In image_helpers.py, the _get_profile_image_urls() method would append
"?v=<version>" to the query string for serving profile images.
This might break serving profile images if
* EDXAPP_PROFILE_IMAGE_BACKEND was configured with its class option
set to django.storages.s3boto3.S3Boto3Storage (or its deprecated
predecedessor, django.storages.s3boto.S3BotoStorage), and
* that backend used signed URLs with query-string authentication (i.e.
was *not* configured with an S3 custom domain).
When both the above conditions are met, then the URL returned by the
storage backend's url() method already contains "?", and
_get_profile_image_urls() would add another. This results in a query
string that doesn't exactly violate RFC 3986, but is discouraged by
it.[1]
Amazon S3 itself may be able to parse these query strings correctly,
but other S3 API implementations (such as Ceph radosgw[2]) may not,
and the problem is easily avoided by just looking for "?" in the
rendered URL, and using "&v=<version>" instead if we find a match.
The proper way of appending the v=<version> query parameter would
probably be to pull the URL and the query string apart and then back
together[3], but that's most likely overdoing it.
[1] https://tools.ietf.org/html/rfc3986#section-3.4 says:
"However, as query components are often used to carry identifying
information in the form of "key=value" pairs and one frequently used
value is a reference to another URI, it is sometimes better for
usability to avoid percent- encoding those characters." ("Those
characters" being "/" and "?".)
[2] https://docs.ceph.com/docs/master/radosgw/s3/
[3] https://docs.python.org/3/library/urllib.parse.html
Add list of states and field to UserProfile model; add migration; add
state field to relevant serializers and to
ACCOUNT_VISIBILITY_CONFIGURATION. Removes state data if country is
changed to something other than United States.
Previously code was only showing banner for enterprise
learners. This patch would remove this restriction
and is available to all edX learners provided that
'enable_secondary_email_feature' is switched on.
PROD-1477
Added more info to log in SSO request/response flow
Fixed django admin links on model's link fields which are broken due to django 2.2 upgrade.
ENT-2798
Fixed quality violations and unit test
Fix xsscommitlint violation
Fixed pylint violation
* Removing from provider imports from openedx
* removed all uses of retire_dop_oauth2_models
* Removing provider library from lms, common, and cms
Created/copied function short_token(from django-oauth-provider) and create_hash256 to help with conversion
This stage does the following:
- Includes a data migration to copy the values from old to new field.
- Changes business logic to switch to using new field.
- Deletes all code references of the old field.
Moves the existence check for secondary (recovery) email to validate
method. If the email already exists, silently remove it from the set of
data to be updated. This parallels the existing behavior for updating
the primary email.
ENT-1913
This reverts commit 84de6bc6de
which reverts commit cebeab4348
which implements the first stage of the `values` column rename in
SiteConfiguration. However, I included a small change:
This time, we set a default value on the new `site_values` column so
that the ORM will happily deserialize the JSONField without throwing a
JSONDecodeError.
* Renamed OAuth2Authentication to BearerAuthentication
* Added back OAuth2Authentication name
-there are libraries such as edx-enterprise that still import OAuth2Authentication. The OAuth2Authentication class should be fully removed when everything is importing BearerAuthentication correctly
Rather than to create or update the account recovery record when the
Account Settings page is updated, defer updating until the new
recovery email is confirmed
ENT-2607
- Removing deprecated auth classes
- Replacing OAuth2AuthenticationAllowInactiveUserDeprecated with OAuth2AuthenticationAllowInactiveUser
- the old class was a child class of a deprecated class that we are removing and replacing.
* Added new auth class
- Created new class called OAuth2AuthenticationAllowInactiveUser, which replaces old class with same name
- Renames previous OAuth2AuthenticationAllowInactiveUser to OAuth2AuthenticationAllowInactiveUserDeprecated
- Replaced all imports of OAuth2AuthenticationAllowInactiveUser to call deprecated class instead
- testing new class in discussion(added flag based on django setting)
