Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
47,542 Commits 1 Branch 0 Tags
3e87cb7c7d4a569fe2ae587bc428733ee61cd708
Commit Graph

54 Commits

Author SHA1 Message Date
Nimisha Asthagiri
13d4091a1a Fix overriding of token expiration in DOT (ARCH-246) 2018-10-08 17:43:25 -04:00
Douglas Hall
dec77f2ad3 Add decisions record related to frontent apps and CSRF protection. 2018-10-03 11:28:58 -04:00
Nimisha Asthagiri
02ba5fb0e8 Login service support for JWT Cookies 2018-10-01 13:08:40 -04:00
Nimisha Asthagiri
b7deedfb36 Refactor Login Cookies 2018-09-25 09:12:08 -04:00
edx-pipeline-bot
89963efd3a Merge pull request #18968 from edx/release-mergeback-to-master 
Merge release back to master
 2018-09-18 12:56:07 -04:00
Nimisha Asthagiri
1376409351 Decision: Transport JWT in HTTP Cookies 2018-09-17 14:44:01 -04:00
Nimisha Asthagiri
e2ff1ec537 Merge pull request #18917 from edx/arch/user-authn-app 
Consolidate user login and authentication code
 2018-09-15 10:00:51 -04:00
Nimisha Asthagiri
8cf44283c9 Consolidate user login and authentication code 2018-09-15 03:21:39 -04:00
Kevin Falcone
bc082aa1ac Mark the interdependency between our code and DOT 
We need to drop the Foreign Keys, apply their two migrations and then
re-add the Foreign Keys but Django gets to decide on the apply order and
this helps ensure we get the one we want.
 2018-09-13 09:54:30 -04:00
Robert Raposa
9a7c224f18 Restore constraints after DOT upgrade. 
ARCH-180
 2018-09-13 09:54:30 -04:00
Robert Raposa
c7800acaa0 Restore "Upgrade DOT to 1.1.2." 
This upgrades DOT by reverting the revert.

This reverts commit 4d8b9c3

ARCH-180
 2018-09-13 09:54:30 -04:00
Robert Raposa
a31fca4e47 Drop constraints before DOT Upgrade. 
ARCH-180
 2018-09-13 09:54:29 -04:00
Nimisha Asthagiri
700a902b68 Cleanup and remove deprecated RequestCache Django app 
ARCH-223
 2018-09-12 14:39:11 -04:00
Jeremy Bowman
d90afa4cde TE-2689 Remove useless pylint suppressions part 5 2018-08-21 11:07:52 -04:00
Robert Raposa
99c9eb7343 Migrate to edx-django-utils monitoring. 
ARCH-220
 2018-08-17 15:39:04 -04:00
Nimisha Asthagiri
ae9b8956e0 Management command: generate_jwt_signing_key 2018-07-30 16:09:46 -04:00
Nimisha Asthagiri
eac1ce7bfd Asymmetric JWT support 2018-07-30 07:17:08 -04:00
Robert Raposa
86ce4e2b3a Allow metrics for failed responses. 
- Move metrics out from 200 status check.
- Add value for token type not supplied.
- Add tests.

ARCH-164
 2018-07-18 15:21:09 -04:00
Robert Raposa
5738086c17 Add oauth_dispatch metrics. 
ARCH-164
 2018-07-13 13:57:11 -04:00
Robert Raposa
4d8b9c36ae Revert "Upgrade DOT to 1.1.2." 
There was an issue with migrations on sandboxes.

This reverts commit 58f6e92
 2018-07-12 14:45:39 -04:00
Robert Raposa
58f6e92522 Upgrade DOT to 1.1.2. 2018-07-11 17:36:56 -04:00
Nimisha Asthagiri
66afa24bfe Authn: Remove unneeded openid-configuration View 2018-07-10 17:35:18 -04:00
Nimisha Asthagiri
c68a5a3fb6 Authn: Remove unneeded Jwks View 2018-07-10 17:35:02 -04:00
Jeremy Bowman
809f3d51e7 TE-2629 Use better field type for applicationaccess.application 2018-06-29 14:23:09 -04:00
Douglas Hall
db22939193 Add OAuth2 Scopes and Filters to JWTs. 2018-06-28 10:30:09 -04:00
Douglas Hall
bab6e3669c Add new custom DOT Application model to support OAuth2 per-application scopes. 
This also introduces a model for persisting organization-based filters on
a per-application basis. See openedx/core/djangoapps/oauth_dispatch/docs/decisions/0007-include-organizations-in-tokens.rst
for additional details.
 2018-06-20 16:31:19 -04:00
Michael Youngstrom
f4dc2ca000 Merge pull request #18314 from edx/youngstrom/remove_django_18_shim 
Remove temp django upgrade logic
 2018-06-06 11:09:17 -04:00
Tyler Hallada
1f42d1b384 Merge pull request #18316 from edx/thallada/PLAT-1524-on-delete 
PLAT-1524: Add on_delete kwarg to ForeignKey & OneToOneFields
 2018-06-06 10:38:15 -04:00
Michael Youngstrom
26b4e30833 Remove django 1.8 shim 2018-06-06 10:34:56 -04:00
Tyler Hallada
1540f9ec72 Add on_delete kwarg to ForeignKey & OneToOneFields 
Django 2.0 will make this field required for `ForeignKey` and `OneToOneFields`.
In previous versions the option defaulted to `models.CASCADE` when not
specified. This change should make the deprecation warnings in the current
Django version go away.

The migrations where also modified, but the changes should not cause a change in
the database schema since `models.CASCADE` was already the old default.
 2018-06-05 17:05:12 -04:00
Eric Fischer
247bb50ed2 s/django.core.urlresolvers/django.urls/g 
Django 1.10 deprecation fix for Hackathon XIX
Addresses PLAT-1397
 2018-06-05 13:59:09 -04:00
Nimisha Asthagiri
246ebc14c2 Merge pull request #18139 from edx/arch/update-oauth-scopes-doc 
Update OAuth decision 7: including organizations in tokens
 2018-05-10 09:29:58 -04:00
Nimisha Asthagiri
e43f6370f7 Update OAuth decision 7: including organizations in tokens 2018-05-09 21:03:26 -04:00
Ned Batchelder
9b63a06bfc Properly clean up a wrapped function 2018-04-26 15:50:05 -04:00
Alex Dusenbery
64f1592772 EDUCATOR-2632 | Management command for creating new DOT application model. 2018-04-24 09:17:37 -04:00
Nimisha Asthagiri
b99d0a3495 OAuth docs: minor fixes 2018-02-04 18:29:22 -05:00
Nimisha Asthagiri
293e4f895a OAuth docs, including decisions 2018-02-03 14:15:29 -05:00
John Eskew
5a71fa1e33 Allow inactive users to authenticate in Django 1.10+ 2018-01-26 14:04:19 -05:00
Nimisha Asthagiri
ea041700f6 OAuth: support for auto_even_if_expired REQUEST_APPROVAL_PROMPT 2018-01-12 16:15:09 -05:00
Ahsan Ulhaq
1b2fdc058d Rate limited /oauth2/access_token/ 
There has been some reports about attack on /oauth2/access_token/.
This cause LMS to be down. This is being resolved by rate limiting the
endpoint.
LEARNER-3393
 2018-01-08 16:58:16 +05:00
bmedx
d3e6836d9e Fixes to common/openedx tests that reference apps CMS doesn't use 2017-11-22 15:46:06 -05:00
Jeremy Bowman
43a11af735 PLAT-1199 Stop using pycrypto 2017-11-21 11:25:48 -05:00
bmedx
68e3894c17 openedx urls cleanup for Django 1.11 
- Remove usage of django.urls.patterns
- Change urls tuples to lists
- Make all string view names callables
 2017-11-03 16:11:41 -04:00
ayub-khan
320eb0c6b7 edx_clear_expired_tokens management commands removes 
all expired tokens added a exlude_application_ids argument which
enable us to not remove expired tokens for given applications.
LEARNER-717
 2017-10-26 21:50:14 +05:00
Douglas Hall
f0b41fea5a Revert "LEARNER-717 Added logs for discovery" 2017-10-24 11:38:43 -04:00
ayub-khan
790150a8aa Management Command to Clear DOT expired Tokens 
LEARNER-717
 2017-10-24 16:10:26 +05:00
ayub-khan
a71fd68673 Added user logs for save bearer token 
Purpose of those logs is to get more information
about deadlocks coming on prod when we revoke already
existing refresh tokens.

LEARNER-717
 2017-10-20 00:26:18 +05:00
Andy Armstrong
93235d118d Reorder imports using isort (except lms and cms) 2017-05-30 16:04:54 -04:00
Clinton Blackburn
2b4817b102 Added OpenID Connect discovery endpoint 
Although we are phasing out our support of OIDC, this particular feature will allow us to eliminate many of the settings we
share across services. Instead of reading various endpoints and secret keys from settings or hardcoded values, services
with the proper authentication backend can simply read (and cache) the information from this endpoint.

ECOM-3629
 2017-04-26 10:02:27 -04:00
Clinton Blackburn
f4e72c80c5 Added given and family name fields to profile scope 
This information mirrors the fields returned in our ID token for OpenID
Connect (OIDC). Including this information will allow us to eventually
migrate toward replacing OIDC with OAuth 2.0 + JWT.

ECOM-3628
 2017-04-24 11:07:08 -04:00