chore: update enterprise-integrated-channels to 0.1.56#204
Closed
macdiesel wants to merge 545 commits intoedx:masterfrom
Closed
chore: update enterprise-integrated-channels to 0.1.56#204macdiesel wants to merge 545 commits intoedx:masterfrom
macdiesel wants to merge 545 commits intoedx:masterfrom
Conversation
Removes temporary rollout toggle ENABLE_SAML_CONFIG_SIGNAL_HANDLERS. The toggle was used to rollout a fix, and now the fix that uses the signal handlers is enabled by default. The only follow-up needed by anyone is to no longer set this toggle, which will no longer do anything.
openedx#37806) * fix: add support for xblock 5.3.0
… xblocks-contrib/problem (openedx#37758) * fix: pylint issues for problem xblock
refactor: move editor_saved to VideoConfigService (openedx#37829) * This moves edx-platform-specific logic out of the VideoBlock, in preparation for the VideoBlock extraction
* fix: remove legacy problem studio view and resource templates
There is a singleton SplitMongoModuleStore instance that is returned whenever we call the ubiquitous modulestore() function (wrapped in a MixedModuleStore). During initialization, SplitMongoModuleStore sets up a small handful of XBlock runtime services that are intended to be shared globally: i18n, fs, cache. When we get an individual block back from the store using get_item(), SplitMongoModuleStore creates a SplitModuleStoreRuntime using SplitMongoModuleStore.create_runtime(). These runtimes are intended to be modified on a per-item, and later per-user basis (using prepare_runtime_for_user()). Prior to this commit, the create_runtime() method was assigning the globally shared SplitMongoModuleStore.services dict directly to the newly instantiated SplitModuleStoreRuntime. This meant that even though each block had its own _services dict, they were all in fact pointing to the same underlying object. This exposed us to a risk of multiple threads contaminating each other's SplitModuleStoreRuntime services when deployed under load in multithreaded mode. We believe this led to a race condition that caused student submissions to be mis-scored in some cases. This commit makes a copy of the SplitMongoModuleStore.services dict for each SplitModuleStoreRuntime. The baseline global services are still shared, but other per-item and per-user services are now better isolated from each other. This commit also includes a small modification to the PartitionService, which up until this point had relied on the (incorrect) shared instance behavior. The details are provided in the comments in the PartitionService __init__(). It's worth noting that the historical rationale for having a singleton ModuleStore instance is that the ModuleStore used to be extremely expensive to initialize. This was because at one point, the init process required reading entire XML-based courses into memory, or pre-computing complex field inheritance caches. This is no longer the case, and SplitMongoModuleStore initialization is in the 1-2 ms range, with most of that being for PyMongo's connection setup. We should try to fully remove the global singleton in the Verawood release cycle in order to make this kind of bug less likely.
* refactor(certificates): replace direct model imports with data classes and APIs * fix: use Certificates API to create certificates * docs: update docstring for get_certificate_for_user * fix: remove trailing whitespace --------- Co-authored-by: coder1918 <ram.chandra@wgu.edu> Co-authored-by: Deborah Kaplan <deborahgu@users.noreply.github.com>
* docs: instructor ORA api spec
…ns/actions/upload-artifact-5 chore(deps): bump actions/upload-artifact from 4 to 5
…ns/actions/setup-node-6 chore(deps): bump actions/setup-node from 5 to 6
…ns/actions/download-artifact-6 chore(deps): bump actions/download-artifact from 5 to 6
…ns/actions/checkout-6 build(deps): bump actions/checkout from 5 to 6
…ove-pytz-4 chore: use zoneinfo instead of pytz
…ove-pytz-3 chore: use zoneinfo instead of pytz
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 6 to 7. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v6...v7) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/cache](https://github.com/actions/cache) from 4 to 5. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@v4...v5) --- updated-dependencies: - dependency-name: actions/cache dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5 to 6. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v5...v6) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 7 to 8. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](peter-evans/create-pull-request@v7...v8) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
docs: Add a new setting to the docs settings.
Make it so `make clean` doesn't blow away the venv folder. Given that this is managed by the developer, we should be able to manage its lifecycle independently. It was previously just in the list of files that comes by default from github's gitignore so it's not like we previously were of the opinion that we should delete this folder. Just that previously we had no opinion about it and now I think we should not delete it.
The `CourseRunImageField` is a subclass of the DRF `serializers.ImageField` serializer and that class ignores the `default_validators` and actually just uses Django's image validation which is already correct and does in fact validate that the image content is correct not just that the image extension is correct. The DRF code that does the validation: https://github.com/encode/django-rest-framework/blob/main/rest_framework/fields.py#L1621-L1628 Which actually just calls the Django Image Validators. The Django Field definition: https://github.com/django/django/blob/main/django/forms/fields.py#L712 And you can see that in the [`to_python`](https://github.com/django/django/blob/main/django/forms/fields.py#L721) function of that class it actually checks the image content. This function is never actually called and so it's just misleading.
fix: backward compat for transmit learner data task Commit generated by workflow `openedx/openedx-platform/.github/workflows/upgrade-one-python-dependency.yml@refs/heads/master`
…x#37845) XModuleMixin and CourseOverview both provided some backcompat names for some XBlock key attributes. Due to refactors that have happened in edx-platform and improvements to the XBlock API that have happened over the years, we can now simplify these backcompat mappings. The new mappings (old -> new) are: * .course_id -> .context_key * .location -> .usage_key * .url_name -> .usage_key.block_id * .category -> .usage_key.block_type These are the ways we would like developers to access these attributes going forward, so it's important that we set the example in XModuleMixin and CourseOverview. Note: It is technically correct to go through `.scope_ids` for these fields, but it's harder to read. Under the hood, the XBlock API indeed uses `.scope_ids`: https://github.com/openedx/XBlock/blob/v5.3.0/xblock/core.py#L422-L446 Part of: openedx/xblocks-contrib#125
* chore: test enable PR for extracted discussion block
* fix: discussion tab visibility on import * fix: quality issues * refactor: move the logic to update_discussions_settings_from_course in task * test: add test * fix: remove old code * fix: issue * chore: update openedx-events version
* chore: team discussion template error fix
- Remove ('enterprise', None) and ('consent', None) from OPTIONAL_APPS in
openedx/envs/common.py. Now that edx-enterprise registers enterprise and
consent as openedx LMS plugins via entry_points, get_plugin_apps() adds
them to INSTALLED_APPS automatically. Keeping them in OPTIONAL_APPS would
cause duplicate app label errors.
- Update enterprise_enabled() in enterprise_support/api.py to use
django_apps.is_installed('enterprise') instead of the raw string check
'enterprise' in settings.INSTALLED_APPS. The new plugin entry_point-based
registration uses 'enterprise.apps.EnterpriseConfig' (not 'enterprise') in
INSTALLED_APPS, so the raw string check no longer works.
ENT-11663
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…uctor dashboard v2 API (openedx#38018)
feat: remove enterprise and consent from OPTIONAL_APPS
…lag set (openedx#38198) Co-authored-by: Kiro <noreply@kiro.dev>
…8212) View link at the right top opened problem bank in authoring view, but the link at the bottom opens it in the legacy LMS. This PR fixes the link at the bottom to open it in the authoring.
…x#38181) * refactor: update to work with latest openedx_content container changes * chore: enable mypy checking for xblock_storage_handlers, all contentstore v2 views * chore: enable mypy for all of 'cms/lib/xblock' * feat: bump openedx-core to 0.38.0 * test: fix test case which had an invalid char sequence in sample data
The activation_key field was exposed in /api/user/v1/accounts/{username},
allowing an attacker to bypass email verification by combining two behaviors:
1. OAuth2 password grant issues tokens to inactive users (intentional)
2. activation_key returned in API response (the vulnerability)
An attacker could register, get an OAuth2 token, read the activation_key
from the API, then GET /activate/{key} to activate without email access.
Fix: remove activation_key from UserReadOnlySerializer.to_representation()
and from ACCOUNT_VISIBILITY_CONFIGURATION["admin_fields"] (which controls
the field whitelist in _filter_fields — listed fields default to None even
if absent from the serializer data dict).
Reported by Daniel Baillo via the Open edX security working group.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Inherit two changes: - feat: add admin invite reminder emails (ENT-11581) - fix: Move settings reads out of AppConfig, into consumers (ENT-11663)
…penedx chore: bump edx-enterprise to 6.8.3
macdiesel
force-pushed
the
bbeggs/edx_update_IC_0.1.56
branch
from
494e3df to
f64e56f
Compare
macdiesel
force-pushed
the
bbeggs/edx_update_IC_0.1.56
branch
from
f64e56f to
c55c592
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.