Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
66,543 Commits 1 Branch 0 Tags
0a05dc292bc00a850cd00a6f09e22f10cbe32608
Commit Graph

66543 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Aarif
2ea9ea916a replaced unittest assertions pytest assertions (#26287) 2021-02-11 17:40:23 +05:00
Bianca Severino
2e72791491 Create command to update expiration_date for old SoftwareSecurePhotoVerification entries (#26471) 2021-02-10 16:55:51 -05:00
Feanil Patel
14e11cad3d Merge pull request #26460 from edx/feanil/always_squelch 
feat: Update the user_authn app to not log PII by default.
 2021-02-10 13:58:04 -05:00
alangsto
9104983369 update edx-proctoring version (#26472) 
updated for quality
 2021-02-10 13:41:17 -05:00
Felipe Montoya
7c06896f83 Merge pull request #26243 from regisb/regisb/annotate-git-export 
[TSD] Annotate git export settings and toggles in CMS
 2021-02-10 12:48:51 -05:00
stvn
b17bbc8d66 style: Add more type-hints to discussions app 2021-02-10 08:42:05 -08:00
oliviaruizknott
52814f7378 test: add test to notify_credentials for multiple usernames 2021-02-10 11:25:23 -05:00
stvn
ef77ddc18d Merge PR #26345 bd03/admin/enabled 
* Commits:
  fix: Add DiscussionsConfiguration.enabled to admin page
 2021-02-10 08:25:16 -08:00
stvn
d8d4b4a0cc Merge PR #26346 bd03/models/str 
* Commits:
  style: Cleanup DiscussionsConfiguration.__str__
 2021-02-10 08:23:49 -08:00
Feanil Patel
62c0aa4917 feat: Update the user_authn app to not log PII by default. 
Instead of optionally not logging usernames and emails, do so by
default.  This mostly removes some complexity from the app and is makes
it so that it's more secure by default.

I considered the question of allowing people to log usernames and
e-mails if they wanted to but opted not to for a couple of reasons:

* It would involve adding a new feature flag that would be the opposite
of the SQUELCH_PII_IN_LOGS which would be a bit confusing.  When do you
use which one? or do you need both? etc.
* There is still a way to correlate the messages to eachother and in
most cases also to a specific user(email being the exception).
 2021-02-10 10:14:58 -05:00
Usama Sadiq
959a29fad5 Merge pull request #26453 from edx/usamasadiq/lower-pylint-upper-threshold 
Lower the pylint threshold to 200
 2021-02-10 19:43:52 +05:00
David Ormsbee
9d1f5e1224 fix: reduce the size of the commons.js asset. (#26462) 
The size of commons.js has gradually grown until it is now 4 MB in
dev mode. This change brings it back down to 880 KB. This does
cause the size of some other JS assets to increase, some by as much
as 500 KB. This still seemed like a worthwhile tradeoff.
 2021-02-10 09:34:18 -05:00
Waheed Ahmed
5c9c6176b6 Add skip_authn_mfe query param option. 
Added to serve old login/register pages for the e2e tests
until new tests added or old ones are fixed for the Authn MFE.
 2021-02-10 19:17:46 +05:00
Jayram
5ac505d5d0 docs: add annotations for ENABLE_COURSEWARE_SEARCH_FOR_COURSE_STAFF feature flag 2021-02-10 19:35:38 +05:30
Usama Sadiq
f6cfb62faf Merge pull request #26467 from edx/usamasadiq/bom-2244-remove-constraints 
Remove duplicate constraints
 2021-02-10 18:55:01 +05:00
Usama Sadiq
bb7c554517 Merge pull request #26468 from edx/jenkins/upgrade-python-requirements-2d14ace 
Python Requirements Update
 2021-02-10 18:24:49 +05:00
usamasadiq
eb0f44a135 Lower the pylint threshold to 200 2021-02-10 18:15:10 +05:00
Saqib
e014535dd8 add toggle annotations for ENABLE_HTML_XBLOCK_STUDENT_VIEW_DATA feature flag 2021-02-10 17:59:34 +05:00
edX requirements bot
9b41842422 Updating Python Requirements 2021-02-10 07:54:49 -05:00
Jawayria
60f43f123f Merge pull request #26446 from edx/jawayria/bom-2345-pylint-amnesty 
BOM-2345: Applied pylint-amnesty
 2021-02-10 17:44:08 +05:00
usamasadiq
2d14acee54 Remove duplicate constraints 2021-02-10 17:40:02 +05:00
Manjinder Singh
cd60646926 fix: Switch anonymous user ID hash from md5 to shake (#26198) 
Now that we always return an existing value from the DB rather than trusting that ID generation is deterministic and constant over time, we're free to change the generation algorithm.

Our long term goal is to switch to random IDs, but we need to first investigate the uses of save=False. In the meantime, this is a good opportunity to move away from MD5, which has a number of cryptographic weaknesses. None of the known vulnerabilities are considered exploitable in this location, given the limited ability to control the input to the hash, but we should generally be moving away from it everywhere for consistency.

This change should not be breaking even for save=False callers, since those calls are extremely rare (1 in 100,000) and should only occur after a save=True call, at which point they'll use the stored value. Even if this were not true, for a save=False/True pair of calls to result in a mismatch in output, the first of the calls would have to occur around the time of the deploy of this code.

Co-authored-by: Tim McCormack <tmccormack@edx.org>
 
Co-authored-by: Tim McCormack <tmccormack@edx.org>
 2021-02-10 07:37:27 -05:00
usamasadiq
e23fa84c37 Applied pylint-amnesty 2021-02-10 16:40:06 +05:00
edX requirements bot
a2635e9821 Python Requirements Update (#26463) 
* Updating Python Requirements

* change namespaced_switch_name to name

Co-authored-by: Zulqarnain <muhammad.zulqarnain@arbisoft.com>
 2021-02-10 16:25:34 +05:00
oliviaruizknott
0533ecc814 feat: allow notify_credentials to take a list of usernames 2021-02-09 17:04:21 -05:00
Adeel Ehsan
59bc5072cd Merge pull request #26459 from edx/aehsan/van-351/field_added_in_validate_decisions_for_authn 
field added in validate decisions for authn
 2021-02-10 01:14:21 +05:00
Feanil Patel
a482bc15e3 Merge pull request #26441 from edx/feanil/make_rate_limit_errors_429s 
Make rate limit errors 429s instead of 403s
 2021-02-09 15:07:22 -05:00
adeelehsan
bcfe2874fc field added in validate decisions for authn 
VAN-351
 2021-02-10 00:44:10 +05:00
Alexander J Sheehan
e9175c2338 Merge pull request #26444 from edx/alex-sheehan-edx/use-the-right-integrated-channels-task 
replace bulk transmission task to intended single learner task
 2021-02-09 12:28:50 -05:00
Alexander J Sheehan
3e6c201c67 Merge pull request #26454 from edx/alex-sheehan-edx/bumping-enterprise-3-17-25 
bumping enterprise to 3.17.25
 2021-02-09 12:01:30 -05:00
Alexander Sheehan
aaa375077c replace bulk transmission task to intended single learner task 2021-02-09 11:55:22 -05:00
Carla Duarte
f4c4a9be96 AA-511: update dashboard certificate button styling 2021-02-09 11:28:37 -05:00
Christie Rice
7db147e06a Fix lint-amnesty warnings (#26412) 2021-02-09 10:20:46 -05:00
Jayram
3127e5f7af docs: add annotations for ENABLE_DASHBOARD_SEARCH feature flag 2021-02-09 20:27:12 +05:30
Jayram
69e041b1eb docs: add annotations for ENABLE_COURSEWARE_SEARCH feature flag 2021-02-09 20:23:02 +05:30
Christie Rice
997e31b56b MICROBA-918 Check the allowlist when regenerating certificates, and stop incidentally modifying the certificate invalidation list (#26439) 2021-02-09 09:47:33 -05:00
Alexander Sheehan
bb3ed61822 bumping enterprise to 3.17.25 2021-02-09 09:29:53 -05:00
Carla Duarte
7f7edd93c7 Merge pull request #26440 from edx/ciduarte/AA-590 
AA-590: pass translated tab titles to MFE
 2021-02-09 08:57:10 -05:00
Usama Sadiq
9d47c8e1b0 Merge pull request #26451 from edx/usamasadiq/update_pylint 
Updated Pylint Warnings
 2021-02-09 17:55:07 +05:00
usamasadiq
1e2aa1dec5 Apply manesty to convention warnings 2021-02-09 17:09:19 +05:00
Régis Behmo
5a618bfdbb Annotate git export settings and toggles in CMS 
We take the opportunity to resolve a few linting issues, without affecting the
feature behaviour.
 2021-02-09 12:39:48 +01:00
usamasadiq
149c218a8c disable logging-format-interpolation warning 2021-02-09 16:01:52 +05:00
edx-pipeline-bot
d1d7867ee6 Merge pull request #26450 from edx/private_to_public_02d0b47 
Mergeback PR from private to public.
 2021-02-09 04:51:54 -05:00
edX cache uploader bot
f383a5b385 Updating Bokchoy testing database cache (#26448) 2021-02-09 14:03:15 +05:00
edX requirements bot
4422009c51 Updating Python Requirements (#26445) 2021-02-09 12:53:52 +05:00
jawad khan
95580b79a7 LEARNER-8218 Added BearerAuthenticationAllowInactiveUsern in celebration api 
Added BearerAuthenticationAllowInactiveUsern in celebration api
 2021-02-09 12:52:12 +05:00
Ali Akbar
280829705a Merge pull request #26433 from edx/IM/security-fixes-8-thresholds 
Update Thresholds
 2021-02-09 10:53:42 +05:00
Carla Duarte
00a025f073 AA-590: pass translated tab titles to MFE 2021-02-08 17:00:33 -05:00
Matt Hughes
02d0b474e7 Merge pull request #219 from edx/matthugs/EDUCATOR-5555-a11y-js-code-for-notes-needs-to-handle-tags-better 
Fix XSS vector for a11y text attached to notes editor
 2021-02-08 16:54:49 -05:00
Usama Sadiq
9dfd38bb2c Merge pull request #26431 from edx/usamasadiq/lower-pylint-upper-threshold 
Lower down pylint error thresholds
 2021-02-09 00:44:18 +05:00