Mgmt cmd to bulk opt-out user/org combos from email.

Upgrade Django to 1.11.16 - bug fix.

Add a facility for getting the SiteConfiguration that an org belongs to

Fix flaky TestUserPreferenceMiddleware tests for xdist

Shared mixin for testing OAuth Scopes and various Auth

Mark the refresh access token view as exempt from CSRF protection.

Add unicode normalization to passwords.

ARCH-256: Move and rename redirect helper.

ARCH-168

Fixed override due date by limiting scope to selected users

LEARNER-4283

- Rename is_safe_redirect to is_safe_login_or_logout_redirect.
- Moved is_safe_login_or_logout_redirect to user_authn.

ARCH-256

Access control messaging

WL-1810: Do not send user info to sailthru when registered from white label site

Consistent expiration for all login-related cookies

Fixing location of automatic password reset email message

Fix sharding for unittests to avoid skipped tests

Fixed code duplication in task listing api on instructor dashboard

Allow UserPartitions to specify a text or html message when a user is denied access because of their partition membership

Import courseware module from fully-qualified module name

Added tests to support changes

Install the CSRF app included in edx-drf-extensions.

Fix overriding of token expiration in DOT (ARCH-246)