* Remove ThirdPartyAuthProviderApiPermission
Also removed ProviderApiPermissions and ApiPermissionsAdminForm and removal of DOP for third_party_auth
* Removing model
* Replaced long_token with default_token_generator
* Adding skip to test_migrations_are_in_sync
The oauth2.enforce_jwt_scopes waffle switch was added temporarily for
the rollout of jwt scopes. This removes the toggle and replacing code
with the equivalent of `oauth2.enforce_jwt_scopes` as True.
In Django template rendering, context processors only run once.
But when we do template rendering through edxmako (which we do for
each and every web fragment/XBlock), we can end up having hundreds
of invocations of templates and run context processors for each
separately. This removes that work.
This was originally added in ad5cc3d5 and reverted when we saw
errors in one of our environments that seemed to be related to
context processor code. Those errors persisted after the revert,
and so I'm adding this back in (with some modifications based on
review comments).
This stage does the following:
- Includes a data migration to copy the values from old to new field.
- Changes business logic to switch to using new field.
- Deletes all code references of the old field.
This commit adds a feature that allows overriding any marketing URL, either by configuration on lms.env.json or SiteConfiguration, regardless if a marketing website is set up.
The links can be set by passing MKTG_URL_OVERRIDES to either `lms.env.json` or `SiteConfiguration`.
Moves the existence check for secondary (recovery) email to validate
method. If the email already exists, silently remove it from the set of
data to be updated. This parallels the existing behavior for updating
the primary email.
ENT-1913
Right now the units of a public course are hidden if there is at least a graded activity in them. This is done due to a change(69eeca61d8) that was done before the implementation of public_view mechanism for unenrolled users.
Since we use public_view now and by default it restricts the unit rendering for anonymous users we do not need to limit the access at this way for anonymous users.
* WIP: add third-party-auth scope and usage
BOM-1264
* Fix tests now that we do permissions in a more standard way.
Rather than manually setting the permission class we previously
explicitly raised a PermissionDenied exception. The way DRF
permissoning logic works, if we use the WWW-Authenticate header in the
highest priority auth class, it will return a 401 instead of a 403.
* Added test to make sure having permissions gives access to user mapping api
* Test new filters logic.
Ensure that the filters we add to the application access model make it
into the JWT correctly.
* quality fix
* quality fix
* disable pylint warning
* quality fix
* fix indent prob
Co-authored-by: Feanil Patel <feanil@edx.org>
Co-authored-by: Manjinder Singh <49171515+jinder1s@users.noreply.github.com>
This was previously disabled because changing another user's password is
both not usually recommended and bypasses password policy. Here, we add
a feature flag (`ENABLE_CHANGE_USER_PASSWORD_ADMIN`) to allow
re-enabling this password change form. This allows continued use of this
functionality by clients that require it.
Adds a simple nullable field to the UserProfile model. The only
validation done it to make sure any character saved in that field is a
digit and not a letter. We do not distiguish on a model level if the
phone number is international or not.
Currently, video is moving one second ahead or behind on each right
and left arrow key respectively.In order to make it compliant with
the industry standards like Youtube,its step is adjusted to five
seconds.
PROD-159
* Renamed OAuth2Authentication to BearerAuthentication
* Added back OAuth2Authentication name
-there are libraries such as edx-enterprise that still import OAuth2Authentication. The OAuth2Authentication class should be fully removed when everything is importing BearerAuthentication correctly
