Context: We have witnessed multiple, seemingly random "CSRF verification
failed" errors while signing in (with valid ID) to the Studio.
Explanation: The login form does not initially include a CSRF field.
The CSRF header of the request is appended to the studio login request
headers by intercepting the form validation. This intercept is performed
by the login.js script. Unfortunately, the login.js script is loaded
pretty late (at the end of the template). So if the login form is
validated sufficiently fast, the login.js script has no time to load and
append the X-CSRFToken header to the request.
Proposed solution: the CSRF token is already passed to the template via
the login view, so we just add a hidden field to the login form to
include the csrf token.
Admin ("Instructor") - Can edit and assign permissions to other users
Normal ("Staff") - Can edit
User - Can view the library and use content from it but cannot edit it or its blocks.
Clear the 'invalid login' error message when the user edits her username
or password. This fix makes makes it clear that future attempts to
login are not being ignored if they continue to generate the same error.
Add an acceptance test case to verify this behavior.
Fixes https://openedx.atlassian.net/browse/TNL-140
This commit puts a limit on the size of files that
course staff can upload to MongoDB. The limit is
enforced on the frontend in javascript as well
as backend via the /upload endpoint.
The limit is hard-coded in cms/envs/common.py and
may be changed according to the user's custom
needs.
If the user tries to upload a file that's too
large, an error message will pop up, with a
customizable url that pointing the user to an
external page with an alternate upload procedure.
This url is specified im cms/envs/common.py.
If not set, this url will not be displayed.
