* feat: add idv events to api
- moved what was in signals.py to a handlers.py (which is what their file should have been called)
* chore: quality
* fix: rename test file + imports
* fix: change handler reverse url in other tests
* fix: refactor signals and handlers pattern
- following OEP-49 pattern for signals directory
- user removed as param for update function
- event now emitted after save
* fix: unpin edx-name-affirmation
* chore: add init to signals dir
* fix: compile requirements
* chore: quality
* chore: fix some imports
* chore: quality
* test: added signal emissions to test_api
* chore: lint
* feat: add VerificationAttempt model to verify_student application
This commits adds a VerificationAttempt model to store implementation and provider agnostic information about identity verification attempts in the platform.
* feat: add api for VerificationAttempt model
* fix: error handling for update
- added tests accordingly
- also took care of some nits
* chore: lint
* chore: lint for equals spaces
* feat: using generic update function instead
- can now update name, status, and exp. date on generic attempts
- changed tests accordingly
- a few nits
* chore: fix docstring args
* fix: corrected status validation
- reverted to old status validation method
- fixed tests accordingly
* fix: datetime, status, and annotation fixes
- expiration_datetime can be updated to None
- VerificationAttemptStatus is now StrEnum
- Added type annotations for api functions
---------
Co-authored-by: michaelroytman <mroytman@edx.org>
This commits adds a VerificationAttempt model to store implementation and provider agnostic information about identity verification attempts in the platform.
This commit modifies the approve_id_verifications management command to send an IDV approval email to learners. This ensures that learners are informed of approvals to their IDV attempts when performed using the management command. This more closely mirrors the way IDV approvals work when using an IDV vendor.
Sometimes, submissions to an IDV provider fail, which results in an IDV attempt moving from the "ready" status into the "must_retry" status instead of the "submitted" status.
We would like to approve these attempts too.
This pull requests adds a new management command approve_id_verifications to manually approve submitted ID verification attempts (i.e. instances of the SoftwareSecurePhotoVerifications model).
This commit adds some supplemental, more verbose logging to the results_callback view in the verify_student Djangoapp. This endpoint is called by identity verification (IDV) providers to POST an IDV review to edX.
We are experiencing issues with receiving IDV reviews from our IDV provider, and these logs will help us diagnose whether there is an issue in edX's systems.
These logs will be removed after our investigation is complete.
* fix: resubmit IDV attempts for early march 2023
- initial commit w/ direct copy of retry_failed_photo_verifications.py
* fix: resubmit IDV attempts for early march 2023
- corrected filter and comments
* feat: re-submit in date range
* feat: reworked other command instead
* temp: building tests
* test: unit test complete
* fix: quality
* fix: remove old file
* temp: building tests
* temp: tests w/ debug
* test: reverted old files + removed debug
* chore: quality
* chore: NITs
Remove temporary FutureCourseWaffleFlag class;
Update ora2 and edx-toggles to versions cleaned from the
LegacyWaffle* classes;
Replace `override_flag`s with `override_waffle_flag`;
Replace `override_switch`s with `override_waffle_switch` (where it's possible).
This is a first stage for removing the LegacyWaffle* classes.
LegacyWaffleFlag usage replaced with WaffleFlag;
LegacyWaffleSwitche usage replaced with WaffleSwitch;
New CourseWaffleFlag added to the temporary module __future__ as FutureCourseWaffleFlag;
Updated all the imports to use CourseWaffleFlag from the __future__ module;
BREAKING CHANGE: A number of toggle related constants (e.g. ENABLE_ACCESSIBILITY_POLICY_PAGE)
changed types. They were strings, and are now toggle instances (e.g. WaffleSwitch). Although the entire
refactor should be self-contained in edx-platform, if any plugins or dependencies were directly
using these constants, they will break. If this is the case, try to find a better publicized way of
exposing those toggles.
Specifically:
- check ALL ip addresses in the client ip chain for blocking
- check RIGHTMOST ip address in the client ip chain for allowing
Before, we always checked the LEFTMOST ip address in both cases.
AA-1234
It's long past time that the default test modulestore was Split,
instead of Old Mongo. This commit switches the default store and
fixes some tests that now fail:
- Tests that didn't expect MFE to be enabled (because we don't
enable MFE for Old Mongo) - opt out of MFE for those
- Tests that hardcoded old key string formats
- Lots of other random little differences
In many places, I didn't spend much time trying to figure out how to
properly fix the test, and instead just set the modulestore to Old
Mongo.
For those tests that I didn't spend time investigating, I've set
the modulestore to TEST_DATA_MONGO_AMNESTY_MODULESTORE - search for
that string to find further work.
The lack of ordering for a django query that grabbed verification records is blocking learners with multiple SSO records from taking proctored exams. All IDV records should be sorted by a key first, and then the correct expiration date can be determined.
Fixes an issue where bulk create was only batching writes. With a sufficiently large input the users queryset would fail to evaluate due to the size of the filter list sent to the db.
The VERIFIED_NAME_FLAG, the VerifiedNameEnabledView, and the verified_name_enabled key removed from responses for both VerifiedNameView view and VerifiedNameHistoryView
were removed as part https://github.com/edx/edx-name-affirmation/pull/12. This was released in version 2.0.0 of the edx-name-affirmation PyPI package. Please see below for additional context for the removal, copied from the name-affirmation commit message.
The VERIFIED_NAME_FLAG was added as part https://github.com/edx/edx-name-affirmation/pull/12, [MST-801](https://openedx.atlassian.net/browse/MST-801) in order to control the release of the Verified Name project. It was used for a phased roll out by percentage of users.
The release reached a percentage of 50% before it was observed that, due to the way percentage roll out works in django-waffle, the code to create or update VerifiedName records was not working properly. The code was written such that any change to a SoftwareSecurePhotoVerification model instance sent a signal, which was received and handled by the Name Affirmation application. If the VERIFIED_NAME_FLAG was on for the requesting user, a Celery task was launched from the Name Affirmation application to perform the creation of or update to the appropriate VerifiedName model instances based on the verify_student application signal. However, we observed that when SoftwareSecurePhotoVerification records were moved into the "created" or "ready" status, a Celery task in Name Affirmation was created, but when SoftwareSecurePhotoVerification records were moved into the "submitted" status, the corresponding Celery task in Name Affirmation was not created. This caused VerifiedName records to stay in the "pending" state.
The django-waffle waffle flag used by the edx-toggle library implements percentage rollout by setting a cookie in a learner's browser session to assign them to the enabled or disabled group.
It turns out that the code that submits a SoftwareSecurePhotoVerification record, which moves it into the "submitted" state, happens as part of a Celery task in the verify_student application in the edx-platform. Therefore, we believe that because there is no request object in a Celery task, the edx-toggle code is defaulting to the case where there is no request object. In this case, the code checks whether the flag is enabled for everyone when determining whether the flag is enabled. Because of the percentage rollout (i.e. waffle flag not enabled for everyone), the Celery task in Name Affirmation is not created. This behavior was confirmed by logging added as part of https://github.com/edx/edx-name-affirmation/pull/62.
We have determined that we do not need the waffle flag, as we are comfortable that enabling the waffle flag for everyone will fix the issue and are comfortable releasing the feature to all users. For this reason, we are removing references to the flag.
[MST-1130](https://openedx.atlassian.net/browse/MST-1130)
The verify_student Django app contains a Signal receiver that receives the SoftwareSecurePhotoVerification post_save signal. It then emits an idv_update_signal to communicate that a change to IDV has occured. This Signal is received by the nameaffirmation app, which uses it to start a Celery task to create or update VerifiedName records based on the changes to the SoftwareSecurePhotoVerification model.
During the phased roll out of the Verified Name feature, due to the way percentage rollout is implemented by django-waffle and the way SoftwareSecurePhotoVerifications are updated, a mismatch of states occured where created VerifiedNames stayed in the "pending" state, even as the corresponding SoftwareSecurePhotoVerifications moved into "submitted", "approved", or "denied". Please see below for additional details.
This management commands takes as an argument a list of SoftwareSecurePhotoVerification IDs verification-ids, as well as a batch-size and sleep-time. In batches of batch-size, the command saves the SoftwareSecurePhotoVerification associated with the IDs argument. Each batch is separated by a pause of sleep_time in seconds.
By saving each SoftwareSecurePhotoVerification, the post_save signal is re-emitted, thereby re-emitting the idv_update_signal. Now that the aforementioned bug has been fixed, this will correctly trigger the Celery task and sync the SoftwareSecurePhotoVerification and VerifiedName objects.
Please find additional details about the bug below.
The release reached a percentage of 50% before it was observed that, due to the way percentage roll out works in django-waffle, the code to create or update VerifiedName records was not working properly. The code was written such that any change to a SoftwareSecurePhotoVerification model instance sent a signal, which was received and handled by the Name Affirmation application. If the VERIFIED_NAME_FLAG was on for the requesting user, a Celery task was launched from the Name Affirmation application to perform the creation of or update to the appropriate VerifiedName model instances based on the verify_student application signal. However, we observed that when SoftwareSecurePhotoVerification records were moved into the "created" or "ready" status, a Celery task in Name Affirmation was created, but when SoftwareSecurePhotoVerification records were moved into the "submitted" status, the corresponding Celery task in Name Affirmation was not created. This caused VerifiedName records to stay in the "pending" state.
The django-waffle waffle flag used by the edx-toggle library implements percentage rollout by setting a cookie in a learner's browser session to assign them to the enabled or disabled group.
It turns out that the code that submits a SoftwareSecurePhotoVerification record, which moves it into the "submitted" state, happens as part of a Celery task in the verify_student application in the edx-platform. Therefore, we believe that because there is no request object in a Celery task, the edx-toggle code is defaulting to the case where there is no request object. In this case, the code checks whether the flag is enabled for everyone when determining whether the flag is enabled. Because of the percentage rollout (i.e. waffle flag not enabled for everyone), the Celery task in Name Affirmation is not created. This behavior was confirmed by logging added as part of https://github.com/edx/edx-name-affirmation/pull/62.
[MST-1130](https://openedx.atlassian.net/browse/MST-1130)
We suspect the IDV code do not trigger name_affirmation update celery task correctly. Add the logging in code so we can trace the order of operation and figure out what is missing
Co-authored-by: Simon Chen <schen@edx-c02fw0guml85.lan>
original behavior does pass the empty name through to
_update_full_name rather than just considering that as full name not
set. That's a little weird but outside the scope of this work so I've
preserved it by checking is not None rather than just using full_name
as a boolean.
MST-1015
