This setting allows loading of Resource Templates from outside the
edx-platform codebase.
Operators will be able to add their own custom resource templates
without needing to fork the codebase.
As part of dissolving our sub-projects in edx-platform, we are moving this package under the xmodule directory.
We have fixed all the occurences of import of this package and also fixed all documents related references.
This might break your platform if you have any reference of `import capa` or `from capa import` in your codebase or in any Xblock.
Ref: https://openedx.atlassian.net/browse/BOM-2582
[MICROBA-1806]
We are aware of product issue where it is possible for a self-paced course-run to get have a `certificate_availability_date` created in the course settings. This can have an adverse effect on the Credentials IDA where a learner's Program Record does not correctly display the course certificates they have earned because of this data. This not only causes confusion for our learners, as it appears that a course certificate a learner can access and share in the LMS is displayed as unearned in the Credential's program record, but this can also cause issues when a learner attempts to share their program record through a credit pathway and the program record would not accurately reflect their program completion.
Unfortunately, the settings that manage the certificate availability date are hidden for self-paced courses in Studio (as they should only be used in instructor-paced courses).
For this reason, we are introducing a management command that will remove a certificate available date for a specified (self-paced) course-run. This will allow us to fix issues for individual learners while we work on a longer-term fix for the larger issue.
* Add new `clean_stale_certificate_available_dates` management command
* Add new `CleanStaleCertificateAvailabilityDates` Configuration Model
* Add tests for the new management command
* (Unrelated cleanup) Fix potential issue with private.py settings in the CMS being overwritten in devstack.py for developers using devstack.
* feat: added new live provider and fixed tests
* feat: added free_tier compatiblity
* fix: resolved linter issues and other refactors
* fix: ran makemigration to generate migrations
* fix: Implemeted key retrival for tabs
Co-authored-by: AhtishamShahid <ahtishamshahid@A006-00850.local>
Unfortunately, some code in edx-platform is imported
relative to sub-projects instead of the repository root.
The only three remaining instances of this are:
* common/lib/xmodule/xmodule (imported as just 'xmodule')
* common/lib/capa/capa (imported as just 'capa')
* openedx/core/lib/xblock_builtin/xblock_discussion
(imported as just 'xblock_discussion')
For more details on the situation, see:
https://openedx.atlassian.net/browse/BOM-2579
(public, but requires Atlassian account creation).
We would like to get to a point where all edx-platform
import paths match their folder paths, relative to the repo
root. For now, though, all common/lib/capa and common/lib/xmodule
code should be imported as just `from capa` and `from xmodule`,
respectively. Importing using the full `common.lib.xmodule.xmodule...`
path will often work, but it instantiates a second instance of all
modules imported this way, which in the past has led to very
difficult-to-diagnose bugs. It also confuses tooling such as
import-linter, which we are trying to add to edx-platform
(see https://openedx.atlassian.net/browse/BOM-2576)
Implements a feature flag DISABLE_UNENROLLMENT that is used to disable students un-enrollment for all courses. The Unenrollment option should be disabled when this feature is set to True.
ref: BB-4951
Co-authored-by: tinumide <tinuade@opencraft.com>
Co-authored-by: Tim McCormack <tmccormack@edx.org>
* refactor: enterprise dependencies for EdxRestAPIClient replacement
This is a part of https://github.com/openedx/public-engineering/issues/42
- add settings for enterprise-backend-service DOT application
- update utils used by enterprise to get rid of EdxRestAPIClient
- original utils stays in the code (to keep edx-platform api
clients working) till the
https://github.com/openedx/public-engineering/issues/39 deprecation
work will be done
* fix: fix typo in the docstring
Tests which @requires_blockstore (i.e. the Blockstore service) have
been made to run as a unit test using the installed Blockstore app, and
will be run by the platform CI.
The Blockstore service tests can still be run manually by setting
EDXAPP_RUN_BLOCKSTORE_TESTS=1
Related fixes:
* adds blockstore bundle storage settings
* let the studio devstack and test servers serve static files from
the /media URL This allows the blockstore/content libraries API to
serve blockstore assets in dev.
* Wrap ContentLibrary creation in an atomic transaction, so that if it
fails, the related bundle can be deleted directly from the database
during the exception handler. (Previously, we called a REST API which
deleted it as part of a separate service.)
* adds blockstore as a requirement and an installed app, with
configurable bundle storage settings.
* adds waffle switch and setting to allow use of blockstore's python API
instead of REST API in live testservers and in production.
* adds database router which, when a `blockstore` DATABASE connection is
configured, allows the platform to use the blockstore service's
database instead of the default edxapp database.
* replaces blockstore_api exceptions and models with blockstore.app.api classes
* minor fixes to the blockstore_api to make the Blockstore REST API
return data packaged the same as the Blockstore Python API.
Previously, our rate-limiting code trusted the entire `X-Forwarded-For`
header, allowing a malicious client to spoof that header and evade
rate-limiting. This commit introduces a new module and setting
allowing us to make a more conservative choice of IPs.
- Create new `openedx.core.djangoapps.util.ip` module for producing
the IP "external chain" for requests based on the XFF header and the
REMOTE_ADDR.
- Include a function that gives the safest choice of IPs.
- Add new setting `CLOSEST_CLIENT_IP_FROM_HEADERS` for configuring how
the external chain is derived (i.e. setting the trust
boundary). Currently has a default, but we may want to make it
mandatory in the future.
- Change `django-ratelimit` code to use the proximate IP in the external
chain -- the one just outside the trust boundary.
Also:
- Change `XForwardedForMiddleware` to use more conservative choice for
its `REMOTE_ADDR` override
- Other adjustments to `XForwardedForMiddleware` as needed in order to
initialize new module and support code that needs the real
`REMOTE_ADDR` value
- Metrics for observability into the change (and XFF composition)
- Feature switch to restore legacy mode if needed
This also gives us a path forward to removing use of the django-ipware
package, which is no longer maintained and has a handful of bugs that make it
difficult to use safely.
Internal ticket: ARCHBOM-2056
Previously, CourseGraph needed to be kept up-to-date by
running `./manage.py dump_to_neo4j ...` manually or on a cron timer.
This introduces a CMS new setting: COURSEGRAPH_DUMP_COURSE_ON_PUBLISH.
When enabled, the CMS course_published signal handler will
asynchronously dump each individual course to CourseGraph when it
is published.
This follows a pattern established by other subsystems like
learning_sequences and special exam registration, both of which
fire off asynchronous post-processing tasks from the course-
publish handler.
Introduce a new CMS settings COURSEGRAPH_CONNECTION,
which allows operators to specify default connection paramters
for a Neo4j instance.
This has three purposes:
* The `./manage.py cms dump_to_neo4j` management command will be
much easier for developers and operators to type out because connection
arguments can now be omitted. Note that connection arguments, if
supplied, will override the arguments specified in CMS settings.
* The automatic push-to-coursegraph-on-publish-signal introduced in
subsequent commits can use these connection settings.
* The CourseGraph Django admin actions introduced in subsequent
commits can use these connection settings.
This code was originally located at:
./openedx/core/djangoapps/coursegraph
However, code makes more sense within the ./cms tree, because:
* it is responsible for publishing course content to an
external system, with is within the responsibilities of CMS, and
* is uses modulestore, which is discouraged for use in LMS
(see 0011-limit-modulestore-use-in-lms.rst).
So, we move the code to:
./cms/djangoapps/coursegraph
and uninstall coursegraph from LMS.
We do not expect this refactor to have any breaking downstream effects.
Most settings in the production.py files fall back to their values in
common.py if they aren't set in the yaml config files but some
historically didn't. Update them so that they are more in-line with the
rest of the settings in this file.
edx/edx-platform#24365 has changed the completion mode of these blocks.
Before Koa, it was sufficient to view the block to get a completion checkmark.
Since Koa, all children of the block must be completed.
This adds a toggle to change the completion behavior back to the previous one
so that the user experience can be consistent if needed.
Contains a number of cookie monitoring changes.
Enhancements:
- Add sampling capability for cookie logging on headers
smaller than the threshold. For details, see
COOKIE_SAMPLING_REQUEST_COUNT.
- Add cookie header size to log message.
- Sort logged cookies starting with largest cookie.
- Move logging from Middleware request processing
to response processing to ensure the user id is
available for logging for authenticated calls.
- Added cookies.header.size.computed to check
if there are any large hidden duplicate cookies.
Can be compared against the cookies.header.size
custom attribute.
- Add delimiters into logs to make it simpler to parse
when the logging tools accidentally exports multiple
log lines together.
Removed:
- Legacy cookie capture code. This code was dangerous to
to enable and provided more limited insight than the
newer logging, so this was removed to simplify the code.
Other refactors:
- Switched Middleware to use new Django format, rather
than the Mixin.
- Moved tests to its own test class. Note: this
middleware is likely to move to a separate
library.
ARCHBOM-2055
edx-platform supports COMPREHENSIVE_THEME_LOCALE_PATHS setting, which
appends paths to the end of LOCALE_PATHS, but there's currently no
way to add additional paths to the start of the list.
https://tasks.opencraft.com/browse/SE-5299
- Adds Enhanced Staff Grader (ESG) backend-for-frontend (BFF) in `lms/djangoapps/ora_staff_grader`
- Adds routing to ESG BFF at `{lms_url}/api/ora_staff_grader/*`
- Adds mock implementation routing at `{lms_url}/api/ora_staff_grader/mock/*`
- Adds `ORA_GRADING_MICROFRONTEND_URL` setting for routing to ESG microfrontend (MFE)
- Updates to the teams app:
- Add`get_teams_in_teamset` to the teams API.
- Add `get_team_names` to teams service.
- Adds `openassessment.staffgrader` app for appropriate ORA migrations.
- Modifies management commands for creation of users.
- Updates test factory to return display org with course overview.
Co-authored-by: jansenk <jkantor@edx.org>
Co-authored-by: Leangseu Kim <lkim@edx.org>
Co-authored-by: Ben Warzeski <bwarzeski@edx.org>
The content library tests were failing to locate templates when
rendering XBlocks, but since these tests are skipped in CI, the issue
went undetected.
This fix is marked temporary because a proper fix involves adding
lms/templates to the cms.envs.test MAKO_TEMPLATE_DIRS_BASE list. This
was tried, and caused unrelated tests to fail, and so we took this
approach instead. See PR for full details.
