This is more correct and may reduce the likelihood of perpetuating a bad
mixed-auth state.
In general, we should probably be modifying session and JWT cookies in
sync at all times, never individually. This specific code probably won't
make anything worse, but a clean reset might improve user experience in
the rare cases where someone somehow gets their browser into a weird
state.
- Switch from `response.set_cookie` with past expiry to just using the
`response.delete_cookie` method.
- Docstring improvements.
ref: ARCHBOM-2030 (internal)
This commit avoids raising AuthEntryError when auth_entry is None.
At some point of the authentication flow, when the auth_entry is
missing from the auth URL (eg. auth/login/tpa-saml/?idp=idp), the
request session stores auth_entry: None causing this edited line to fail
which stops the login from completing.
- Adds Enhanced Staff Grader (ESG) backend-for-frontend (BFF) in `lms/djangoapps/ora_staff_grader`
- Adds routing to ESG BFF at `{lms_url}/api/ora_staff_grader/*`
- Adds mock implementation routing at `{lms_url}/api/ora_staff_grader/mock/*`
- Adds `ORA_GRADING_MICROFRONTEND_URL` setting for routing to ESG microfrontend (MFE)
- Updates to the teams app:
- Add`get_teams_in_teamset` to the teams API.
- Add `get_team_names` to teams service.
- Adds `openassessment.staffgrader` app for appropriate ORA migrations.
- Modifies management commands for creation of users.
- Updates test factory to return display org with course overview.
Co-authored-by: jansenk <jkantor@edx.org>
Co-authored-by: Leangseu Kim <lkim@edx.org>
Co-authored-by: Ben Warzeski <bwarzeski@edx.org>
Responses to forum questions did trigger email notifications.
This fix makes email notifications for question-type threads work the
same way as they work for regular discussion-type threads.
See:
https://github.com/openedx/build-test-release-wg/issues/86
Tests on Maple were failing:
```
def test_retirement_for_multiple_users(self):
user_retirement_url = reverse('bulk_retirement_api')
expected_response = {
'successful_user_retirements': [self.user3.username, self.user4.username],
'failed_user_retirements': []
}
with self.settings(RETIREMENT_SERVICE_WORKER_USERNAME=self.user1.username):
response = self.client.post(user_retirement_url, {
"usernames": f'{self.user3.username},{self.user4.username}'
})
assert response.status_code == 200
> assert response.data == expected_response
E AssertionError: assert {'failed_user... 'testuser3']} == {'failed_user... 'testuser4']}
E Omitting 1 identical items, use -vv to show
E Differing items:
E {'successful_user_retirements': ['testuser4', 'testuser3']} != {'successful_user_retirements': ['testuser3', 'testuser4']}
E Use -v to get the full diff
```
`sorted(set(...))` still produces a list, and I guess we didn't care
about the order before, since it wasn't determined. So this should be
an acceptable change.
* feat: New API for discussion topics
Creates a new API for discussion topics that uses auto-crated discussion topic links for the new discussion provider.
* squash!: refresh migration
If a learner changes modes (like upgrades to a verified learner),
we will reset their schedule for them. But if they did this before
the course started, we would accidentally set their schedule to
the current time. So when the course did start, they would already
appear to be behind schedule.
That's silly. So now we always look at course start time when
resetting the learner's schedule.
AA-426
In order to complete https://openedx.atlassian.net/browse/TNL-9320, we need to better encode the URI of the editor using the block id.
We also need to allow users to navigate out of the editors while it is a new page using the back button for a11y reasons.
Switch from files.edx.org to the logos.openedx.org url for the "Powered
by Open edX" logos. We should still keep the old url working as many
old versions of Open edX still referer to it.
We're making this change so that for future versions of the edx-platform
the DNS for these logos lives alongside the rest of the Open edX
infrastructure managed by tCRIL.
MST-1317. The enrollment mode of a learner should still display on the course listing, even if IDV is disabled. Right now, all enrollment messaging is disabled if IDV is turned off, as we are no longer returning the verifications status for a learner in that case. We should still return the enrollment mode if IDV is disabled, but exclude any IDV messaging.
This LTI call was failing in unit tests when `ENFORCE_SAFE_SESSIONS` was
enabled. I'm not sure why we didn't see failures in production when the
toggle was enabled in config.
The course outline view has a way for a staff user to make a request as if
they are another user, not just by using the masquerade mechanism but also
by setting a request parameter. This can result in false positives in the
safe-sessions middleware, and if `ENFORCE_SAFE_SESSIONS` is enabled the
responses will be 401 errors.
The fix here is to do the same thing that masquerading does in setting a
`real_user` property on the new user object, which the safe-sessions
middleware then undoes (restoring the request.user) before determing
whether there's a mismatch.
(Without this fix, enabling `ENFORCE_SAFE_SESSIONS` also causes some tests
in `test_views.py` to fail.)
