Scheduled emails show "unsubscribe" link if waffle switch
`schedules.course_update_show_unsubscribe` is enabled, and
settings.ACE_ENABLED_POLICIES respects `bulk_email_optout`.
API endpoint allows GET/POST requests, which:
* GET asks for confirmation of opt-out
* POST accepts "unsubscribe" or "cancel", where "unsubscribe" creates the
Optout entry, and "cancel" does nothing.
Fixes flaky tests:
* The resolvers handle users in "bins", which are groups that depend on the user ID.
* The test user ID varies depending on the test order.
* This change ensures that the bin requested matches the user for the test.
The toggle UPDATE_LOGIN_USER_ERROR_STATUS_CODE was added to roll out a
breaking change for `login_user` auth errors to return a 400 rather than
a 200.
This toggle was enabled in Production on 12/5/2019 with seemingly no
adverse affects.
ARCH-1253
We use pickling in conjunction with caches in these cases so we should
be able to fallback to the uncached behavior if the pickled data is
corrupt in some way.
eg. it's a python 2 pickle we don't know how to read.
Returning JSON from `login_user` for third party auth failures makes
the response more consistent with all other `login_user` responses.
The only calls to `login_user` with this failure are processed by
`shim_student_view` which will in-turn remove this JSON. This improves
the `login_user` response in advance of switching the logistration page
to use `login_user` without `shim_student_view`.
ARCH-1253
`shim_student_view` is used for login, and is being simplified so it
can ulimately be completely deleted. In this commit, the shim
preprocessing was removed by deleting unused code, and moving code
that is still being used to login_user.
Note: `shim_student_view` was originally added in
https://github.com/edx/edx-platform/pull/5768/files
ARCH-1253
This completes the work started in https://github.com/edx/edx-platform/pull/19453
to use the LMS login and registration for Studio, rather than Studio
providing its own implementation.
LMS login/registration are being used for the following reasons:
1. LMS logistration properly handles all SSO integrations.
2. A single logistration is simpler to maintain and understand.
3. Allows Studio to work more like all other IDAs that use LMS
logistration.
The original switch to use LMS logistration for Studio also added the
toggle `DISABLE_STUDIO_SSO_OVER_LMS` to provide the community some
additional time for switching. This commit removes this toggle, which
at this point means all deployments will use the LMS logistration.
This change requires sharing cookies across LMS and Studio. Should that
prove to be a problem for certain Open edX instances, there are
discussions of possible alternative solutions.
See https://github.com/edx/edx-platform/pull/19845#issuecomment-559154256
Detailed changes:
* Fix some Studio links that still went to old Studio signin and signup.
* Remove DISABLE_STUDIO_SSO_OVER_LMS feature toggle.
* Remove old studio signin and signup pages and templates.
* Fix url name "login", which had different meanings for Studio and LMS.
* Use the following settings: LOGIN_URL, FRONTEND_LOGIN_URL,
FRONTEND_LOGOUT_URL, and FRONTEND_REGISTER_URL.
* Redirect /signin and /signup to the LMS logistration.
* Add custom metric `uses_pattern_library`.
* Add custom metric `student_activate_account`.
* Add Django Settings to allow /signin, /signup, and /login_post to be
disabled once ready.
This work also relates to ARCH-218 and DEPR-6.
ARCH-1253
The APIs using login_user are currently not following the API
conventions for non-SSO related authentication errors, by returning a
200 status code for errors.
In addition to switching the status code from 200 => 400 for
authentication failures, the following minor changes were made:
- Document and refactor an existing authn switch.
- Remove an unused url definition for login_ajax + error.
BREAKING CHANGE: This changes /login_post and /login_ajax to return
400, rather than 200, when success=False in the returned JSON (for
non-SSO related authentication errors).
To remove risk around this change, it was added behind a waffle switch
named `user_authn.update_login_user_error_status_code`.
A breaking change was made, rather than introducing /login_ajax_new,
in order to more quickly get to our end goal of the current clean-up
effort of having a single function for login. If this breaks any
callers, we may fix or abandon this change altogether.
ARCH-1253
To save the memory get cert and grade object directly from
the db because by doing that we'll override the queryset
evaluation and object won't be cached once it has gone out
of scope.
PROD-987
- Upgrade edx-drf-extensions to 2.4.5
- Removed constraint to 2.4.0, because 2.4.2 introduces a workaround for
ARCH-1210 by putting the problematic code behind a django setting.
- Remove unused JWT_AUTH_REFRESH_COOKIE setting.
ARCH-418, ARCH-1269, ARCH-1044
fix broken toggle
This is a follow up from MST-16, which was commited
in 3858036a4e.
Changes:
* Enrich course teams_configuration from a plain Dict
to a custom XBlock field that uses the new TeamsConfig
wrapper class.
* Remove teams_conf property from course, as the previous
change made it redundant.
* Update teams_enabled implementation.
* Remove teams_max_size field from course, which is
no longer semantically correct, as max team size
is now defined on a teamset level.
* Remove teams_topics in order to discourage use of raw
teams config dict.
* Add convenience properties teamsets and teamsets_by_id
to course.
* Allow periods and spaces in teamset IDs to avoid breaking
existing course teams.
Some parts of the code still use the old raw config data
(identifiable by searching "cleaned_data_old_format"),
which we expect to be slowly factored away as we build
new teams features. MST-40 has been created to remove any
remaining references if necessary.
MST-18
* fix: bokchoy test
* fix: remove pdb break
This PR introduces some backend python + REST APIs for storing static
asset files along with an XBlock in a content library. It also updates
the new runtime to be able to load such static asset files.
Example use cases:
* Store an image file with an HTML block and then use the image inline
in the HTML block.
* Store a PDF file with an HTML block and provide a link in the HTML for
the learner to download the PDF.
* Store .srt files or even video .mp4 files that belong to a video
XBlock.
Within the bundle, these static asset files are stored in a "static/"
subfolder of the folder that contains the OLX file. Extending an
existing LMS/Studio convention, a static asset file such as "image.png"
is referenced within the OLX as "/static/image.png" and the URL will be
rewritten by the runtime.
