This is an initial authentication implementation that allows LTI users to
log in transparently to edX. The behavior is driven by pilot users at
Harvard; this was the most requested feature.
The patch creates a new database model that maps users' LTI identifiers
to newly-created edX accounts. If an LTI launch comes in with a user_id
field that is not in the database, a new edX account is created with a
random user name and password. This account is then stored in the
database, so that it is permanently associated with the LTI user ID.
This patch takes a simplistic approach to session management. If a user
is logged in with a different account when they perform an LTI launch,
they will be logged out and then re-logged in using their LTI account.
In order to keep the patch simple, I have split out some refactoring
that needs to be done into a separate branch that I'll post once this
has been merged. Since we no longer redirect to the login page, we don't
need to maintain two separate LTI endpoints (one for the LTI launch and
one for authenticated users), or deal with the session management that
requires. There are also multiple fetches of the LtiConsumer object
(one in the view, one in the signature validation) that the later
patch will consolidate into one.
This branch fixes the previous conflicts with the test refactoring
carried out in PR 8240.
remove references to middleware that were missed previously
use key apis rather than local implementation of key conversion. remove local implementationa
remove spurious test for attribute
fix test setUp to avoid unneeded flattening
code quality fixes
add security check ensuring that the coach is coach for *this* CCX.
prevent ccx/deprecated course id problems
1. do not allow ccx objects to be created if the course id is deprecated
2. filter out any ccx memberships that involve deprecated course ids (in case there are bad ccxs in the database)
Fix test failures and errors arising from incorrect code path execution
Create context manager to handle unwrapping and restoring ccx values for the modulestore wrapper, employ it throughout modulestore wrapper implementation
Implement the use of CCX opaque keys throughout the ccx code base
include the new custom ccx id package in the github checkouts list
update the coach dashboard wrapper to get CCX information from the incoming course_id, if possible
update function signatures for all view functions to expect CCX as passed by the dashboard wrapper (default to None), remove calls to get_ccx_for_coach as the ccx is passed in.
update reverse calls in python view code to use a CCXLocator for the URL instead of a CourseLocator
use CCXLocator where necessary
use course id to find ccx, instead of thread local
remove unused method and related tests
use course id for getting ccx
provide course id to the get_current_ccx method
ensure the course id passed in is a CourseKey instance of some type whether it starts out as a string or not
use the provided block to figure out what the course_id should be, then get the ccx for that
redirect to ccx dashboard using coach ccx if no ccx is passed in
update student dashboard listing for ccx to build an appropriate url from a CCXLocator, not from the course locator.
refactor building the ccx locator so we don't have to do it repeatedly
begin test refactoring after ccx_keys introduction
Ensure that when access checking happens, the course_locator form of a ccx locator is used. This ensures that the access check happens against the course and it is not necesarry to duplicate the entire access control structure for the course.
pick up api change in ccx-keys
create and conditionally use a wrapper for the mixed modulestore returned by xmodule.modulestore.django.modulestore
the wrapper will strip and restore ccx values from CourseKey and UsageKey objects
fix return values on a few methods
remove unused symbol
pull updated ccx-keys package
set course_id on the caching descriptor system to avoid api incompatibilities in some subsystems
use ccx.course instead of self.course
fix get method to find course keys from blocks that are not themselves keys but have a location attribute (which will be a key)
if an item coming out of the db has children, restore the ccx to them as well
if the block passed in has a CCX key, unwrap that before we try to look up the override, otherwise it will never be found.
pick up a change in the ccx keys package that allows for stripping CCX identity from a usage key
begin writing tests to cover this modulestore wrapper
remove the switch_pocs view, the url pattern for it, and the tests that covered it
remove the ccx context and the middleware responsible for setting the current CCX. These are no longer needed
all dashboard views should raise 404 if a ccx is not provided by the coach_dashboard decorator
code quality
prevent errors resulting from trying to `get` a ccx based on non-unique criteria.
remove obsolete usage of ACTIVE_CCX_KEY
fix setUp method for grading tests to properly create grades for the ccx rather than for the course.
clean up reverse calls
code quality
adding docstrings to clarify purpose of this patch
fix bug in getting ccx for coach
fix grading views to properly fetch a ccx-ified course so that grades for that version will be calculated
fix small errors in modulestore implementation
fix errant merge marker
update call to get_current_ccx after key refactoring merged with tab changes
* Add end-point for initiating a request for credit from a provider.
* Add an end-point for a provider to update the status of a request (approved / denied).
IsAuthenticatedOrDebug hides potential issues with API client code that is run in local environments and later deployed to production where authentication fails.
XCOM-193
Django's `QueryDict`s are immutable during normal running, and so they
must be copied if any updates are to be made to them. In testing,
though, `request.DATA._mutable` is `True`, so tests can falsely pass.
