DO NOT MERGE - DO NOT CLOSE - Dummy PR to track upstream master#824
Draft
kaustavb12 wants to merge 531 commits into
Draft
DO NOT MERGE - DO NOT CLOSE - Dummy PR to track upstream master#824kaustavb12 wants to merge 531 commits into
kaustavb12 wants to merge 531 commits into
Conversation
* fix: remove legacy xmodulemixin from xblocks-contrib xblocks * feat: Upgrade Python dependency xblocks-contrib (#38399) Commit generated by workflow `openedx/openedx-platform/.github/workflows/upgrade-one-python-dependency.yml@refs/heads/master` Co-authored-by: irtazaakram <51848298+irtazaakram@users.noreply.github.com> * fix: revert extracted problem toggle * fix: remove migrated attributes from xmodulemixin * fix: add back display_name_with_default --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Redact PII fields first (name, email, username), then delete. In case an ETL tool is syncing data to a downstream data warehouse, and treats the deletes as soft-deletes, the data will have first been redacted, protecting the sensitive PII.
* feat: Adds a way to find the difference in Meiliseach state and come up with a migration plan and configuration plan depending on the state. This introduces a mechanism it or a drift engine which drill down the Meiliseach configuration and figures out what has changed: - settings - primary key depending on the change we follow a strategy wether to migrate the data or recreate the index * feat: Add the command to schedule the celery task for populating the index.
…irements-9af9d8f chore: Upgrade Python requirements
Putting this flag back as a backcompat no-op will smooth out the transition for developers and operators. Follows up on: 9af9d8f Related: overhangio/tutor#1374
Enables by default a redirection from the old instructor dashboard views to the new instructor dashboard front end app. Course author, staff or anyone with the instructor dashboard access will now see by default the new frontendapp A waffle flag is introduced that will enable the legacy dashboard LEGACY_INSTRUCTOR_DASHBOARD that will be deprecated in Willow.
Allowing these flags as no-ops for backcompat will smooth out the transition for developers and operators. Follows up on: 9af9d8f Related: overhangio/tutor#1374
This incorporates a major set of renamings and key semantic changes, agreed upon in OEP-68 [1] and released in openedx core v0.43.0 [2] [1] https://docs.openedx.org/projects/openedx-proposals/en/latest/best-practices/oep-0068-bp-content-identifiers.html [2] https://github.com/openedx/openedx-core/releases/tag/v0.43.0 Additionally, we now show `unknown / unknown` in the restore UI when a learning package's package_ref cannot be parsed as a library key. This is because we are no longer assuming any specific format for package_refs. In the future, we may want a more graceful way handling un-parseable package_refs, especially if we have learning packages of courses instead of libraries. Part of: openedx/openedx-core#322
`clean_thread_html_body()` was missing `<style>` from its tag denylist, allowing arbitrary CSS to survive sanitization and be rendered via the `|safe` filter in email templates. This enabled CSS-based email tracking (IP disclosure via background-image/import), content spoofing, and phishing via pseudo-elements. Uses `decompose()` rather than `unwrap()` so the CSS text content is also removed, not just the tag wrapper. Ref: GHSA-4xv3-5j4x-q8g4 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds `validate_saml_metadata_url()` to third_party_auth utils, which enforces HTTPS and blocks loopback, link-local (including cloud metadata endpoints like 169.254.169.254), and reserved IP addresses. RFC 1918 private ranges are blocked by default and can be opted out via `SAML_METADATA_URL_ALLOW_PRIVATE_IPS = True` for deployments where the SAML IdP lives on the same private network. Calls the validator in `fetch_saml_metadata()` before `requests.get()`, also adds a 30s request timeout and removes the previous non-enforcing HTTP warning. Addresses the platform-side fetch path described in: GHSA-328g-7h4g-r2m9 Note: the primary exploit path (`sync_provider_data` endpoint) now lives in edx-enterprise following the migration documented in docs/decisions/0025-saml-admin-views-in-enterprise-plugin.rst and will need a corresponding fix there. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Update to latest edx-enterprise code. Commit generated by workflow `openedx/openedx-platform/.github/workflows/upgrade-one-python-dependency.yml@refs/heads/master`
Fix violations that were introduced when we merged fixes for GHSA-328g-7h4g-r2m9
Update edx-enterprise to 7.0.7 Commit generated by workflow `openedx/openedx-platform/.github/workflows/upgrade-one-python-dependency.yml@refs/heads/master` Co-authored-by: brobro10000 <82611798+brobro10000@users.noreply.github.com>
…uggable_override
Remove get_enterprise_learner_generic_name import. Add obfuscated_username function decorated
with @pluggable_override('OVERRIDE_COURSE_HOME_PROGRESS_USERNAME') returning None by default.
ENT-11572
The README's CMS SSO setup section uses 'studio-sso-id' as the OAuth application client ID, but instructs operators to put that same value into SOCIAL_AUTH_EDX_OAUTH2_KEY. Rename to 'studio-sso-key' so the example value matches the setting it ends up in, removing the id-vs-key confusion for first-time bare-metal setups. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* feat: added ora reminder notification
* docs: add ADR for standardizing serializer usage (#38139) * docs: explicitly mention API versioning incase of backwards incompatible change (#38188) Co-authored-by: Muhammad Faraz Maqsood <faraz.maqsood@A006-01130.local> * docs: add ADR for standardizing permissions usage (#38187) Currently, authorization logic is implemented inconsistently across views, serializers, and custom access checks. This ADR will define a consistent approach using DRF permission classes, object-level permissions, and queryset scoping where appropriate. Co-authored-by: Taimoor Ahmed <taimoor.ahmed@A006-01711.local> * docs: minor change in ADR language * fix: add s back * docs: migrate restful & legacy django api endpoints to standard drf viewsets (#38191) * docs: Add ADR for ensuring GET requests are idempotent Add edx-platform/docs/decisions/0030-ensure-get-requests-are-idempotent.rst as an accepted ADR. Define policy that GET endpoints must be strictly read-only, with side effects moved to explicit write endpoints or async event pipelines. Include edx-platform relevance, anti-pattern vs preferred code examples, and rollout guidance for testing and migration. * docs: add ADR for standardizing API documentation and schema coverage - Propose adoption of drf-spectacular across Open edX services - Require @extend_schema decorators for all API endpoints - Document request/response schemas, status codes, and error conditions * docs: remove incorrect ADR number * docs: address api-doc-tools deprecation in ADR per review feedback - Add context explaining what api-doc-tools is and its relationship to drf-yasg - Document deprecation and archival of api-doc-tools as a consequence - Add migration guide mapping api-doc-tools decorators and URL helpers to their drf-spectacular equivalents - Add rejected alternative for updating api-doc-tools internals - Add rollout step for final archival cutover Closes review comment by @feanil * docs: expand ADR-0027 with api-doc-tools deprecation and drf-yasg incompatibility analysis Address review feedback on FC-0118 ADR 0027: - Add context paragraph explaining what api-doc-tools is (drf-yasg shim, decorators it provides, schema view, OpenAPI 2.0 output) - Document deprecation of api-doc-tools and drf-yasg as a consequence, including transition-window behavior - Add detailed 8-point incompatibility analysis explaining why drf-yasg cannot be replaced with drf-spectacular inside api-doc-tools (recorded in the ADR itself for future reference) - Add migration plan for existing api-doc-tools consumers with concrete decorator/import/setting mapping - Update Rollout Plan to track api-doc-tools removal - Add references to drf-spectacular migration guide, drf-yasg upstream status, and api-doc-tools repository * chore: fix edx-mantained to edX-platform * docs: add ADR for standardizing pagination across APIs (#38300) * docs: add ADR for api versioning strategy (#38304) * docs: add ADR for standardizing filtering/sorting parameters (#38303) * docs: add ADR-0029 standardized error responses decision (#38246) * docs: add ADR for merging similar endpoints (#38262) * docs: ADR for normalizing nested json apis (#38305) * docs: add separate example for input & output serializers * docs: ADR for documenting and consolidating internal MFE APIs (#38309) * docs: ADR for documenting and consolidating internal MFE APIs Define a plan to document all undocumented internal LMS APIs consumed by MFEs into stable, OpenAPI-described contracts. Introduces a consolidated config endpoint pattern with optional course/user context, authentication boundaries, and a rollout plan following OEP-21 DEPR process. * docs: add ADR for canonical MFE configuration endpoint Record that /api/frontend_site_config/v1/ is the canonical endpoint for MFE/front-end runtime configuration (frontend-base SiteConfig, OEP-65) and that /api/mfe_config/v1 is legacy, on the DEPR path tracked in #37255 and added, and that user-context data (roles, permissions) belongs on resource-oriented endpoints rather than on a configuration payload. Documentation/schema coverage is deferred to the API Documentation & Schema Coverage ADR (#38189). Partially supersedes ADR 0001 (MFE Config API). Part of FC-0118 Open edX REST API standardization (#38137). Refs #38280 * docs: add ADR for standardizing authentication patterns (#38301) * docs: add ADR for standardizing authentication patterns * docs: resolve confusion & update the ADR based on OEP-0042 * docs: support multiple valid auth schemes & deprecate BearerAuthentication * docs: change wording for decisions a bit. * docs: add real examples in accordance with our updated decisions * docs: sync ADR with edx-drf-extensions issue 284 openedx/edx-drf-extensions#284 * docs: make doc more explicit & address comments * docs: move Bearer auth depr plan out of ADR Move BearerAuthentication depr plan out of this doc So that it resides in single place i.e. to its deprecation ticket. * docs: add a pointer file in oauth_dispatch for this ADR * docs: make decision more clear * docs: make authentication_classes usage more clearer * docs: adress the comment related to session authentication * chore: correct file number w.r.t order of the ADRs --------- Co-authored-by: Muhammad Faraz Maqsood <faraz.maqsood@A006-01130.local> Co-authored-by: Taimoor Ahmed <68893403+taimoor-ahmed-1@users.noreply.github.com> Co-authored-by: Taimoor Ahmed <taimoor.ahmed@A006-01711.local> Co-authored-by: Robert Raposa <rraposa@edx.org> Co-authored-by: Abdul Muqadim <abdul.muqadim@A006-01811.local> Co-authored-by: Abdul Muqadim <abdul.muqadim@192.168.1.7> Co-authored-by: Abdul-Muqadim-Arbisoft <139064778+Abdul-Muqadim-Arbisoft@users.noreply.github.com>
…8774) COURSE_CERT_CHANGED fires synchronously during GeneratedCertificate.save(), which runs inside the generate_certificate Celery task. The .delay() call was enqueuing award_course_certificate before the DB transaction committed, so the task raced ahead and hit eligible_certificates.get() DoesNotExist — exiting silently with no retry, and never posting the course cert to Credentials. Wrapping in transaction.on_commit() guarantees the cert row is committed before the task is enqueued. Fixes: EDLYPRODUCT-5411
fix: course import when lib block is synced
Instead of an enterprise-specific view decorator conditionally redirecting learners to a consent view, plugins can now hook into the CoursewareViewStarted filter to redirect anywhere. ENT-11544
Instead of enterprise-specific logic throwing an enterprise-specific start date validation error, CourseStartDateValidationFailed filter can now be used by plugins to throw a custom start date error. ENT-11544
Instead of enterprise/consent-specific access checks baked into check_course_access, the CoursewareAccessChecksRequested filter lets plugins deny courseware access with a generic priority access error. This also removes orphaned utility functions from enterprise_support: * consent_needed_for_course * get_enterprise_consent_url * get_active_enterprise_customer_user ENT-11544
feat: decouple enterprise from courseware view redirects, course start-date validation, and course access checks
At some point output from a test run got accidentally checked into test_root/data/, which made it hard to fully gitignore the other test-run artifacts that land there. Delete the orphan files and switch the directory to allow-list mode: ignore everything by default and re-include the video/ fixtures we want to keep on purpose. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…tting fix: handle empty certificate_available_date in schedule & details PUT
feat: enterprise 8.3.0 Commit generated by workflow `openedx/openedx-platform/.github/workflows/upgrade-one-python-dependency.yml@refs/heads/master`
#38821) * fix: ComponentLinks were not deleted when parent container was deleted * test: add a relevant test case and flag overlapping handlers AI note: AI used to help write tests only. Co-Authored-By: Claude <noreply@anthropic.com>
* chore: migrate Dependabot reviewers to CODEOWNERS GitHub retired the `reviewers` key in dependabot.yml (deprecated 2025-05-27, removed 2025-08) in favor of CODEOWNERS. The key is now ignored, so the wg-maintenance-edx-platform team is no longer auto-requested on Dependabot PRs. - Remove the dead `reviewers` key and tidy indentation in dependabot.yml - Add a /.github/workflows/ entry in CODEOWNERS so the maintenance team continues to review GitHub Actions changes (incl. Dependabot bumps) Ref: https://github.com/dependabot/codeowner-migration-action * chore: restore original dependabot.yml comment Revert the comment back to "Adding new check for github-actions" to keep the diff scoped to the reviewers-key removal. --------- Co-authored-by: Abdul Muqadim <abdul.muqadim@A006-01811.local>
…#38785) Replace course_version in the sidebar cache key with a block_structure_version derived from BlockStructureModel.data_version. course_version changes eagerly on publish, causing a cache miss before the block structure is rebuilt — poisoning the cache with stale data for 1 hour. block_structure_version only changes after the async rebuild completes, so cache misses only occur when fresh data is available.
* chore: Upgrade Python requirements * fix: set session token in test helper for social-auth-core 5.0.2 compatibility social-auth-core 5.0.2 requires the partial pipeline token in the session to match the request token (session ownership check). The do_complete test helper stored the partial data but did not set the session token, causing 12 test failures across AzureAD, Google, LinkedIn, and Twitter providers. --------- Co-authored-by: Usama Sadiq <usama7274@gmail.com>
The previous vendored pdf.js was 1.0.907 (May 2013), four major versions behind upstream and within the range covered by Mozilla's GHSA-wgrm-67xf-hhpq (arbitrary JavaScript execution upon opening a malicious PDF). 5.7.284 is well past the >= 4.2.67 fix line. The replacement comes from Mozilla's prebuilt `pdfjs-5.7.284-legacy-dist.zip` GitHub Release artifact rather than the `pdfjs-dist` npm package because the npm package is library-only -- it ships `pdf.mjs` plus a bare `PDFViewer` component class, but no `viewer.html` / `viewer.mjs` / `viewer.css` / locale files. A full npm integration would mean rewriting the viewer page against the bare component, which is appropriate as a non-security follow-up but not as the fix here. The viewer page (`lms/templates/pdf_viewer.html`) is rewritten as a Mako adaptation of upstream `web/viewer.html`. A `<base href>` makes the viewer's relative asset URLs resolve against the vendored copy. The analytics shim (`lms/static/js/pdf-analytics.js`) is rewritten in vanilla JS against `PDFViewerApplication.eventBus`. Four analytics events (`textbook.pdf.thumbnails.toggled`, `textbook.pdf.thumbnail.navigated`, `textbook.pdf.outline.toggled`, `textbook.pdf.page.scrolled`) no longer fire because the corresponding UI elements were refactored away in pdf.js 4.x's Views Manager redesign. A new `scripts/refresh-pdfjs-vendor.sh` is the tool for future bumps: update PDFJS_VERSION + PDFJS_LEGACY_ZIP_SHA256, re-run, commit. Closes GHSA-mj74-gfq3-2v9f. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…pec (#38636) This fixes Problem Builder in the React-based Unit editor by exposing its list of custom component templates to the REST API so that frontend-app-authoring can render them natively rather than trying to IFrame them in (which led to a half-broken experience). This also provides a path forward for any Container-style XBlock to work in the React-based Unit editor: subclass StudioContainerWithNestedXBlocksMixin and then optionally override get_nested_xblock_spec. This unblocks the full removal of the legacy Unit editor: #35261 Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: Kyle McCormick <kyle@axim.org> Co-authored-by: Braden MacDonald <braden@opencraft.com>
chore: upgrade to latest openedx-authz version Commit generated by workflow `openedx/openedx-platform/.github/workflows/upgrade-one-python-dependency.yml@refs/heads/master` Co-authored-by: mariajgrimaldi <64440265+mariajgrimaldi@users.noreply.github.com>
…ready exist (#38840) * fix: Cannot rerun courses - authz role assignment expects rerun to already exist * squash!: Increase test coverage * squash!: Improve tests * squash!: Add TODO comments and improve assert handling
…Requested filter (#38842)
Lets @override_settings(KEY=val) be seen through both settings.KEY
and settings.FEATURES['KEY']/.get('KEY'), so tests can migrate to
the flat setting without first updating every production reader
that still does settings.FEATURES['KEY'].
We walk only the UserSettingsHolder chain that @override_settings
pushes onto django.conf.settings._wrapped, NOT the bottom Settings
layer. Django's bottom Settings is a *snapshot* of the settings
module's globals taken at init time, so it doesn't reflect runtime
mutations of the module's globals — which is exactly what legacy
patch.dict(settings.FEATURES, ...) does via proxy.ns. Reading the
snapshot would mask those mutations and break legacy tests; walking
only the explicit override layers lets both paths coexist during
the migration.
ns kept as-is. A stateless redesign (drop ns, route everything
through django.conf.settings, set FEATURES = FeaturesProxy() in
each env file) was considered but rejected for this step because
FEATURES.copy() and __iter__ are widely used to snapshot the full
set of feature flags; without ns there is no clean source of truth
for "which keys are features". Once all callers have moved off the
dict pattern the proxy can be deleted outright (every
settings.FEATURES['X'] becomes settings.X), making the stateless
refactor unnecessary.
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* feat: add show_email_preferences to v3 configurations API * fix: import sort issue
This PR enables the PDF block by default in all courses. It is listed under the the Advanced component category. Before this commit, course authors needed to add it to the Advanced module list in Advanced Settings first. https://openedx.atlassian.net/wiki/spaces/OEPM/pages/5335908397
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Settings
Tutor requirements