SAK-50599 Samigo fix SEB return behavior

[ottenhoff]

• SEB: added return URL handling and post‑launch redirect, fixed key‑validation flow, and hardened link setup.
• Secure‑delivery UI: hide SEB settings for non‑SEB modules and fix radio enable/disable.
• Respondus/secure‑delivery: ensure START‑phase failures render the plugin’s HTML fragment.
• Secure‑delivery error page: removed unused accesskey binding.

Summary by CodeRabbit

• New Features

  • Added Safe Exam Browser return-url support so users are returned to the assessment page after launch.

• Bug Fixes

  • Improved secure-delivery error display so relevant UI content appears on validation failure.
  • Better localization for secure-delivery messages.
  • Restored and refined secure-delivery form controls and help-text visibility; re-enabled relevant inputs.
  • Removed a keyboard shortcut from the secure-delivery error button.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Adds UI fragment population when secure delivery START validation fails, conditions secure delivery initialization in DeliveryBean, improves locale-aware fragment rendering, adjusts secure delivery authoring inputs and JS handling, introduces a SEB return URL flow and propagation, and removes an accesskey from a secure delivery error button.

Changes

Cohort / File(s)	Summary
Secure delivery listeners samigo/samigo-app/src/java/org/sakaiproject/tool/assessment/ui/listener/delivery/DeliveryActionListener.java, samigo/samigo-app/src/java/org/sakaiproject/tool/assessment/ui/listener/delivery/LinearAccessDeliveryActionListener.java	On secure delivery START validation FAILURE, populate the SecureDelivery HTML fragment before returning; LinearAccess adds locale-aware rendering via ResourceLoader when constructing the fragment.
Delivery bean samigo/samigo-app/src/java/org/sakaiproject/tool/assessment/ui/bean/delivery/DeliveryBean.java	Make secure-delivery reset conditional: only clear state when status is null, otherwise re-run START phase validation when status=FAILURE and fragment is blank.
Authoring secure delivery JS samigo/samigo-app/src/webapp/js/authoringSecureDeliverySettings.js	Use querySelectorAll for radio handling, hide/show all config mode help texts consistently, toggle exit-password visibility, and wire change handlers for secureDeliveryModule.
SEB / delivery JS samigo/samigo-app/src/webapp/js/deliverySafeExamBrowser.js	Introduce SEB return URL input/id, derive and append return param to SEB launch URL, add post-launch redirect to return URL, and adjust key-present/update flow and link configuration behavior.
JSP changes — delivery pages samigo/samigo-app/src/webapp/jsf/delivery/beginTakingAssessment.jsp, samigo/samigo-app/src/webapp/jsf/delivery/secureDeliveryError.jsp	Add hidden SebReturnUrl input bound to delivery.selectURL when delivery.sebSetup is true; remove accesskey attribute from the secure delivery error command button.
Authoring JSP — published settings samigo/samigo-app/src/webapp/jsf/author/publishedSettings.jsp	Re-enable user interaction by removing disabled="true" from secureDeliveryModule radio and secureDeliveryModuleExitPassword input.

Suggested reviewers

• jesusmmp

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 30.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly relates to the main objective: fixing SEB (Safe Exam Browser) return behavior, which is a core focus of the changeset including new return URL mechanisms and post-launch redirect handling.

✨ Finishing touches

• 📝 Generate docstrings

---

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7502106 and d682924.

📒 Files selected for processing (3)

• samigo/samigo-app/src/java/org/sakaiproject/tool/assessment/ui/bean/delivery/DeliveryBean.java
• samigo/samigo-app/src/webapp/js/authoringSecureDeliverySettings.js
• samigo/samigo-app/src/webapp/jsf/author/publishedSettings.jsp

🧰 Additional context used

📓 Path-based instructions (8)

**/*.{html,jsp,vm,xhtml,xml}

📄 CodeRabbit inference engine (.cursor/rules/frontend.mdc)

**/*.{html,jsp,vm,xhtml,xml}: Use Bootstrap 5.2 as the preferred UI framework for styling in Sakai frontends
Leverage Bootstrap 5 components for consistent UI/UX

Files:

• samigo/samigo-app/src/webapp/jsf/author/publishedSettings.jsp

**/*.{html,jsp,vm,xhtml,xml,css,scss}

📄 CodeRabbit inference engine (.cursor/rules/frontend.mdc)

Ensure all UI components work across different screen sizes (Responsive Design)

Files:

• samigo/samigo-app/src/webapp/jsf/author/publishedSettings.jsp

**/*.{js,html,jsp,vm,xhtml,xml}

📄 CodeRabbit inference engine (.cursor/rules/frontend.mdc)

Use the web components in the webcomponents/ directory when possible in Sakai frontends

Files:

• samigo/samigo-app/src/webapp/jsf/author/publishedSettings.jsp
• samigo/samigo-app/src/webapp/js/authoringSecureDeliverySettings.js

**/*.{html,jsp,jspx,xml,ts,tsx,js,jsx}

📄 CodeRabbit inference engine (AGENTS.md)

Prefer kebab-case for values of HTML class and id attributes

Files:

• samigo/samigo-app/src/webapp/jsf/author/publishedSettings.jsp
• samigo/samigo-app/src/webapp/js/authoringSecureDeliverySettings.js

**/*.js

📄 CodeRabbit inference engine (.cursor/rules/frontend.mdc)

**/*.js: Use clean, standard modern JavaScript in Sakai frontends
Update jQuery code to modern JavaScript when making changes, if the changes are minimal
Prefer ES6+ features (arrow functions, template literals, destructuring, etc.) in JavaScript
Write modular, reusable JavaScript components in Sakai frontends
Minimize use of global variables and functions (Avoid Global Scope) in JavaScript

Files:

• samigo/samigo-app/src/webapp/js/authoringSecureDeliverySettings.js

**/*.{js,ts,jsx,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{js,ts,jsx,tsx}: Target evergreen browsers; assume ES2022+ features and browser APIs like fetch keepalive are present; avoid legacy branches, UA sniffing, or fallbacks unless a specific evergreen gap is documented
Replace jQuery with modern DOM APIs when touching code; new work should not add jQuery dependencies
Compose Lit components, ES modules, and encapsulated helpers; keep state local and explicit with modular code
Prefer module scope or class fields; expose intentional APIs instead of incidental globals; avoid global side channels

Files:

• samigo/samigo-app/src/webapp/js/authoringSecureDeliverySettings.js

**/*/*.{js,ts}

📄 CodeRabbit inference engine (AGENTS.md)

Internal reactive state in Lit components should stay prefixed with _ and is only surfaced through getters/setters when required

Files:

• samigo/samigo-app/src/webapp/js/authoringSecureDeliverySettings.js

**/*.java

📄 CodeRabbit inference engine (.cursor/rules/logging-rule.mdc)

**/*.java: Use SLF4J parameterized logging (logger.info("Value is: {}", value)) instead of string concatenation (logger.info("Value is: " + value))
Log messages and code comments should be in English. Log messages should never be translated.

**/*.java: Java: Never use local variable type inference (var). Always declare explicit types. Yes: Map<String, Integer> counts = new HashMap<>(); No: var counts = new HashMap<String, Integer>();
When proposing Java code, spell out full types in local variable declarations, for loops, and try-with-resources
When editing Java, prefer clarity over brevity; avoid introducing language features that aren't widely used in the repo
Treat any PR or suggestion containing Java var as non-compliant. Recommend replacing with explicit types before merge

**/*.java: Use Java 17 for trunk development (Java 11 was used for Sakai 22 and Sakai 23)
Do not use local variable type inference (var) in Java code. Always declare explicit types (e.g., List<String> names = new ArrayList<>(); not var names = new ArrayList<String>();). Enforced by Checkstyle rule during mvn validate

Files:

• samigo/samigo-app/src/java/org/sakaiproject/tool/assessment/ui/bean/delivery/DeliveryBean.java

🧠 Learnings (3)

📓 Common learnings

Learnt from: ottenhoff
Repo: sakaiproject/sakai PR: 0
File: :0-0
Timestamp: 2025-10-07T15:11:27.298Z
Learning: In samigo’s Total Scores view (samigo/samigo-app/src/webapp/jsf/evaluation/totalScores.jsp), mailto links were hidden after commit dee05746 (PR #12312, SAK-49674) added a render check requiring email.fromEmailAddress to be non-empty; PR #14154 (SAK-52058) restores visibility by checking only description.email.

Learnt from: CR
Repo: sakaiproject/sakai PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-10-07T16:11:33.008Z
Learning: Commit messages should follow: <issue key> <component> <brief description> (e.g., SAK-12345 Assignments add option x)

📚 Learning: 2025-10-07T15:11:27.298Z

Learnt from: ottenhoff
Repo: sakaiproject/sakai PR: 0
File: :0-0
Timestamp: 2025-10-07T15:11:27.298Z
Learning: In samigo’s Total Scores view (samigo/samigo-app/src/webapp/jsf/evaluation/totalScores.jsp), mailto links were hidden after commit dee05746 (PR #12312, SAK-49674) added a render check requiring email.fromEmailAddress to be non-empty; PR #14154 (SAK-52058) restores visibility by checking only description.email.

Applied to files:

• samigo/samigo-app/src/webapp/jsf/author/publishedSettings.jsp
• samigo/samigo-app/src/java/org/sakaiproject/tool/assessment/ui/bean/delivery/DeliveryBean.java

📚 Learning: 2025-12-08T23:22:13.173Z

Learnt from: hornersa
Repo: sakaiproject/sakai PR: 14282
File: samigo/samigo-app/src/webapp/jsf/author/item/timed.jsp:22-28
Timestamp: 2025-12-08T23:22:13.173Z
Learning: In JSF, h:outputLabel's for attribute is resolved to the actual clientId at render time. You can safely use a shortened value (e.g., for="timedHours") when the rendered output will map to a full clientId (like itemForm:timed:timedHours). This is valid for accessibility and keeps markup concise. Apply this guidance to JSP files under the samigo-app JSF views; ensure the rendered label correctly associates with the corresponding input for assistive technologies.

Applied to files:

• samigo/samigo-app/src/webapp/jsf/author/publishedSettings.jsp

⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: maven-build
• GitHub Check: sakai-deploy
• GitHub Check: maven-build

🔇 Additional comments (7)

samigo/samigo-app/src/webapp/jsf/author/publishedSettings.jsp (2)

431-431: LGTM! Disabled attribute removed to enable dynamic JS control.

The removal of disabled="true" allows the JavaScript in authoringSecureDeliverySettings.js to dynamically manage the enabled/disabled state of this radio input group. This coordinates with the JS changes that now use querySelectorAll to properly enable/disable all radio buttons with the same name.

---

456-457: LGTM! Exit password field now dynamically controlled.

Removing disabled="true" allows JavaScript to show/hide this field based on the selected secure delivery module and configuration mode. This aligns with the enhanced visibility management in authoringSecureDeliverySettings.js.

samigo/samigo-app/src/webapp/js/authoringSecureDeliverySettings.js (4)

52-59: Excellent fix for radio button group handling!

Changing from querySelector to querySelectorAll with forEach is the correct approach for radio button groups. The previous code would only enable/disable the first radio button with the given name, leaving other radios in the group potentially in an incorrect state. This ensures all radio inputs sharing the same name are consistently enabled or disabled together.

---

61-68: LGTM! Consistent with enable() method improvements.

The disable() method correctly mirrors the enable() method changes, ensuring consistent behavior for both enabling and disabling radio button groups.

---

296-312: Good enhancement to UI state management.

The additions at lines 304 and 308 ensure that configuration mode help texts are properly hidden when switching to:

• No secure delivery module (NONE_ID case)
• Non-SEB secure delivery modules (default case)

This prevents stale help text from remaining visible when users change their secure delivery module selection. Line 309 also ensures the exit password field is shown for non-SEB modules in the default case.

---

370-383: Good addition of onChange handler for published settings.

Line 373 adds the missing onChange(handleSecureDeliveryModule) handler for the published settings flow, bringing it to parity with the draft settings flow (line 379). This ensures that changes to the secure delivery module selection properly trigger UI updates (showing/hiding fields, help texts, etc.) in both published and draft assessment contexts.

samigo/samigo-app/src/java/org/sakaiproject/tool/assessment/ui/bean/delivery/DeliveryBean.java (1)

1384-1389: Improved secure delivery initialization with guarded re-validation.

The new conditional logic enhances secure delivery error handling:

1. Line 1384: When secureDeliveryStatus is null, performs the original reset (clear fragment, unblock delivery)
2. Lines 1387-1389: When status is FAILURE but no HTML fragment exists, re-initiates the START phase validation to obtain an appropriate error fragment

This change coordinates well with the listener updates mentioned in the AI summary (DeliveryActionListener and LinearAccessDeliveryActionListener now populate fragments on FAILURE), ensuring users receive proper error messages when secure delivery validation fails.

Minor consideration: If a secure delivery module repeatedly returns FAILURE with a blank fragment, this could result in multiple re-validation attempts within the same request. However, this would indicate a module implementation issue and is unlikely in practice since validateSecureDeliveryPhase (line 1315-1317) sets both status and fragment together.

Based on learnings, this aligns with the secure delivery flow improvements described in the PR objectives.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI Agents

In @samigo/samigo-app/src/webapp/js/deliverySafeExamBrowser.js:
- Around line 32-38: The getSelectURL() server-side accessor in
DeliveryBean.java currently returns the LESSONBUILDER_RETURNURL_SAMIGO session
attribute unvalidated; update getSelectURL() to validate the session value
against an allowlist before returning it—accept only same-origin or whitelisted
paths (e.g., relative paths starting with "/" but not protocol-relative "//", or
full URLs matching the server's host/origin or explicit trusted paths); if
validation fails, return a safe default (e.g., application context path or null)
and log the rejection. Use URI/URL parsing to detect host/port/scheme and
normalize input, reference getSelectURL(), DeliveryBean.java and
LESSONBUILDER_RETURNURL_SAMIGO when making the change.

🧹 Nitpick comments (2)

samigo/samigo-app/src/java/org/sakaiproject/tool/assessment/ui/listener/delivery/LinearAccessDeliveryActionListener.java (1)

129-132: Consider extracting ResourceLoader to a static field or injecting it as a dependency.

This inline instantiation pattern (new ResourceLoader().getLocale()) is used throughout the samigo module. While this code path executes only on delivery validation failure (a non-frequent scenario), extracting a static ResourceLoader instance would improve code clarity and avoid repeated service lookups within the error handling path.

samigo/samigo-app/src/webapp/js/deliverySafeExamBrowser.js (1)

148-162: Consider error handling for URL construction and document the timing assumption.

Two observations:

1. URL construction (lines 148-150): If getLaunchSebLink() returns an invalid URL, the new URL() constructor will throw. Consider wrapping in try-catch for robustness.

2. Arbitrary timeout (lines 158-161): The 500ms delay before redirecting back is a timing assumption that may be fragile across different browsers or system loads. While this is a common pattern for protocol handler launches, consider:

   • Documenting why 500ms was chosen
   • Whether browser events (like beforeunload) could provide more reliable timing
   • Testing across browsers to validate this duration

🔎 Proposed error handling for URL construction

     document.addEventListener("DOMContentLoaded", () => {
-        const launchUrl = new URL(getLaunchSebLink());
-        launchUrl.searchParams.set("return", getReturnUrl());
-        configureLink(launchSebLinkId, launchUrl.toString());
+        try {
+            const launchUrl = new URL(getLaunchSebLink());
+            launchUrl.searchParams.set("return", getReturnUrl());
+            configureLink(launchSebLinkId, launchUrl.toString());
+        } catch (error) {
+            console.error("Failed to construct SEB launch URL:", error);
+        }
         configureLink(downloadSebLinkId, downloadSebLink);
         configureLink(downloadConfigLinkId, getDownloadConfigLink());

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c1f7f05 and 7502106.

📒 Files selected for processing (6)

• samigo/samigo-app/src/java/org/sakaiproject/tool/assessment/ui/listener/delivery/DeliveryActionListener.java
• samigo/samigo-app/src/java/org/sakaiproject/tool/assessment/ui/listener/delivery/LinearAccessDeliveryActionListener.java
• samigo/samigo-app/src/webapp/js/authoringSecureDeliverySettings.js
• samigo/samigo-app/src/webapp/js/deliverySafeExamBrowser.js
• samigo/samigo-app/src/webapp/jsf/delivery/beginTakingAssessment.jsp
• samigo/samigo-app/src/webapp/jsf/delivery/secureDeliveryError.jsp

🧰 Additional context used

📓 Path-based instructions (8)

**/*.{html,jsp,vm,xhtml,xml}

📄 CodeRabbit inference engine (.cursor/rules/frontend.mdc)

**/*.{html,jsp,vm,xhtml,xml}: Use Bootstrap 5.2 as the preferred UI framework for styling in Sakai frontends
Leverage Bootstrap 5 components for consistent UI/UX

Files:

• samigo/samigo-app/src/webapp/jsf/delivery/secureDeliveryError.jsp
• samigo/samigo-app/src/webapp/jsf/delivery/beginTakingAssessment.jsp

**/*.{html,jsp,vm,xhtml,xml,css,scss}

📄 CodeRabbit inference engine (.cursor/rules/frontend.mdc)

Ensure all UI components work across different screen sizes (Responsive Design)

Files:

• samigo/samigo-app/src/webapp/jsf/delivery/secureDeliveryError.jsp
• samigo/samigo-app/src/webapp/jsf/delivery/beginTakingAssessment.jsp

**/*.{js,html,jsp,vm,xhtml,xml}

📄 CodeRabbit inference engine (.cursor/rules/frontend.mdc)

Use the web components in the webcomponents/ directory when possible in Sakai frontends

Files:

• samigo/samigo-app/src/webapp/jsf/delivery/secureDeliveryError.jsp
• samigo/samigo-app/src/webapp/js/authoringSecureDeliverySettings.js
• samigo/samigo-app/src/webapp/jsf/delivery/beginTakingAssessment.jsp
• samigo/samigo-app/src/webapp/js/deliverySafeExamBrowser.js

**/*.{html,jsp,jspx,xml,ts,tsx,js,jsx}

📄 CodeRabbit inference engine (AGENTS.md)

Prefer kebab-case for values of HTML class and id attributes

Files:

• samigo/samigo-app/src/webapp/jsf/delivery/secureDeliveryError.jsp
• samigo/samigo-app/src/webapp/js/authoringSecureDeliverySettings.js
• samigo/samigo-app/src/webapp/jsf/delivery/beginTakingAssessment.jsp
• samigo/samigo-app/src/webapp/js/deliverySafeExamBrowser.js

**/*.js

📄 CodeRabbit inference engine (.cursor/rules/frontend.mdc)

**/*.js: Use clean, standard modern JavaScript in Sakai frontends
Update jQuery code to modern JavaScript when making changes, if the changes are minimal
Prefer ES6+ features (arrow functions, template literals, destructuring, etc.) in JavaScript
Write modular, reusable JavaScript components in Sakai frontends
Minimize use of global variables and functions (Avoid Global Scope) in JavaScript

Files:

• samigo/samigo-app/src/webapp/js/authoringSecureDeliverySettings.js
• samigo/samigo-app/src/webapp/js/deliverySafeExamBrowser.js

**/*.{js,ts,jsx,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{js,ts,jsx,tsx}: Target evergreen browsers; assume ES2022+ features and browser APIs like fetch keepalive are present; avoid legacy branches, UA sniffing, or fallbacks unless a specific evergreen gap is documented
Replace jQuery with modern DOM APIs when touching code; new work should not add jQuery dependencies
Compose Lit components, ES modules, and encapsulated helpers; keep state local and explicit with modular code
Prefer module scope or class fields; expose intentional APIs instead of incidental globals; avoid global side channels

Files:

• samigo/samigo-app/src/webapp/js/authoringSecureDeliverySettings.js
• samigo/samigo-app/src/webapp/js/deliverySafeExamBrowser.js

**/*/*.{js,ts}

📄 CodeRabbit inference engine (AGENTS.md)

Internal reactive state in Lit components should stay prefixed with _ and is only surfaced through getters/setters when required

Files:

• samigo/samigo-app/src/webapp/js/authoringSecureDeliverySettings.js
• samigo/samigo-app/src/webapp/js/deliverySafeExamBrowser.js

**/*.java

📄 CodeRabbit inference engine (.cursor/rules/logging-rule.mdc)

**/*.java: Use SLF4J parameterized logging (logger.info("Value is: {}", value)) instead of string concatenation (logger.info("Value is: " + value))
Log messages and code comments should be in English. Log messages should never be translated.

**/*.java: Java: Never use local variable type inference (var). Always declare explicit types. Yes: Map<String, Integer> counts = new HashMap<>(); No: var counts = new HashMap<String, Integer>();
When proposing Java code, spell out full types in local variable declarations, for loops, and try-with-resources
When editing Java, prefer clarity over brevity; avoid introducing language features that aren't widely used in the repo
Treat any PR or suggestion containing Java var as non-compliant. Recommend replacing with explicit types before merge

**/*.java: Use Java 17 for trunk development (Java 11 was used for Sakai 22 and Sakai 23)
Do not use local variable type inference (var) in Java code. Always declare explicit types (e.g., List<String> names = new ArrayList<>(); not var names = new ArrayList<String>();). Enforced by Checkstyle rule during mvn validate

Files:

• samigo/samigo-app/src/java/org/sakaiproject/tool/assessment/ui/listener/delivery/DeliveryActionListener.java
• samigo/samigo-app/src/java/org/sakaiproject/tool/assessment/ui/listener/delivery/LinearAccessDeliveryActionListener.java

🧠 Learnings (3)

📓 Common learnings

Learnt from: ottenhoff
Repo: sakaiproject/sakai PR: 0
File: :0-0
Timestamp: 2025-10-07T15:11:27.298Z
Learning: In samigo’s Total Scores view (samigo/samigo-app/src/webapp/jsf/evaluation/totalScores.jsp), mailto links were hidden after commit dee05746 (PR #12312, SAK-49674) added a render check requiring email.fromEmailAddress to be non-empty; PR #14154 (SAK-52058) restores visibility by checking only description.email.

Learnt from: CR
Repo: sakaiproject/sakai PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-10-07T16:11:33.008Z
Learning: Commit messages should follow: <issue key> <component> <brief description> (e.g., SAK-12345 Assignments add option x)

📚 Learning: 2025-10-07T15:11:27.298Z

Learnt from: ottenhoff
Repo: sakaiproject/sakai PR: 0
File: :0-0
Timestamp: 2025-10-07T15:11:27.298Z
Learning: In samigo’s Total Scores view (samigo/samigo-app/src/webapp/jsf/evaluation/totalScores.jsp), mailto links were hidden after commit dee05746 (PR #12312, SAK-49674) added a render check requiring email.fromEmailAddress to be non-empty; PR #14154 (SAK-52058) restores visibility by checking only description.email.

Applied to files:

• samigo/samigo-app/src/webapp/jsf/delivery/secureDeliveryError.jsp
• samigo/samigo-app/src/java/org/sakaiproject/tool/assessment/ui/listener/delivery/DeliveryActionListener.java
• samigo/samigo-app/src/webapp/jsf/delivery/beginTakingAssessment.jsp

📚 Learning: 2025-12-08T23:22:13.173Z

Learnt from: hornersa
Repo: sakaiproject/sakai PR: 14282
File: samigo/samigo-app/src/webapp/jsf/author/item/timed.jsp:22-28
Timestamp: 2025-12-08T23:22:13.173Z
Learning: In JSF, h:outputLabel's for attribute is resolved to the actual clientId at render time. You can safely use a shortened value (e.g., for="timedHours") when the rendered output will map to a full clientId (like itemForm:timed:timedHours). This is valid for accessibility and keeps markup concise. Apply this guidance to JSP files under the samigo-app JSF views; ensure the rendered label correctly associates with the corresponding input for assistive technologies.

Applied to files:

• samigo/samigo-app/src/webapp/jsf/delivery/secureDeliveryError.jsp
• samigo/samigo-app/src/webapp/jsf/delivery/beginTakingAssessment.jsp

⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: sakai-deploy
• GitHub Check: maven-build
• GitHub Check: maven-build

🔇 Additional comments (9)

samigo/samigo-app/src/webapp/jsf/delivery/beginTakingAssessment.jsp (1)

50-50: LGTM! SEB return URL propagation implemented correctly.

The hidden input field properly binds to delivery.selectURL and is conditionally rendered only when delivery.sebSetup is true, ensuring it participates in SEB-enabled assessment flows without affecting other delivery modes.

samigo/samigo-app/src/webapp/jsf/delivery/secureDeliveryError.jsp (1)

49-54: LGTM! Accesskey removal improves accessibility.

Removing the unused accesskey attribute prevents potential keyboard shortcut conflicts and aligns with modern accessibility best practices. The button retains all necessary functional attributes.

samigo/samigo-app/src/java/org/sakaiproject/tool/assessment/ui/listener/delivery/LinearAccessDeliveryActionListener.java (1)

61-61: Import added for locale support.

The ResourceLoader import enables locale-aware HTML fragment rendering for secure delivery failures, supporting proper internationalization.

samigo/samigo-app/src/java/org/sakaiproject/tool/assessment/ui/listener/delivery/DeliveryActionListener.java (1)

371-374: LGTM! Locale-aware fragment rendering added.

The change correctly populates the secure delivery HTML fragment with locale information on START phase failure, ensuring error messages are properly internationalized. This is consistent with the parallel change in LinearAccessDeliveryActionListener.

samigo/samigo-app/src/webapp/js/authoringSecureDeliverySettings.js (3)

52-59: LGTM! Improved radio input handling.

The change from a single-element pattern to querySelectorAll with forEach correctly handles all radio inputs sharing the same name attribute, ensuring the enable operation applies to all related inputs. This is more robust and idiomatic.

---

61-68: LGTM! Consistent disable logic.

The disable method mirrors the enable method's improved pattern, ensuring all radio inputs with the given name are properly disabled.

---

296-312: LGTM! Enhanced UI state management for secure delivery settings.

The additions correctly manage visibility of help texts and the exit password field across different module selections:

• NONE case (line 304): hides all help texts since no module is active
• Default case (lines 307-309): cleans up help texts and ensures exit password is visible for non-SEB modules

This prevents UI state inconsistencies and ensures users see only relevant configuration options.

samigo/samigo-app/src/webapp/js/deliverySafeExamBrowser.js (2)

59-59: Good defensive coding improvement.

Adding the link check before calling remove() prevents potential runtime errors when the element doesn't exist.

---

132-136: Critical fix: corrected key validation flow.

The swapped logic now correctly handles the SEB key lifecycle:

• When keys are empty: updateKeys() is called to fetch them asynchronously, with onSebKeysPresent as the callback
• When keys are present: onSebKeysPresent() is invoked immediately

The previous logic was inverted and would have attempted validation before keys were available.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Find where sebReturnUrl is populated and check for validation

# Search for sebReturnUrl in JSP/Java files across the repo
rg -n 'sebReturnUrl' -t java -t jsp --max-count=20

Repository: sakaiproject/sakai

Length of output: 89

---

🏁 Script executed:

#!/bin/bash
# Search for sebReturnUrl across all files without strict type filtering

rg -n 'sebReturnUrl' -i --max-count=50

# Also search for the file itself to understand context
fd 'deliverySafeExamBrowser' -type f

Repository: sakaiproject/sakai

Length of output: 527

---

🏁 Script executed:

#!/bin/bash
# Find the delivery bean class
fd -e 'java' | xargs rg -l 'class.*Delivery.*Bean|class.*Delivery.*' | head -10

# Search for selectURL property
rg -n 'selectURL' --max-count=30

Repository: sakaiproject/sakai

Length of output: 2913

---

🏁 Script executed:

#!/bin/bash
# Read DeliveryBean.java and find selectURL property
cat samigo/samigo-app/src/java/org/sakaiproject/tool/assessment/ui/bean/delivery/DeliveryBean.java | head -100

# Also search for selectURL definition
rg -n 'selectURL' samigo/samigo-app/src/java/org/sakaiproject/tool/assessment/ui/bean/delivery/DeliveryBean.java -A 5 -B 2

Repository: sakaiproject/sakai

Length of output: 5026

---

🏁 Script executed:

#!/bin/bash
# Get file size first
wc -l samigo/samigo-app/src/java/org/sakaiproject/tool/assessment/ui/bean/delivery/DeliveryBean.java

# Search for selectURL with context
rg -n 'selectURL' samigo/samigo-app/src/java/org/sakaiproject/tool/assessment/ui/bean/delivery/DeliveryBean.java -B 5 -A 10

Repository: sakaiproject/sakai

Length of output: 161

---

🏁 Script executed:

#!/bin/bash
# Case-insensitive search for selectURL
rg -i 'selecturl' samigo/samigo-app/src/java/org/sakaiproject/tool/assessment/ui/bean/delivery/ -B 3 -A 5

# Also check other delivery bean files
rg -i 'selecturl' samigo/samigo-app/src/java/org/sakaiproject/tool/assessment/ui/bean/delivery/ --files-with-matches

Repository: sakaiproject/sakai

Length of output: 1401

---

🏁 Script executed:

#!/bin/bash
# Get the complete getSelectURL method
rg -n 'public String getSelectURL' samigo/samigo-app/src/java/org/sakaiproject/tool/assessment/ui/bean/delivery/DeliveryBean.java -A 25

Repository: sakaiproject/sakai

Length of output: 1185

---

🏁 Script executed:

#!/bin/bash
# Search for validation of LESSONBUILDER_RETURNURL_SAMIGO
rg -i 'LESSONBUILDER_RETURNURL_SAMIGO' -B 3 -A 3

# Check if there's any URL validation utility used elsewhere
rg -i 'validateurl|validateredirect|allowlist' samigo/ --max-count=20

Repository: sakaiproject/sakai

Length of output: 7601

---

Add server-side validation in getSelectURL() to prevent open redirect vulnerability.

The getSelectURL() method in DeliveryBean.java returns the LESSONBUILDER_RETURNURL_SAMIGO session attribute without validation. Although the JavaScript code in deliverySafeExamBrowser.js reads this value safely, the server-side value should be validated against an allowlist (same-origin URLs or specific known paths) to prevent open redirect attacks, even if LessonBuilder is expected to set safe values.

🤖 Prompt for AI Agents

In @samigo/samigo-app/src/webapp/js/deliverySafeExamBrowser.js around lines 32 -
38, The getSelectURL() server-side accessor in DeliveryBean.java currently
returns the LESSONBUILDER_RETURNURL_SAMIGO session attribute unvalidated; update
getSelectURL() to validate the session value against an allowlist before
returning it—accept only same-origin or whitelisted paths (e.g., relative paths
starting with "/" but not protocol-relative "//", or full URLs matching the
server's host/origin or explicit trusted paths); if validation fails, return a
safe default (e.g., application context path or null) and log the rejection. Use
URI/URL parsing to detect host/port/scheme and normalize input, reference
getSelectURL(), DeliveryBean.java and LESSONBUILDER_RETURNURL_SAMIGO when making
the change.