Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
49,248 Commits 1 Branch 0 Tags
c597d91fbd9a94de881173848cfe754830eab0cf
Commit Graph

63 Commits

Author SHA1 Message Date
Waheed Ahmed
6da5f36a7f Escape login error messages. 
Used Text/HTML functions to escape login error messages.

LEARNER-5258
 2019-04-15 12:31:00 +05:00
Hammad Ahmad Waqas
7e9b6d3a82 Merge pull request #20195 from edx/hammad/WL-1904 
WL-1904 | Enrollment view does not support URL-encoded course keys
 2019-04-11 11:59:35 +05:00
Douglas Hall
c4a26571cc Return 401 from login_refresh if the user is not authenticated. 2019-04-10 15:25:32 -04:00
Hammad Ahmad Waqas
75f59decc2 for logout view, encoding and decoding next query param if not already encoded. 2019-04-10 19:41:50 +05:00
Nimisha Asthagiri
9c3472ab24 Merge pull request #19845 from eduNEXT/fmo/studio_sso_over_lms_flag 
Make the studio login over the lms optional using a feature flag
 2019-03-15 08:23:02 -04:00
Nimisha Asthagiri
e4f935aab3 JWT Cookie updates: remove refresh cookie, cookie expires with JWT 
ARCH-418, ARCH-548
 2019-03-12 09:14:33 -04:00
Felipe Montoya
9195ec9f30 Addressing second feedback about redirect logic on logout behing feature flag 2019-03-11 13:09:13 -05:00
Felipe Montoya
14b4223b5e Addressing feedback 2019-03-11 12:02:38 -05:00
Mike Dikan
2c149ca6be Removing the Deprecated the 'external_auth' package in favor of 'third_party_auth' which is the current recommendation. 2019-03-02 16:06:46 -05:00
Matt Hughes
b4664f8377 Add IDV bypass mechanism for bok_choy tests 
An older test was deleted based on flakiness around the ID
verification process; this test eliminates the dependency on IDV by
enabling manual ID verification (an enterprise-motivated workaround
for IDV requirements) via the auto_auth endpoint.

JIRA:EDUCATOR-1178
 2019-02-25 15:58:11 -05:00
Julia Eskew
368f221f0a Initial start on annotations. 2019-02-19 11:24:21 -05:00
Calen Pennington
832d354962 Merge pull request #19750 from edx/unicode9 
fix unicode strings in openedx/ part 2
 2019-02-15 10:57:29 -05:00
Matthew Piatetsky
444799fb0e fix unicode strings in openedx/ part 2 2019-02-15 10:15:51 -05:00
Abdul Mannan
583bede6b9 Add email address to LMS account registeration event 2019-02-15 00:15:53 +05:00
Nimisha Asthagiri
34201c62e8 Merge pull request #19790 from edx/pwnage101/read-from-extra-list-of-logout-uris 
Additionally logout from a settings list of extra logout URIs
 2019-02-12 22:49:36 -05:00
Troy Sankey
10afe5e52f Additionally logout from a settings list of extra logout URIs 
Currently, the LMS logout endpoint should iframe in the logout pages of
all the IDAs you were logged into. In short, this was made possible with
DOP because keeping track of the logout URIs and leaving a trail of
evidence in the user cookies was part of what we added in our fork of
DOP.  In the case of DOT, we don't have time or desire to fork DOT to
mirror this behavior, so our stop-gap solution is to log out the user
from a list of logout URIs in settings.
 2019-02-12 19:44:41 -05:00
Michael Youngstrom
4bbd1dee0b Remove shards from commonlib-unit tests 2019-02-12 14:28:35 -05:00
Robert Raposa
a213104790 add user_id scope and claim for JWT cookies 
The following changes are made to add LMS user_id:
* Adds user_id scope to the JWT to provide the LMS user_id.
* JWT cookies always use the user_id claim.

ARCH-379
 2019-02-07 10:44:35 -05:00
Saleem Latif
46d97caa47 Consolidate recovery assistance forms 2019-01-22 15:09:11 +05:00
Diana Huang
15759c2b2f Merge pull request #19420 from edx/diana/remove-datadog 
Remove all references to datadog from our code.
 2019-01-09 09:07:22 -05:00
Saleem Latif
2c9021e480 Make sure only active AccountRecovery records are used 2019-01-09 16:33:12 +05:00
Diana Huang
6572d99e76 Remove all references to datadog from our code. 2019-01-08 15:41:24 -05:00
Saleem Latif
eaf93d5978 Update sign in email address for continued access 2018-12-31 11:34:05 +05:00
Nimisha Asthagiri
3a45bee3ea Merge pull request #19453 from edx/arch/cleanup-login 
Studio login/registration redirects to LMS
 2018-12-19 11:52:45 -05:00
Michael Terry
e8555de4b4 Merge pull request #19423 from edx/mikix/password-history-removal 
Remove PasswordHistory
 2018-12-19 09:22:39 -05:00
Saleem Latif
38ac3d5032 Request password reset with recovery email address 2018-12-18 14:20:08 +05:00
Nimisha Asthagiri
886bc4b20b Studio login/registration redirects to LMS 2018-12-17 20:50:57 -05:00
Nimisha Asthagiri
c7c8e856cd Check and update login status with all login-related cookies 2018-12-17 13:03:32 -05:00
Michael Terry
01129787c0 Remove PasswordHistory 
This is a feature that has been deprecated and can be safely removed.

DEPR-7
 2018-12-13 13:18:56 -05:00
Diana Huang
30eb003b2e Merge pull request #19243 from edx/diana/default-login-registration 
Force new page if not set in site configs.
 2018-11-26 10:06:19 -05:00
Gabe Mulley
5311509b19 Provide more context to calls to Segment. 
Implementation for DE-1089.

Centralize the definition of context into a single method.  This is in
common/djangoapps/track because the context is originally set there by
middleware.
 2018-11-15 20:56:10 -05:00
Waheed Ahmed
bf5ad9b871 Update session cookie expiry. 
Update session cookie expiry to 4 weeks regardless of remember me
checkbox is checked or not.

LEARNER-6219
 2018-11-14 17:36:51 +05:00
Diana Huang
7c0aa06d5d Force new page if not set in site configs. 2018-11-07 15:10:58 -05:00
Robert Raposa
53239bdf37 Remove JWT_COOKIES_FLAG. 
The JWT_COOKIES_FLAG was a temporary flag used for rollout of the new
JWT cookies. These are live in Production, so we are removing the flag.

Without this flag, we set JWT cookies during login. However, this
requires an oAuth Client that isn't always available during unit tests.
We introduced a feature flag that is only used for unit tests to
disable setting the JWT cookies. The code explains a bit more why this
solution was selected over adding the oauth client to the database.

ARCH-247
 2018-10-31 10:29:05 -04:00
Douglas Hall
ebede18831 Merge pull request #19183 from edx/douglashall/explicit_jwt_cookie 
Use JWT cookies for authentication when explicitly requested by client.
 2018-10-30 20:04:00 -04:00
Douglas Hall
d8d18829e6 Use JWT cookies for authentication when explicitly requested by client. 2018-10-30 15:56:26 -04:00
Dillon-Dumesnil
1754dc5119 Merge pull request #19105 from edx/ddumesnil/unicode_cleanup 
Cleaning up unicode waffle flag
 2018-10-30 13:20:41 -04:00
Douglas Hall
653d8592b8 Merge pull request #19160 from edx/douglashall/oauth2_logout_redirect 
Enable OAuth2 clients to logout with a redirect back to the client site.
 2018-10-25 15:53:06 -04:00
Douglas Hall
72300c620a Enable OAuth2 clients to logout with a redirect back to the client site. 2018-10-25 14:54:43 -04:00
Alex Dusenbery
c11a2c0a6e EDUCATOR-3471 | Add a grade override bulk update view. 2018-10-25 14:52:12 -04:00
Dillon Dumesnil
0a0df72fc9 Cleaning up unicode waffle flag 2018-10-19 13:25:08 -04:00
Nimisha Asthagiri
45dadca18b Add email and profile scopes in JWT Cookies 2018-10-18 08:11:04 -04:00
Nimisha Asthagiri
7ab5e7be63 Merge pull request #19103 from edx/arch/refactor-oauth-scopes-tests 
Shared mixin for testing OAuth Scopes and various Auth
 2018-10-15 11:32:12 -04:00
Douglas Hall
a824543e23 Merge pull request #19100 from edx/douglashall/login_refresh_csrf_exempt 
Mark the refresh access token view as exempt from CSRF protection.
 2018-10-15 10:25:55 -04:00
Douglas Hall
4817dd3f61 Mark the refresh access token view as exempt from CSRF protection. 2018-10-15 09:44:17 -04:00
Dillon-Dumesnil
4d37779f58 Merge pull request #19051 from edx/cstenson/unicode_normalization 
Add unicode normalization to passwords.
 2018-10-15 09:41:20 -04:00
Nimisha Asthagiri
f844e765fb Create shared test mixin for testing OAuth Scopes and various Auth. 
ARCH-168
 2018-10-13 16:21:01 -04:00
Cali Stenson
9c57cd1770 Add unicode normalization to passwords. 
LEARNER-4283
 2018-10-12 15:47:15 -04:00
Robert Raposa
863f86c411 Move and rename redirect helper. 
- Rename is_safe_redirect to is_safe_login_or_logout_redirect.
- Moved is_safe_login_or_logout_redirect to user_authn.

ARCH-256
 2018-10-12 13:33:09 -04:00
Nimisha Asthagiri
afd0e488ce Merge pull request #19085 from edx/arch/consistent-cookie-expiration 
Consistent expiration for all login-related cookies
 2018-10-11 13:15:57 -04:00