Context: We have witnessed multiple, seemingly random "CSRF verification
failed" errors while signing in (with valid ID) to the Studio.
Explanation: The login form does not initially include a CSRF field.
The CSRF header of the request is appended to the studio login request
headers by intercepting the form validation. This intercept is performed
by the login.js script. Unfortunately, the login.js script is loaded
pretty late (at the end of the template). So if the login form is
validated sufficiently fast, the login.js script has no time to load and
append the X-CSRFToken header to the request.
Proposed solution: the CSRF token is already passed to the template via
the login view, so we just add a hidden field to the login form to
include the csrf token.
The CSS is also restructured a bit to style both the progress bar and
the status text based on the state of the upload using a single class
on the parent element.
Fix i18n for video status strings (broken in commit 4b53f4d) and remove
unnecessary complexity from a test case. This also removes the status
whitelist in the video upload configuration. Because status is included
in the CSV report, it is not necessary to filter the included videos by
status.
Course and Library keys cannot contiain !'()* special characters,
but the JS validation on the new course/library failed to detect
these characters.
`encodeURIComponent` is used to check the string for special characters,
but `encodeURIComponent` does not encode these characters: -_!~*'().
(see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURIComponent)
The -_~ characters are allowed in course keys, but !'()* are not,
so add an explicit check for these characters to make sure a field
containing these characters does not pass the validation.
It looks like the 'New Course'/'New Library' buttons on the studio home page.
Clicking the 'Add Component' button scrolls down to the 'Add New Component' buttons.
Admin ("Instructor") - Can edit and assign permissions to other users
Normal ("Staff") - Can edit
User - Can view the library and use content from it but cannot edit it or its blocks.
This hotfix patches the functionality of the GridFS PR
by dismissing the error msg when the user uploads a large
file and fails, then uploads a regular file. This
includes a Jasmine test to cover this case.
Clear the 'invalid login' error message when the user edits her username
or password. This fix makes makes it clear that future attempts to
login are not being ignored if they continue to generate the same error.
Add an acceptance test case to verify this behavior.
Fixes https://openedx.atlassian.net/browse/TNL-140
