* ENT-3007 auth/saml/v0/saml/providerdata and auth/saml/v0/saml/providerconfig endpoints
Move code to subfolder for samlproviderconfig
extra comma
undo accidental remove of import
GET works for a single config now
Use ModelViewSet to get all CRUD method. Test still fails
Add auth/saml/v0/providerdata endpoints
fixup reverse and test issue, remove leading caret
just triggering run, why is it failing in CI?
pycodelint fixes
Skip auth tests unless feature is on
Tests for post/put for samlproviderdata
move urls to their own folders
api tests for post samlprovierconfig
create 1 providerconfig test case
lint fixes
lint
lint
cleanup code local urls /samlproviderconfig works
note needed right now
Fix import errors
lint
unused import
wip: first attempt at rbac auth and jwt cookie in test
round 2 with enterprise uuid as url param for samlproviderconfig
improve tests, still dont pass
fix test by using system role, wip other test
fix create test
add get/post tests for providerdata
isort fixes
string lint fix
Cleanup based on feedback round1
move utils to tests package
Move util fn to openedx.feature area
lint
ENT-3007 : Round 2 of work on auth/saml/v0/providerconfig and auth/saml/v0/providerdata endpoints
* Fix test issue use string uuid for permission obj
* snake case changes provider_config
* snake case
* provider_data, tests and lint
* patch and delete tests for providerdata
* snake_case
* snake_case
* snake_case
* make patch test stronger
* 404 if invalid uuid for get param
* common util for validate uuid4
* unused import
* lint fixes for pycodestyle
* 400 when uuid is missing
* 400 instead of 404 for missing uuid
* spell fix
* update docstring for api usage
* docstring clarify
ORA2 (openassessment) problems have multiple dates associated with are
not bound to the `due` date that is modified by Personalized Learner
Schedules. We expose the ORA2 dates separately in the dates page
so that learners aren't surprised by the differing deadlines.
[AA-223]
When considering if an assignment is past due for the dates tab,
only look at the scored and graded units in the subsection (i.e.
ignore reading and video units).
This still leaves the "complete" field alone -- i.e. those
subsections will still be left incomplete generally. But for
assignment-focused tasks, they will instead be considered complete.
The following oauth_dispatch ADRs are being
marked as accepted, because they were implemented
and are in use in Open edX.
- 0006-enforce-scopes-in-LMS-APIs.rst
- 0007-include-organizations-in-tokens.rst
Given that, scopes have still not been widely
adopted in Open edX, which would require additional
decisions and investment.
* Enforce limit on number of blocks allowed in library (blockstore)
* Enforce limit on number of blocks allowed in library (modulestore)
* Changes from review feedback
* Add auth/samlproviderconfig CRUD endpoints for use in admin portal
Fixes: ENT-3007
* Move code to subfolder for samlproviderconfig
* extra comma
* undo accidental remove of import
* GET works for a single config now
* Use ModelViewSet to get all CRUD method. Test still fails
* Add auth/saml/v0/providerdata endpoints
* fixup reverse and test issue, remove leading caret
* just triggering run, why is it failing in CI?
* pycodelint fixes
* Skip auth tests unless feature is on
* Tests for post/put for samlproviderdata
* move urls to their own folders
* api tests for post samlprovierconfig
* create 1 providerconfig test case
* lint fixes
* lint
* lint
* cleanup code local urls /samlproviderconfig works
* note needed right now
* Fix import errors
* lint
* unused import
* wip: first attempt at rbac auth and jwt cookie in test
* round 2 with enterprise uuid as url param for samlproviderconfig
* improve tests, still dont pass
* fix test by using system role, wip other test
* fix create test
* add get/post tests for providerdata
* isort fixes
* string lint fix
* Cleanup based on feedback round1
* move utils to tests package
* Move util fn to openedx.feature area
* lint
* lint fix
* remove unused import
This switches the Dates Tab to be an enrolled tab allowing only
enrolled learners to view. Additionally, it will now redirect
logged out learners to the login page if they hit the Dates Tab directly.
For somereason earlier validation is not ensuring that we have a valid e-email.
In this case, break out of the flow since we don't have a domain that's in our
list and log the user's id so that we can learn more about when this happens.
By a reading of the code flow, it doesn't seem like it should be possible except
with a handful of users that have invalid e-mail addresses in the database but it
seems to be happening pretty regularly.
The class BearerAuthenticationAllowInactiveUser is needed for the
mobile app to authenticate. The other Auth classes are to support
the standard work flows.
This is Phase 2 if a rollout started here:
https://github.com/edx/edx-platform/pull/24392
When a flag is being used without a request, we will
return True if the flag's everyone status is set to
True.
The current implementation is to use flag_undefined_default,
which is deprecated and we are trying to remove it.
ARCHBOM-1331
Ratelimited `login_user` endpoint using `django-ratelimit`, also
decreased default value of logistration rate limit to 100 requests
per five minutes per IP.
PROD-1877
Fix bug in metric temp_flag_no_request_default_match.
Metric renamed to temp_flag_no_request_default_match_2
to ensure we are looking at the right data.
This extends Phase 1 of the rollout, as documented in:
https://github.com/edx/edx-platform/pull/24392
ARCHBOM-1331
Once USE_DEFAULT_TRUE_NAMESPACE is fully rolled out
and proves to return True where we wish, we can
remove this temporary roll-out flag introduced in:
https://github.com/edx/edx-platform/pull/24322
ARCHBOM-1316
This is Phase 1 of a 2 part rollout.
Here, we want to ensure that checking if the waffle flag
is set to active for everyone would provide the same value
as the current implementation for calls that have no request.
The current implementation is to use flag_undefined_default,
which is deprecated and we are trying to remove.
We are adding a custom metric to see if they match in
Production. If all goes well, in Phase 2 we will switch to
this new approach.
ARCHBOM-1331
In image_helpers.py, the _get_profile_image_urls() method would append
"?v=<version>" to the query string for serving profile images.
This might break serving profile images if
* EDXAPP_PROFILE_IMAGE_BACKEND was configured with its class option
set to django.storages.s3boto3.S3Boto3Storage (or its deprecated
predecedessor, django.storages.s3boto.S3BotoStorage), and
* that backend used signed URLs with query-string authentication (i.e.
was *not* configured with an S3 custom domain).
When both the above conditions are met, then the URL returned by the
storage backend's url() method already contains "?", and
_get_profile_image_urls() would add another. This results in a query
string that doesn't exactly violate RFC 3986, but is discouraged by
it.[1]
Amazon S3 itself may be able to parse these query strings correctly,
but other S3 API implementations (such as Ceph radosgw[2]) may not,
and the problem is easily avoided by just looking for "?" in the
rendered URL, and using "&v=<version>" instead if we find a match.
The proper way of appending the v=<version> query parameter would
probably be to pull the URL and the query string apart and then back
together[3], but that's most likely overdoing it.
[1] https://tools.ietf.org/html/rfc3986#section-3.4 says:
"However, as query components are often used to carry identifying
information in the form of "key=value" pairs and one frequently used
value is a reference to another URI, it is sometimes better for
usability to avoid percent- encoding those characters." ("Those
characters" being "/" and "?".)
[2] https://docs.ceph.com/docs/master/radosgw/s3/
[3] https://docs.python.org/3/library/urllib.parse.html
In order to remove the deprecated flag_undefined_default=True
argument, this commit updates the following flags to always be
enabled using a new temporary class:
- course_experience.course_outline_page
- course_experience.unified_course_tab
Adds a temporary setting `USE_DEFAULT_TRUE_NAMESPACE`,
to enable a monitored rollout of this change.
TNL-7061 is the ticket where these flags will actually be
removed. This requires more careful work including removing
all dead code, and potentially refactoring tests that were
testing shared functionality, but only when the flag was
False.
ARCHBOM-1316
