There is a planned edx-drf-extension update to 3.0.0 to remove the
toggle used for ENFORCE_JWT_SCOPES. Currently, edx-platform is dependent
on the this toggle. This constraint will keep other `make upgrade` PRs
working in the short window before the edx-paltform PR to remove the
same toggle can land.
BOM-1324
Impact is that for proctoring backends which support in-exam keepalive
ping messages to ensure the monitoring software is running while
learners have access to proctored exams, we will no longer send ping
requests while the learner is on the ready_to_submit page. These pings
have caused issues for some of our learners in the past, in that some
learners idle on this page waiting for a slow-to-shut-down
application. Pinging while the app is shutting down may've caused
spurious false positives for suspicious learner behavior, and we lose
little integrity by enabling the learner to continue to see the
non-exam-content interstitial, so we're relaxing this rule.
JIRA:CR-1597
* Renamed OAuth2Authentication to BearerAuthentication
* Added back OAuth2Authentication name
-there are libraries such as edx-enterprise that still import OAuth2Authentication. The OAuth2Authentication class should be fully removed when everything is importing BearerAuthentication correctly
-Updated middleware setting to use use middleware insted of
middleware_classes
-github install of django-method-override fork to support
new style middleware in django1.11
Some tests that used to mock the cache internals of ConfigurationModels
had to be modified to use CacheIsolationTestCase instead (the things
they were mocking no longer exist).
Fix constraints to not have a lingering pin on edx-when. And
add constraint on version of mock that supports python 3.5.
And then a general make upgrade.
Django-auth-toolkit update
Pinned the latest commit from github to get Django2.2 support in testing.
Pinned the zipp<2.0.0 to get Python<3.5 support too.
Unpin several more outdated dependencies whose changelogs don't contain any significant backwards incompatible changes. Also add "moto" to the list of packages to uninstall from existing environments, since it requires a jsondiff version that clashes with the one we now use (triggering a harmless but distracting warning on dependency updates).
We can potentially stop using path.py/path altogether by switching to pathlib in the Python 3 standard library, but that merits a separate PR of its own.
Also, note that I'm not actually unpinning freezegun; different PRs restricted it in both constraints.txt and test.in, I'm just removing the latter redundant constraint.
