7fc20e69f4
Change `mark_user_change_as_expected` to no longer take the response object and instead convey the expected-change information via RequestCache. This requires edx-django-utils 4.4.2, which fixes the bug where RequestCache was cleared in the exception phase. Also, no longer mark `ENFORCE_SAFE_SESSIONS` toggle as temporary. We'll want it as an opt-out. I was tempted to take this opportunity to move any existing `mark_user_change_as_expected` calls to be closer to where the actual change request.user occurs, reducing risk of both false positives and false negatives, but it would be better to do that one at a time in case a move breaks something. (Ideally it would be called right after any `django.contrib.auth` `login` or `logout` call; previously, we were constrained by having to make the call after a response object had been created.) These changes can be made later if it becomes necessary.
Status: Maintenance Responsibilities ================ The ``user_authn`` app contains user authentication related features such as login, registration, and credential management. Direction: Extract ================== Ideally this would be in its own service, but at this point, LMS is the home of all authentication related features. At this time, these features are still plugged into Studio. Future clean-up in Studio is intended to make this an LMS only feature. Glossary ======== More Documentation ==================