This commit upgrades the version of the lti-consumer-xblock library from version 7.1.0 to version 7.2.0. Version 7.2.0 includes a number of fixes to bugs relating to personally identifiable information (PII) sharing in LTI launches in both LTI 1.1 and LTI 1.3. Version 7.2.0 also enables PII sharing (username and email) in LTI 1.3 launches.
Please see the CHANGELOG entry for these versions for a full description of the changes: https://github.com/openedx/xblock-lti-consumer/blob/master/CHANGELOG.rst#720---2022-12-15.
We have a need to lock the version of Django for production and tests, but
also to test on newer versions of Django so that we can get the repo ready
for long-term-support releases.
We've been doing that by extracting the `django==x.y.z` from the
pip-compiled files and moving it to a django.txt that is then co-installed
but can be overridden during tests. The problem is that this can result
in broken packages.
The approach here is to have `make test-requirements` continue to
ensure a consistent set of packages, and then install a different
Django on top of that in the CI script -- and call `pip check` to make
sure that combination isn't broken.
Adding Django 4.0 to the unit-tests.yml matrix will now correctly
result in this error and a failing job:
`django-splash 1.2.1 has requirement Django<4.0, but you have django 4.0.8.`
The other half of this is to change other CI runners to remove their
ability to control the Django version, since it's complicated to make
this work, and we probably only need it in unit-tests.yml. Convert them
to just use `make test-requirements`.
Also:
- Simplify handling of `pip --src` by setting `PIP_SRC` (rather than our
own `PIP_SRC_DIR`, which pip ignores because `--src-dir` isn't an option
that it knows). This is needed to allow `make test-requirements` to do
the pip calls. An alternative would be to set a pip-options env var for
the make target to use, but `PIP_SRC` already exists.
- Remove outdated modifications to common_constraints
- Add comment explaining why pylint tests need dev-requirements
4.13.3 merely brings the proctoring library celery version up to date
with the platform celery version, which is already the case when
proctoring is deployed since as a plugin it does not control celery
This commit upgrades the version of the lti-consumer-xblock library from version 6.4.0 to version 7.0.2. This includes versions 7.0.0, 7.0.1, and 7.0.2.
Version 7.0.0 includes refactoring to remove deprecated method calls to rebind_noauth_module_to_user, get_real_user, runtime.hostname, and runtime.course_id.
Version 7.0.1 includes a fix to the clean method of the LtiConfiguration model. The fix changes the way we look up the course ID so that we can access the course ID without needing to load the XBlock.
Version 7.0.2 includes fixes to LTI 1.1 Basic Outcomes Services and LTI 2.0 Result Service when using an external_user_id as a user identifier.
Note that version 7.0.1 was originally deployed in https://github.com/openedx/edx-platform/pull/31369. It was reverted soon after in https://github.com/openedx/edx-platform/pull/31377. The issue occurred in version 7.0.0, in the following line https://github.com/openedx/xblock-lti-consumer/pull/249/files#diff-ab027143adc95b9776c12e973e28f025a21b0d88112937af93645829686527fdL186. self in the call to the service is an instance of the OutcomeService. self should be an instance of an XBlock (i.e. LtiConsumerXBlock). Version 7.0.2 fixes this bug by moving the call to the service to the LtiConsumerXBlock, where self is an instance of an XBlock. Therefore, we are deploying this version to fix forward.
Please see the CHANGELOG entries below for these versions for a full description of the changes.
Version 7.0.0: https://github.com/openedx/xblock-lti-consumer/blob/master/CHANGELOG.rst#700---2022-11-29
Version 7.0.1: https://github.com/openedx/xblock-lti-consumer/blob/master/CHANGELOG.rst#701---2022-11-29
Version 7.0.2: https://github.com/openedx/xblock-lti-consumer/blob/master/CHANGELOG.rst#702---2022-11-29.
The commit messages of each version are included below for convenience.
7.0.0
-----
refactor: replace block.location with block.scope_ids.usage_id
7.0.1
-----
fix: do not attempt to load the block just to look at the location
the block is not loadable in exams so clean fails in that IDA, but
we shouldn't need the block to ask a question about the course
7.0.2
-----
In #307, we added the ability to send a stable, static user identifier (i.e. external user ID) to fix failed launches with the QwikLabs tool. This is because the QwikLabs tool did not work with the course-anonymized user IDs we used to send (i.e. anonymous user IDs). Inadvertently, this change broke the LTI 1.1 Basic Outcomes Service and the LTI 2.0 Result Service for courses that use the external user ID (i.e. they have the lti_consumer.enable_external_user_id_1p1_launches CourseWaffleFlag enabled). The Basic Outcomes Service and Result Service handle grade pass backs. Because we now have two ways to identify a user in LTI 1.1/2.0, we must update the Basic Outcomes Service and Result Service to support both. This commit fixes this bug.
