* adds blockstore as a requirement and an installed app, with
configurable bundle storage settings.
* adds waffle switch and setting to allow use of blockstore's python API
instead of REST API in live testservers and in production.
* adds database router which, when a `blockstore` DATABASE connection is
configured, allows the platform to use the blockstore service's
database instead of the default edxapp database.
* replaces blockstore_api exceptions and models with blockstore.app.api classes
* minor fixes to the blockstore_api to make the Blockstore REST API
return data packaged the same as the Blockstore Python API.
Previously, our rate-limiting code trusted the entire `X-Forwarded-For`
header, allowing a malicious client to spoof that header and evade
rate-limiting. This commit introduces a new module and setting
allowing us to make a more conservative choice of IPs.
- Create new `openedx.core.djangoapps.util.ip` module for producing
the IP "external chain" for requests based on the XFF header and the
REMOTE_ADDR.
- Include a function that gives the safest choice of IPs.
- Add new setting `CLOSEST_CLIENT_IP_FROM_HEADERS` for configuring how
the external chain is derived (i.e. setting the trust
boundary). Currently has a default, but we may want to make it
mandatory in the future.
- Change `django-ratelimit` code to use the proximate IP in the external
chain -- the one just outside the trust boundary.
Also:
- Change `XForwardedForMiddleware` to use more conservative choice for
its `REMOTE_ADDR` override
- Other adjustments to `XForwardedForMiddleware` as needed in order to
initialize new module and support code that needs the real
`REMOTE_ADDR` value
- Metrics for observability into the change (and XFF composition)
- Feature switch to restore legacy mode if needed
This also gives us a path forward to removing use of the django-ipware
package, which is no longer maintained and has a handful of bugs that make it
difficult to use safely.
Internal ticket: ARCHBOM-2056
The only way to access the legacy courseware is now through the
Studio preview feature (and at some point, when the MFE supports a
preview mode, we can then remove even that).
This drops the courseware.use_legacy_frontend waffle.
This was the "outline tab" view of the course. Preceded by the
course info view, succeeded by the MFE outline tab.
In addition to the course home view itself, this drops related
features:
- Legacy version of Course Goals (MFE has a newer implementation)
- Course home in-course search (MFE has no search)
The old course info view and course about views survive for now.
This also drops a few now-unused feature toggles:
- course_experience.latest_update
- course_experience.show_upgrade_msg_on_course_home
- course_experience.upgrade_deadline_message
- course_home.course_home_use_legacy_frontend
With this change, just the progress and courseware tabs are still
supported in legacy form, if you opt-in with waffle flags. The
outline and dates tabs are offered only by the MFE.
AA-798
(This is identical to previous commit be5c1a6, just reintroduced
now that the e2e tests have been fixed)
This was the "outline tab" view of the course. Preceded by the
course info view, succeeded by the MFE outline tab.
In addition to the course home view itself, this drops related
features:
- Legacy version of Course Goals (MFE has a newer implementation)
- Course home in-course search (MFE has no search)
The old course info view and course about views survive for now.
This also drops a few now-unused feature toggles:
- course_experience.latest_update
- course_experience.show_upgrade_msg_on_course_home
- course_experience.upgrade_deadline_message
- course_home.course_home_use_legacy_frontend
With this change, just the progress and courseware tabs are still
supported in legacy form, if you opt-in with waffle flags. The
outline and dates tabs are offered only by the MFE.
AA-798
This:
1. Removes the `filestore` property from the `ModuleSystem` in favor of
the `runtime.resources_fs` property.
In the original code, `filestore` is equal to
`DescriptorSystem.runtime.resources_fs`. It's safe to replace it with
`ModuleSystem.runtime.resources_fs` because both runtimes are combined
using the `CachingDescriptorSystem`. It provides the `resources_fs` property
that uses the same file storage.
2. Renames `filestore` argument to `resources_fs` in the `LoncapaSystem`
constructor.
3. Adds the deprecated `filestore` property to the `ModuleSystemShim`
and `RuntimeShim`.
The forum service doesn't get the requesting user id for any operation, only the user id of the content creator. So to apply a different user id for an editor or post closing user, those need to be explicitly passed.
This code was originally located at:
./openedx/core/djangoapps/coursegraph
However, code makes more sense within the ./cms tree, because:
* it is responsible for publishing course content to an
external system, with is within the responsibilities of CMS, and
* is uses modulestore, which is discouraged for use in LMS
(see 0011-limit-modulestore-use-in-lms.rst).
So, we move the code to:
./cms/djangoapps/coursegraph
and uninstall coursegraph from LMS.
We do not expect this refactor to have any breaking downstream effects.
viewing in coursegraph for two reasons. First, the existing log message was misleading
as it implied that a course was being submitted to Neo4j even when it was being
skipped due to not changing since last being sent to Neo4j. Second, the new log
message was not distinctive enough for separate searching in Splunk - it will
now be distinctive enough for that search.
edx/edx-platform#24365 has changed the completion mode of these blocks.
Before Koa, it was sufficient to view the block to get a completion checkmark.
Since Koa, all children of the block must be completed.
This adds a toggle to change the completion behavior back to the previous one
so that the user experience can be consistent if needed.
XFF is just part of the chain; record the length of the whole chain instead
(which is always one larger).
Also include junk in one of the test values for realism.
TNL owns coursegraph and we've seen 7000+ courses be submitted for update weekly.
While log message exist for each course not submitted, no log message currently exists
for each submitted course. This commit adds logs for those submitted courses as well.
feat: [AA-1207] remove redundant Tabs fields from courseware API
Remove redundant fields from courseware API.
- number
- verified_mode
- original_User_is_staff
- is_staff
This is the backend work for https://github.com/openedx/frontend-app-learning/pull/873
Some registration tests can fail if run in a
particular order. This PR just adds a warning
so engineers don't mistakenly think they caused
an issue.
Also see VAN-900 for more details on how to
reproduce.
Add `edit_reason_code` field to both `Comments` and `Threads`, making it
editable for anyone who can also edit `raw_body`.
Add `close_reason_code` field to `Threads`, and make it editable by
anyone who can also edit `closed`.
Processing cookies at response time included cookies
that were temporary, like the JWT cookie that is
created by the server by combining the JWT header-payload
and JWT signature cookies. Since we are trying to monitor
the cookie header, we do not want to process this cookie.
However, since we want to include the user id in the logging
message, we delay the logging until response time.
Also, fixed docstring which mislabeled a custom attribute.
ARCHBOM-2055
Deprecates the following attributes from ModuleSystem:
* replace_urls
* replace_course_urls
* replace_jump_to_id_urls
A new ReplaceURLService is created as replacement with a unified replace_urls method
* Adds entrance exam information to the Course Overview object
* Enables hiding other tabs since the get_course_tab_list uses
a Course Overview
* Enables using the entrance exam helper functions to determine
if Entrance exams are being used in this course.
* Posts a message when Entrance Exam is passed to parent container for
usage in the Learning MFE
* Overrides the 'title' field of the courseware tab since the Learning MFE
uses that over the 'name' field.
