There was an issue where external LMS system (e.g. Canvas, Blackboard) that used Open edX LTI Provider calls had cookies blocked. This update fixes this issue by defining third-party cookies to have attributes of `Secure=True` and `SameSite=None`.
Details here: https://discuss.openedx.org/t/lti-xblock-and-samesite/759/5
(cherry picked from commit 28479a2966b87b16a25dbc96c19b6f5817d255de)
- remove code for displaying banner in mobile dates fragment
- replace button with link to web app in reset dates banner on
the mobile problem template
- adjust spacing of reset dates button in banner when button wraps
on smaller screen
Prepare to upgrade to django-oauth-toolkit (module name oauth2_provider) 1.3.2 concurrently with the Django 2.2 upgrade (versions after 1.1.3 dropped support for Django 1.11). Key points:
* We can stop using a commit hash since versions 1.3.0 through 1.3.2 have been released since that commit.
* The validator in oauth_dispatch migration 0002 has been removed from DOT, but the whole table was removed in migration 0004 anyway. Newer DOT versions moved where redirect URI validation happens so it's no longer needed here.
* DOT 1.3.0 squashed its original 6 migrations and immediately deleted them. This required some changes in oauth_dispatch migrations 0006 and 0007 to deal with either numbering system.
When deploying to stage and production, we'll need to delete the history for oauth2_provider migrations 0002-0006 first (the new squashed 0001 migration has the same name as the original 0001). The deployment with DOT 1.3.2 will add a new 0002 migration which should then apply cleanly on the existing database state.
Should resolve https://openedx.atlassian.net/browse/BOM-1456 .
We now either pass in the relevant courseoverview or when creating the
enrollement we use the factory which automatically creates the relevant
CourseOverview object for testing purposes.
1. Created a new celery queue with key `SOFTWARE_SECURE_VERIFICATION_ROUTING_KEY`.
2. Added a celery task with retry logic.
3. sorted imports with isort.
4. Changed deprecated `log.warn` => `log.warning`.
We were passing unstripped password value to `authenticate_new_user()`
after creating a user which was resulting in password mismatch and
was raising this error.
PROD-656
We weren’t using has_access to check user access, which meant we were missing out on a bunch of checks. This PR adds a local _check_access function to CoursewareInformation. Ideally we would add this into access.py, but we’re adding it here for now to avoid any unexpected regressions in editing more commonly used code. This should ultimately be folded into our access system properly.
TNL-7053
* Adding samesite cookie option in django 2.1 and above
Django 2.1 release note: Added the SESSION_COOKIE_SAMESITE setting to set the SameSite cookie flag on session cookies.
