Commit Graph

147 Commits

Author SHA1 Message Date
George Babey
aa111fbc66 Merge pull request #22472 from edx/hasnain-naveed/ENT-2505
ENT-2505 | By passing the check for forcing the login by third auth when user is…
2019-12-18 11:35:18 -05:00
Robert Raposa
44a6ca3c2f Merge pull request #22488 from edx/robrap/ARCH-1253-remove-login-shim-part-2
ARCH-1253: remove shim_student_view from LoginSession.post - Part 2
2019-12-18 08:54:38 -05:00
Robert Raposa
c5f44bf20e update READMEs to clarify responsibilities
Add some clarifications for student, user_api, and user_authn given
the recent clean-up of moving code to the appropriate apps.

ARCH-1248
2019-12-16 13:51:43 -05:00
Robert Raposa
b2be6b3ba2 Merge pull request #22513 from edx/robrap/ARCH-1253-login-user-post-only-take-3
ARCH-1253: require POST for login_user
2019-12-15 15:59:00 -05:00
Robert Raposa
3505492fff require POST for login_user
ARCH-1253
2019-12-15 11:20:06 -05:00
Robert Raposa
a9825889bf remove /login_post endpoint
- retires toggle DISABLE_DEPRECATED_LOGIN_POST
- permanently removes /login_post

Now that studio signin has been retired, we are able to remove the
unused /login_post endpoint.

ARCH-1253
2019-12-12 17:09:18 -05:00
Robert Raposa
e19c4eee8a use LoginSessionView.post for logistration
- retires toggle ENABLE_LOGIN_POST_WITHOUT_SHIM
- permanently points to LoginSessionView.post which no longer has shim

This is Part 2 of clean-up, and should be done once the toggle
is no longer required and the shim is no longer required.

ARCH-1253
2019-12-12 14:51:40 -05:00
Robert Raposa
d79e7df32b use login_ajax for logistration
- use login_ajax (in place of login_session with shim) for
logistration's call to login POST
- add toggle for using login_ajax from logistration
  - FEATURES['ENABLE_LOGIN_POST_WITHOUT_SHIM']
- add custom metrics for redirect_url
- update test for third-party auth error_code

NOTE: The error_code `third-party-auth-with-no-linked-account`
was introduced in JSON in this earlier PR:
https://github.com/edx/edx-platform/pull/22452/files

ARCH-1253
2019-12-12 10:39:49 -05:00
Nimisha Asthagiri
022a0117ae Merge pull request #22468 from edx/arch/account-activation-cleanup
Account Activation cleanup
2019-12-10 21:26:03 -05:00
Nimisha Asthagiri
f539a51901 user_authn: Move password-related tests to test_password.py 2019-12-10 20:23:52 -05:00
Nimisha Asthagiri
5e3df7aed4 user_api: Remove unneeded test-only activate_account 2019-12-10 20:23:52 -05:00
hasnain.naveed
ece5e48f1c ENT-2505 | By passing the check for forcing the login by third auth when user is already authenticated by third party. 2019-12-10 19:14:32 +05:00
Robert Raposa
9e4706e7bb remove UPDATE_LOGIN_USER_ERROR_STATUS_CODE toggle
The toggle UPDATE_LOGIN_USER_ERROR_STATUS_CODE was added to roll out a
breaking change for `login_user` auth errors to return a 400 rather than
a 200.

This toggle was enabled in Production on 12/5/2019 with seemingly no
adverse affects.

ARCH-1253
2019-12-06 17:20:17 -05:00
Robert Raposa
adf6327196 Merge pull request #22465 from edx/robrap/ARCH-1253-fix-flaky-test
fix flaky test_login unit test
2019-12-06 17:03:45 -05:00
Robert Raposa
6fc75c834b fix flaky test_login unit test
ARCH-1253
2019-12-06 16:19:52 -05:00
Diana Huang
461b11650e Move account_settings into user_api. 2019-12-06 10:27:26 -05:00
Robert Raposa
ebcff3fb4b return json for third party auth failure
Returning JSON from `login_user` for third party auth failures makes
the response more consistent with all other `login_user` responses.

The only calls to `login_user` with this failure are processed by
`shim_student_view` which will in-turn remove this JSON. This improves
the `login_user` response in advance of switching the logistration page
to use `login_user` without `shim_student_view`.

ARCH-1253
2019-12-05 16:29:35 -05:00
Robert Raposa
58fadab939 clean-up login part 1
`shim_student_view` is used for login, and is being simplified so it
can ulimately be completely deleted. In this commit, the shim
preprocessing was removed by deleting unused code, and moving code
that is still being used to login_user.

Note: `shim_student_view` was originally added in
https://github.com/edx/edx-platform/pull/5768/files

ARCH-1253
2019-12-04 17:01:23 -05:00
Robert Raposa
2202545aec remove studio signin and signup pages
This completes the work started in https://github.com/edx/edx-platform/pull/19453
to use the LMS login and registration for Studio, rather than Studio
providing its own implementation.

LMS login/registration are being used for the following reasons:
1. LMS logistration properly handles all SSO integrations.
2. A single logistration is simpler to maintain and understand.
3. Allows Studio to work more like all other IDAs that use LMS
logistration.

The original switch to use LMS logistration for Studio also added the
toggle `DISABLE_STUDIO_SSO_OVER_LMS` to provide the community some
additional time for switching. This commit removes this toggle, which
at this point means all deployments will use the LMS logistration.

This change requires sharing cookies across LMS and Studio. Should that
prove to be a problem for certain Open edX instances, there are
discussions of possible alternative solutions.
See https://github.com/edx/edx-platform/pull/19845#issuecomment-559154256

Detailed changes:
* Fix some Studio links that still went to old Studio signin and signup.
* Remove DISABLE_STUDIO_SSO_OVER_LMS feature toggle.
* Remove old studio signin and signup pages and templates.
* Fix url name "login", which had different meanings for Studio and LMS.
* Use the following settings: LOGIN_URL, FRONTEND_LOGIN_URL,
FRONTEND_LOGOUT_URL, and FRONTEND_REGISTER_URL.
* Redirect /signin and /signup to the LMS logistration.
* Add custom metric `uses_pattern_library`.
* Add custom metric `student_activate_account`.
* Add Django Settings to allow /signin, /signup, and /login_post to be
disabled once ready.

This work also relates to ARCH-218 and DEPR-6.

ARCH-1253
2019-12-04 02:36:36 -05:00
Diana Huang
54be35f913 Move AccountCreationForm to user_authn. 2019-12-02 17:20:23 -05:00
Ned Batchelder
30d4c37a30 Merge pull request #22091 from mahyard/activation-email-to-ace
Activation email to ace
2019-11-26 13:09:20 -05:00
Robert Raposa
6086e37c28 Merge pull request #22379 from edx/robrap/ARCH-1253-login-post-clean-up
ARCH-1253: switch login_user errors to 400
2019-11-25 16:15:02 -05:00
Shadi Naif
f93023bafe Convert Account Activation Emails to edx-ACE 2019-11-25 23:56:09 +03:30
Diana Huang
f8c8bf36a6 Move password reset logic from student to user_authn. 2019-11-25 13:58:09 -05:00
Robert Raposa
5aa6181f85 switch login_user errors to 400
The APIs using login_user are currently not following the API
conventions for non-SSO related authentication errors, by returning a
200 status code for errors.

In addition to switching the status code from 200 => 400 for
authentication failures, the following minor changes were made:
- Document and refactor an existing authn switch.
- Remove an unused url definition for login_ajax + error.

BREAKING CHANGE: This changes /login_post and /login_ajax to return
400, rather than 200, when success=False in the returned JSON (for
non-SSO related authentication errors).

To remove risk around this change, it was added behind a waffle switch
named `user_authn.update_login_user_error_status_code`.

A breaking change was made, rather than introducing /login_ajax_new,
in order to more quickly get to our end goal of the current clean-up
effort of having a single function for login. If this breaks any
callers, we may fix or abandon this change altogether.

ARCH-1253
2019-11-25 09:53:43 -05:00
Diana Huang
685260c721 Merge pull request #22366 from edx/diana/move-password-change-request
Move request_password_change to user_authn.
2019-11-22 09:40:13 -05:00
Diana Huang
d472cd8bfe Move request_password_change to user_authn. 2019-11-21 11:07:33 -05:00
Robert Raposa
7a2594006d add more temporary login custom metrics
- add login_user + third party auth (tpa) metrics

This is in service of ARCH-1253 clean-up of login.

ARCH-1253
2019-11-20 16:56:56 -05:00
Robert Raposa
bf85380dc3 add temporary login custom metrics. (#22365)
- add temporary custom metrics for shim_student_view.
- remove some pointless tests.

This is in service of ARCH-1253 clean-up of login.

ARCH-1253
2019-11-20 16:36:04 -05:00
Diana Huang
898bd8a90e Move RegistrationValidationView into user_authn. 2019-11-20 14:09:20 -05:00
Diana Huang
44a70ff8cc Merge pull request #22354 from edx/diana/move-generate-password
Move generate_password to user_authn.
2019-11-20 09:35:08 -05:00
muhammad-ammar
36697dab8c If user belongs to edx.org and does not exist in AllowedAuthEdxUser
then user must login through `edx.org` Google account

ENT-2461
2019-11-20 16:05:34 +05:00
Diana Huang
a538843ac3 Move generate_password to user_authn. 2019-11-19 16:49:36 -05:00
Nimisha Asthagiri
1abad23d4a User API: Remove unneeded create_account API (#22239)
DEPR-52
2019-11-19 15:45:26 -05:00
Diana Huang
7cf13144ba Move get_login_session_form to user_authn. 2019-11-19 09:49:50 -05:00
Nimisha Asthagiri
f7be885719 Registration API: Remove success field
LEARNER-7476
2019-11-12 11:34:57 -05:00
irfanuddinahmad
8b5e8968ed updated the login flow for multiple enterprise 2019-11-12 19:47:02 +05:00
Diana Huang
c9323abd0e Move password reset logic and code to user_authn. 2019-11-05 10:03:22 -05:00
Nimisha Asthagiri
1bcaa945d9 Merge pull request #22216 from edx/diana/registration-form-factory-move
Move RegistrationFormFactory from user_api to user_authn
2019-11-02 17:57:59 -04:00
Diana Huang
d65447998c Move RegistrationFormFactory from user_api to user_authn.
And get_registration_extension_form.
2019-11-01 14:49:12 -04:00
Diana Huang
6fb40586fb Move LoginSessionView from user_api to user_authn 2019-11-01 08:19:55 -04:00
Diana Huang
e026006f9a Move RegistrationView from user_api to user_authn. 2019-11-01 07:41:48 -04:00
adeel khan
819888ce05 Merge pull request #22190 from edx/adeel/prod_834_html_not_formatted
Fix escaping of html tags.
2019-10-31 15:49:41 +05:00
Adeel Khan
b82d1b964e Fix escaping of html tags.
Using six.text_type() is converting
MarkSafe object created using HTML
function to simple string which is
essential html tags interpolation.
Applying escaping via Text function on
this string object is causing escaping
of html tags.

PROD-834
2019-10-31 00:59:09 +05:00
Nimisha Asthagiri
f533134db1 Merge pull request #22086 from edx/arch/user-authn-delete-deprecated
User Authn: Remove deprecated, ENABLE_COMBINED_LOGIN_REGISTRATION
2019-10-29 09:37:53 -04:00
Nimisha Asthagiri
db42c7e1e2 User Authn: Remove deprecated, ENABLE_COMBINED_LOGIN_REGISTRATION 2019-10-29 08:57:58 -04:00
Robert Raposa
8c9d63ef6c Fix typo in comment (#22121) 2019-10-22 17:04:42 -04:00
Ned Batchelder
ea30aba6fc Revert pull request #22042
Revert "Fix code quality test failures"

This reverts commit 8c55e11d1f.

Revert "Fix celery send_activation_email task failure"

This reverts commit 810eea0e51.

Revert "Convert Account Activation Emails to edx-ACE"

This reverts commit 7984c37a4f.
2019-10-18 15:31:09 -04:00
Ned Batchelder
855346e9e1 Merge pull request #22042 from mahyard/activation-email-to-ace
Activation email to ace
2019-10-18 12:10:20 -04:00
Zia Fazal
ebe29d9303 Merge pull request #21943 from edx/ziafazal/ENT-1688
ENT-1688: Changed logout message on on logout screen for Enterprise SSO flow
2019-10-15 18:53:34 +05:00