Merge branch 'master' into pwnage101/ENT-11569

Author: kiram15

cms/djangoapps/contentstore/toggles.py

@@ -86,25 +86,6 @@ def exam_setting_view_enabled(course_key):
     return not LEGACY_STUDIO_EXAM_SETTINGS.is_enabled(course_key)
 
 
-# .. toggle_name: legacy_studio.video_editor
-# .. toggle_implementation: WaffleFlag
-# .. toggle_default: False
-# .. toggle_description: Temporarily fall back to the old Video component (a.k.a. video block) editor.
-# .. toggle_use_cases: temporary
-# .. toggle_creation_date: 2025-03-14
-# .. toggle_target_removal_date: 2025-09-14
-# .. toggle_tickets: https://github.com/openedx/edx-platform/issues/36275
-# .. toggle_warning: In Ulmo, this toggle will be removed. Only the new (React-based) experience will be available.
-LEGACY_STUDIO_VIDEO_EDITOR = CourseWaffleFlag('legacy_studio.video_editor', __name__)
-
-
-def use_new_video_editor(course_key):
-    """
-    Returns a boolean = true if new video editor is enabled
-    """
-    return not LEGACY_STUDIO_VIDEO_EDITOR.is_enabled(course_key)
-
-
 # .. toggle_name: legacy_studio.pdf_editor
 # .. toggle_implementation: WaffleFlag
 # .. toggle_default: False
@@ -129,7 +110,7 @@ def use_new_pdf_editor():
 # .. toggle_use_cases: temporary
 # .. toggle_creation_date: 2023-04-03
 # .. toggle_target_removal_date: 2023-6-01
-# .. toggle_warning: You need to activate the `new_core_editors.use_new_video_editor` flag to use this new flow.
+# .. toggle_warning: This controls the new core video xblock editor flow.
 ENABLE_VIDEO_GALLERY_FLOW_FLAG = WaffleFlag('new_core_editors.use_video_gallery_flow', __name__)
 
 

cms/static/js/views/pages/container.js

@@ -538,12 +538,11 @@ function($, _, Backbone, gettext, BasePage,
             if (!options || options.view !== 'visibility_view') {
                 const primaryHeader = $(event.target).closest('.xblock-header-primary, .nav-actions');
 
-                var useNewVideoEditor = primaryHeader.attr('use-new-editor-video'),
-                    blockType = primaryHeader.attr('data-block-type'),
+                var blockType = primaryHeader.attr('data-block-type'),
                     useNewPdfEditor = primaryHeader.attr('use-new-editor-pdf');
 
                 if((blockType === 'html')
-                        || (useNewVideoEditor === 'True' && blockType === 'video')
+                        || (blockType === 'video')
                         || (blockType === 'problem')
                         || (useNewPdfEditor === 'True' && blockType === 'pdf')
                 ) {
@@ -1204,8 +1203,7 @@ function($, _, Backbone, gettext, BasePage,
         },
 
         onNewXBlock: function(xblockElement, scrollOffset, is_duplicate, data) {
-            var useNewVideoEditor = this.$('.xblock-header-primary').attr('use-new-editor-video'),
-                useVideoGalleryFlow = this.$('.xblock-header-primary').attr("use-video-gallery-flow");
+            var useVideoGalleryFlow = this.$('.xblock-header-primary').attr("use-video-gallery-flow");
 
             // find the block type in the locator if availible
             if(data.hasOwnProperty('locator')) {
@@ -1214,7 +1212,7 @@ function($, _, Backbone, gettext, BasePage,
             }
             // open mfe editors for new blocks only and not for content imported from libraries
             if(!data.hasOwnProperty('upstreamRef') && (blockType.includes('html')
-                    || (useNewVideoEditor === 'True' && blockType.includes('video'))
+                    || (blockType.includes('video'))
                     || (blockType.includes('problem')))
             ){
                 if (this.options.isIframeEmbed && (this.isSplitTestContentPage || this.isVerticalContentPage)) {

cms/templates/container.html

@@ -13,7 +13,7 @@
 from django.utils.translation import gettext as _
 
 from cms.djangoapps.contentstore.helpers import xblock_studio_url, xblock_type_display_name
-from cms.djangoapps.contentstore.toggles import use_new_pdf_editor, use_new_video_editor, use_video_gallery_flow
+from cms.djangoapps.contentstore.toggles import use_new_pdf_editor, use_video_gallery_flow
 from cms.djangoapps.contentstore.utils import get_editor_page_base_url
 from openedx.core.djangolib.js_utils import (
     dump_js_escaped_json, js_escaped_string
@@ -111,7 +111,6 @@
 <%block name="content">
 
 <%
-use_new_editor_video = use_new_video_editor(xblock_locator.course_key)
 use_new_editor_pdf = use_new_pdf_editor()
 use_new_video_gallery_flow = use_video_gallery_flow()
 %>
@@ -167,7 +166,6 @@ <h1 class="page-header-title xblock-field-value incontext-editor-value"><span cl
         </div>
 
         <nav class="nav-actions" aria-label="${_('Page Actions')}"
-        use-new-editor-video = ${use_new_editor_video}
         use-new-editor-pdf = ${use_new_editor_pdf}
         use-video-gallery-flow = ${use_new_video_gallery_flow}
         authoring_MFE_base_url = ${get_editor_page_base_url(xblock_locator.course_key)}

cms/templates/studio_xblock_wrapper.html

@@ -8,12 +8,11 @@
 from openedx.core.djangolib.js_utils import (
     dump_js_escaped_json, js_escaped_string
 )
-from cms.djangoapps.contentstore.toggles import use_new_pdf_editor, use_new_video_editor, use_video_gallery_flow
+from cms.djangoapps.contentstore.toggles import use_new_pdf_editor, use_video_gallery_flow
 from cms.lib.xblock.upstream_sync import UpstreamLink
 from openedx.core.djangoapps.content_tagging.toggles import is_tagging_feature_disabled
 %>
 <%
-use_new_editor_video = use_new_video_editor(xblock.context_key)
 use_new_editor_pdf = use_new_pdf_editor()
 use_new_video_gallery_flow = use_video_gallery_flow()
 use_tagging = not is_tagging_feature_disabled()
@@ -83,7 +82,6 @@
         is-collapsed
     % endif
     "
-    use-new-editor-video = ${use_new_editor_video}
     use-new-editor-pdf = ${use_new_editor_pdf}
     use-video-gallery-flow = ${use_new_video_gallery_flow}
     authoring_MFE_base_url = ${get_editor_page_base_url(xblock.location.course_key)}

common/djangoapps/third_party_auth/apps.py

@@ -1,7 +1,6 @@
 # pylint: disable=missing-module-docstring
 
 from django.apps import AppConfig
-from django.conf import settings
 
 
 class ThirdPartyAuthConfig(AppConfig):  # pylint: disable=missing-class-docstring
@@ -11,12 +10,3 @@ class ThirdPartyAuthConfig(AppConfig):  # pylint: disable=missing-class-docstrin
     def ready(self):
         # Import signal handlers to register them
         from .signals import handlers  # noqa: F401 pylint: disable=unused-import
-
-        # Note: Third-party auth settings are now defined statically in lms/envs/common.py
-        # However, the enterprise pipeline step must be inserted dynamically because
-        # it requires checking if enterprise is enabled, which can't be done at
-        # settings load time.
-        # Only insert enterprise elements if SOCIAL_AUTH_PIPELINE exists (LMS only, not CMS).
-        if hasattr(settings, 'SOCIAL_AUTH_PIPELINE'):
-            from openedx.features.enterprise_support.api import insert_enterprise_pipeline_elements
-            insert_enterprise_pipeline_elements(settings.SOCIAL_AUTH_PIPELINE)

common/djangoapps/third_party_auth/models.py

@@ -237,6 +237,10 @@ class ProviderConfig(ConfigurationModel):
         help_text="Use the presence of a profile from a trusted third party as proof of identity verification.",
     )
 
+    # Enterprise-only field: excludes this provider from the EnterpriseCustomer Django admin IDP
+    # dropdown. Added in ENT-1366 after social auth providers (Facebook, Google, etc.) were linked
+    # as enterprise IDPs, incorrectly associating all their users with an enterprise. Should ideally
+    # be migrated into the enterprise plugin.
     disable_for_enterprise_sso = models.BooleanField(
         default=False,
         verbose_name='Disabled for Enterprise TPA',

common/djangoapps/third_party_auth/pipeline.py

@@ -86,10 +86,7 @@ def B(*args, **kwargs):
 from common.djangoapps.edxmako.shortcuts import render_to_string
 from common.djangoapps.third_party_auth.utils import (
     get_associated_user_by_email_response,
-    get_user_from_email,
-    is_enterprise_customer_user,
     is_oauth_provider,
-    is_saml_provider,
     user_exists,
 )
 from common.djangoapps.track import segment
@@ -780,80 +777,18 @@ def associate_by_email_if_oauth(auth_entry, backend, details, user, strategy, *a
             return association_response
 
 
-@partial.partial
 def associate_by_email_if_saml(auth_entry, backend, details, user, strategy, *args, **kwargs):
     """
-    This pipeline step associates the current social auth with the user with the
-    same email address in the database.  It defers to the social library's associate_by_email
-    implementation, which verifies that only a single database user is associated with the email.
+    Deprecated — enterprise SAML email association moved to
+    enterprise.tpa_pipeline.enterprise_associate_by_email.
 
-    This association is done ONLY if the user entered the pipeline belongs to SAML provider.
+    Retained as a no-op for backwards compatibility with custom pipeline configs.
     """
-    from openedx.features.enterprise_support.api import enterprise_is_enabled
-
-    def get_user():
-        """
-        This is the helper method to get the user from system by matching email.
-        """
-        user_details = {'email': details.get('email')} if details else None
-        return get_user_from_email(user_details or {})
-
-    @enterprise_is_enabled()
-    def associate_by_email_if_enterprise_user():
-        """
-        If the learner arriving via SAML is already linked to the enterprise customer linked to the same IdP,
-        they should not be prompted for their edX password.
-        """
-        try:
-            enterprise_customer_user = is_enterprise_customer_user(current_provider.provider_id, current_user)
-            logger.info(
-                '[Multiple_SSO_SAML_Accounts_Association_to_User] Enterprise user verification:'  # noqa: UP032
-                'User Email: {email}, User ID: {user_id}, Provider ID: {provider_id},'
-                ' is_enterprise_customer_user: {enterprise_customer_user}'.format(
-                    email=current_user.email,
-                    user_id=current_user.id,
-                    provider_id=current_provider.provider_id,
-                    enterprise_customer_user=enterprise_customer_user,
-                )
-            )
-
-            if enterprise_customer_user:
-                # this is python social auth pipeline default method to automatically associate social accounts
-                # if the email already matches a user account.
-                association_response, user_is_active = get_associated_user_by_email_response(
-                    backend, details, user, *args, **kwargs)
-
-                if not user_is_active:
-                    logger.info(
-                        '[Multiple_SSO_SAML_Accounts_Association_to_User] User association account is not'  # noqa: UP032  # pylint: disable=line-too-long
-                        ' active: User Email: {email}, User ID: {user_id}, Provider ID: {provider_id},'
-                        ' is_enterprise_customer_user: {enterprise_customer_user}'.format(
-                            email=current_user.email,
-                            user_id=current_user.id,
-                            provider_id=current_provider.provider_id,
-                            enterprise_customer_user=enterprise_customer_user
-                        )
-                    )
-                    return None
-
-                return association_response
-
-        except Exception as ex:  # pylint: disable=broad-except
-            logger.exception('[Multiple_SSO_SAML_Accounts_Association_to_User] Error in'
-                             ' saml multiple accounts association: User ID: %s, User Email: %s:,'
-                             'Provider ID: %s, Exception: %s', current_user.id, current_user.email,
-                             current_provider.provider_id, ex)
-
-    saml_provider, current_provider = is_saml_provider(strategy.request.backend.name, kwargs)
-
-    if saml_provider:
-        # get the user by matching email if the pipeline user is not available.
-        current_user = user if user else get_user()
-
-        # Verify that the user linked to enterprise customer of current identity provider and an active user
-        associate_response = associate_by_email_if_enterprise_user() if current_user else None
-        if associate_response:
-            return associate_response
+    logger.warning(
+        "associate_by_email_if_saml is deprecated and is now a no-op. "
+        "Enterprise SAML email association has moved to "
+        "enterprise.tpa_pipeline.enterprise_associate_by_email."
+    )
 
 
 def user_details_force_sync(auth_entry, strategy, details, user=None, *args, **kwargs):  # pylint: disable=keyword-arg-before-vararg

common/djangoapps/third_party_auth/saml.py

@@ -141,11 +141,22 @@ def auth_url(self):
 
     def disconnect(self, *args, **kwargs):
         """
-        Override of SAMLAuth.disconnect to unlink the learner from enterprise customer if associated.
-        """
-        from openedx.features.enterprise_support.api import unlink_enterprise_user_from_idp
-        user = kwargs.get('user', None)
-        unlink_enterprise_user_from_idp(self.strategy.request, user, self.name)
+        Override of SAMLAuth.disconnect to emit a signal when a user disconnects their SAML account.
+        """
+        from common.djangoapps.third_party_auth.signals import SAMLAccountDisconnected
+        # Emit the signal before super().disconnect() so that handlers (e.g. enterprise
+        # user unlinking) run while the social auth record still exists.
+        user = kwargs['user']  # Upstream social_core always passes a non-None user.
+        log.info(
+            '[THIRD_PARTY_AUTH] Emitting SAMLAccountDisconnected signal for user_id=%s, backend=%s',
+            user.id, self.name,
+        )
+        SAMLAccountDisconnected.send(
+            sender=self.__class__,
+            request=self.strategy.request,
+            user=user,
+            saml_backend=self,
+        )
         return super().disconnect(*args, **kwargs)
 
     def _check_entitlements(self, idp, attributes):

common/djangoapps/third_party_auth/signals/__init__.py

@@ -1 +1,5 @@
-# Signal handlers for third_party_auth app
+"""
+Signals and signal handlers for third_party_auth app
+"""
+
+from common.djangoapps.third_party_auth.signals.signals import SAMLAccountDisconnected  # noqa: F401

common/djangoapps/third_party_auth/signals/signals.py

@@ -0,0 +1,12 @@
+"""
+Signals defined by the third_party_auth app.
+"""
+from django.dispatch import Signal
+
+# Signal fired when a user disconnects a SAML account.
+#
+# Keyword arguments sent with this signal:
+#   request (HttpRequest): The HTTP request during which the disconnect occurred.
+#   user (User): The Django User disconnecting the social auth account.
+#   saml_backend (social_core.backends.saml.SAMLAuth): The SAMLAuth backend instance (has a ``name`` attribute).
+SAMLAccountDisconnected = Signal()