The APIs using login_user are currently not following the API
conventions for non-SSO related authentication errors, by returning a
200 status code for errors.
In addition to switching the status code from 200 => 400 for
authentication failures, the following minor changes were made:
- Document and refactor an existing authn switch.
- Remove an unused url definition for login_ajax + error.
BREAKING CHANGE: This changes /login_post and /login_ajax to return
400, rather than 200, when success=False in the returned JSON (for
non-SSO related authentication errors).
To remove risk around this change, it was added behind a waffle switch
named `user_authn.update_login_user_error_status_code`.
A breaking change was made, rather than introducing /login_ajax_new,
in order to more quickly get to our end goal of the current clean-up
effort of having a single function for login. If this breaks any
callers, we may fix or abandon this change altogether.
ARCH-1253
Using six.text_type() is converting
MarkSafe object created using HTML
function to simple string which is
essential html tags interpolation.
Applying escaping via Text function on
this string object is causing escaping
of html tags.
PROD-834
Changes to show blank screen instead of logout message for Enterprise SSO flow. It confuses learner when they are already signed in and access their course from B2B site.
ENT-1688
Fixed pep8 quality violation
use testserver as HOST instead of edx.org
assert enterprise app is enabled
added logging
Print different values
Reload django url config
assert all quote operations to see how they work on jenkins
debug url resolved values
login user in setup
added log to debug test on jenkins
Using UrlResetMixin
Using regex instead of resolve
Fixed quality violation
Fixed pylint quality violations
Fixed target interpolation syntax
Added developer's comment
The enrollmentStatusHash cookie value was created in commit f0030334
as an optimization, in order to determine whether the marketing site
needs to refresh the list of a student's enrolled courses with a
call to the LMS. To ensure that this value was kept up to date,
commit d7a7bcc1 reset the user's cookies every time they go to the
learner dashboard page (which used to be the next page loaded after
you enrolled in a course). This didn't just reset the
enrollmentStatusHash though -- it recalculated all the cookie
values, as if you had just logged in.
A number of things have changed since then:
1. Enrolling in a course now goes to that course's info/navigation
page, rather than going to the student dashboard.
2. It doesn't appear that the value of enrollmentStatusHash is
actually being examined anywhere -- it's set in a cookie on the
LMS and read/written by the edX marketing front end code, but
the value is never looked at to make any decisions.
3. The introduction of add_email_marketing_cookies (which triggers
off of the CREATE_LOGON_COOKIE signal) has made cookie resets
far more expensive, as there is a blocking call to Sailthru if
you have that enabled in EmailMarketingConfiguration (which
edx.org does). This can add over two seconds to the server
processing time for the student dashboard at certain times of
day.
Given this, I'm removing both the call to resetting the cookie on
the student dashboard page, as well as setting the value for
enrollmentStatusHash.
