An older test was deleted based on flakiness around the ID
verification process; this test eliminates the dependency on IDV by
enabling manual ID verification (an enterprise-motivated workaround
for IDV requirements) via the auto_auth endpoint.
JIRA:EDUCATOR-1178
1. Use request.session instead of request.user, since request.user
won't necessarily be properly set.
2. Be extra paranoid by putting logging after session cookie deletion,
so that even if there is some error related to logging, the important
work will complete and the browser won't get left in a broken state.
3. Write out the full contents of the Cookie header (up to 4096 bytes)
in the log as a base64 encoded string. This way we can look at broken
cookie states and diagnose what's breaking them (the Python parser will
just silently skip anything past a corrupted cookie entry). We base64
encode mostly to prevent people from maliciously injecting garbage into
our logs.
This adds middleware that will create custom parameter metrics in
New Relic to track the size of all the cookies being received for
our domain. The custom fields are "cookies_total_size" and a
separate named parameter for every cookie size, e.g.
"cookies.csrftoken.size".
This is intended to help us track cookie growth and better diagnose
issues where users lose their sessions. It is toggled by the
'request_utils.capture_cookie_sizes' Waffle Flag.
With the expanded idea of what `settings.DATA_DIR` pertains to, there is an inconsistency in the assumed location of course repositories that can lead to failed impots. In `import_olx` the root is set to be `settings.GITHUB_REPO_ROOT`, whereas in the `extract_tar.py` file it is validating against `settings.DATA_DIR` which can no longer be assumed to be the same location. This PR brings those two assumptions in line to rely on the `settings.GITHUB_REPO_ROOT` in both locations.
Currently, the LMS logout endpoint should iframe in the logout pages of
all the IDAs you were logged into. In short, this was made possible with
DOP because keeping track of the logout URIs and leaving a trail of
evidence in the user cookies was part of what we added in our fork of
DOP. In the case of DOT, we don't have time or desire to fork DOT to
mirror this behavior, so our stop-gap solution is to log out the user
from a list of logout URIs in settings.
