7fc20e69f4
Change `mark_user_change_as_expected` to no longer take the response object and instead convey the expected-change information via RequestCache. This requires edx-django-utils 4.4.2, which fixes the bug where RequestCache was cleared in the exception phase. Also, no longer mark `ENFORCE_SAFE_SESSIONS` toggle as temporary. We'll want it as an opt-out. I was tempted to take this opportunity to move any existing `mark_user_change_as_expected` calls to be closer to where the actual change request.user occurs, reducing risk of both false positives and false negatives, but it would be better to do that one at a time in case a move breaks something. (Ideally it would be called right after any `django.contrib.auth` `login` or `logout` call; previously, we were constrained by having to make the call after a response object had been created.) These changes can be made later if it becomes necessary.
auth_exchange ------------- Views to support exchange of authentication credentials. The following are currently implemented: 1. DOTAccessTokenExchangeView View for token exchange from 3rd party OAuth access token to 1st party OAuth access token. Uses django-oauth-toolkit (DOT) to manage access tokens. 2. LoginWithAccessTokenView 1st party (open-edx) OAuth 2.0 access token -> session cookie