* Remove authentication, including SessionAuthentication, to fix CSRF
exemption by dropping CSRF check of SessionAuthentication.
* Several changes to make it more clear that only POST is supported and
clean up GET method testing.
* Removed the temporary 403 error logging that wasn't working.
* Removed test_single_access_token which was written for DOP, but
doesn't work with DOT. See
[MA-2122](https://openedx.atlassian.net/browse/MA-2122) for a ticket
about implementing this for DOT, although it doesn't seem to be a
priority. NOTE: A comment was added to the ticket explaining that this
test was removed.
* GET now returns default error for methods not allowed.
ARCHBOM-1667
Updated status code and manage user func
update auth verification
Fixed auth condition
fixed test failuers
fixed style issues
fixed style issues
Created test for auth disabled use
Code refactor
Fixed form ain auth exchange
Fixed oauth apps with disabled user fail
applied quality fixes
Refactored tests
fixed quality issues
removed extra files
Fixed linter issues
Fixed linter issues
* Generate common/djangoapps import shims for LMS
* Generate common/djangoapps import shims for Studio
* Stop appending project root to sys.path
* Stop appending common/djangoapps to sys.path
* Import from common.djangoapps.course_action_state instead of course_action_state
* Import from common.djangoapps.course_modes instead of course_modes
* Import from common.djangoapps.database_fixups instead of database_fixups
* Import from common.djangoapps.edxmako instead of edxmako
* Import from common.djangoapps.entitlements instead of entitlements
* Import from common.djangoapps.pipline_mako instead of pipeline_mako
* Import from common.djangoapps.static_replace instead of static_replace
* Import from common.djangoapps.student instead of student
* Import from common.djangoapps.terrain instead of terrain
* Import from common.djangoapps.third_party_auth instead of third_party_auth
* Import from common.djangoapps.track instead of track
* Import from common.djangoapps.util instead of util
* Import from common.djangoapps.xblock_django instead of xblock_django
* Add empty common/djangoapps/__init__.py to fix pytest collection
* Fix pylint formatting violations
* Exclude import_shims/ directory tree from linting
* Updating Python Requirements
* Constrain django-cookies-samesite until dep bug fixed
* Fix PEP 8 problems revealed by pycodestyle upgrade
Co-authored-by: Tim McCormack <tmccormack@edx.org>
Co-authored-by: Jeremy Bowman <jbowman@edx.org>
* Revert "Ran make migration on third_party_auth (#23253)"
This reverts commit 49be65cc58.
* Removing provider.util import
* Removing further provider things
* Adding hash tests
- This PR removes all imports from provider by either bringing them into edx-platform or finding dot replacement. Removing tests that tested dop parts of code.
- Skipping some tests and removing dop
The tests are difficult to fix due to its entanglement with dop use in third_party_auth.
These tests should be restarted once dop has been removed from third_party_auth and its tests.
- set ENABLE_DOP_ADAPTER = False for devstack
* Renamed OAuth2Authentication to BearerAuthentication
* Added back OAuth2Authentication name
-there are libraries such as edx-enterprise that still import OAuth2Authentication. The OAuth2Authentication class should be fully removed when everything is importing BearerAuthentication correctly
- Removing deprecated auth classes
- Replacing OAuth2AuthenticationAllowInactiveUserDeprecated with OAuth2AuthenticationAllowInactiveUser
- the old class was a child class of a deprecated class that we are removing and replacing.
* Added new auth class
- Created new class called OAuth2AuthenticationAllowInactiveUser, which replaces old class with same name
- Renames previous OAuth2AuthenticationAllowInactiveUser to OAuth2AuthenticationAllowInactiveUserDeprecated
- Replaced all imports of OAuth2AuthenticationAllowInactiveUser to call deprecated class instead
- testing new class in discussion(added flag based on django setting)
PSA was monolothic, now split, with new features, like
a DB-backed partial pipeline. FB OAuth2 version also upped.
Partial pipelines don't get cleared except when necessary.
They persist for special cases like change of browser while
still mid-pipeline (i.e. email validation step).
Refactor, cleanup, and update of a lot of small things as well.
PLEASE NOTE the new `social_auth_partial` table.
