Commit Graph

377 Commits

Author SHA1 Message Date
Tim McCormack
fe3d855986 feat: Don't warn about expected user changes in safe-sessions (#28983)
This is intended to silence a rare false positive that seems to happen
when someone logs in on a browser that already has an active session
for another user. We believe there should be no further positives once
this case is handled.

- login and logout views annotate the response to indicate the session
  user should be changing between the request and response phases
- safe-sessions middleware skips the verify-user check when this
  annotation is present

Also:

- Adds a test around existing behavior for unexpected user-changes
- Remove logging control based on `is_from_log_out`. This reverts most
  of af9e26f/PR #11479 for two reasons:
  - The safe-sessions `_verify_user` code has since changed to check for
    `request.user.id == None`
  - A commit later in the PR changes the login and logout pages to
    signal that the user/session change is expected
2021-10-13 15:53:16 +00:00
Shafqat Farhan
feb732d859 fix: VAN-739 - removed is_active property from Segment 2021-10-11 19:23:14 +05:00
Manjinder Singh
9ef8332a60 Revert "feat: adding code owner for a Celery event"
This reverts commit 2c37fec345.
2021-10-08 17:30:16 -04:00
Manjinder Singh
2c37fec345 feat: adding code owner for a Celery event 2021-10-08 17:29:06 -04:00
Mubbshar Anwar
23c94b7ec5 fix: add opt in/out event (#28985)
add opt in/out event for Braze.

VAN-738
2021-10-08 22:39:54 +05:00
Mubbshar Anwar
66291c3aa6 feat: record opt in/out attribute (#28883)
* feat: record opt in/out attribute

save opt in/out attribute comming from frontend-app-authn register page.
VAN-738

* feat: VAN-738 - Send marketing event property and email subscription

* feat: VAN-738 - Send marketing event property and email subscription

* feat: VAN-738 - updated conditions

* feat: VAN-738 - added is_active for braze during registration

* feat: VAN-738 - added is_active for braze during registration

* feat: VAN-738 - fixed pep8 violation

Co-authored-by: Shafqat Farhan <shafqat.farhan@arbisoft.com>
2021-10-08 18:29:18 +05:00
Robert Raposa
e41520dbae feat: return user id from login_refresh (#28905)
To enhance monitoring of login_refresh issues that happen
in the frontend, return user id as part of successful
refreshes.
2021-10-04 11:00:07 -04:00
uzairr
c83750ff58 add hipb api client 2021-09-24 13:09:14 +05:00
Ivo Branco
6f0255bc60 Fix use a registration field order when using a registration extension form (#26633) 2021-09-23 11:07:49 +05:00
Jawayria
43d0b4eec8 Merge pull request #28709 from edx/jawayria/fix-check
fix: Added the condition on body_type in test_reset_password
2021-09-13 16:15:08 +05:00
Tim McCormack
0c164ad4c2 fix: Fix Studio logout by pointing to correct logout view (#28714)
This changes the "Sign out" link on Studio to point to Studio's own logout
view, which clears the session and then redirects to LMS's logout page. The
LMS logout page then skips loading the Studio logout because it is seen in
the Referer header.

This change also brings Studio better into line with how other IDAs perform
their logouts.

Background:

After the rollout of Studio OAuth, logouts initiated on Studio failed to
actually log out Studio (but all other IDAs were logged out). This was
because the LMS logout view loads the logout pages of other IDAs but skips
any that is a *prefix* match on the Referer header, and browsers now often
send a truncated version of the Referer for privacy. Therefore, Studio was
always skipped when coming from Studio.

The fix is to make sure that Studio has already performed its logout by the
time the LMS logout page is loaded.

One wrinkle here is that the LMS logout view is activated by `/logout`, but
the correct logout view (provided by auth_backends) is activated by
`/logout/` -- with a trailing slash. This is fragile and unfortunate, but
can be cleaned up when we later remove other leftovers of Studio's previous
ability to handle logistration.

ref: ARCHBOM-1897
2021-09-10 18:45:58 +00:00
Jawayria
a3fd502bab fix quality 2021-09-10 21:10:21 +05:00
Jawayria
dee102a70b fix: Added the condition on body_type in test_reset_password 2021-09-10 18:14:07 +05:00
Zainab Amir
40dba56cff fix: auto register send_activation_email task (#28694) 2021-09-09 14:13:35 +05:00
Zainab Amir
517c4af90c fix: rename send_activation_email task (#28678) 2021-09-08 17:52:03 +05:00
Zainab Amir
bf76fb3f7f move send_activation_email celery task (#28666)
- moved send_activation_email to user_authn app
- registered task under both new and old name
- exposed the old name for task invocation

VAN-417
2021-09-08 10:44:54 +05:00
Jawayria
b3cb59b07f fix: Replaced '&#39' with '&#x27' to prevent test_reset_password_email from failing on Django 3 2021-09-07 17:31:14 +05:00
mariagrimaldi
c0618592d2 feat: add 1st batch of Open edX events
* Add STUDENT_REGISTRATION_COMPLETED event after the user's registration
* Add SESSION_LOGIN_COMPLETED event after the user's login session
* Add COURSE_ENROLLMENT_CREATED event after the user's enrollment creation
2021-09-02 10:05:23 -04:00
uzairr
d0c953f261 update session on password change 2021-09-01 02:41:40 +05:00
Jhony Avella
95a6abcd1f revert: removing read_committed argument from outer_atomic function (#28161)
In the PR https://github.com/edx/edx-platform/pull/10659 the outer_atomic decorator/context manager was created to prevent nested atomic blocks. This method received a boolean parameter read_committed to enforce read-committed MySQL isolation level. From Django 2, the default isolation level Django sets is read-committed, so the aforementioned parameter for outer_atomic can be removed
2021-08-31 16:39:35 -04:00
Maria Grimaldi
54627e1101 refactor: replace User for UserFactory and its methods
This change is done so the profile is automatically created for tests users
2021-08-30 11:03:49 -04:00
Usama Sadiq
cde050618e build: Moved user and group management commands and unit tests to edx-django-utils
- Removed manage_user and manage_group commands and their unit tests from edx-platform and added then to edx-django-utils.
- Modified User.post_save signal to ensure the user profile is created when manage_user management command is run to create a user.
- Added edx-django-utils to INSTALLED_APPS for LMS and Studio.
- Moved generate_password from openedx.core.djangoapps.user_authn.utils to edx_django_utils.user along with its unit test.
2021-08-30 12:03:37 +05:00
Maria Grimaldi
2ee52ea96c refactor: replace some create_user with UserFactory to avoid non-existent profile errors 2021-08-24 15:49:21 -04:00
Zainab Amir
3f0aa42d84 feat: add activation link to registration event (#28513)
Added activation key to the registration event to be used by braze.
Specifically it will be used by activation reminder emails.

VAN-693
2021-08-24 16:12:45 +05:00
Attiya Ishaque
7d029f8283 [VAN-332] Full name validation on registration page. (#28444) 2021-08-12 16:07:32 +05:00
Waheed Ahmed
e203309019 feat: increment lockout counter upon NonCompliantPasswordException (#28218)
Increment lockout counter upon `NonCompliantPasswordException` to prevent further
login attempts after 6 attempts and also to prevent further reset password emails.

Reports from some users receiving 100s of password emails, upon investigation seems
like their password is not compliant with edX and has been compromised.

VAN-192
2021-07-19 18:34:36 +05:00
Waheed Ahmed
74e3b664eb fix: clean accent characters from username (#28157)
Also cleaned username for Authn MFE while registering using SSO/SAML.

VAN-483
2021-07-13 20:33:22 +05:00
Diana Huang
9173707a50 feat: Allow shared cookies' domains to be set separately. (#28135)
Several of our cookies are meant to be shared between the LMS
and the marketing site. The previous assumption was that
SESSION_COOKIE_DOMAIN would cover both. We would like to make
it so that these can be set independently of each other.

https://openedx.atlassian.net/browse/ARCHBOM-1831
2021-07-12 15:49:11 -04:00
Zaman Afzal
843e9ba29b ENT4083: Removed ENABLE_MULTIPLE_USER_ENTERPRISES_FEATURE waffle switch (#28057) 2021-06-30 13:58:11 +05:00
mubbsharanwar
7b299977b7 fix:Login failed email_or_username
Fix email_or_username null in login failed case.

Fixes: VAN-532
2021-06-14 10:38:40 +05:00
Adeel Ehsan
335a0f28de Merge pull request #27661 from edx/aehsan/VAN-434/account_activation_dialogue_box_added
Account activation popup added
2021-06-10 15:20:15 +05:00
adeelehsan
78f1f1916c Account activation popup added
VAN-434
2021-06-10 14:46:49 +05:00
Simon Chen
a284b9704c [Fix]: CR-3731 correct the spelling of the error message on password reset (#27883) 2021-06-08 11:33:37 -04:00
uzairr
dd5c3790c3 refactor login api 2021-05-21 19:59:41 +05:00
Waheed Ahmed
ea29318f22 fix: username suggestion generation (#27641)
If all generated usernames using an integer range are already consumed by existing
users, the loop stuck in an infinite loop. Fixed by using a for loop instead of
while with an upper limit.
2021-05-19 14:53:06 +05:00
Usama Sadiq
4f4be6538a BOM-2477: pylint warnings lint-amnesty (#27585) 2021-05-11 17:22:40 +05:00
uzairr
e291e383f6 refactor failed login response 2021-05-11 16:20:34 +05:00
Alex Dusenbery
4b247013ff feat: account activation now supports a next query param. ENT-4433
This change causes the activation link that’s emailed to a newly-registered user
to utilize a next query parameter. The impetus for this change is an edX Enterprise use-case:
we'd like newly registered Enterprise Customer admins and learners
to be directed to the Enterprise Learner Portal (or Admin Portal) upon account activation.
This is likely a broad enough use case to be valuable in other endeavors.
2021-05-10 12:58:26 -04:00
Usama Sadiq
63a9327a9d refactor: pyupgrade second iteration (#27460) 2021-05-10 13:57:24 +05:00
Adeel Ehsan
798b523712 Revert "CTA dialogue added" (#27560) 2021-05-07 16:17:18 +05:00
Adeel Ehsan
03a8dbffb7 Merge pull request #27334 from edx/aehsan/Van-434/cta_dialogue_box_added
CTA dialogue added
2021-05-07 05:42:56 +05:00
adeelehsan
dc306f8f6d CTA dialogue added
VAN-434
2021-05-05 23:29:47 +05:00
Waheed Ahmed
3e87c1f277 refactor: update username suggestions logic (#27525)
Used integers instead of alphanumerics to generate username suggestions.

VAN-52
2021-05-05 23:28:55 +05:00
Uzair Rasheed
c450de4062 Merge pull request #27496 from edx/update-login-api
upgrade login api
2021-05-05 13:15:22 +05:00
Zainab Amir
8d4ccf950a Update validation messages for register endpoint (#27476)
As part of authn redesign, validation messages have been updated.
- created a new endpoint for validations
- updated username/email conflict message in registration api based on
authn check

VAN-288
2021-05-05 12:33:59 +05:00
Michael Terry
35f78a3241 feat!: remove all email_marketing djangoapp code
This djangoapp was designed for talking to sailthru, in a fairly
edx.org-specific way. Nowadays, edx.org doesn't need this code and
if other installations do, it's better off as a more distinct
plugin anyway, rather than direct support in the platform.

I've moved the one signal that was still useful (calling
segment.identify() whenever user fields change) into user_authn.

And I've left the EmailMarketingConfiguration model alone for now,
but will remove that shortly. Nothing uses it as of this commit.

AA-607
DEPR-139
2021-05-03 16:39:01 -04:00
uzairr
ac054f92b1 upgrade login api
Modify the existing login api in a way that
it will allow the user to login via username as well.
currently it is only allowing email to log the user in.

VAN-445
2021-05-03 11:38:07 +05:00
Shafqat Farhan
30bf95b053 VAN-437 - Unlocking the learners upon successful password reset 2021-04-30 18:36:21 +05:00
Binod Pant
735d01283e ENT-4383 fix the hinted login page experience when enterprise login enables hinted login (#27431)
* fix: 🐛 Correctly check that saml provider is available using tpa_hint in next param

This fixes the issue of 404 when an enterprise customer sends a tpa_hint in next, but that param is not correctly checked to disable auth MFE. The hinted login page now works with this change.

ENT-4383

* feat: comment update

comment update

ENT-4383
2021-04-27 11:33:00 -04:00
Julia Eskew
4462ed37b2 Revert "update login api" (#27416)
This PR might be causing e2e tests to fail. Reverting and merging without waiting on tests.
2021-04-26 10:07:36 -04:00