MST-706. ID Verification is now valid for 2 years, so messaging used to notify learners about their ID expiration should be updated to reflect this. We have chosen to only update the messaging that is related to the current IDV flow (going through IDV on the account MFE), as the old IDV flow is no longer used by learners on edX.
Someone at edx was able to quickly send a few texts to himself using the tool.
Each text came from a different number and there was no message about the ability to unsubscribe or stop.
This could potentially be used to spam users as well as potentially result in charges to edX for high volume.
page url https://courses.edx.org/text-me-the-app
LEARNER-8286
Removed tabindex="-1" from main element to fix accessibility issue
Description
Removed tabindex="-1" from main
We had a strange issue where TalkBack wasn’t reading content in some xBlocks but was reading some others. I figured out that if you remove tabindex=-1 from <main>, TalkBack works as expected again. Tangentially, this breaks the old method of implementing SkipNav links. Further tangentially, the SkipNav links were already broken (or in this case redundant on mobile). @wittjeff will file two separate issues after this one PR is merged — one for a better way to implement SkipNav links for Learning MFE, and one for a better / functional way to implement SkipNav links for Mobile.
How to reproduce
Go to [this unit](https://courses.edx.org/xblock/block-v1:W3Cx+WAI0.1x+3T2019+type@html+block@2eb3c86c479f44ba964f88ff0bfd9211) on mobile and turn on TalkBack. It will skip main content. For further information on testing go to [Jira Ticket](https://openedx.atlassian.net/browse/LEARNER-7858)
We ran into a bug where the is-hidden class was being overridden by the
font awesome styling due to a late load of font awesome (causing the
fa class to take precedence). This changes to instead wrap the icon in
the span so there is no competing between the two classes on the same
element
If we are seeing an anonymous user, but the segment user id is still
set, we believe the segment user id is coming from a different user on
the same machine. This will make sure we clear out that storage and
then the indentify call will make a new anonymous id
Course-team-authored JS expects $$course_id to be defined
in the global scope. This has worked fine in Legacy courseware,
but due to some differences in page loading (which I don't
understand) between Legacy and Chromeless (ie New/MFE) XBlock
rendering templates, $$course_id wasn't being assigned before
course-team-authored JS was run, causing the scripts to break
on the undefined variable.
The fix here is to assign $$course_id in the <head>,
guaranteeing that the variable is assigned before
any other JS is run.
TNL-7993
The Staff Debug Actions didn't work in the Learning MFE
because the underlying JS depended on the URL being
formatted as /courses/<course_key>/... in order to
parse out the course key. This worked in the legacy
experience, but breaks in the chromeless xblock view,
which is rendered under the URL /xblock/<usage_key>/...
The fix is to explicitly pass the course key into the
templated courseware HTML as a data attribute.
TNL-7955
Mobile apps load HTML (and other) XBlocks individually using the
render_xblock endpoint. This is an attmept to reduce the number
of requests and JS processing needed to do so by detecting when
we have math content in HTMLBlocks and only adding the Mathjax
resources when necessary.
This is controlled by the "courseware.optimized_render_xblock"
CourseWaffleFlag. For maximum safety, we currently only optimize
in this way when directly hitting HTMLBlocks, and not for
ProblemBlock or VerticalBlock.
This was made as part of edX's Hackathon XXV.
See context here: https://django-ratelimit.readthedocs.io/en/latest/cookbook/429.html#context
For now we continue to fall back to django's default 403 handler for 403
but provide a new 429 template that we use for ratelimit exceptions.
This commit also updates a logistration test that relied on the old 403
behavior of django-ratelimit instead of the newly added 429 behavior.
This adds a toggle to allow operators to prevent user registration and login via username/password authentication, forcing the platform to only support login and registration using third-party auth such as SAML.
Co-authored-by: Umar Asghar <mrumarasghar@gmail.com>
- Makes the action buttons underneath problems into link buttons
instead of push buttons. Per UI team
- Updates some colors of status pills like "Past due" or "Completed"
