* ENT-3007 auth/saml/v0/saml/providerdata and auth/saml/v0/saml/providerconfig endpoints
Move code to subfolder for samlproviderconfig
extra comma
undo accidental remove of import
GET works for a single config now
Use ModelViewSet to get all CRUD method. Test still fails
Add auth/saml/v0/providerdata endpoints
fixup reverse and test issue, remove leading caret
just triggering run, why is it failing in CI?
pycodelint fixes
Skip auth tests unless feature is on
Tests for post/put for samlproviderdata
move urls to their own folders
api tests for post samlprovierconfig
create 1 providerconfig test case
lint fixes
lint
lint
cleanup code local urls /samlproviderconfig works
note needed right now
Fix import errors
lint
unused import
wip: first attempt at rbac auth and jwt cookie in test
round 2 with enterprise uuid as url param for samlproviderconfig
improve tests, still dont pass
fix test by using system role, wip other test
fix create test
add get/post tests for providerdata
isort fixes
string lint fix
Cleanup based on feedback round1
move utils to tests package
Move util fn to openedx.feature area
lint
ENT-3007 : Round 2 of work on auth/saml/v0/providerconfig and auth/saml/v0/providerdata endpoints
* Fix test issue use string uuid for permission obj
* snake case changes provider_config
* snake case
* provider_data, tests and lint
* patch and delete tests for providerdata
* snake_case
* snake_case
* snake_case
* make patch test stronger
* 404 if invalid uuid for get param
* common util for validate uuid4
* unused import
* lint fixes for pycodestyle
* 400 when uuid is missing
* 400 instead of 404 for missing uuid
* spell fix
* update docstring for api usage
* docstring clarify
* Add auth/samlproviderconfig CRUD endpoints for use in admin portal
Fixes: ENT-3007
* Move code to subfolder for samlproviderconfig
* extra comma
* undo accidental remove of import
* GET works for a single config now
* Use ModelViewSet to get all CRUD method. Test still fails
* Add auth/saml/v0/providerdata endpoints
* fixup reverse and test issue, remove leading caret
* just triggering run, why is it failing in CI?
* pycodelint fixes
* Skip auth tests unless feature is on
* Tests for post/put for samlproviderdata
* move urls to their own folders
* api tests for post samlprovierconfig
* create 1 providerconfig test case
* lint fixes
* lint
* lint
* cleanup code local urls /samlproviderconfig works
* note needed right now
* Fix import errors
* lint
* unused import
* wip: first attempt at rbac auth and jwt cookie in test
* round 2 with enterprise uuid as url param for samlproviderconfig
* improve tests, still dont pass
* fix test by using system role, wip other test
* fix create test
* add get/post tests for providerdata
* isort fixes
* string lint fix
* Cleanup based on feedback round1
* move utils to tests package
* Move util fn to openedx.feature area
* lint
* lint fix
* remove unused import
Rather than fetching the Site for every provider in a loop, just look at
the ID of the site.
Added regression test, showing N `django_site` requests before and 0 after.
Apply same username restrictions during SSO pipeline as we have user registeration flow to avoid SSO flow breakage at the time of user creation.
ENT-2730
Code quality fixes
This performs a dark launch compare of the existing implementation
(still in use) for fetching TPA provider configs and a new
implementation, recording metrics on exceptions and mismatches.
The new implementation should have two benefits, once we're switched
over:
- Fix 1+N queries on login page view where the site for each config
was fetched in a loop (ARCHBOM-1139)
- Don't allow configs with the same key on different sites to
interfere with each other (regression test added)
The new impl does not use TieredCache, but only the request cache,
which we may want to adjust later.
Added more info to log in SSO request/response flow
Fixed django admin links on model's link fields which are broken due to django 2.2 upgrade.
ENT-2798
Fixed quality violations and unit test
Fix xsscommitlint violation
Fixed pylint violation
* Remove ThirdPartyAuthProviderApiPermission
Also removed ProviderApiPermissions and ApiPermissionsAdminForm and removal of DOP for third_party_auth
* Removing model
* Replaced long_token with default_token_generator
* Adding skip to test_migrations_are_in_sync
* WIP: add third-party-auth scope and usage
BOM-1264
* Fix tests now that we do permissions in a more standard way.
Rather than manually setting the permission class we previously
explicitly raised a PermissionDenied exception. The way DRF
permissoning logic works, if we use the WWW-Authenticate header in the
highest priority auth class, it will return a 401 instead of a 403.
* Added test to make sure having permissions gives access to user mapping api
* Test new filters logic.
Ensure that the filters we add to the application access model make it
into the JWT correctly.
* quality fix
* quality fix
* disable pylint warning
* quality fix
* fix indent prob
Co-authored-by: Feanil Patel <feanil@edx.org>
Co-authored-by: Manjinder Singh <49171515+jinder1s@users.noreply.github.com>
-Updated middleware setting to use use middleware insted of
middleware_classes
-github install of django-method-override fork to support
new style middleware in django1.11
Some tests that used to mock the cache internals of ConfigurationModels
had to be modified to use CacheIsolationTestCase instead (the things
they were mocking no longer exist).
Logout link should be displayed only for learner portal
Added changed to display only for learner portal
Added unit tests
check third_party_auth is enabled
Changes to extend SSO logout link feature to Oauth providers
Fixed quality violations
Removed unncessary assert
Reviewer feedback changes
- use login_ajax (in place of login_session with shim) for
logistration's call to login POST
- add toggle for using login_ajax from logistration
- FEATURES['ENABLE_LOGIN_POST_WITHOUT_SHIM']
- add custom metrics for redirect_url
- update test for third-party auth error_code
NOTE: The error_code `third-party-auth-with-no-linked-account`
was introduced in JSON in this earlier PR:
https://github.com/edx/edx-platform/pull/22452/files
ARCH-1253
The toggle UPDATE_LOGIN_USER_ERROR_STATUS_CODE was added to roll out a
breaking change for `login_user` auth errors to return a 400 rather than
a 200.
This toggle was enabled in Production on 12/5/2019 with seemingly no
adverse affects.
ARCH-1253
This completes the work started in https://github.com/edx/edx-platform/pull/19453
to use the LMS login and registration for Studio, rather than Studio
providing its own implementation.
LMS login/registration are being used for the following reasons:
1. LMS logistration properly handles all SSO integrations.
2. A single logistration is simpler to maintain and understand.
3. Allows Studio to work more like all other IDAs that use LMS
logistration.
The original switch to use LMS logistration for Studio also added the
toggle `DISABLE_STUDIO_SSO_OVER_LMS` to provide the community some
additional time for switching. This commit removes this toggle, which
at this point means all deployments will use the LMS logistration.
This change requires sharing cookies across LMS and Studio. Should that
prove to be a problem for certain Open edX instances, there are
discussions of possible alternative solutions.
See https://github.com/edx/edx-platform/pull/19845#issuecomment-559154256
Detailed changes:
* Fix some Studio links that still went to old Studio signin and signup.
* Remove DISABLE_STUDIO_SSO_OVER_LMS feature toggle.
* Remove old studio signin and signup pages and templates.
* Fix url name "login", which had different meanings for Studio and LMS.
* Use the following settings: LOGIN_URL, FRONTEND_LOGIN_URL,
FRONTEND_LOGOUT_URL, and FRONTEND_REGISTER_URL.
* Redirect /signin and /signup to the LMS logistration.
* Add custom metric `uses_pattern_library`.
* Add custom metric `student_activate_account`.
* Add Django Settings to allow /signin, /signup, and /login_post to be
disabled once ready.
This work also relates to ARCH-218 and DEPR-6.
ARCH-1253
Refactored enterprise unlink code to fix ENT-1890
Fixed quality violations and brokent test
Fixed pylint quality violations
Fixed failing unit test
Fixed broken test after rebasing with master
