Moves the existence check for secondary (recovery) email to validate
method. If the email already exists, silently remove it from the set of
data to be updated. This parallels the existing behavior for updating
the primary email.
ENT-1913
* WIP: add third-party-auth scope and usage
BOM-1264
* Fix tests now that we do permissions in a more standard way.
Rather than manually setting the permission class we previously
explicitly raised a PermissionDenied exception. The way DRF
permissoning logic works, if we use the WWW-Authenticate header in the
highest priority auth class, it will return a 401 instead of a 403.
* Added test to make sure having permissions gives access to user mapping api
* Test new filters logic.
Ensure that the filters we add to the application access model make it
into the JWT correctly.
* quality fix
* quality fix
* disable pylint warning
* quality fix
* fix indent prob
Co-authored-by: Feanil Patel <feanil@edx.org>
Co-authored-by: Manjinder Singh <49171515+jinder1s@users.noreply.github.com>
This was previously disabled because changing another user's password is
both not usually recommended and bypasses password policy. Here, we add
a feature flag (`ENABLE_CHANGE_USER_PASSWORD_ADMIN`) to allow
re-enabling this password change form. This allows continued use of this
functionality by clients that require it.
Adds a simple nullable field to the UserProfile model. The only
validation done it to make sure any character saved in that field is a
digit and not a letter. We do not distiguish on a model level if the
phone number is international or not.
* Renamed OAuth2Authentication to BearerAuthentication
* Added back OAuth2Authentication name
-there are libraries such as edx-enterprise that still import OAuth2Authentication. The OAuth2Authentication class should be fully removed when everything is importing BearerAuthentication correctly
Rather than to create or update the account recovery record when the
Account Settings page is updated, defer updating until the new
recovery email is confirmed
ENT-2607
Currently, the /login_ajax endpoint does not regard
any `next` or `course_id` parameters. This commit changes
that, sharing the logic that /login (which the current
templated login page uses) employs to cacluate
a redirect-after-login URL based on `next` and `course_id`.
The new functionality is behind ENABLE_LOGIN_MICROFRONTEND.
Fix all deprecation warnings generated by Django REST Framework during the unit tests:
* ``The `base_name` argument is pending deprecation in favor of `basename`.`` (86 occurrences)
* `` `detail_route` is deprecated and will be removed in 3.10 in favor of `action`, which accepts a `detail` bool. Use `@action(detail=True)` instead.`` (18 occurrences)
- Removing deprecated auth classes
- Replacing OAuth2AuthenticationAllowInactiveUserDeprecated with OAuth2AuthenticationAllowInactiveUser
- the old class was a child class of a deprecated class that we are removing and replacing.
-Updated middleware setting to use use middleware insted of
middleware_classes
-github install of django-method-override fork to support
new style middleware in django1.11
Some tests that used to mock the cache internals of ConfigurationModels
had to be modified to use CacheIsolationTestCase instead (the things
they were mocking no longer exist).
Logout link should be displayed only for learner portal
Added changed to display only for learner portal
Added unit tests
check third_party_auth is enabled
Changes to extend SSO logout link feature to Oauth providers
Fixed quality violations
Removed unncessary assert
Reviewer feedback changes
* Added new auth class
- Created new class called OAuth2AuthenticationAllowInactiveUser, which replaces old class with same name
- Renames previous OAuth2AuthenticationAllowInactiveUser to OAuth2AuthenticationAllowInactiveUserDeprecated
- Replaced all imports of OAuth2AuthenticationAllowInactiveUser to call deprecated class instead
- testing new class in discussion(added flag based on django setting)
This PR adds a management command that will update the email address
of the given accounts provided through a CSV file.
This is necessary internally at edX to update a number of internal accounts
which are using sibling email addresses and would be locked out after we
enforce SSO.
Currently, we are working on removing the rest_framework_auth library from edx-platform. For this push, we need to remove the oauth2Authentication class. This PR creates a new class oauth2AuthenticationDeprecated that adds additional new relic metrics. The metrics would allow us to see how often this class is used and its success rate. The hope is that this information will help us with transitioning to a different authentication class.
Learner who have already earned PDF honor certificates in old courses
are unable to see the certificate links on dashboard and course progress
pages since `course.cert_html_view_enabled` is deprecated and default to
True for all courses.
PROD-60
