This change associates users signing in using oauth providers when tpa is required, verifying that only a single database user is associated with the email.
For more information as to why this was added in a separate pipeline, check edx-platform#25935.
Since we are handling the MFE redirection in login_and_registration_form()
we don't need to handle it here. It's redirecting the enterprise users to
MFE instead of FE which is currently handled in login_and_registration_form()
view.
VAN-425
django-not-configured is an error raised by pylint (with
the pylint-django plugin) when it's not correctly configured.
We should not be applying lint amnesty for such a violation.
* Remove authentication, including SessionAuthentication, to fix CSRF
exemption by dropping CSRF check of SessionAuthentication.
* Several changes to make it more clear that only POST is supported and
clean up GET method testing.
* Removed the temporary 403 error logging that wasn't working.
* Removed test_single_access_token which was written for DOP, but
doesn't work with DOT. See
[MA-2122](https://openedx.atlassian.net/browse/MA-2122) for a ticket
about implementing this for DOT, although it doesn't seem to be a
priority. NOTE: A comment was added to the ticket explaining that this
test was removed.
* GET now returns default error for methods not allowed.
ARCHBOM-1667
Several tasks are explicitly named as (or like)
their old, deprecated import path.
The issue here is that django-user-tasks listens for task
invocations, and attempts to import the task based on its name.
If the task name is completely wrong, user-tasks will catch
the ImportError and move on.
If the task is a valid *deprecated* import, though, then
user-tasks will choke on the raised `DeprecatedEdxPlatformImportError`.
Thus, we must rename three tasks to their new full path:
1. entitlements.expire_old_enrollments
2. third_party_auth.fetch_saml_metadata
3. student.send_activation_email
The first two are run daily, and so are safe to be
renamed in place.
The third task must be renamed using an expand-contract
pattern; otherwise, we would drop hundreds of tasks
during the App vs. Worker out-of-sync version window
that happens at deployments.
This commit is the expand phase.
* import task decorator from celery APP instance instead of celery package in CMS
* replaced task decorator with shared_task in cms and common
* Fixed import of shared_task
* Fixed import
Updated status code and manage user func
update auth verification
Fixed auth condition
fixed test failuers
fixed style issues
fixed style issues
Created test for auth disabled use
Code refactor
Fixed form ain auth exchange
Fixed oauth apps with disabled user fail
applied quality fixes
Refactored tests
fixed quality issues
removed extra files
Fixed linter issues
Fixed linter issues
When rolling out #25477, we dropped hundreds of email activation
tasks due to the renaming of student.send_activation_email
to common.djangoapps.student.send_activation_email,
and lost more when we rolled that PR back.
This happens because of blue/green deployment:
old workers are still online for a while after deploying,
so there is a period of time when the task names are mismatched.
To prevent this from happening again, this will make
it so the import changes don't change the names of
any of the Celery tasks.
* Generate common/djangoapps import shims for LMS
* Generate common/djangoapps import shims for Studio
* Stop appending project root to sys.path
* Stop appending common/djangoapps to sys.path
* Import from common.djangoapps.course_action_state instead of course_action_state
* Import from common.djangoapps.course_modes instead of course_modes
* Import from common.djangoapps.database_fixups instead of database_fixups
* Import from common.djangoapps.edxmako instead of edxmako
* Import from common.djangoapps.entitlements instead of entitlements
* Import from common.djangoapps.pipline_mako instead of pipeline_mako
* Import from common.djangoapps.static_replace instead of static_replace
* Import from common.djangoapps.student instead of student
* Import from common.djangoapps.terrain instead of terrain
* Import from common.djangoapps.third_party_auth instead of third_party_auth
* Import from common.djangoapps.track instead of track
* Import from common.djangoapps.util instead of util
* Import from common.djangoapps.xblock_django instead of xblock_django
* Add empty common/djangoapps/__init__.py to fix pytest collection
* Fix pylint formatting violations
* Exclude import_shims/ directory tree from linting
When attempting to create a "Provider Configuration (LTI)" object in the
django admin, the following 500 error was being triggered:
"Either an icon class or an icon image must be given (but not both)"
This was caused by the `clean()` method of the mother class
(OAuth2ProviderConfig) which checked whether at least the icon_class XOR
icon_list attribute was well defined. In the case of the
LTIProviderConfig objects it isn't, but that's ok because this object
is not meant to be displayed in the login form.
To resolve this issue, we modify the `clean()` method to ensure that at
most icon_class or icon_image is set. Alternatively, we could have set
`visible = False` and then dropped the `visible` column from the
database, but it was deemed too risky.
unused.
Close CRI-205.
This version contains necessary fixes for validating the "audience"
component of the JWT, as seen in ARCHBOM-1281. (I believe we'll need to
pass both the App ID and the Service ID in an additional AUDIENCE "other
settings" key for this third-party-auth backend.)
Vendored from version 3.4.0 (9d93069564a60495e0ebd697b33e16fcff14195b)
social-core:
https://github.com/python-social-auth/social-core/blob/3.4.0/social_core/backends/apple.py
v3.4.0 is unreleased at this time (2020-07-28) and contains several
necessary bugfixes over 3.3.3 for AppleID, but also causes the
TestShibIntegrationTest.test_full_pipeline_succeeds_for_unlinking_testshib_account
test in common/djangoapps/third_party_auth/tests/specs/test_testshib.py
to break (somehow related to social-core's change 561642bf which makes
a bugfix to partial pipeline cleaning). ARCHBOM-1389 filed to address
this at our convenience.
Note: 3.4.0 was not released to PyPI due to a broken test, so we might
see a 3.4.1 when it's actually released:
https://github.com/python-social-auth/social-core/issues/485
