6
0
mirror of https://github.com/ChristianLight/tutor.git synced 2024-11-17 18:45:15 +00:00
Commit Graph

37 Commits

Author SHA1 Message Date
Régis Behmo
9df3b18c31 sec: fix LTI consumer xblock grading
See advisory:
https://github.com/openedx/xblock-lti-consumer/security/advisories/GHSA-7j9p-67mm-5g87
Discussion:
https://discuss.openedx.org/t/upcoming-security-release-xblock-lti-consumer/9165
Pull requests:
https://github.com/openedx/xblock-lti-consumer/pull/331
https://github.com/openedx/edx-platform/pull/31724
2023-02-09 11:55:18 +01:00
Régis Behmo
4b14d20c5e feat: overridable lms/cms max upload size
Users want to be able to override the request `max_size` to upload
larger files. But they will not be able to if the patch is placed after
the `request` directive. So we move the patch statement before the
directive. Also, we wrap the `request_body` directives within `handle`
statements. If not, then different sizes are not managed properly.

To override the max upload size in the cms, add the following to the
"caddyfile-cms" patch:

    handle_path /import/* {
        request_body {
            max_size 500MB
        }
    }

See discussion:
https://discuss.openedx.org/t/how-to-update-caddyfile-using-tutor-plugin/8944
2023-02-07 10:19:54 +01:00
Kyle McCormick
a44bad6033 docs: fix typos in hooks changelog entry
* Remove redundant changelog line
* The change should NOT affect most developers ;)
2023-02-02 11:43:55 +01:00
Régis Behmo
71ed7a8618 feat: refactor hooks API for simplification
The hooks API had several issues which are summarized in this comment:
https://github.com/openedx/wg-developer-experience/issues/125#issuecomment-1313553526

1. "consts" was a bad name
2. "hooks.filters" and "hooks.Filters" could easily be confused
3. docs made it difficult to understand that plugin developers should use the catalog

To address these issues, we:

1. move "consts.py" to "catalog.py"
2. Remove "hooks.actions", "hooks.filters", "hooks.contexts" from the API.
3. re-organize the docs and give better usage examples in the catalog.

This change is a partial fix for https://github.com/openedx/wg-developer-experience/issues/125
2023-01-31 10:17:58 +01:00
Régis Behmo
4fe5fcf6db v15.2.0 2023-01-19 20:35:54 +01:00
Carlos Muniz
ac1a875f42 refactor: annotation with __future__.annotations
Adds `from __future__ import annotations` to the top of every module,
right below the module's docstring. Replaces any usages of t.List,
t.Dict, t.Set, t.Tuple, and t.Type with their built-in equivalents:
list, dict, set, tuple, and type. Ensures that make test still passes
under Python 3.7, 3.8 and 3.9.
2023-01-18 08:36:14 +01:00
Régis Behmo
d629ca932c fix: get rid of lms/cms CORS_ORIGIN_WHITELIST warnings
The LMS and CMS were producing lots of logs similar to:

	cms_1                        | 2023-01-17 15:30:11,359 INFO 7 [openedx.core.djangoapps.cors_csrf.helpers] [user 7] [ip 31.223.46.44] helpers.py:64 - Origin 'https://studio.demo.openedx.overhang.io' was not in `CORS_ORIGIN_WHITELIST`; full referer was 'https://studio.demo.openedx.overhang.io/learning/course/course-v1:edX+DemoX+Demo_Course/home' and requested host was 'studio.demo.openedx.overhang.io'; CORS_ORIGIN_ALLOW_ALL=False

These warnings are produced by openedx.core.djangoapps.cors_csrf.helpers. I
don't think they indicate any problem, but they pollute the logs. They are
resolved by adding the "http(s)://<lms/cms host>" to CORS_ORIGIN_WHITELIST in
production, so we did just that.
2023-01-18 07:55:13 +01:00
Régis Behmo
ca04b245f3 fix: backport fix for html component editing in studio
See: https://discuss.openedx.org/t/text-component-does-not-remove-text-with-link-or-insert-a-link-to-text/9029
2023-01-18 07:51:24 +01:00
Régis Behmo
56a7614fd7 fix: 'example.com' links in registration emails
When a user registers, they receive a confirmation email. This email contained
two links to "https://example.com/..." urls. This was caused by the fact that
the default site, indicated by SITE_ID=1, was example.com. We resolve this
issue by setting instead SITE_ID=2, which should point to the site with the LMS
domain name.

This is a potentially breaking change for platforms that have manually set to 1
the id of the LMS site in the database. These platforms should now set
SITE_ID=1 via a plugin.

Alternatives we have considered include modifying the id field of the LMS site
in the database. Unfortunately such a change would have important consequences,
as the site ID is used as a foreign key for other models.

Note that non-https sites still include https links in the registration emails.
This is because the "https" scheme is hardcoded by the "ensure_url_is_absolute"
utility function. So there is nothing we can do about this without making
changes upstream.

Close #572.
2023-01-18 07:51:11 +01:00
Régis Behmo
8f2df6a842 ci: better github release management with scriv
In scriv 1.1.0 the GitHub release description can be templated:
https://github.com/nedbat/scriv/issues/61
https://github.com/nedbat/scriv/releases/tag/1.1.0

This means that we can finally get rid of our ugly scripts to generate the
release description \o/
2023-01-17 12:12:10 +01:00
Emad Rad
b903c69fac
fix: respect RUN_MYSQL on k8s maple upgrade
During the maple -> nutmeg upgrade on k8s, only wait for mysql when RUN_MYSQL is true.
2023-01-09 13:01:48 +01:00
Régis Behmo
380786219e v15.1.0
- [Improvement] Upgrade ipdb and ipython packages in the openedx development image. (by @regisb)
- [Improvement] Skip unnecessary image building in development. This should make `tutor dev launch` slightly faster. (by @regisb)
- [Bugfix] Fix Authn MFE login in development by disabling enterprise integration. (by @regisb)
- [Bugfix] Fix "Invalid value for ‘--from’" when running `tutor local upgrade --from=nutmeg`. If you are facing this error, just run `tutor local launch` and your platform should be automatically upgraded.
- [Bugfix] Fix "TypeError: Parameters to Generic[...] must all be type variables" error. This error may occur when upgrading from a very old installation of Tutor. It is due to an old version of the typing-extensions package.
- 💥[Deprecation] Get rid of the `quickstart` command. v15.0.0 introduced a deprecation warning, but we actually want users to stop using this command. Instead, use `launch` (by @regisb).
- [Improvement] Backfill persistent grades during upgrade from Nutmeg. If you observe missing grades after the upgrade from Nutmeg, run `tutor local upgrade --from=nutmeg`. (by @regisb)
2022-12-13 18:42:41 +01:00
Régis Behmo
23a9914721 fix: authn login in dev by disabling enterprise integration
In development, login via the authn mfe was broken because of explicit
enterprise integration:

    requests.exceptions.ConnectionError: HTTPConnectionPool(host='localhost', port=18000): Max retries exceeded with url: /enterprise/api/v1/enterprise-learner/?username=regis (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7fd4c02b8a90>: Failed to establish a new connection: [Errno 111] Connection refused'))

See: https://discuss.overhang.io/t/tutor-login-fail-in-new-version/3083
2022-12-13 17:25:58 +01:00
Régis Behmo
146ec62a0a feat: skip explicit openedx-dev image building in tutor dev launch
I have no idea why we decided to kickstart a separate build. The image will be
built anyway at the next step because we run `docker compose up --build` in
`tutor dev start`.

The build step was introduced in this PR: https://github.com/overhangio/tutor/pull/627
2022-12-13 17:25:58 +01:00
Régis Behmo
c70a6a5e80 feat: upgrade ipdb/ipython in openedx-dev image 2022-12-13 17:25:58 +01:00
Régis Behmo
9d9e9281d5 depr: get rid of quickstart command
We meant to get rid of `quickstart` in Olive, but somehow we forgot to delete
the command.
2022-12-13 17:25:43 +01:00
Régis Behmo
7a61f07dfd feat: backfill persistent grades during upgrade
In Olive, persistent grades are now mandatory. This was already the case in
Nutmeg, but it didn't mean that existing, non-persistent grades were migrated
to be persistent. This introduces a job that is run whenever a user upgrades
from Nutmeg. Alternatively, it can be run manually with:

    tutor local upgrade --from=nutmeg

See relevant documentation: https://openedx.atlassian.net/wiki/spaces/AC/pages/755171487/Migrating+to+Persistent+Grading#The-Persistent-Grades-Backfill
See discussion: https://app.slack.com/client/T02SNA1T6/C049JQZFR5E/thread/C02SNA1U4-1670937183.881709
2022-12-13 17:22:15 +01:00
Régis Behmo
3ce022bee4 fix: "TypeError: Parameters to Generic[...]" error
People running typing-extensions==3.10 faced this error for just any tutor command:

    $ tutor version
    ...
    Traceback (most recent call last):
      File "/usr/local/bin/tutor", line 5, in <module>
        from tutor.commands.cli import main
      File "/usr/local/lib/python3.8/dist-packages/tutor/commands/cli.py", line 7, in <module>
        from tutor import exceptions, fmt, hooks, utils
      File "/usr/local/lib/python3.8/dist-packages/tutor/hooks/__init__.py", line 7, in <module>
        from . import actions, contexts, filters, priorities
      File "/usr/local/lib/python3.8/dist-packages/tutor/hooks/actions.py", line 18, in <module>
        class ActionCallback(Contextualized, t.Generic[P]):
      File "/usr/lib/python3.8/typing.py", line 261, in inner
        return func(*args, **kwds)
      File "/usr/lib/python3.8/typing.py", line 890, in __class_getitem__
        raise TypeError(
    TypeError: Parameters to Generic[...] must all be type variables

We fix this error by requiring a more recent version of typing-extensions.

See: https://discuss.openedx.org/t/tutor-v15-python-error-when-running-on-quickstart/8910/2
2022-12-13 08:02:15 +01:00
Régis Behmo
608f87a36c docs: add missing changelog entry 2022-12-12 23:56:11 +01:00
Régis Behmo
c26999ec65 feat: upgrade to olive 2022-12-12 16:55:07 +01:00
Overhang.IO
bb849b86de Merge remote-tracking branch 'origin/master' into nightly 2022-11-29 11:24:41 +00:00
Régis Behmo
c0d79463ff v14.2.2 (2022-11-29)
- [Bugfix] Fix `jinja2.exceptions.TemplateSyntaxError: expected token 'end of statement block', got '|'` error by bumping the minimum required version of the Jinja2 package.
- [Feature] Add support for MongoDB SSL, authentication source, mechanism and replica set via the `MONGODB_USE_SSL`, `MONGODB_AUTH_MECHANISM`, `MONGODB_AUTH_SOURCE`, `MONGODB_REPLICA_SET` settings. (by @zakum1 and @regisb)
- [Bugfix] Fix tag of "openedx" development Docker image. Previously, this Docker tag did not include the Tutor version. As a consequence, a different cached image could be used in some cases. For instance: when running `tutor dev run` commands. Now, the image tag is "openedx-dev:TUTOR_VERSION".
- [Bugfix] Fix name of Swahili locale: it is "sw-ke" and not "sw" (by @regisb).
- [Security] Apply drag-n-drop v2 xblock [security patch](https://discuss.openedx.org/t/upcoming-security-release-xblock-drag-and-drop-v2/8768/7). (by @regisb)
2022-11-29 11:27:35 +01:00
Régis Behmo
e4e9cd8197 Merge branch 'master' into nightly 2022-11-29 10:28:11 +01:00
Régis Behmo
0e8f55798c sec: fix XSS vulnerability in drag-n-drop v2 xblock
Vulnerability is fixed by upgrading the xblock from v2.3.5 to v3.0.0.
See announcement:
https://discuss.openedx.org/t/upcoming-security-release-xblock-drag-and-drop-v2/8768
2022-11-29 09:05:38 +01:00
Régis Behmo
ff0e8f7140 fix: pin openedx dev Docker image tag with tutor version
When running:

    tutor dev run -m /path/to/edx-platform lms
    pip install -r requirements/edx/development.txt

I realised that I was re-installing packages that should already have been
present in the image. The reason for that was that I was running an outdated
version of the dev version of the openedx Docker image. This happens because
`tutor dev run` does not trigger an image re-build.

We solve this issue by pinning the openedx dev Docker image tag to the current
tutor version.
2022-11-29 09:02:50 +01:00
Overhang.IO
a0480f8d11 Merge remote-tracking branch 'origin/master' into nightly 2022-11-28 12:15:04 +00:00
james
7b72a5a910 feat: support for mongodb SSL+auth source/mech+replica set
This change builds upon a previously proposed PR:
https://github.com/overhangio/tutor/pull/437

There was another long conversation about this topic here:
https://github.com/overhangio/tutor-forum/pull/10#issuecomment-1314799915

We could have supported the MongoDB auth/replica set/ssl parameters as part of
the MongoDB host URI, but then this URI is not supported in the forum plugin,
which uses an old version of the mongoid client. We were hoping that the client
would have been upgraded by now, but it's not been upgraded for a long time.

The changes introduced here are 100% backward-compatible. The forum plugin will
have to be updated to take into account the new parameters.
2022-11-28 13:09:13 +01:00
Overhang.IO
74758fb1d8 Merge remote-tracking branch 'origin/master' into nightly 2022-11-28 11:29:23 +00:00
Régis Behmo
b8ca06a42c fix: Swahili locale name
Note that this locale ships with edx-platform by default.
2022-11-28 12:23:02 +01:00
Overhang.IO
67e8f52cd6 Merge remote-tracking branch 'origin/master' into nightly 2022-11-28 10:11:21 +00:00
Régis Behmo
13104809c1 docs: add missing changelog entry 2022-11-28 10:07:02 +01:00
Régis Behmo
c06ac5b020 Merge branch 'master' into nightly 2022-11-24 17:27:47 +01:00
Régis Behmo
c9ac12fdd7 v14.2.1 (2022-11-24)
- [Improvement] Auto-completion of `plugins` and `config` arguments: `plugins enable/disable NAME`, `plugins install PATH`, `config save --set KEY=VAL`, `config save --unset KEY`, `config printvalue KEY`. (by @regisb)
- [Bugfix] Fix minimum click version (>= 8.0.0) when installing tutor from pip.
- [Improvement] Enable CORS by default for both LMS and CMS by moving those settings to the `common_all` partial. (by @arbrandes)
2022-11-24 16:25:34 +01:00
Régis Behmo
04258b9f9b docs: add changelog entry for click fix 2022-11-24 16:24:18 +01:00
Régis Behmo
29eb3398a2 feat: auto-complete config save/printroot arguments 2022-11-24 16:21:57 +01:00
Régis Behmo
ee09612326 feat: auto-complete plugins arguments
Support auto-completion of plugin name and path arguments in the `tutor
plugins` commands.
2022-11-24 16:21:57 +01:00
Régis Behmo
c886b72ae7 docs: migrate to scriv to manage changelog
Changelog management was starting to be a hassle:

- there were conflicts every time a PR was merged
- there were conflicts every time we merged the nightly branch in the new
  release branch, or vice versa.

Now, all changelog entries are stored as separate files in changelog.d,
including nightly. Nightly entries will be collected for every major release.
2022-11-24 16:15:15 +01:00