* Remove email placeholder
The current placeholder is confusing to users and results in many trying
to login with their username. The change in this PR hopefully decreases that
confusion.
According to UX recommendations, we have decided to remove the email placeholder for the form. It seems placeholders tend to just confuse the users.
There was an issue where external LMS system (e.g. Canvas, Blackboard) that used Open edX LTI Provider calls had cookies blocked. This update fixes this issue by defining third-party cookies to have attributes of `Secure=True` and `SameSite=None`.
Details here: https://discuss.openedx.org/t/lti-xblock-and-samesite/759/5
(cherry picked from commit 28479a2966b87b16a25dbc96c19b6f5817d255de)
We were passing unstripped password value to `authenticate_new_user()`
after creating a user which was resulting in password mismatch and
was raising this error.
PROD-656
...and it turns out we don't need the switch anymore, anyway.
When we upgraded to Django 1.11, this flag was added in order to
allow for a database migration that would render the user table
unwriteable for up to half an hour:
https://github.com/edx/edx-platform/pull/17561
This involved swapping out the signal handler for logins via
`user_logged_in.disconnect(django_update_last_login)`, but with
Django 2.0, that disconnect is silently failing (returning
false). Likely the disconnect is now happening too soon.
(See edx-platform/common/djangoapps/student/apps.py line 21 in 61e1eda.)
The result is that by the time the waffle switch is consulted, the
normal handler has already run, and the user's last login date has
already been updated.
For now we're just removing the test, and have filed ARCHBOM-1084 for
followup (deleting the switch and related code).
* Removing from provider imports from openedx
* removed all uses of retire_dop_oauth2_models
* Removing provider library from lms, common, and cms
Created/copied function short_token(from django-oauth-provider) and create_hash256 to help with conversion
The oauth2.enforce_jwt_scopes waffle switch was added temporarily for
the rollout of jwt scopes. This removes the toggle and replacing code
with the equivalent of `oauth2.enforce_jwt_scopes` as True.
Currently, the /login_ajax endpoint does not regard
any `next` or `course_id` parameters. This commit changes
that, sharing the logic that /login (which the current
templated login page uses) employs to cacluate
a redirect-after-login URL based on `next` and `course_id`.
The new functionality is behind ENABLE_LOGIN_MICROFRONTEND.
Logout link should be displayed only for learner portal
Added changed to display only for learner portal
Added unit tests
check third_party_auth is enabled
Changes to extend SSO logout link feature to Oauth providers
Fixed quality violations
Removed unncessary assert
Reviewer feedback changes
Added link to error message displayed when TPA only user login from FPA login page.
ENT-2535
Fixed pep8 quality violation
skip unit test if context is not LMS
updated the tests
minor changes
changes made verify capitalized country code
changes made verify capitalized country code
changes made stay consistent with country code implementation
changes made to test with previous implementation
updated the django-countries version to latest
updated the tests input to match the output
updated the constants to use updated country names according to new ISO standards
- retires toggle DISABLE_DEPRECATED_LOGIN_POST
- permanently removes /login_post
Now that studio signin has been retired, we are able to remove the
unused /login_post endpoint.
ARCH-1253
- retires toggle ENABLE_LOGIN_POST_WITHOUT_SHIM
- permanently points to LoginSessionView.post which no longer has shim
This is Part 2 of clean-up, and should be done once the toggle
is no longer required and the shim is no longer required.
ARCH-1253
- use login_ajax (in place of login_session with shim) for
logistration's call to login POST
- add toggle for using login_ajax from logistration
- FEATURES['ENABLE_LOGIN_POST_WITHOUT_SHIM']
- add custom metrics for redirect_url
- update test for third-party auth error_code
NOTE: The error_code `third-party-auth-with-no-linked-account`
was introduced in JSON in this earlier PR:
https://github.com/edx/edx-platform/pull/22452/files
ARCH-1253
The toggle UPDATE_LOGIN_USER_ERROR_STATUS_CODE was added to roll out a
breaking change for `login_user` auth errors to return a 400 rather than
a 200.
This toggle was enabled in Production on 12/5/2019 with seemingly no
adverse affects.
ARCH-1253
