This changes the "Sign out" link on Studio to point to Studio's own logout
view, which clears the session and then redirects to LMS's logout page. The
LMS logout page then skips loading the Studio logout because it is seen in
the Referer header.
This change also brings Studio better into line with how other IDAs perform
their logouts.
Background:
After the rollout of Studio OAuth, logouts initiated on Studio failed to
actually log out Studio (but all other IDAs were logged out). This was
because the LMS logout view loads the logout pages of other IDAs but skips
any that is a *prefix* match on the Referer header, and browsers now often
send a truncated version of the Referer for privacy. Therefore, Studio was
always skipped when coming from Studio.
The fix is to make sure that Studio has already performed its logout by the
time the LMS logout page is loaded.
One wrinkle here is that the LMS logout view is activated by `/logout`, but
the correct logout view (provided by auth_backends) is activated by
`/logout/` -- with a trailing slash. This is fragile and unfortunate, but
can be cleaned up when we later remove other leftovers of Studio's previous
ability to handle logistration.
ref: ARCHBOM-1897
* Add STUDENT_REGISTRATION_COMPLETED event after the user's registration
* Add SESSION_LOGIN_COMPLETED event after the user's login session
* Add COURSE_ENROLLMENT_CREATED event after the user's enrollment creation
In the PR https://github.com/edx/edx-platform/pull/10659 the outer_atomic decorator/context manager was created to prevent nested atomic blocks. This method received a boolean parameter read_committed to enforce read-committed MySQL isolation level. From Django 2, the default isolation level Django sets is read-committed, so the aforementioned parameter for outer_atomic can be removed
- Removed manage_user and manage_group commands and their unit tests from edx-platform and added then to edx-django-utils.
- Modified User.post_save signal to ensure the user profile is created when manage_user management command is run to create a user.
- Added edx-django-utils to INSTALLED_APPS for LMS and Studio.
- Moved generate_password from openedx.core.djangoapps.user_authn.utils to edx_django_utils.user along with its unit test.
Increment lockout counter upon `NonCompliantPasswordException` to prevent further
login attempts after 6 attempts and also to prevent further reset password emails.
Reports from some users receiving 100s of password emails, upon investigation seems
like their password is not compliant with edX and has been compromised.
VAN-192
Several of our cookies are meant to be shared between the LMS
and the marketing site. The previous assumption was that
SESSION_COOKIE_DOMAIN would cover both. We would like to make
it so that these can be set independently of each other.
https://openedx.atlassian.net/browse/ARCHBOM-1831
If all generated usernames using an integer range are already consumed by existing
users, the loop stuck in an infinite loop. Fixed by using a for loop instead of
while with an upper limit.
This change causes the activation link that’s emailed to a newly-registered user
to utilize a next query parameter. The impetus for this change is an edX Enterprise use-case:
we'd like newly registered Enterprise Customer admins and learners
to be directed to the Enterprise Learner Portal (or Admin Portal) upon account activation.
This is likely a broad enough use case to be valuable in other endeavors.
As part of authn redesign, validation messages have been updated.
- created a new endpoint for validations
- updated username/email conflict message in registration api based on
authn check
VAN-288
This djangoapp was designed for talking to sailthru, in a fairly
edx.org-specific way. Nowadays, edx.org doesn't need this code and
if other installations do, it's better off as a more distinct
plugin anyway, rather than direct support in the platform.
I've moved the one signal that was still useful (calling
segment.identify() whenever user fields change) into user_authn.
And I've left the EmailMarketingConfiguration model alone for now,
but will remove that shortly. Nothing uses it as of this commit.
AA-607
DEPR-139
Modify the existing login api in a way that
it will allow the user to login via username as well.
currently it is only allowing email to log the user in.
VAN-445
* fix: 🐛 Correctly check that saml provider is available using tpa_hint in next param
This fixes the issue of 404 when an enterprise customer sends a tpa_hint in next, but that param is not correctly checked to disable auth MFE. The hinted login page now works with this change.
ENT-4383
* feat: comment update
comment update
ENT-4383
add new api MFEAppContextView to handle country code
add unit test MFEAppContextViewTest
this newly created api will be marged in TPAContextViewTest when margeing code in master branch
VAN-366
Modify the existing login api in a way that
it will allow the user to login via username as well.
currently it is only allowing email to log the user in.
VAN-445
Added username suggestions functionality upon username already exists
validation error for both registration and registration validation
endpoints.
VAN-52
* fix: Hide enterprise/login button if enterprise integration disabled.
[BTR-52](https://openedx.atlassian.net/browse/BTR-52)
Fix an issue with existing button for enterprise login on the login page
when enterprise integration is disabled.
* Address review comments
Currently, login and registration forms and view to log the user in
are sharing same ratelimit settings which is causing too much noise
while rendering forms.This PR will introduce a separate
setting for logistration forms.
VAN-436
