It's likely that someone will at some point enable encrypted logging but
forget to deploy the config change that sets the key; if this happens, we
should gracefully return a warning rather than raise an exception.
Along the same lines, make sure that safe-sessions won't raise an exception
if the setting is missing, and document the suggested use of getattr.
It's long past time that the default test modulestore was Split,
instead of Old Mongo. This commit switches the default store and
fixes some tests that now fail:
- Tests that didn't expect MFE to be enabled (because we don't
enable MFE for Old Mongo) - opt out of MFE for those
- Tests that hardcoded old key string formats
- Lots of other random little differences
In many places, I didn't spend much time trying to figure out how to
properly fix the test, and instead just set the modulestore to Old
Mongo.
For those tests that I didn't spend time investigating, I've set
the modulestore to TEST_DATA_MONGO_AMNESTY_MODULESTORE - search for
that string to find further work.
We set a global `min-height: 100%` for the body element (a common strategy to
allow for background images to fill the viewport), but this is undesirable for
iframes where the `window.onresize` is used to programmatically adjust the
iframe height. Because `onresize` will fire when the body adjusts itself as
per its `min-height: 100%`, in certain situations this will lead to an infinite
resizing loop. This is notably visible when:
* Rendering the video block when using Firefox: this causes the iframe
size to jiggle indefinitely.
* Rendering the HTML block when there are empty block elements (such as
`<p></p>`) that have a vertical margin set (which happens to be the
default to HTML blocks): this will cause the iframe to increase in
height infinitely.
By adding an inline `min-height: auto` on the wrapping body element,
this overrides the Studio-served CSS, and thus fixes the problem.
- test: Remove reference to `REDIRECT_TO_LOGIN_ON_SAFE_SESSION_AUTH_FAILURE`,
since it was removed in commit bd7653aefcd77a/PR #29132.
- docs: Clarify what "work correctly" means for header-logging
This is more correct and may reduce the likelihood of perpetuating a bad
mixed-auth state.
In general, we should probably be modifying session and JWT cookies in
sync at all times, never individually. This specific code probably won't
make anything worse, but a clean reset might improve user experience in
the rare cases where someone somehow gets their browser into a weird
state.
- Switch from `response.set_cookie` with past expiry to just using the
`response.delete_cookie` method.
- Docstring improvements.
ref: ARCHBOM-2030 (internal)
This commit avoids raising AuthEntryError when auth_entry is None.
At some point of the authentication flow, when the auth_entry is
missing from the auth URL (eg. auth/login/tpa-saml/?idp=idp), the
request session stores auth_entry: None causing this edited line to fail
which stops the login from completing.
- Adds Enhanced Staff Grader (ESG) backend-for-frontend (BFF) in `lms/djangoapps/ora_staff_grader`
- Adds routing to ESG BFF at `{lms_url}/api/ora_staff_grader/*`
- Adds mock implementation routing at `{lms_url}/api/ora_staff_grader/mock/*`
- Adds `ORA_GRADING_MICROFRONTEND_URL` setting for routing to ESG microfrontend (MFE)
- Updates to the teams app:
- Add`get_teams_in_teamset` to the teams API.
- Add `get_team_names` to teams service.
- Adds `openassessment.staffgrader` app for appropriate ORA migrations.
- Modifies management commands for creation of users.
- Updates test factory to return display org with course overview.
Co-authored-by: jansenk <jkantor@edx.org>
Co-authored-by: Leangseu Kim <lkim@edx.org>
Co-authored-by: Ben Warzeski <bwarzeski@edx.org>
Responses to forum questions did trigger email notifications.
This fix makes email notifications for question-type threads work the
same way as they work for regular discussion-type threads.
See:
https://github.com/openedx/build-test-release-wg/issues/86
Tests on Maple were failing:
```
def test_retirement_for_multiple_users(self):
user_retirement_url = reverse('bulk_retirement_api')
expected_response = {
'successful_user_retirements': [self.user3.username, self.user4.username],
'failed_user_retirements': []
}
with self.settings(RETIREMENT_SERVICE_WORKER_USERNAME=self.user1.username):
response = self.client.post(user_retirement_url, {
"usernames": f'{self.user3.username},{self.user4.username}'
})
assert response.status_code == 200
> assert response.data == expected_response
E AssertionError: assert {'failed_user... 'testuser3']} == {'failed_user... 'testuser4']}
E Omitting 1 identical items, use -vv to show
E Differing items:
E {'successful_user_retirements': ['testuser4', 'testuser3']} != {'successful_user_retirements': ['testuser3', 'testuser4']}
E Use -v to get the full diff
```
`sorted(set(...))` still produces a list, and I guess we didn't care
about the order before, since it wasn't determined. So this should be
an acceptable change.
* feat: New API for discussion topics
Creates a new API for discussion topics that uses auto-crated discussion topic links for the new discussion provider.
* squash!: refresh migration
If a learner changes modes (like upgrades to a verified learner),
we will reset their schedule for them. But if they did this before
the course started, we would accidentally set their schedule to
the current time. So when the course did start, they would already
appear to be behind schedule.
That's silly. So now we always look at course start time when
resetting the learner's schedule.
AA-426
In order to complete https://openedx.atlassian.net/browse/TNL-9320, we need to better encode the URI of the editor using the block id.
We also need to allow users to navigate out of the editors while it is a new page using the back button for a11y reasons.
Switch from files.edx.org to the logos.openedx.org url for the "Powered
by Open edX" logos. We should still keep the old url working as many
old versions of Open edX still referer to it.
We're making this change so that for future versions of the edx-platform
the DNS for these logos lives alongside the rest of the Open edX
infrastructure managed by tCRIL.
MST-1317. The enrollment mode of a learner should still display on the course listing, even if IDV is disabled. Right now, all enrollment messaging is disabled if IDV is turned off, as we are no longer returning the verifications status for a learner in that case. We should still return the enrollment mode if IDV is disabled, but exclude any IDV messaging.
