There is a planned edx-drf-extension update to 3.0.0 to remove the
toggle used for ENFORCE_JWT_SCOPES. Currently, edx-platform is dependent
on the this toggle. This constraint will keep other `make upgrade` PRs
working in the short window before the edx-paltform PR to remove the
same toggle can land.
BOM-1324
Impact is that for proctoring backends which support in-exam keepalive
ping messages to ensure the monitoring software is running while
learners have access to proctored exams, we will no longer send ping
requests while the learner is on the ready_to_submit page. These pings
have caused issues for some of our learners in the past, in that some
learners idle on this page waiting for a slow-to-shut-down
application. Pinging while the app is shutting down may've caused
spurious false positives for suspicious learner behavior, and we lose
little integrity by enabling the learner to continue to see the
non-exam-content interstitial, so we're relaxing this rule.
JIRA:CR-1597
Alert msgs are not aligned as expected in their enclosing divs on
smaller devices.To make them aligned its css is fixed so that
user experience can be improved.
PROD-1032
We should use encodeURIComponent instead of encodeURI when encoding part of uri like querystring. encodeURI does not encode `+` sign. For example a query string parameter like `scope=user_id+profile+email` is not encoded by `encodeURI` which results in invalid url on select multiple enterprise page.
Fixed broken test
Right now the units of a public course are hidden if there is at least a graded activity in them. This is done due to a change(69eeca61d8) that was done before the implementation of public_view mechanism for unenrolled users.
Since we use public_view now and by default it restricts the unit rendering for anonymous users we do not need to limit the access at this way for anonymous users.
* WIP: add third-party-auth scope and usage
BOM-1264
* Fix tests now that we do permissions in a more standard way.
Rather than manually setting the permission class we previously
explicitly raised a PermissionDenied exception. The way DRF
permissoning logic works, if we use the WWW-Authenticate header in the
highest priority auth class, it will return a 401 instead of a 403.
* Added test to make sure having permissions gives access to user mapping api
* Test new filters logic.
Ensure that the filters we add to the application access model make it
into the JWT correctly.
* quality fix
* quality fix
* disable pylint warning
* quality fix
* fix indent prob
Co-authored-by: Feanil Patel <feanil@edx.org>
Co-authored-by: Manjinder Singh <49171515+jinder1s@users.noreply.github.com>
This was previously disabled because changing another user's password is
both not usually recommended and bypasses password policy. Here, we add
a feature flag (`ENABLE_CHANGE_USER_PASSWORD_ADMIN`) to allow
re-enabling this password change form. This allows continued use of this
functionality by clients that require it.
Adds a simple nullable field to the UserProfile model. The only
validation done it to make sure any character saved in that field is a
digit and not a letter. We do not distiguish on a model level if the
phone number is international or not.
* Check learner enrollment status to avoid mixing learners from incompatible tracks (e.g. masters/audit) to the same team
* When a new team is encountered on a team management CSV, create it with the protection status of the user
