* Remove email placeholder
The current placeholder is confusing to users and results in many trying
to login with their username. The change in this PR hopefully decreases that
confusion.
According to UX recommendations, we have decided to remove the email placeholder for the form. It seems placeholders tend to just confuse the users.
TNL-7053
The courseware_api view will use check_course_access - which now returns AccessResponse objects, and all other uses of check_course_access will now use check_course_access_with_redirect, which is a drop-in replacement for the original check_course_access implementation.
We also added a few new helpers to access_utils:
- check_public_access is a replacement for allow_public_access, which now returns AccessResponse objects
- check_enrollment checks if the learner is enrolled, and uses check_public_access to account for COURSE_ENABLE_UNENROLLED_ACCESS_FLAG
- check_survey checks whether there is a required survey that the learner must complete prior to accessing the course.
There are two new kinds of AccessError subclasses:
- SurveyRequiredAccessError
- EnrollmentRequiredAccessError
There was an issue where external LMS system (e.g. Canvas, Blackboard) that used Open edX LTI Provider calls had cookies blocked. This update fixes this issue by defining third-party cookies to have attributes of `Secure=True` and `SameSite=None`.
Details here: https://discuss.openedx.org/t/lti-xblock-and-samesite/759/5
(cherry picked from commit 28479a2966b87b16a25dbc96c19b6f5817d255de)
- remove code for displaying banner in mobile dates fragment
- replace button with link to web app in reset dates banner on
the mobile problem template
- adjust spacing of reset dates button in banner when button wraps
on smaller screen
Prepare to upgrade to django-oauth-toolkit (module name oauth2_provider) 1.3.2 concurrently with the Django 2.2 upgrade (versions after 1.1.3 dropped support for Django 1.11). Key points:
* We can stop using a commit hash since versions 1.3.0 through 1.3.2 have been released since that commit.
* The validator in oauth_dispatch migration 0002 has been removed from DOT, but the whole table was removed in migration 0004 anyway. Newer DOT versions moved where redirect URI validation happens so it's no longer needed here.
* DOT 1.3.0 squashed its original 6 migrations and immediately deleted them. This required some changes in oauth_dispatch migrations 0006 and 0007 to deal with either numbering system.
When deploying to stage and production, we'll need to delete the history for oauth2_provider migrations 0002-0006 first (the new squashed 0001 migration has the same name as the original 0001). The deployment with DOT 1.3.2 will add a new 0002 migration which should then apply cleanly on the existing database state.
Should resolve https://openedx.atlassian.net/browse/BOM-1456 .
We now either pass in the relevant courseoverview or when creating the
enrollement we use the factory which automatically creates the relevant
CourseOverview object for testing purposes.
1. Created a new celery queue with key `SOFTWARE_SECURE_VERIFICATION_ROUTING_KEY`.
2. Added a celery task with retry logic.
3. sorted imports with isort.
4. Changed deprecated `log.warn` => `log.warning`.
We were passing unstripped password value to `authenticate_new_user()`
after creating a user which was resulting in password mismatch and
was raising this error.
PROD-656
