When rolling out #25477, we dropped hundreds of email activation
tasks due to the renaming of student.send_activation_email
to common.djangoapps.student.send_activation_email,
and lost more when we rolled that PR back.
This happens because of blue/green deployment:
old workers are still online for a while after deploying,
so there is a period of time when the task names are mismatched.
To prevent this from happening again, this will make
it so the import changes don't change the names of
any of the Celery tasks.
* Generate common/djangoapps import shims for LMS
* Generate common/djangoapps import shims for Studio
* Stop appending project root to sys.path
* Stop appending common/djangoapps to sys.path
* Import from common.djangoapps.course_action_state instead of course_action_state
* Import from common.djangoapps.course_modes instead of course_modes
* Import from common.djangoapps.database_fixups instead of database_fixups
* Import from common.djangoapps.edxmako instead of edxmako
* Import from common.djangoapps.entitlements instead of entitlements
* Import from common.djangoapps.pipline_mako instead of pipeline_mako
* Import from common.djangoapps.static_replace instead of static_replace
* Import from common.djangoapps.student instead of student
* Import from common.djangoapps.terrain instead of terrain
* Import from common.djangoapps.third_party_auth instead of third_party_auth
* Import from common.djangoapps.track instead of track
* Import from common.djangoapps.util instead of util
* Import from common.djangoapps.xblock_django instead of xblock_django
* Add empty common/djangoapps/__init__.py to fix pytest collection
* Fix pylint formatting violations
* Exclude import_shims/ directory tree from linting
When attempting to create a "Provider Configuration (LTI)" object in the
django admin, the following 500 error was being triggered:
"Either an icon class or an icon image must be given (but not both)"
This was caused by the `clean()` method of the mother class
(OAuth2ProviderConfig) which checked whether at least the icon_class XOR
icon_list attribute was well defined. In the case of the
LTIProviderConfig objects it isn't, but that's ok because this object
is not meant to be displayed in the login form.
To resolve this issue, we modify the `clean()` method to ensure that at
most icon_class or icon_image is set. Alternatively, we could have set
`visible = False` and then dropped the `visible` column from the
database, but it was deemed too risky.
unused.
Close CRI-205.
This version contains necessary fixes for validating the "audience"
component of the JWT, as seen in ARCHBOM-1281. (I believe we'll need to
pass both the App ID and the Service ID in an additional AUDIENCE "other
settings" key for this third-party-auth backend.)
Vendored from version 3.4.0 (9d93069564a60495e0ebd697b33e16fcff14195b)
social-core:
https://github.com/python-social-auth/social-core/blob/3.4.0/social_core/backends/apple.py
v3.4.0 is unreleased at this time (2020-07-28) and contains several
necessary bugfixes over 3.3.3 for AppleID, but also causes the
TestShibIntegrationTest.test_full_pipeline_succeeds_for_unlinking_testshib_account
test in common/djangoapps/third_party_auth/tests/specs/test_testshib.py
to break (somehow related to social-core's change 561642bf which makes
a bugfix to partial pipeline cleaning). ARCHBOM-1389 filed to address
this at our convenience.
Note: 3.4.0 was not released to PyPI due to a broken test, so we might
see a 3.4.1 when it's actually released:
https://github.com/python-social-auth/social-core/issues/485
* create links ProviderConfig to EnterpriseCustomer
* lint
* remove extraneous print
* don't create samlprovider unless enterprise found, update a test to use valid uuid and fail request
* fix test for correct status code as was intended
* ENT-3007 auth/saml/v0/saml/providerdata and auth/saml/v0/saml/providerconfig endpoints
Move code to subfolder for samlproviderconfig
extra comma
undo accidental remove of import
GET works for a single config now
Use ModelViewSet to get all CRUD method. Test still fails
Add auth/saml/v0/providerdata endpoints
fixup reverse and test issue, remove leading caret
just triggering run, why is it failing in CI?
pycodelint fixes
Skip auth tests unless feature is on
Tests for post/put for samlproviderdata
move urls to their own folders
api tests for post samlprovierconfig
create 1 providerconfig test case
lint fixes
lint
lint
cleanup code local urls /samlproviderconfig works
note needed right now
Fix import errors
lint
unused import
wip: first attempt at rbac auth and jwt cookie in test
round 2 with enterprise uuid as url param for samlproviderconfig
improve tests, still dont pass
fix test by using system role, wip other test
fix create test
add get/post tests for providerdata
isort fixes
string lint fix
Cleanup based on feedback round1
move utils to tests package
Move util fn to openedx.feature area
lint
ENT-3007 : Round 2 of work on auth/saml/v0/providerconfig and auth/saml/v0/providerdata endpoints
* Fix test issue use string uuid for permission obj
* snake case changes provider_config
* snake case
* provider_data, tests and lint
* patch and delete tests for providerdata
* snake_case
* snake_case
* snake_case
* make patch test stronger
* 404 if invalid uuid for get param
* common util for validate uuid4
* unused import
* lint fixes for pycodestyle
* 400 when uuid is missing
* 400 instead of 404 for missing uuid
* spell fix
* update docstring for api usage
* docstring clarify
* Add auth/samlproviderconfig CRUD endpoints for use in admin portal
Fixes: ENT-3007
* Move code to subfolder for samlproviderconfig
* extra comma
* undo accidental remove of import
* GET works for a single config now
* Use ModelViewSet to get all CRUD method. Test still fails
* Add auth/saml/v0/providerdata endpoints
* fixup reverse and test issue, remove leading caret
* just triggering run, why is it failing in CI?
* pycodelint fixes
* Skip auth tests unless feature is on
* Tests for post/put for samlproviderdata
* move urls to their own folders
* api tests for post samlprovierconfig
* create 1 providerconfig test case
* lint fixes
* lint
* lint
* cleanup code local urls /samlproviderconfig works
* note needed right now
* Fix import errors
* lint
* unused import
* wip: first attempt at rbac auth and jwt cookie in test
* round 2 with enterprise uuid as url param for samlproviderconfig
* improve tests, still dont pass
* fix test by using system role, wip other test
* fix create test
* add get/post tests for providerdata
* isort fixes
* string lint fix
* Cleanup based on feedback round1
* move utils to tests package
* Move util fn to openedx.feature area
* lint
* lint fix
* remove unused import
Rather than fetching the Site for every provider in a loop, just look at
the ID of the site.
Added regression test, showing N `django_site` requests before and 0 after.
Apply same username restrictions during SSO pipeline as we have user registeration flow to avoid SSO flow breakage at the time of user creation.
ENT-2730
Code quality fixes
This performs a dark launch compare of the existing implementation
(still in use) for fetching TPA provider configs and a new
implementation, recording metrics on exceptions and mismatches.
The new implementation should have two benefits, once we're switched
over:
- Fix 1+N queries on login page view where the site for each config
was fetched in a loop (ARCHBOM-1139)
- Don't allow configs with the same key on different sites to
interfere with each other (regression test added)
The new impl does not use TieredCache, but only the request cache,
which we may want to adjust later.
Added more info to log in SSO request/response flow
Fixed django admin links on model's link fields which are broken due to django 2.2 upgrade.
ENT-2798
Fixed quality violations and unit test
Fix xsscommitlint violation
Fixed pylint violation
We sometimes update preexisting SAML SSO providers to configure them
to automatically create SSO identity verification (IdV) records when a
learner links an account via that provider. Turning that configuration
from off to on does make it such that when learners log back in via
their linked account, a new IdV record will be created for them. But
it's possible we'd want this process to happen more automatically and
seamlessly, for which this management command will be helpful.
Note that this does not help with removing SSO verification records
for a provider for which this configuration has been turned off.
JIRA:EDUCATOR-4947
* Revert "Ran make migration on third_party_auth (#23253)"
This reverts commit 49be65cc58.
* Removing provider.util import
* Removing further provider things
* Adding hash tests
* Removing from provider imports from openedx
* removed all uses of retire_dop_oauth2_models
* Removing provider library from lms, common, and cms
Created/copied function short_token(from django-oauth-provider) and create_hash256 to help with conversion
