Add pinning test for SafeCookieData values, and update SafeSessions
middleware comments to match code.
Main comment changes:
- Fix description of cookie structure:
- Specify hash algorithm (SHA256, not "H")
- Don't try to describe internals of TimestampSigner; description was
incorrect in several ways: Did not include string delimiters under
base64 (there's JSON in there); did not include the actual MAC
portion. Just describe general effect and shape of output.
- Add missing trailing pipe delimiter in signed data hash input
- Use phrase "intermediate key" rather than the less familiar term "usage
key"
A bug was reported of a learner accessing content that should have been hidden
due to the hide after due setting in Studio by the course team by clicking on
the Progress tab. This takes into account that value and will now hide the URL
on the Progress tab in that scenario.
* feat: Refactor out non REST portions of enrollment api from enrollment POST method
For use with edx-enterprise to avoid making REST calls for bulk enrollment and other use cases
ENT-4746
* feat: Remove unused test
Testing is covered by test_views
* refactor: isort
isort fixes
* docs: ADR for why this change
ADR
ENT-4746
* test: Fix test failure by restoring course_id to correct object
* test: Test fix
* refactor: pylint fixes
* refactor: raise from to avoid pylint error
* refactor: Start to work toward a util in enterprise_support instead of refactoring this endpoint
* feat: Add util function in enterprise_support to eventually handle enrollment, only used by bulk enrollment for now
* feat: One more revised idea, this time low risk in edx platform and also helps address enterprise specific flow. testing pending
* feat: syntax and unused constant
* feat: Restore view and add new util function to use in edx-enterprise instead
* feat: breakpoint
* unused import
* feat: don't fail on existing enrollment
* docs: ADR update
* docs: docstring minor update
* test: unit test add_user_to_course_cohort
* refactor: imports
* feat: remove unused error classes
* refactor: lint
* test: Test cases
* test: Two more tests for negative cases
* feat: missing init.py file
* test: Fix tests to use correct user mock
* unused import
* refactor: Review feedback, test fixes, needs rebase now
* feat: rebase changes
* feat: keep audit_log with similar logic as in the view
* refactor: Review feedback, test constant usage
The `may_certify` function is used to determine whether a learner should
be able to see that their certificate is ready. It is therefore entirely
in the certificates domain. This remove may_certifiy and
may_certify_for_course from the xmodule and course_overview
apps and into the certificates app. The xmodule may_certify was not called
outside of tests prior to this, and the other's were easily moved.
In order to avoid circular imports, this also moved
certificate_info_for_user out of the model code and into an API
CoursewareMeta alredy initializes self.course, so there's no need to
separately call get_course_by_id for various attributes. This was
resulting in separate modulestore fetches that would pull down the
structure document and re-do all the expensive top-level course queries
in modulestore.
Increment lockout counter upon `NonCompliantPasswordException` to prevent further
login attempts after 6 attempts and also to prevent further reset password emails.
Reports from some users receiving 100s of password emails, upon investigation seems
like their password is not compliant with edX and has been compromised.
VAN-192
We ignore the missed_deadlines because this endpoint is used in the Learning MFE for
learners who have remaining attempts on a problem and reset their due dates in order to
submit additional attempts. This can apply for 'completed' (submitted) content that would
not be marked as past_due
This adds support for course staff masquerading as any other user when
viewing their own course, via user={username} querystring parameter.
Rules:
* Anonymous users are repesented by a blank "user" value.
* If there is no "user" parameter at all, render for the user making the
request.
* Global staff can view any course as any user.
* Course staff and instructors can view their own course as any user
(including other staff, the anonymous user, or users not enrolled in
their course).
This commit supports TNL-8330 (switching the frontend-app-learning MFE
to use the Learning Sequences API instead if Course Blocks).
and CourseSectionSequence to ensure that cascading deletes will occur to delete
the relation upon deletion of a foreign-keyed object.
This commit is phase 3 of 4 in order to ensure a smooth deploy. The phases:
1) Add separate through models for user partition groups, add fields to point to the
separate models, and start writing to those fields as well. (COMPLETE)
2) After all models have been re-generated, switch code over to use separate through
model fields backed by the separate through models *and* stop writing to the original
ManyToManyField field. (COMPLETE)
3) After phase 2 is deployed smoothly, remove the original ManyToManyField fields. (This PR!)
4) After phase 3 is deployed smoothly, rename the new fields to have the same name
as the old fields, so new_user_partition_groups -> user_partition_groups.
This PR is designed to be able to easily be rolled-back if anything goes wrong.
[MICROBA-1289]
* Remove use of the CourseOverview model directly in the Certificates app
* Introduce a few new Python API functions in the `course_overview` and `catalog` django apps to replace functionality in the Certificates app.
Several of our cookies are meant to be shared between the LMS
and the marketing site. The previous assumption was that
SESSION_COOKIE_DOMAIN would cover both. We would like to make
it so that these can be set independently of each other.
https://openedx.atlassian.net/browse/ARCHBOM-1831
and CourseSectionSequence to ensure that cascading deletes will occur to delete
the relation upon deletion of a foreign-keyed object.
This commit is phase 2 of 3 in order to ensure a smooth deploy. The phases:
1) Add separate through models for user partition groups, add fields to point to the
separate models, and start writing to those fields as well. (COMPLETE)
2) After all models have been re-generated, switch code over to use separate through
model fields backed by the separate through models *and* stop writing to the original
ManyToManyField field. (This PR!)
3) After phase 2 is deployed smoothly, remove the original ManyToManyField fields
and rename the new fields to have the same name as the old fields.
This PR is designed to be able to easily be rolled-back if anything goes wrong.
For authenticated users that are not global staff, changing discussion
providers after a course has started fails with 403 Forbidden.
Related issues:
* [BB-4253](https://tasks.opencraft.com/browse/BB-4253)
* [TNL-8142](https://openedx.atlassian.net/browse/TNL-8142)
BREAKING CHANGE:
Course staff, who were previously allowed to do this operation,
will instead receive a 403 Forbidden response.
fix: make new field in xblock json serializable and don't assign due dates to ORAs
feat: display warning message in Studio if the relative date input is more than 18 weeks for custom pacing in self paced course
fix: handle due dates for mix of ORA and non ORA problems under a subsection and other styling fixes
feat: add a minimum restriction for self paced courses due date editor input
fix: naming of warning id divs to be more specific and exclude children of ORA problems in setting due dates
test: extracting dates for a self paced course with custom pacing
test: frontend for self paced custom pacing modal in studio and clean up its backend tests
fix: remove an unused line when getting children of custom pacing subsection, reorganize testing for custom pacing
fix: more specific comments to testing for custom PLS and remove a test case course
fix: more cleanup for self paced custom pacing PLS backend tests
The course settings `certificate_available_date` (CAD) and
`certificates_display_behavior` (CDB) were previously acting indedependantly
of one another. They now work in tandem. This change:
- limits CDB to a dropdown
- removes "early_with_info" and adds "end_with_date"
- only takes CAD into account if "end_with_date" is selected
- Moves CDB to the main course schedule settings page
- updates CourseOverview to validate these fields and choose sane
defaults if they aren't expected values
Certificates will now show under the following circumstances:
"Immediately upon passing"
certificate_availability_date = null
certificates_display_behavior = "early_no_info"
"End date of course"
certificate_availability_date = null
certificates_display_behavior = "end"
"A date after the course end date"
certificate_availability_date = <date>
certificates_display_behavior = "end_with_date"
The learning_sequences.use_for_outlines flag was recently added,
intended to serve the same purpose
as courseware.use_learning_seuqences_api. We do not need
both flags.
Furthermore, exposing either flag in the Courseware
Metadata API is neither necessary nor helpful, since
the easiest and quickest way for the Learning MFE to see
if the Learning Sequences API is enabled is to hit it,
and fall back to a different API if a 403 is returned.
This reverts commit 78f1e2b3bd.
TNL-8330
