- Fixed LANGUAGE_COOKIE settings name to LANGUAGE_COOKIE_NAME beacuse later is recognised by django
- Added test to verify cookies use in dark lang middleware
- Fixing Django 3.0 tests
- Update migration instructions
- Changes regarding redirect URLs and cookie domain are to permit the
site to run on multiple domains.
- Set LOGIN_URL in common so that it can be unset in environment overrides
This bypasses the "redirect to LMS" login/signup code, but does not yet
remove it; removal is covered by DEPR-166 so that this remains a
configuration-only change for now.
There should have no user-visible effect.
ref: ARCHBOM-1890
This changes the "Sign out" link on Studio to point to Studio's own logout
view, which clears the session and then redirects to LMS's logout page. The
LMS logout page then skips loading the Studio logout because it is seen in
the Referer header.
This change also brings Studio better into line with how other IDAs perform
their logouts.
Background:
After the rollout of Studio OAuth, logouts initiated on Studio failed to
actually log out Studio (but all other IDAs were logged out). This was
because the LMS logout view loads the logout pages of other IDAs but skips
any that is a *prefix* match on the Referer header, and browsers now often
send a truncated version of the Referer for privacy. Therefore, Studio was
always skipped when coming from Studio.
The fix is to make sure that Studio has already performed its logout by the
time the LMS logout page is loaded.
One wrinkle here is that the LMS logout view is activated by `/logout`, but
the correct logout view (provided by auth_backends) is activated by
`/logout/` -- with a trailing slash. This is fragile and unfortunate, but
can be cleaned up when we later remove other leftovers of Studio's previous
ability to handle logistration.
ref: ARCHBOM-1897
created CustomPagesCourseApp class
feat: created custom pages course app plugin
created CustomPagesCourseApp class
added CUSTOM_PAGES_HELP_URL to lms and cms settings
added entry point to setup.py
feat: added toggle to ENABLE_CUSTOM_PAGES in lms and cms settings
feat: removed the option to enable/disable the availability of custom pages course apps.
- Removed manage_user and manage_group commands and their unit tests from edx-platform and added then to edx-django-utils.
- Modified User.post_save signal to ensure the user profile is created when manage_user management command is run to create a user.
- Added edx-django-utils to INSTALLED_APPS for LMS and Studio.
- Moved generate_password from openedx.core.djangoapps.user_authn.utils to edx_django_utils.user along with its unit test.
Once LOGIN_URL is changed for an environment, the OAuth flow will be
activated. (See included temporary doc.)
This is for ARCHBOM-1860: Convert Studio to use LMS OAuth login.
Instead of hard-coding the "Learn More" and potentially other links for course
apps in the course authoring MFEs this change loads those URLs from the
django settings as part of each individual course app.
feat: reimagine certificate display settings
The course settings `certificate_available_date` (CAD) and
`certificates_display_behavior` (CDB) were previously
acting indedependantly of one another. They now work in
tandem. This change:
- limits CDB to a dropdown
- removes "early_with_info" and adds "end_with_date"
- only takes CAD into account if "end_with_date" is selected
- Moves CDB to the main course schedule settings page
- updates CourseOverview model and CourseDetails objects to
validate these fields and choose sane defaults if they aren't
expected values
This work was previously done in bd9e7dd (complete with bugs), so this
version is toggleable via the ENABLE_V2_CERT_DISPLAY_SETTINGS setting
Several of our cookies are meant to be shared between the LMS
and the marketing site. The previous assumption was that
SESSION_COOKIE_DOMAIN would cover both. We would like to make
it so that these can be set independently of each other.
https://openedx.atlassian.net/browse/ARCHBOM-1831
common.py has queue names that always get overridden by production.py
and lead to confusion. Set a default SERVICE_VANIANT in common.py and
then set the queue names based on that in common.py so that
production.py doesn't make it more complicated.
This should prevent the issue where if you copy a queue name in
common.py it ends up being incorrect in the production system. This is
what happened with the sample_task change.
https://github.com/edx/edx-platform/pull/23731 made it so that the queue
name for that queue is independently configurable but the default was
set to the value of HIGH_PRIORITY_QUEUE in common.py which is not the
same as the value set in production.py leading to stale tasks that never
get picked up in production.
BREAKING_CHANGE: If anyone was building a different settings file on top
of common, the default names in common.py are now change to be service
variant specific. eg 'edx.cms.core.high' instead of 'edx.core.high'
* Enable import failure and email with Errors/Warnings
This PR enables course import failure in case of olx validation errors. Here is the flow.
* Course Import tries to import foo.tar.gz into their course shell
* Course olx contains validation errors
* During course import, olx is validated and import is failed with the error message "Course olx validation failed. Please check your email."
* System generates an email with ERRORs & WARNINGs in the body of the email.
This PR also adds a waffle flag contentstore.bypass_olx_failure. The purpose of this test flag is to allow course teams to unblock by enabling them to bypass the
the olx-validation failure.
The workaround is shared on the ticket TNL8214.
* Disable olx validation out of the box.
Attempting to import packages from
lms/djangoapps, cms/djangoapps, or common/djangoapps
as if they are import roots will now
simply raise ImportErrors (like any other invalid
import) instead of DeprecatedEdxPlatformImportError.
See docs/decisions/0007-sys-path-modification-removal.rst
for more details.
* Use config settings for olxcleaner
Use config settings instead of hardcoded values for olx validation. This would help in adding a great deal of control when you want to change these settings in the future. With this approch we would not need a redeploy.
* Use configs and deprecate waffleflag and also add / update tests
Currently, login and registration forms and view to log the user in
are sharing same ratelimit settings which is causing too much noise
while rendering forms.This PR will introduce a separate
setting for logistration forms.
VAN-436
A variety of updates were made to improve the toggle documentation:
* Added comments to help ensure that the waffle(), waffle_switches(),
waffle_flags() anti-pattern won't be contagious (copied).
* Some minor toggle_description updates.
* Removed empty toggle_target_removal_date annotations for
non-temporary toggles.
* Removed empty optional toggle_warnings annotations.
* Removed empty optional toggle_tickets annotations.
* Removed deprecated toggle_category, toggle_status,
and toggle_expiration_date annotations.
* Fixed some indents, use cases, and implementations.
ARCHBOM-1721
Fixes an issue where the button that linked to edX documentation for
course teams in Studio that displayed beside the logged-in user's username/
drop-down menu is gone. Regression from PR #26106
Ref: TNL-8138
Previously, deprecated [lms|cms|common]/djangoapps
import paths would only raise errors if the
ERROR_ON_DEPRECATED_EDX_PLATFORM_IMPORTS
flag, which defaulted to False (but is overriden
to True for Devstack and *.edx.org), was enabled.
This change removes that setting and always raises
on use those deprecated import paths.
S3 URLs served by Blockstore have a max TTL of
1hr, since the temporary credentials the Blockstore
uses to sign the URLs themselves have a TTL of
1hr. Thus, we must cache Blockstore bundles for
less than 1hr.
TNL-7771
