edx-platform

Andal.LND/edx-platform

Fork 0

Commit Graph

Author	SHA1	Message	Date
Phil McGachey	c3106bc4bd	This change cleans up the work in progress request at #8176 This is an initial authentication implementation that allows LTI users to log in transparently to edX. The behavior is driven by pilot users at Harvard; this was the most requested feature. The patch creates a new database model that maps users' LTI identifiers to newly-created edX accounts. If an LTI launch comes in with a user_id field that is not in the database, a new edX account is created with a random user name and password. This account is then stored in the database, so that it is permanently associated with the LTI user ID. This patch takes a simplistic approach to session management. If a user is logged in with a different account when they perform an LTI launch, they will be logged out and then re-logged in using their LTI account. In order to keep the patch simple, I have split out some refactoring that needs to be done into a separate branch that I'll post once this has been merged. Since we no longer redirect to the login page, we don't need to maintain two separate LTI endpoints (one for the LTI launch and one for authenticated users), or deal with the session management that requires. There are also multiple fetches of the LtiConsumer object (one in the view, one in the signature validation) that the later patch will consolidate into one. This branch fixes the previous conflicts with the test refactoring carried out in PR 8240.	2015-06-12 10:21:48 -04:00
Phil McGachey	0c7623d530	[LTI Provider] Fix bug preventing unenrolled users from accessing content Change https://github.com/edx/edx-platform/pull/8240 refactored the LTI provider template rendering code and introduced an issue where a user was required to be enrolled in a course before that course's content could be accessed over LTI. According to the LTI design spec: https://docs.google.com/document/d/185hdPvIxcKtiDOLjb4sTGovA_WYXWz5Cd79gCzQwBms we delegate access control over LTI content to the LTI consumer, rather than requiring that users enroll in edX courses explicitly (and that admins keep edX and LTI provider enrollemnts consistent when students add or drop courses). This change fixes the immediate issue, which is disrupting the LTI Provider pilot currently running at Harvard.	2015-06-08 23:01:43 -04:00
Nimisha Asthagiri	d240785b17	MA-722 Render xBlock API Support	2015-06-05 11:18:48 -04:00

Author

SHA1

Message

Date

Phil McGachey

c3106bc4bd

This change cleans up the work in progress request at #8176

This is an initial authentication implementation that allows LTI users to
log in transparently to edX. The behavior is driven by pilot users at
Harvard; this was the most requested feature.

The patch creates a new database model that maps users' LTI identifiers
to newly-created edX accounts. If an LTI launch comes in with a user_id
field that is not in the database, a new edX account is created with a
random user name and password. This account is then stored in the
database, so that it is permanently associated with the LTI user ID.

This patch takes a simplistic approach to session management. If a user
is logged in with a different account when they perform an LTI launch,
they will be logged out and then re-logged in using their LTI account.

In order to keep the patch simple, I have split out some refactoring
that needs to be done into a separate branch that I'll post once this
has been merged. Since we no longer redirect to the login page, we don't
need to maintain two separate LTI endpoints (one for the LTI launch and
one for authenticated users), or deal with the session management that
requires. There are also multiple fetches of the LtiConsumer object
(one in the view, one in the signature validation) that the later
patch will consolidate into one.

This branch fixes the previous conflicts with the test refactoring
carried out in PR 8240.

2015-06-12 10:21:48 -04:00

Phil McGachey

0c7623d530

[LTI Provider] Fix bug preventing unenrolled users from accessing content

Change https://github.com/edx/edx-platform/pull/8240 refactored the LTI
provider template rendering code and introduced an issue where a user was
required to be enrolled in a course before that course's content could be
accessed over LTI. According to the LTI design spec:
    https://docs.google.com/document/d/185hdPvIxcKtiDOLjb4sTGovA_WYXWz5Cd79gCzQwBms
we delegate access control over LTI content to the LTI consumer, rather
than requiring that users enroll in edX courses explicitly (and that admins
keep edX and LTI provider enrollemnts consistent when students add or drop
courses).

This change fixes the immediate issue, which is disrupting the LTI Provider
pilot currently running at Harvard.

2015-06-08 23:01:43 -04:00

Nimisha Asthagiri

d240785b17

MA-722 Render xBlock API Support

2015-06-05 11:18:48 -04:00

3 Commits