0bef57591d
Contingent on new feature toggle `VERIFY_USER_CHANGE_UNCONDITIONAL`, check for request/response user mismatches on all requests, not just those setting a session cookie on the response. This is intended to *restore* an older behavior. I believe that almost all requests used to set a new session cookie, and for some reason no longer do, so this is really just an attempt to return to that previous behavior no matter whether a new session cookie will be set. (Previously, the cookie-to-be-deleted check would still have been in effect, so this is actually a slight change from the earlier behavior -- the logout response will now be included, and then quickly ignored due to a later check.) The off-by-default switch moves several lines of code out of a try block, but also out from under an if guard that checks for certain cookie conditions. The movement out of the try block should be irrelevant, since neither of the relocated lines should be raising a SafeCookieError. However, there is some chance that they could raise other exceptions when called from their new location (and new situations), hence the use of a feature toggle -- we'll want to make it easy to switch the new behavior off quickly if we start seeing an increase in errors. Once the change is well-exercised, we can remove the toggle and the old call locations. I'm not entirely sure about the change to the `verify_error` utility function in the unit tests, but it seems like even unauthenticated requests in Django end up with a user and session on the request object, so this is probably a close-enough way to mock that out. I duplicated a couple of tests to test with feature toggle on/off. ref: ARCHBOM-1952
This is the core repository of the Open edX software. It includes the LMS
(student-facing, delivering courseware), and Studio (course authoring)
components.
Installation
------------
Installing and running an Open edX instance is not simple. We strongly
recommend that you use a service provider to run the software for you. They
have free trials that make it easy to get started:
https://openedx.org/get-started/
If you will be modifying edx-platform code, the `Open edX Devstack`_ (Developer Stack) is
a Docker-based development environment.
If you want to run your own Open edX server and have the technical skills to do
so, `Open edX Installation Options`_ explains your options.
.. _Open edX Developer Stack: https://github.com/edx/devstack
.. _Open edX Installation Options: https://openedx.atlassian.net/wiki/spaces/OpenOPS/pages/60227779/Open+edX+Installation+Options
License
-------
The code in this repository is licensed under version 3 of the AGPL
unless otherwise noted. Please see the `LICENSE`_ file for details.
.. _LICENSE: https://github.com/edx/edx-platform/blob/master/LICENSE
More about Open edX
-------------------
See the `Open edX site`_ to learn more about the Open edX world. You can find
information about hosting, extending, and contributing to Open edX software. In
addition, the Open edX site provides product announcements, the Open edX blog,
and other rich community resources.
.. _Open edX site: https://openedx.org
Documentation
-------------
Documentation can be found at https://docs.edx.org.
Getting Help
------------
If you're having trouble, we have discussion forums at
https://discuss.openedx.org where you can connect with others in the community.
Our real-time conversations are on Slack. You can request a `Slack
invitation`_, then join our `community Slack team`_.
For more information about these options, see the `Getting Help`_ page.
.. _Slack invitation: https://openedx-slack-invite.herokuapp.com/
.. _community Slack team: http://openedx.slack.com/
.. _Getting Help: https://openedx.org/getting-help
Issue Tracker
-------------
We use JIRA for our issue tracker, not GitHub issues. You can search
`previously reported issues`_. If you need to report a problem,
please make a free account on our JIRA and `create a new issue`_.
.. _previously reported issues: https://openedx.atlassian.net/projects/CRI/issues
.. _create a new issue: https://openedx.atlassian.net/secure/CreateIssue.jspa?issuetype=1&pid=11900
How to Contribute
-----------------
Contributions are welcome! The first step is to submit a signed
`individual contributor agreement`_. See our `CONTRIBUTING`_ file for more
information – it also contains guidelines for how to maintain high code
quality, which will make your contribution more likely to be accepted.
Reporting Security Issues
-------------------------
Please do not report security issues in public. Please email
security@edx.org.
.. _individual contributor agreement: https://openedx.org/cla
.. _CONTRIBUTING: https://github.com/edx/edx-platform/blob/master/CONTRIBUTING.rst