Skip to content
Snippets Groups Projects
  1. Nov 16, 2021
  2. Nov 15, 2021
    • Andy Shultz's avatar
      fix: simplify most recent verification function · f70b3cff
      Andy Shultz authored
      current use is much less complicated than old code
      f70b3cff
    • alangsto's avatar
      fix: latest IDV expiration date should be returned (#29320) · 537ae9fc
      alangsto authored
      The lack of ordering for a django query that grabbed verification records is blocking learners with multiple SSO records from taking proctored exams. All IDV records should be sorted by a key first, and then the correct expiration date can be determined.
    • edX Transifex Bot's avatar
      chore(i18n): update translations · 92cd9108
      edX Transifex Bot authored
      92cd9108
    • Kshitij Sobti's avatar
      fix!: Removes the openedx provider temporarily [BD-38] [TNL-9269] (#29314) · 28a2af7a
      Kshitij Sobti authored
      * fix!: Removes the openedx provider temporarily
      
      UI changes to support the new provider are in progress. Once they are ready we
      can add back this provider.
      
      * feat: add support for hiding providers from the API response
    • Matthew Piatetsky's avatar
    • Tim McCormack's avatar
      feat: Add feature toggle to allow broader safe-sessions user checking (#29306) · 0bef5759
      Tim McCormack authored
      Contingent on new feature toggle `VERIFY_USER_CHANGE_UNCONDITIONAL`, check
      for request/response user mismatches on all requests, not just those
      setting a session cookie on the response.
      
      This is intended to *restore* an older behavior. I believe that almost all
      requests used to set a new session cookie, and for some reason no longer
      do, so this is really just an attempt to return to that previous behavior
      no matter whether a new session cookie will be set. (Previously, the
      cookie-to-be-deleted check would still have been in effect, so this is
      actually a slight change from the earlier behavior -- the logout response
      will now be included, and then quickly ignored due to a later check.)
      
      The off-by-default switch moves several lines of code out of a try block,
      but also out from under an if guard that checks for certain cookie
      conditions. The movement out of the try block should be irrelevant, since
      neither of the relocated lines should be raising a SafeCookieError.
      However, there is some chance that they could raise other exceptions when
      called from their new location (and new situations), hence the use of a
      feature toggle -- we'll want to make it easy to switch the new behavior off
      quickly if we start seeing an increase in errors.
      
      Once the change is well-exercised, we can remove the toggle and the old
      call locations.
      
      I'm not entirely sure about the change to the `verify_error` utility
      function in the unit tests, but it seems like even unauthenticated requests
      in Django end up with a user and session on the request object, so this is
      probably a close-enough way to mock that out.
      
      I duplicated a couple of tests to test with feature toggle on/off.
      
      ref: ARCHBOM-1952
      0bef5759
    • Waheed Ahmed's avatar
  3. Nov 12, 2021
  4. Nov 11, 2021
  5. Nov 10, 2021
  6. Nov 09, 2021