Implementation details:
* Anonymous users are assigned a unique ID (like
`anon42c08f9996194e2a9339`) which gets stored in the django session.
`block.scope_ids.user_id` and `block.runtime.anonymous_student_id`
will both return this value.
* User state for anonymous users is stored in the django cache and
automatically expires as the cache gets pruned. Because user state is
stored, anonymous users can use interactive blocks like capa problems.
* There is no mechanism for upgrading to a registered account and
keeping user state since the user state store for anonymous users
(EphemeralKeyValueStore) is completely different than the one for
registered users (DjangoKeyValueStore/"CSM"), and has no "list all
keys" functionality.
* "User State Summary" field values are shared among [recently active]
anonymous users but are not shared with registered users.
* Anonymous users can only access the `public_view` of XBlocks, not the
regular `student_view`.
- retires toggle DISABLE_DEPRECATED_LOGIN_POST
- permanently removes /login_post
Now that studio signin has been retired, we are able to remove the
unused /login_post endpoint.
ARCH-1253
This completes the work started in https://github.com/edx/edx-platform/pull/19453
to use the LMS login and registration for Studio, rather than Studio
providing its own implementation.
LMS login/registration are being used for the following reasons:
1. LMS logistration properly handles all SSO integrations.
2. A single logistration is simpler to maintain and understand.
3. Allows Studio to work more like all other IDAs that use LMS
logistration.
The original switch to use LMS logistration for Studio also added the
toggle `DISABLE_STUDIO_SSO_OVER_LMS` to provide the community some
additional time for switching. This commit removes this toggle, which
at this point means all deployments will use the LMS logistration.
This change requires sharing cookies across LMS and Studio. Should that
prove to be a problem for certain Open edX instances, there are
discussions of possible alternative solutions.
See https://github.com/edx/edx-platform/pull/19845#issuecomment-559154256
Detailed changes:
* Fix some Studio links that still went to old Studio signin and signup.
* Remove DISABLE_STUDIO_SSO_OVER_LMS feature toggle.
* Remove old studio signin and signup pages and templates.
* Fix url name "login", which had different meanings for Studio and LMS.
* Use the following settings: LOGIN_URL, FRONTEND_LOGIN_URL,
FRONTEND_LOGOUT_URL, and FRONTEND_REGISTER_URL.
* Redirect /signin and /signup to the LMS logistration.
* Add custom metric `uses_pattern_library`.
* Add custom metric `student_activate_account`.
* Add Django Settings to allow /signin, /signup, and /login_post to be
disabled once ready.
This work also relates to ARCH-218 and DEPR-6.
ARCH-1253
We need to do this because when I tride to go to the JSON serializer a
bunch of tests started failing because various parts of our code are
putting things into the session that are not JSON serializable.
We can't keep using the default pickle serializer because it defaluts to
using the highest available protocol and that will cause issues with the
python 2 to 3 upgrade since both will be running in production at the
same time. We need to use a version of the pickle protocol that both
can use interchangably.
We also need to make sure we read with latin1 encoding to make datetimes
work correctly between the two versions of python.
This will force a logout as sessions fail to load but this should be a
more performant and secure serializer moving forward. The reason we
overwrote it in our config is that it previously used to be the default
and we didn't want things to breake and force logouts when we changed
it. We're no more okay with people getting logged out.
If this isn't installed, the sample_task provided by
openedx.core.djangoapps.heartbeat isn't imported, and thus are never
registered with the celery workers. This sample_task is used for the
extended heartbeat api call. Since the celery heartbeat check is turned
on by default, we should also make sure this djangoapp and thus
sample_task is registered by default. Otherwise the extended heartbeat
check fails with the default configuration.
ENABLE_MKTG_SITE has been serving double duty to both indicate that
an Open edX installation is using a Drupal marketing site AND
is using the Publisher workflow tool for managing course metadata.
But now that publisher-frontend is available and the Publisher
feature is no longer tied to the marketing site, we want to tease
apart those two concerns. Hence ENABLE_PUBLISHER.
Only really used so far in Studio, to control which fields are
shown (if using Publisher, some fields are only editable in
Publisher).
https://github.com/edx/edx-platform/pull/20645
This introduces:
* A new XBlock runtime that can read and write XBlocks that are persisted using
Blockstore instead of Modulestore. The new runtime is currently isolated so
that it can be tested without risk to the current courseware/runtime.
* Content Libraries v2, which store XBlocks in Blockstore not modulestore
* An API Client for Blockstore
* "Learning Context" plugin API. A learning context is a more abstract concept
than a course; it's a collection of XBlocks that serves some learning purpose.
* Update Financial Assistance logic
Use the zendesk proxy app instead of the unsupported zendesk library.
* Move to pre-fetching the group IDs.
Rather than making extra requests to zendesk to list all groups and find
a specific group ID. Just make a pre-filled list of group IDs for the
groups we care about. When a group name is passed in, it is checked
against this list and the ticket is created in the correct group so the
right people can respond to it.
Fix Unregistered Task
openedx.core.djangoapps.bookmarks.tasks.update_xblock_cache task is not
getting autodiscovered by celery and needs to be imported explicitly
PROD-284
* New system_wide_roles app added in openedx/core/djangoapps
* Added SystemWideRole and SystemWideRoleAssignment classes to govern
non-enterprise system wide roles
PROD-424
These were originally fixed individually, but had to be reverted, and
are now combined in one commit. The originals were:
7b9040f6b0 This enum was backwards
8774ff1f9b Use ref_name to disambiguate serializers that drf-yasg would otherwise assume are the same.
8a44397139 Is this field missing because it is None?
4a1154a7ca Give a safer buffer for clearing the rate limiting
64c47856dd DRF 3.7.4 changed how you delegate to another view, so don't
7359ca4fb2 Is this right? It fixes two tests
fdd66e5390 Adjust the expected error message for DRF 3.7.7
9257f68fd8 The default TIME_ZONE should be UTC
* Install drf-yasg
* Add drf-yasg settings and urls
* Pin drf to make drf-yasg work
* Adjust config-models version to be compatible
* Remove django-rest-swagger (the old way)
Some deprecated functionality has been removed:
- Reading data field and transforms being applied in the init() method.
- The source field.
- The source_visible attribute.
