6
0
mirror of https://github.com/ChristianLight/tutor.git synced 2024-11-18 11:05:17 +00:00
Commit Graph

1703 Commits

Author SHA1 Message Date
Régis Behmo
4a6896d892 docs: adjust web proxy tutorial 2022-11-29 09:49:57 +01:00
Daniel Herrmann
bb137c16d6 Added more info to required headers and a pitfall regarding misleading wording in the quickstart dialogue 2022-11-29 09:49:57 +01:00
Régis Behmo
0e8f55798c sec: fix XSS vulnerability in drag-n-drop v2 xblock
Vulnerability is fixed by upgrading the xblock from v2.3.5 to v3.0.0.
See announcement:
https://discuss.openedx.org/t/upcoming-security-release-xblock-drag-and-drop-v2/8768
2022-11-29 09:05:38 +01:00
Régis Behmo
ff0e8f7140 fix: pin openedx dev Docker image tag with tutor version
When running:

    tutor dev run -m /path/to/edx-platform lms
    pip install -r requirements/edx/development.txt

I realised that I was re-installing packages that should already have been
present in the image. The reason for that was that I was running an outdated
version of the dev version of the openedx Docker image. This happens because
`tutor dev run` does not trigger an image re-build.

We solve this issue by pinning the openedx dev Docker image tag to the current
tutor version.
2022-11-29 09:02:50 +01:00
Overhang.IO
a0480f8d11 Merge remote-tracking branch 'origin/master' into nightly 2022-11-28 12:15:04 +00:00
james
7b72a5a910 feat: support for mongodb SSL+auth source/mech+replica set
This change builds upon a previously proposed PR:
https://github.com/overhangio/tutor/pull/437

There was another long conversation about this topic here:
https://github.com/overhangio/tutor-forum/pull/10#issuecomment-1314799915

We could have supported the MongoDB auth/replica set/ssl parameters as part of
the MongoDB host URI, but then this URI is not supported in the forum plugin,
which uses an old version of the mongoid client. We were hoping that the client
would have been upgraded by now, but it's not been upgraded for a long time.

The changes introduced here are 100% backward-compatible. The forum plugin will
have to be updated to take into account the new parameters.
2022-11-28 13:09:13 +01:00
Overhang.IO
74758fb1d8 Merge remote-tracking branch 'origin/master' into nightly 2022-11-28 11:29:23 +00:00
Régis Behmo
b8ca06a42c fix: Swahili locale name
Note that this locale ships with edx-platform by default.
2022-11-28 12:23:02 +01:00
Overhang.IO
67e8f52cd6 Merge remote-tracking branch 'origin/master' into nightly 2022-11-28 10:11:21 +00:00
Régis Behmo
13104809c1 docs: add missing changelog entry 2022-11-28 10:07:02 +01:00
Régis Behmo
5929ecbc2e fix: TemplateSyntaxError with old jinja2
The following syntax is only supported in jinja2>=2.10:

    {% set jwt_rsa_key | rsa_import_key %}{{ JWT_RSA_PRIVATE_KEY }}{% endset %}

Thus, we bump the minimal working version of jinja2 in the base requirements.

See discussion: https://discuss.openedx.org/t/error-while-tutor-local-quickstart/8796
2022-11-28 10:03:59 +01:00
Régis Behmo
85d868423a fix: do not prepend DJANGO settings info to all jobs
The DJANGO_SETTINGS_MODULE is far from being relevant in all containers.
2022-11-24 18:40:16 +01:00
Régis Behmo
478d44c299 fix: type DO_* filters and actions 2022-11-24 18:40:16 +01:00
Régis Behmo
c06ac5b020 Merge branch 'master' into nightly 2022-11-24 17:27:47 +01:00
Régis Behmo
c9ac12fdd7 v14.2.1 (2022-11-24)
- [Improvement] Auto-completion of `plugins` and `config` arguments: `plugins enable/disable NAME`, `plugins install PATH`, `config save --set KEY=VAL`, `config save --unset KEY`, `config printvalue KEY`. (by @regisb)
- [Bugfix] Fix minimum click version (>= 8.0.0) when installing tutor from pip.
- [Improvement] Enable CORS by default for both LMS and CMS by moving those settings to the `common_all` partial. (by @arbrandes)
2022-11-24 16:25:34 +01:00
Régis Behmo
04258b9f9b docs: add changelog entry for click fix 2022-11-24 16:24:18 +01:00
Régis Behmo
29eb3398a2 feat: auto-complete config save/printroot arguments 2022-11-24 16:21:57 +01:00
Régis Behmo
ee09612326 feat: auto-complete plugins arguments
Support auto-completion of plugin name and path arguments in the `tutor
plugins` commands.
2022-11-24 16:21:57 +01:00
Régis Behmo
6069f91cce docs: fix nightly typo
Co-authored-by: Adolfo R. Brandes <arbrandes@tcril.org>
2022-11-24 16:15:15 +01:00
Régis Behmo
c886b72ae7 docs: migrate to scriv to manage changelog
Changelog management was starting to be a hassle:

- there were conflicts every time a PR was merged
- there were conflicts every time we merged the nightly branch in the new
  release branch, or vice versa.

Now, all changelog entries are stored as separate files in changelog.d,
including nightly. Nightly entries will be collected for every major release.
2022-11-24 16:15:15 +01:00
Overhang.IO
87e5bb7025 Merge remote-tracking branch 'origin/master' into nightly 2022-11-23 18:19:35 +00:00
Régis Behmo
e63d5c32e3 fix: minimum click version is 8.0
An issue was reported here: https://app.slack.com/client/T02SNA1T6/CGE253B7V

CompletionItem was introduced in 8.0, so click needs to be upgraded when
we `pip install tutor`.
2022-11-23 18:24:05 +01:00
Overhang.IO
627b93b95b Merge remote-tracking branch 'origin/master' into nightly 2022-11-21 13:28:28 +00:00
Adolfo R. Brandes
3e32f88c15 feat: common CORS settings for LMS and CMS
The ENABLE_CORS_HEADERS feature flag is already true for the LMS.
Instead of duplicating it for Studio via yaml settings, make this a
common Django setting to both LMS and CMS and all their environments.
2022-11-21 13:51:56 +01:00
Overhang.IO
17028c5c63 Merge remote-tracking branch 'origin/master' into nightly 2022-11-21 10:18:43 +00:00
Régis Behmo
5006f6edc9 v14.2.0 (2022-11-21)
- [Improvement] Auto-complete implicit `local/dev --mount /path/to/...` options. (by @regisb)
- 💥[Feature] Strong typing of action and filter hooks: this allows us to detect incorrect calls to `actions.add` or `filters.add` early. Strong typing forces us to break the `do` and `apply` API by removing the `context` named argument. Developers should replace `do(context=...)` by `do_from_context(..., )` (and similar for `apply`).
2022-11-21 10:10:44 +01:00
Régis Behmo
986c3e2305 chore: upgrade requirements 2022-11-21 10:10:07 +01:00
Régis Behmo
b4a8069cfd fix: init template paths
Plugin template paths of init jobs could not be found because they were
searched for in the Tutor template root only.
2022-11-21 10:03:25 +01:00
Overhang.IO
1890557d40 Merge remote-tracking branch 'origin/master' into nightly 2022-11-17 14:44:20 +00:00
Régis Behmo
f8b5cbc657 feat: auto-complete --mount args
When typing `tutor local run --mount /path/to/edx-pl<TAB>`, the mount option
should be auto-completed to the full edx-platform repo path. That is, if shell
completion is enabled:
https://docs.tutor.overhang.io/install.html#shell-autocompletion

Here, we make sure that the implicit form of the `--mount` argument is properly
auto-completed. We are unable to get completion to work in the explicit form,
because args that include colons do not even reach the `shell_completion`
method.
2022-11-17 14:50:52 +01:00
Régis Behmo
d7c667835a Merge branch 'master' into nightly 2022-11-15 16:59:19 +01:00
Régis Behmo
33e4f33afe feat: strongly typed hooks
Now that the mypy bugs have been resolved, we are able to define more precisely
and cleanly the types of Actions and Filters.

Moreover, can now strongly type named actions and hooks (in consts.py). With
such a strong typing, we get early alerts of hooks called with incorrect
arguments, which is nothing short of awesome :)

This change breaks the hooks API by removing the `context=...` argument. The
reason for that is that we cannot insert arbitrary arguments between `P.args,
P.kwargs`: https://peps.python.org/pep-0612/#the-components-of-a-paramspec

> A function declared as def inner(a: A, b: B, *args: P.args, **kwargs:
> P.kwargs) -> R has type Callable[Concatenate[A, B, P], R]. Placing
> keyword-only parameters between the *args and **kwargs is forbidden.

Getting the documentation to build in nitpicky mode is quite difficult... We
need to add `nitpick_ignore` to the docs conf.py, otherwise sphinx complains
about many missing class references. This, despite upgrading almost all doc
requirements (except docutils).
2022-11-15 14:58:36 +01:00
Régis Behmo
0453b0c002 feat: add -h help option to all commands 2022-11-15 09:46:08 +01:00
Régis Behmo
16e6131f96 feat: pluggable local/dev/k8s do <job> commands
We introduce a new filter to implement custom commands in arbitrary containers.
It becomes easy to write convenient ad-hoc commands that users will
then be able to run either on Kubernetes or locally using a documented CLI.

Pluggable jobs are declared as Click commands and are responsible for
parsing their own arguments. See the new CLI_DO_COMMANDS filter.

Close https://github.com/overhangio/2u-tutor-adoption/issues/75
2022-11-15 09:46:08 +01:00
Régis Behmo
b6dc65cc64 refactor: deduplicate jobs code
createuser, importdemocourse and settheme were 100% duplicated code between
k8s.py and compose.py.
2022-11-15 09:46:08 +01:00
Régis Behmo
e734f52f07 feat: filter priorities
Nothing revolutionary here, we just implement the same priority queue that
existed in actions. It will be necessary to trigger init tasks in the right
order.
2022-11-15 09:46:08 +01:00
Overhang.IO
7879506910 Merge remote-tracking branch 'origin/master' into nightly 2022-11-14 12:19:34 +00:00
Régis Behmo
8aeeb7e09c chore: replaced unnamed hook filters by named equivalents 2022-11-14 12:25:28 +01:00
Régis Behmo
19f3f329f2 Merge branch 'master' into nightly 2022-11-03 09:52:43 +01:00
Régis Behmo
fd2d3dea10 v14.1.2 (2022-11-02)
- [Security] Fix edx-platform XSS vulnerability on "next" parameter. (by
  @regisb)
2022-11-02 10:42:55 +01:00
Régis Behmo
b46a7b0fa8 sec: fix edx-platform xss vulnerability on "next" parameter 2022-11-02 10:42:10 +01:00
Régis Behmo
f95c394e38 fix: print proper command on check_output
Note that the `check_output` command is mostly unused.
2022-10-26 16:46:04 +02:00
Régis Behmo
5419be7d31 Merge branch 'master' into nightly 2022-10-26 13:29:30 +02:00
Régis Behmo
7541433729 v14.1.1 (2022-10-25)
- [Security] Fix xblock ajax handler vulnerability. (by @regisb)
- [Improvement] Use web proxy gzip encoding to improve bandwidth. We
  observe a 75% size reduction on the LMS dashboard. (by @ghassanmas)
2022-10-26 12:28:16 +02:00
Régis Behmo
1161f925a4 feat: add py.typed for typing extensions
Extensions which use the tutor API need to know that the tutor package
is typed. For that we add the py.typed file.

Also, we fix the signature of get_typed.

See:
https://mypy.readthedocs.io/en/stable/installed_packages.html#installed-packages
2022-10-26 12:28:16 +02:00
Régis Behmo
7eeccfb5f5 chore: mark Python 3.6 as deprecated 2022-10-26 12:24:07 +02:00
Régis Behmo
3ba5365537 sec: fix xblock ajax handler vulnerability 2022-10-25 18:56:40 +02:00
Régis Behmo
e56918bf47 depr: get rid of the local/dev bindmount commands
This command has always been clunky. It is now removed in favour of the
`-m/--mount` option.

Close https://github.com/overhangio/2u-tutor-adoption/issues/88
Close https://github.com/overhangio/2u-tutor-adoption/issues/89
2022-10-19 17:51:06 +02:00
Overhang.IO
34fd1dcb70 Merge remote-tracking branch 'origin/master' into nightly 2022-10-19 09:42:52 +00:00
Ghassan Maslamani
7d32179038 feat: use encode gzip for caddy
Compressing assests would lead to readuce transfer size.
  As testing with frontend-app-learning/Olive, the network traffic
  before was about ~4MB, after this it became ~1MB.

  This change was suggested by Google Lighthouse[1], there are of
  course more suggestion but this was one the easiest and one of most
  impactful.

  Also check orignal PR overhangio/tutor-mfe/pull/64 for more
  info.
  [1]: https://web.dev/uses-text-compression
2022-10-19 10:46:01 +02:00