We use pickling in conjunction with caches in these cases so we should
be able to fallback to the uncached behavior if the pickled data is
corrupt in some way.
eg. it's a python 2 pickle we don't know how to read.
Returning JSON from `login_user` for third party auth failures makes
the response more consistent with all other `login_user` responses.
The only calls to `login_user` with this failure are processed by
`shim_student_view` which will in-turn remove this JSON. This improves
the `login_user` response in advance of switching the logistration page
to use `login_user` without `shim_student_view`.
ARCH-1253
`shim_student_view` is used for login, and is being simplified so it
can ulimately be completely deleted. In this commit, the shim
preprocessing was removed by deleting unused code, and moving code
that is still being used to login_user.
Note: `shim_student_view` was originally added in
https://github.com/edx/edx-platform/pull/5768/files
ARCH-1253
This completes the work started in https://github.com/edx/edx-platform/pull/19453
to use the LMS login and registration for Studio, rather than Studio
providing its own implementation.
LMS login/registration are being used for the following reasons:
1. LMS logistration properly handles all SSO integrations.
2. A single logistration is simpler to maintain and understand.
3. Allows Studio to work more like all other IDAs that use LMS
logistration.
The original switch to use LMS logistration for Studio also added the
toggle `DISABLE_STUDIO_SSO_OVER_LMS` to provide the community some
additional time for switching. This commit removes this toggle, which
at this point means all deployments will use the LMS logistration.
This change requires sharing cookies across LMS and Studio. Should that
prove to be a problem for certain Open edX instances, there are
discussions of possible alternative solutions.
See https://github.com/edx/edx-platform/pull/19845#issuecomment-559154256
Detailed changes:
* Fix some Studio links that still went to old Studio signin and signup.
* Remove DISABLE_STUDIO_SSO_OVER_LMS feature toggle.
* Remove old studio signin and signup pages and templates.
* Fix url name "login", which had different meanings for Studio and LMS.
* Use the following settings: LOGIN_URL, FRONTEND_LOGIN_URL,
FRONTEND_LOGOUT_URL, and FRONTEND_REGISTER_URL.
* Redirect /signin and /signup to the LMS logistration.
* Add custom metric `uses_pattern_library`.
* Add custom metric `student_activate_account`.
* Add Django Settings to allow /signin, /signup, and /login_post to be
disabled once ready.
This work also relates to ARCH-218 and DEPR-6.
ARCH-1253
The APIs using login_user are currently not following the API
conventions for non-SSO related authentication errors, by returning a
200 status code for errors.
In addition to switching the status code from 200 => 400 for
authentication failures, the following minor changes were made:
- Document and refactor an existing authn switch.
- Remove an unused url definition for login_ajax + error.
BREAKING CHANGE: This changes /login_post and /login_ajax to return
400, rather than 200, when success=False in the returned JSON (for
non-SSO related authentication errors).
To remove risk around this change, it was added behind a waffle switch
named `user_authn.update_login_user_error_status_code`.
A breaking change was made, rather than introducing /login_ajax_new,
in order to more quickly get to our end goal of the current clean-up
effort of having a single function for login. If this breaks any
callers, we may fix or abandon this change altogether.
ARCH-1253
To save the memory get cert and grade object directly from
the db because by doing that we'll override the queryset
evaluation and object won't be cached once it has gone out
of scope.
PROD-987
EnterpriseMiddleware set value of user's enterprise customer in session. In order to get value of enterprise customer it calls `enterprise/api/v1/enterprise-learner` API. Sometimes this middleware is called many times which result in many call to the under lying API and throttling of API causes 429 http errors.
We are not removing that middleware and storing value of user's enterprise customer in session inside underlying method.
ENT-1849
Removed pdb statement
