When a user comes in through an sso provider and arrives at the login
or registration page, there is a warning message that comes up to indicate
that the user has to take an action to sign in and register and thus
link their sso account to their edx account. However, it is confusing,
particularly for the enterpise context. This diff disables these messages
from being rendered if these pages are being shown in an enterprise context.
- PLAT-1494 since mock-django only seems to support up to Django 1.9a1, and is only used in one file we're opting to try to simplify and remove the dependency.
PSA was monolothic, now split, with new features, like
a DB-backed partial pipeline. FB OAuth2 version also upped.
Partial pipelines don't get cleared except when necessary.
They persist for special cases like change of browser while
still mid-pipeline (i.e. email validation step).
Refactor, cleanup, and update of a lot of small things as well.
PLEASE NOTE the new `social_auth_partial` table.
The cryptography package is designed to be the "cryptographic
standard library" for Python developers. (Documents are online
at https://cryptography.io/en/latest/).
The use case for adding this is to bring encrypted claims from
outside edX into a course for assigning a grade using CAPA.
As an example, imagine that users enrolled in a computer security
and penetration testing class on edX are challenged to advance
as many levels as possible in a certain capture-the-flag (CTF)
puzzle hosted on an external app.
The external platform may provide the users an encrypted, tamper-
resistant token allowing them to enter that into an edX CAPA
auto-graded exercise in order for the edX user to claim credit
within the edX course.
For example, the external platform might take some plaintext JSON
like this:
{'user': 'isaac@example.com', 'score': 30}
And then use the Fernet symmetric encryption to give the user a
token like this:
gAAAAABZQX8xwdtvpdnTtuXWQUnbTPVA-Gw5dz6-kXFuKi0_2jpqFkSG
Dhy-BugBx38xhUfbmao9KwIhcxZt0uBAE0WT_uzjagLn7BwRIQP4Ap_B
r4e797QQllWcaHXVHhskHk6ETohc
Because the external platform and the `loncapa/python` script share
a secret, this token (1) means nothing to the user, (2) can be
decrypted on the edX side and used accordingly, and (3) won't
work if tampered with in between.
There are probably other use cases for using tokens, HMAC, or
encryption with autograded exercises. In any case, the crytography
library is well tested and reliable, so adding it presents little
risk and will probably benefit others.
