* WIP: add third-party-auth scope and usage
BOM-1264
* Fix tests now that we do permissions in a more standard way.
Rather than manually setting the permission class we previously
explicitly raised a PermissionDenied exception. The way DRF
permissoning logic works, if we use the WWW-Authenticate header in the
highest priority auth class, it will return a 401 instead of a 403.
* Added test to make sure having permissions gives access to user mapping api
* Test new filters logic.
Ensure that the filters we add to the application access model make it
into the JWT correctly.
* quality fix
* quality fix
* disable pylint warning
* quality fix
* fix indent prob
Co-authored-by: Feanil Patel <feanil@edx.org>
Co-authored-by: Manjinder Singh <49171515+jinder1s@users.noreply.github.com>
This was previously disabled because changing another user's password is
both not usually recommended and bypasses password policy. Here, we add
a feature flag (`ENABLE_CHANGE_USER_PASSWORD_ADMIN`) to allow
re-enabling this password change form. This allows continued use of this
functionality by clients that require it.
* Check learner enrollment status to avoid mixing learners from incompatible tracks (e.g. masters/audit) to the same team
* When a new team is encountered on a team management CSV, create it with the protection status of the user
* Renamed OAuth2Authentication to BearerAuthentication
* Added back OAuth2Authentication name
-there are libraries such as edx-enterprise that still import OAuth2Authentication. The OAuth2Authentication class should be fully removed when everything is importing BearerAuthentication correctly
Stop showing hitting enterprise API when request is originated as result of 404 error.
fixed quality violations
Removed line break
add unit tests
Updated test docstring
Course banner text is justified from both sides which is creating
extra spaces between the text ultimately impacting on usability.
To improve it, its alignment is modified and now it is no longer
affecting usability.
PROD-1034
Fix all deprecation warnings generated by Django REST Framework during the unit tests:
* ``The `base_name` argument is pending deprecation in favor of `basename`.`` (86 occurrences)
* `` `detail_route` is deprecated and will be removed in 3.10 in favor of `action`, which accepts a `detail` bool. Use `@action(detail=True)` instead.`` (18 occurrences)
- Removing deprecated auth classes
- Replacing OAuth2AuthenticationAllowInactiveUserDeprecated with OAuth2AuthenticationAllowInactiveUser
- the old class was a child class of a deprecated class that we are removing and replacing.
