Prepare to upgrade to django-oauth-toolkit (module name oauth2_provider) 1.3.2 concurrently with the Django 2.2 upgrade (versions after 1.1.3 dropped support for Django 1.11). Key points:
* We can stop using a commit hash since versions 1.3.0 through 1.3.2 have been released since that commit.
* The validator in oauth_dispatch migration 0002 has been removed from DOT, but the whole table was removed in migration 0004 anyway. Newer DOT versions moved where redirect URI validation happens so it's no longer needed here.
* DOT 1.3.0 squashed its original 6 migrations and immediately deleted them. This required some changes in oauth_dispatch migrations 0006 and 0007 to deal with either numbering system.
When deploying to stage and production, we'll need to delete the history for oauth2_provider migrations 0002-0006 first (the new squashed 0001 migration has the same name as the original 0001). The deployment with DOT 1.3.2 will add a new 0002 migration which should then apply cleanly on the existing database state.
Should resolve https://openedx.atlassian.net/browse/BOM-1456 .
We now either pass in the relevant courseoverview or when creating the
enrollement we use the factory which automatically creates the relevant
CourseOverview object for testing purposes.
We were passing unstripped password value to `authenticate_new_user()`
after creating a user which was resulting in password mismatch and
was raising this error.
PROD-656
We weren’t using has_access to check user access, which meant we were missing out on a bunch of checks. This PR adds a local _check_access function to CoursewareInformation. Ideally we would add this into access.py, but we’re adding it here for now to avoid any unexpected regressions in editing more commonly used code. This should ultimately be folded into our access system properly.
TNL-7053
* Adding samesite cookie option in django 2.1 and above
Django 2.1 release note: Added the SESSION_COOKIE_SAMESITE setting to set the SameSite cookie flag on session cookies.
...and it turns out we don't need the switch anymore, anyway.
When we upgraded to Django 1.11, this flag was added in order to
allow for a database migration that would render the user table
unwriteable for up to half an hour:
https://github.com/edx/edx-platform/pull/17561
This involved swapping out the signal handler for logins via
`user_logged_in.disconnect(django_update_last_login)`, but with
Django 2.0, that disconnect is silently failing (returning
false). Likely the disconnect is now happening too soon.
(See edx-platform/common/djangoapps/student/apps.py line 21 in 61e1eda.)
The result is that by the time the waffle switch is consulted, the
normal handler has already run, and the user's last login date has
already been updated.
For now we're just removing the test, and have filed ARCHBOM-1084 for
followup (deleting the switch and related code).
