* using new welcome template when redirected from enterprise proxy login view
* enabling safe redirects to enterprise learner portal from login in devstack
* ading admin portal to login redirect whitelist
* running make upgrade to version bump edx-enterprise
For somereason earlier validation is not ensuring that we have a valid e-email.
In this case, break out of the flow since we don't have a domain that's in our
list and log the user's id so that we can learn more about when this happens.
By a reading of the code flow, it doesn't seem like it should be possible except
with a handful of users that have invalid e-mail addresses in the database but it
seems to be happening pretty regularly.
Ratelimited `login_user` endpoint using `django-ratelimit`, also
decreased default value of logistration rate limit to 100 requests
per five minutes per IP.
PROD-1877
This patch improves on the user locked
out logic by providing a helping message
near locked out. This would help reduce
retries by giving user the option to use
password reset flow to fix the issue.
PROD-1505
I wanted to make a byte-sized contribution but there were no Jira tickets so we decided, thanks to a conversation with @jmbowman through the Open Edx Community #incr (Slack) channel, to collaborate in the elimination of warnings listed in the Warnings Report at https://build.testeng.edx.org/job/edx-platform-python-pipeline-master/warning_5freport_5fall_2ehtml/
This PR contributes to the elimination of RemovedInDjango30Warnings, specifically the one mentioned above and reported in the Warnings Report
Changed cookie_date to http_date in the following file:
openedx/core/djangoapps/user_authn/cookies.py
This warning occurs due to deprecation since Django 2.1: https://docs.djangoproject.com/en/2.2/ref/utils/#django.utils.http.cookie_date
Created sorting for email field
updated tests
Fixed sorting issue in registration form
Fixed sorting issue in registration form
Fixed sorting issue in registration form
Added missing items in env and updated order logic
Added missing items in env and updated order logic
* Remove email placeholder
The current placeholder is confusing to users and results in many trying
to login with their username. The change in this PR hopefully decreases that
confusion.
According to UX recommendations, we have decided to remove the email placeholder for the form. It seems placeholders tend to just confuse the users.
There was an issue where external LMS system (e.g. Canvas, Blackboard) that used Open edX LTI Provider calls had cookies blocked. This update fixes this issue by defining third-party cookies to have attributes of `Secure=True` and `SameSite=None`.
Details here: https://discuss.openedx.org/t/lti-xblock-and-samesite/759/5
(cherry picked from commit 28479a2966b87b16a25dbc96c19b6f5817d255de)
We were passing unstripped password value to `authenticate_new_user()`
after creating a user which was resulting in password mismatch and
was raising this error.
PROD-656
...and it turns out we don't need the switch anymore, anyway.
When we upgraded to Django 1.11, this flag was added in order to
allow for a database migration that would render the user table
unwriteable for up to half an hour:
https://github.com/edx/edx-platform/pull/17561
This involved swapping out the signal handler for logins via
`user_logged_in.disconnect(django_update_last_login)`, but with
Django 2.0, that disconnect is silently failing (returning
false). Likely the disconnect is now happening too soon.
(See edx-platform/common/djangoapps/student/apps.py line 21 in 61e1eda.)
The result is that by the time the waffle switch is consulted, the
normal handler has already run, and the user's last login date has
already been updated.
For now we're just removing the test, and have filed ARCHBOM-1084 for
followup (deleting the switch and related code).
* Removing from provider imports from openedx
* removed all uses of retire_dop_oauth2_models
* Removing provider library from lms, common, and cms
Created/copied function short_token(from django-oauth-provider) and create_hash256 to help with conversion
The oauth2.enforce_jwt_scopes waffle switch was added temporarily for
the rollout of jwt scopes. This removes the toggle and replacing code
with the equivalent of `oauth2.enforce_jwt_scopes` as True.
Currently, the /login_ajax endpoint does not regard
any `next` or `course_id` parameters. This commit changes
that, sharing the logic that /login (which the current
templated login page uses) employs to cacluate
a redirect-after-login URL based on `next` and `course_id`.
The new functionality is behind ENABLE_LOGIN_MICROFRONTEND.
