacklisted software checks and screen protection settings may reduce the overall security of the proctoring system. This could potentially allow for easier cheating or unauthorized access during exams.

⚡ Recommended focus areas for review Functionality Removal The PR removes secure browser functionality, including parameters for blacklisted software and screen protection settings. Data Structure Change Removal of secure browser related fields from the template, which may affect dependent code. Function Signature Change The startProview function signature has been simplified, removing several parameters related to secure browser settings.

[qodo-merge-pro]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Score
Security	Remove debug output to prevent potential information leakage in production Remove the var_dump($data) statement as it may expose sensitive information in production environments and is typically used for debugging purposes only. classes/local/api/tracker.php [116-119] -var_dump($data); try { $curl->setHeader(array('Content-Type: application/json', 'app-id: b37ec896-f62b-4cbe-b39f-8dd21881dfd3', 'Authorization: Bearer ' . $auth_token)); $response = $curl->post($url, json_encode($data)); Apply this suggestion Suggestion importance[1-10]: 9 Why: Removing var_dump($data) is crucial for security, as it prevents sensitive information from being exposed in production environments. This change significantly enhances the security of the application.	9
	Use a more secure method for storing and retrieving sensitive configuration values Consider using a more secure method to store and retrieve the app-id value, such as Moodle's config system, instead of hardcoding it in the source code. classes/local/api/tracker.php [118] -$curl->setHeader(array('Content-Type: application/json', 'app-id: b37ec896-f62b-4cbe-b39f-8dd21881dfd3', 'Authorization: Bearer ' . $auth_token)); +$app_id = get_config('local_proview', 'app_id'); +$curl->setHeader(array('Content-Type: application/json', 'app-id: ' . $app_id, 'Authorization: Bearer ' . $auth_token)); Apply this suggestion Suggestion importance[1-10]: 9 Why: Storing sensitive information like app-id in a secure configuration system instead of hardcoding it improves security by reducing the risk of accidental exposure or unauthorized access.	9
Possible issue	Add error handling for potential null or invalid wrapper response before redirection Consider adding error handling or logging for the case when $wrapper_response is not set or is null before redirecting. This will help prevent potential undefined variable errors and improve debugging. classes/local/api/tracker.php [93-94] $wrapper_response = self::create_sb_wrapper($proctoring_payload, $quiz); +if (!$wrapper_response || !isset($wrapper_response->signed_short_url)) { + // Log error or handle the case when wrapper_response is invalid + throw new \moodle_exception('invalid_wrapper_response', 'local_proview'); +} redirect($wrapper_response->signed_short_url); Apply this suggestion Suggestion importance[1-10]: 8 Why: This suggestion addresses a potential issue where the $wrapper_response might be null or invalid, which could lead to runtime errors. Adding error handling improves the robustness and reliability of the code.	8
Enhancement	Improve robustness of reference link parsing with optional chaining and nullish coalescing Consider using optional chaining (?.) and nullish coalescing (??) operators to handle potential undefined values more gracefully when parsing the reference_link. frame.php [98-101] -const referenceLinksArray = reference_link.match(/\[([^\]]+)\]\(([^)]+)\)/g)?.map(markdownLink => { +const referenceLinksArray = reference_link?.match(/\[([^\]]+)\]\(([^)]+)\)/g)?.map(markdownLink => { const match = markdownLink.match(/\[([^\]]+)\]\(([^)]+)\)/); - if (match) { - const caption = match[1]; + return match ? { caption: match[1], url: match[2] } : null; +}).filter(Boolean) ?? []; Apply this suggestion Suggestion importance[1-10]: 7 Why: Using optional chaining and nullish coalescing operators makes the code more robust by handling potential undefined values gracefully, which enhances code readability and reduces the likelihood of runtime errors.	7

💡 Need additional feedback ? start a PR chat