The enrollmentStatusHash cookie value was created in commit f0030334
as an optimization, in order to determine whether the marketing site
needs to refresh the list of a student's enrolled courses with a
call to the LMS. To ensure that this value was kept up to date,
commit d7a7bcc1 reset the user's cookies every time they go to the
learner dashboard page (which used to be the next page loaded after
you enrolled in a course). This didn't just reset the
enrollmentStatusHash though -- it recalculated all the cookie
values, as if you had just logged in.
A number of things have changed since then:
1. Enrolling in a course now goes to that course's info/navigation
page, rather than going to the student dashboard.
2. It doesn't appear that the value of enrollmentStatusHash is
actually being examined anywhere -- it's set in a cookie on the
LMS and read/written by the edX marketing front end code, but
the value is never looked at to make any decisions.
3. The introduction of add_email_marketing_cookies (which triggers
off of the CREATE_LOGON_COOKIE signal) has made cookie resets
far more expensive, as there is a blocking call to Sailthru if
you have that enabled in EmailMarketingConfiguration (which
edx.org does). This can add over two seconds to the server
processing time for the student dashboard at certain times of
day.
Given this, I'm removing both the call to resetting the cookie on
the student dashboard page, as well as setting the value for
enrollmentStatusHash.
* INCR-211: run python-modernize and isort to support python2 --> python3 transition
* INCR-211: fix pylint errors.
Removed unused module import request and error.
Used import as to avoid too deep a function call.
Altering imports and using suppression of pylint's import error.
* INCR-211: ignore pylint's import error from six module.
* INCR-211: remove unused modules. Ignore pylint import error from six module.
* INCR-211: ignore pylint's import error from six module. Group imports.
* INCR-211: disable error of 'must be called with literal string'
The specific context for this error means we can disable this.
* INCR-211: change import to satisfy pylint by renaming import
* INCR-211: fix imports so six.unichr works.
An older test was deleted based on flakiness around the ID
verification process; this test eliminates the dependency on IDV by
enabling manual ID verification (an enterprise-motivated workaround
for IDV requirements) via the auto_auth endpoint.
JIRA:EDUCATOR-1178
Currently, the LMS logout endpoint should iframe in the logout pages of
all the IDAs you were logged into. In short, this was made possible with
DOP because keeping track of the logout URIs and leaving a trail of
evidence in the user cookies was part of what we added in our fork of
DOP. In the case of DOT, we don't have time or desire to fork DOT to
mirror this behavior, so our stop-gap solution is to log out the user
from a list of logout URIs in settings.
The following changes are made to add LMS user_id:
* Adds user_id scope to the JWT to provide the LMS user_id.
* JWT cookies always use the user_id claim.
ARCH-379
