This commit upgrades the version of the lti-consumer-xblock library from version 7.1.0 to version 7.2.0. Version 7.2.0 includes a number of fixes to bugs relating to personally identifiable information (PII) sharing in LTI launches in both LTI 1.1 and LTI 1.3. Version 7.2.0 also enables PII sharing (username and email) in LTI 1.3 launches.
Please see the CHANGELOG entry for these versions for a full description of the changes: https://github.com/openedx/xblock-lti-consumer/blob/master/CHANGELOG.rst#720---2022-12-15.
We have a need to lock the version of Django for production and tests, but
also to test on newer versions of Django so that we can get the repo ready
for long-term-support releases.
We've been doing that by extracting the `django==x.y.z` from the
pip-compiled files and moving it to a django.txt that is then co-installed
but can be overridden during tests. The problem is that this can result
in broken packages.
The approach here is to have `make test-requirements` continue to
ensure a consistent set of packages, and then install a different
Django on top of that in the CI script -- and call `pip check` to make
sure that combination isn't broken.
Adding Django 4.0 to the unit-tests.yml matrix will now correctly
result in this error and a failing job:
`django-splash 1.2.1 has requirement Django<4.0, but you have django 4.0.8.`
The other half of this is to change other CI runners to remove their
ability to control the Django version, since it's complicated to make
this work, and we probably only need it in unit-tests.yml. Convert them
to just use `make test-requirements`.
Also:
- Simplify handling of `pip --src` by setting `PIP_SRC` (rather than our
own `PIP_SRC_DIR`, which pip ignores because `--src-dir` isn't an option
that it knows). This is needed to allow `make test-requirements` to do
the pip calls. An alternative would be to set a pip-options env var for
the make target to use, but `PIP_SRC` already exists.
- Remove outdated modifications to common_constraints
- Add comment explaining why pylint tests need dev-requirements
4.13.3 merely brings the proctoring library celery version up to date
with the platform celery version, which is already the case when
proctoring is deployed since as a plugin it does not control celery
This commit upgrades the version of the lti-consumer-xblock library from version 6.4.0 to version 7.0.2. This includes versions 7.0.0, 7.0.1, and 7.0.2.
Version 7.0.0 includes refactoring to remove deprecated method calls to rebind_noauth_module_to_user, get_real_user, runtime.hostname, and runtime.course_id.
Version 7.0.1 includes a fix to the clean method of the LtiConfiguration model. The fix changes the way we look up the course ID so that we can access the course ID without needing to load the XBlock.
Version 7.0.2 includes fixes to LTI 1.1 Basic Outcomes Services and LTI 2.0 Result Service when using an external_user_id as a user identifier.
Note that version 7.0.1 was originally deployed in https://github.com/openedx/edx-platform/pull/31369. It was reverted soon after in https://github.com/openedx/edx-platform/pull/31377. The issue occurred in version 7.0.0, in the following line https://github.com/openedx/xblock-lti-consumer/pull/249/files#diff-ab027143adc95b9776c12e973e28f025a21b0d88112937af93645829686527fdL186. self in the call to the service is an instance of the OutcomeService. self should be an instance of an XBlock (i.e. LtiConsumerXBlock). Version 7.0.2 fixes this bug by moving the call to the service to the LtiConsumerXBlock, where self is an instance of an XBlock. Therefore, we are deploying this version to fix forward.
Please see the CHANGELOG entries below for these versions for a full description of the changes.
Version 7.0.0: https://github.com/openedx/xblock-lti-consumer/blob/master/CHANGELOG.rst#700---2022-11-29
Version 7.0.1: https://github.com/openedx/xblock-lti-consumer/blob/master/CHANGELOG.rst#701---2022-11-29
Version 7.0.2: https://github.com/openedx/xblock-lti-consumer/blob/master/CHANGELOG.rst#702---2022-11-29.
The commit messages of each version are included below for convenience.
7.0.0
-----
refactor: replace block.location with block.scope_ids.usage_id
7.0.1
-----
fix: do not attempt to load the block just to look at the location
the block is not loadable in exams so clean fails in that IDA, but
we shouldn't need the block to ask a question about the course
7.0.2
-----
In #307, we added the ability to send a stable, static user identifier (i.e. external user ID) to fix failed launches with the QwikLabs tool. This is because the QwikLabs tool did not work with the course-anonymized user IDs we used to send (i.e. anonymous user IDs). Inadvertently, this change broke the LTI 1.1 Basic Outcomes Service and the LTI 2.0 Result Service for courses that use the external user ID (i.e. they have the lti_consumer.enable_external_user_id_1p1_launches CourseWaffleFlag enabled). The Basic Outcomes Service and Result Service handle grade pass backs. Because we now have two ways to identify a user in LTI 1.1/2.0, we must update the Basic Outcomes Service and Result Service to support both. This commit fixes this bug.
This dependency was explicitly added but doesn't need to be because
it's only required as a sub-dependency of edx-enterprise. We can
pull it in by recompiling the requirements instead.
This commit upgrades the version of the lti-consumer-xblock library from version 6.1.0 to version 6.4.0. Version 6.3.0 includes support for the Proctoring Assessment Messages of the 1EdTech Proctoring Services Specification (i.e. the in-browser proctoring launch). Version 6.4.0 includes changes to the user_id attribute in the LTI launch message of the LTI 1.1 XBlock launch.
Please see the CHANGELOG entry for these versions for a full description of the changes: https://github.com/openedx/xblock-lti-consumer/blob/master/CHANGELOG.rst#630---2022-11-16 and https://github.com/openedx/xblock-lti-consumer/blob/master/CHANGELOG.rst#640---2022-11-18. The commit messages are included below for convenience.
6.3.0
feat: adds support for LTI 1.3 Proctoring Service specification in-browser proctoring launch.
* Adds an Lti1p3ProctoringLaunchData data class. It should be included as an attribute of the Lti1p3LaunchData
data class to provide necessary proctoring data for a proctoring launch.
* Adds an LtiProctoringConsumer class. This class is used to generate LTI proctoring launch requests and to decode
and validate the JWT send back by the Tool with the LtiStartAssessment message.
* Adds an lti_1p3_proctoring_enabled BooleanField to the LtiConfiguration model. This field controls whether
proctoring is enabled for a particular LTI integration.
* Modifies the launch_gate_endpoint to support LtiStartProctoring and LtiEndAssessment LTI launch messages.
* Adds an start_proctoring_assessment_endpoint to support LtiStartAssessment messages from the Tool.
* Adds an LTI_1P3_PROCTORING_ASSESSMENT_STARTED signal. This signal is emitted when the LtiStartAssessment message is
sent from the Tool to inform users of the library that the LtiStartAssessment message has been received.
6.4.0
feat: add course flag to send external_user_id as user_id in LTI 1.1 XBlock launches
This commit introduces a new CourseWaffleFlag lti_consumer.enable_external_user_id_1p1_launches. When this flag is enabled for a course, LTI 1.1 XBlock launches in that course will send the user's external_user_id as the user_id attribute of the launch. external_user_id is the user's external user ID as defined, created, and stored by the external_user_ids Djangoapp in the edx-platform. When this waffle is not enabled for a course - the default case - LTI 1.1 XBlock launches in that course will continue to send the user's anonymous_user_id as the user_id attribute of the launch, as before.
This provides an opt-in opportunity for courses to send a consistent, static, and opaque user identifier in an LTI 1.1 XBlock launch. This may be necessary for integration with LTI tools that require such an identifier.
Please be aware that toggling this flag in a running course carries the risk of breaking the LTI integrations in the course. This flag should also only be enabled for new courses in which no LTI attempts have been made.
