Commit Graph

245 Commits

Author SHA1 Message Date
Adeel Khan
d61936fdb6 Adds Logistration MFE url for forgot password email.
This patch would enable routing learner to logistration MFE
via forgot password url than on platform when
ENABLE_LOGISTRATION_MICROFRONTEND feature flag is set.

VAN-98
2020-10-29 16:25:20 +05:00
Adeel Khan
2bc746a0a0 Adds forgot password functionality for secondary email.
VAN-18
2020-10-24 22:00:12 +05:00
Zainab Amir
49ea5f5188 Update logistration MFE feature flag (#25356)
update logistration MFE feature flag to not be used in conjunction
with Accounts MFE toggle.

VAN-11
2020-10-23 12:11:56 +05:00
Dillon Dumesnil
b6dbbb6f83 Merge pull request #25346 from edx/ddumesnil/add-cert-to-linkedin-aa-385
AA-385: Add in LinkedIn Add to Profile to courseware meta API
2020-10-19 07:31:26 -07:00
Dillon Dumesnil
084ab4c10d AA-385: Add in LinkedIn Add to Profile to courseware meta API
A major update to this function allows it to actually autofill the
certificate information again! I believe LinkedIn changed their API
and we never updated our end. This fixes that!
2020-10-16 10:07:38 -04:00
Adeel Khan
8418b44084 Add new password reset endpoint for logistration MFE.
VAN-88
2020-10-16 01:34:27 +05:00
adeelehsan
1bbb59ebc7 added host in redirection url
In case of login micro frontend redirection lms
domain added in redirection url.

VAN-71
2020-10-13 18:20:23 +05:00
Awais Jibran
6b1506c3ff Sends Post-password-change acknowledgement email
PROD-421
2020-10-05 17:01:19 +05:00
Syed Muhammad Dawoud Sheraz Ali
6f254aaf84 Merge pull request #205 from edx/dsheraz/PROD-217
fix password reset token leakage in referrer
2020-10-02 22:17:37 +05:00
Waheed Ahmed
af958ada75 Add new endpoint to validate password reset token.
Added a new endpoint to validate password reset token for
logistration MFE.

VAN-61
2020-09-30 16:12:33 +05:00
uzairr
b1d321374f Refactor third party auth msg generation 2020-09-29 06:52:02 +05:00
Tim McCormack
f29e418264 Revert "Revert "ARCHBOM-1494: Refer to custom attributes, not metrics, especially with edx-django-utils (#25010)" (#25025)" (#25055)
This reverts commit 986a448d9e.
2020-09-28 13:53:57 +00:00
DawoudSheraz
6181edfa4c fix password reset token leakage in referrer 2020-09-28 10:20:17 +05:00
Robert Raposa
9c6ee54258 remove flaky test_login_ratelimited 2020-09-25 11:24:47 -04:00
Feanil Patel
ddcf31c5ad Merge pull request #25009 from edx/feanil/fix_flaky_test
Fix a flaky test by freezing time in the right spot.
2020-09-21 12:15:28 -04:00
Ahtisham Shahid
986a448d9e Revert "ARCHBOM-1494: Refer to custom attributes, not metrics, especially with edx-django-utils (#25010)" (#25025)
This reverts commit ba9ee4e151.

Fixed Style lint issue
2020-09-21 13:48:00 +05:00
Tim McCormack
ba9ee4e151 ARCHBOM-1494: Refer to custom attributes, not metrics, especially with edx-django-utils (#25010)
This uses the new names introduced in edx-django-utils
3.8.0 (edx/edx-django-utils#59), which we're already using, as
well as updating a few other locations where we incorrectly refer
to New Relic custom metrics instead of custom attributes.

Includes a couple of unrelated lint fixes in a file I modified.
2020-09-18 13:33:50 +00:00
Feanil Patel
5e56621aeb Fix a flaky test by freezing time in the right spot.
The test was only freezing time for the first two calls to password reset
which meant that sometimes the last call to reset password was far enough
in the future to not be affected by the rate limiting.

We move the freeze_time context manager to outside of all the password
reset calls to make things more reliable.
2020-09-17 13:43:30 -04:00
Régis Behmo
a4ba4ae45e Clarify many feature toggle annotations across all applications 2020-09-16 15:20:43 +02:00
Régis Behmo
7d93715880 Rename toggle_expiration_date to toggle_target_removal_date
This is part of the changes brought by code-annotations==0.7.0
2020-09-16 15:19:16 +02:00
Régis Behmo
98a13d6a7e Remove deprecated toggle_status annotation
This annotation is deprecated since code-annotations==0.7.0
2020-09-16 15:19:15 +02:00
Régis Behmo
d1f9e769d0 Simplify the toggle_use_case annotation
Since code-annotations==0.7.0, incremental_release, launch_date,
monitored_rollout, graceful_degradation, beta_testing are all considered
as "temporary" use cases.
2020-09-16 15:16:13 +02:00
Régis Behmo
ab0e21455a Get rid of the toggle_category annotation, now deprecated
Since code-annotations==0.7.0, this annotation is not used anymore.
2020-09-16 15:16:13 +02:00
Régis Behmo
0c3bc12582 Fix deprecated toggle annoation format 2020-09-16 15:16:13 +02:00
Régis Behmo
7dc460d50a Wrap toggle annotation lines with multiline comments
This takes advantage of the new multiline annotation format with
single-line comment prefix, from code-annotations.
2020-09-16 15:16:12 +02:00
Régis Behmo
c8892d321b Document openedx/core/djangoapps/user_authn feature toggles 2020-09-16 15:14:56 +02:00
Régis Behmo
307457a255 Simplify hack to obtain waffle module names
Instead of going up the stacktrace to find the module names of waffle
flags and switches, we manually pass the module __name__ whenever the
flag is created. This is similar to `logging.getLogger(__name__)`
standard behaviour.

As the waffle classes are used outside of edx-platform, we make the new
module_name argument an optional keyword argument. This will change once
we pull waffle_utils outside of edx-platform.

Note that the module name is normally only required to view the list of
existing waffle flags and switches. The module name should not be
necessary to verify if a flag is enabled. Thus, maybe it would make
sense to create a `add` class methor similar to:

    class WaffleFlag:
        @classmethod
        def add(cls, namespace, flag, module):
            instance = cls(namespace, flag)
            cls._class_instances.add((instance, module))
2020-09-14 09:30:24 +02:00
uzairr
c68155f76f Modify the api response
Update the api response so that it cannot contain the response
in the form of HTML which may prove vulnerable for MFE in future.

VAN-14
2020-09-10 12:39:09 +05:00
Zainab Amir
8f83d10528 Add Mechanism to enable logistration MFE (#24908)
Add a toggle that in conjuction with REDIRECT_TO_ACCOUNT_MICROFRONTEND
enables or disables logistration MFE.

VAN-3
2020-09-08 17:46:50 +05:00
Pierre Mailhot
36db87e734 fixing language issue for original activation email on sites using more than one language
https://openedx.atlassian.net/browse/CRI-217
https://discuss.openedx.org/t/activation-email-in-multiple-languages/2808
2020-08-27 03:37:05 -04:00
uzairr
7bc17c7dd9 Ratelimit the registration endpoint
PROD-880
2020-08-20 18:38:26 +05:00
Manjinder Singh
c76ed6ae45 Extracting plugin app from edx-platform (#24678)
* Moving plugins infrastructure to edx-django-utils
This PR extracts the code that enables plugins in edx-platform and puts it in edx-django-utils. This is done to allow other IDAS to add plugin functionality.
2020-08-12 07:48:53 -04:00
Jeff Chaves
e1bd970b46 ENT-2894: Use new welcome template when redirected from enterprise proxy login view (#24587)
* using new welcome template when redirected from enterprise proxy login view

* enabling safe redirects to enterprise learner portal from login in devstack

* ading admin portal to login redirect whitelist

* running make upgrade to version bump edx-enterprise
2020-07-24 17:40:42 -04:00
Talia
6d365ca1da fixes for front end saml work and to align with data requirements. 2020-07-24 14:45:34 -04:00
Robert Raposa
77e490f057 ARCHBOM-1305: remove deprecated flag_undefined_default (#24426)
This is the final step in removing the deprecated
flag_undefined_default as explained by the following ADR:
https://github.com/edx/edx-platform/blob/master/openedx/core/djangoapps/waffle_utils/docs/decisions/0001-refactor-waffle-flag-default.rst

Notes:

* All uses of flag_undefined_default=False were always
  supposed to have been no-ops.
* All uses of flag_undefined_default=True that are removed
  in this PR have been replaced by migrations in past PRs.
* The temporary metric temp_flag_default_used id no longer
  reporting any data.

ARCHBOM-1305
2020-07-09 09:31:31 -04:00
Feanil Patel
f2ac18049b Validate before accessing email parts.
For somereason earlier validation is not ensuring that we have a valid e-email.
In this case, break out of the flow since we don't have a domain that's in our
list and log the user's id so that we can learn more about when this happens.

By a reading of the code flow, it doesn't seem like it should be possible except
with a handful of users that have invalid e-mail addresses in the database but it
seems to be happening pretty regularly.
2020-07-08 13:35:55 -04:00
Waheed Ahmed
4f80fd6540 Improve password reset rate limit.
Used django-ratelimit instead of django-ratelimit-backend
to configure two different rate limit configurations for same
endpoint.

PROD-1708
2020-07-08 16:19:07 +05:00
Waheed Ahmed
a6a69224d1 Ratelimit login_user endpoint.
Ratelimited `login_user` endpoint using `django-ratelimit`, also
decreased default value of logistration rate limit to 100 requests
per five minutes per IP.

PROD-1877
2020-07-08 15:36:11 +05:00
Ahtisham Shahid
5707bbdc90 updated confirm_email field type (#24205)
* updated confirm_email field type and removed confirm email form v1
2020-06-22 17:10:41 +05:00
Ahtisham Shahid
340e00988f Removed confirm email after SSO 2020-06-16 14:06:52 +05:00
adeel khan
76419f9d01 Merge pull request #23913 from edx/adeel/prod_1505_improve_security_lockouts_logic
Improving user locked out logic.
2020-06-10 14:21:16 +05:00
Waheed Ahmed
6b268c37b4 Rate limit logistration endpoints.
PROD-1506
2020-06-10 13:33:26 +05:00
Adeel Khan
2383fb3fa6 Improving user locked out logic.
This patch improves on the user locked
out logic by providing a helping message
near locked out. This would help reduce
retries by giving user the option to use
password reset flow to fix the issue.

PROD-1505
2020-06-09 09:36:42 +05:00
Ahtisham Shahid
b69163fae7 Merge pull request #24079 from edx/ahtisham/PROD-1412-2
Added v2 for confirm email backward compatibility
2020-06-03 17:13:49 +05:00
Ahtisham Shahid
af033d25cc Added v2 for confrim email backward compatiblity
updated tests

fixed style issue

Fixed tests for v2 api
2020-06-02 13:01:58 +05:00
hasnain.naveed
c51dc9db20 ENT-2818 | Added enterprise slug login's url on edx login page. 2020-05-28 19:58:46 +05:00
Feanil Patel
c06f7b2fd7 Revert "Rate limit logistration endpoints."
This reverts commit 74bc970edc.
2020-05-21 11:41:09 -04:00
Feanil Patel
72ea1b7d4f Revert "Increase requests limit for logistration rate limit."
This reverts commit a1c018823d.
2020-05-21 11:40:47 -04:00
Waheed Ahmed
a1c018823d Increase requests limit for logistration rate limit. 2020-05-21 17:05:19 +05:00
Waheed Ahmed
74bc970edc Rate limit logistration endpoints.
PROD-1506
2020-05-21 13:45:48 +05:00