Bootstrap remote access data into page

[rtibbles]

Summary

• Remove API based bootstrapping.
• Set default conditional on app plugin being enabled.
• Prevent login outside of app-context when remote access is enabled

Reviewer guidance

Does a non-app context properly get blocked by the remote access setting?

Should we change the wording of remote access to make clear this is for non-app access? If not, we should probably change the restrictions to be based on IP address (127.0.0.1 rather than app-context).

References

Fixes #6998, resolves #7012

---

Contributor Checklist

PR process:

• PR has the correct target branch and milestone
• PR has 'needs review' or 'work-in-progress' label
• If PR is ready for review, a reviewer has been added. (Don't use 'Assignees')
• If this is an important user-facing change, PR or related issue has a 'changelog' label
• If this includes an internal dependency change, a link to the diff is provided

Testing:

• Contributor has fully tested the PR manually
• If there are any front-end changes, before/after screenshots are included
• Critical user journeys are covered by Gherkin stories
• Critical and brittle code paths are covered by unit tests

Reviewer Checklist

• Automated test coverage is satisfactory
• PR is fully functional
• PR has been tested for accessibility regressions
• External dependency files were updated if necessary (yarn and pip)
• Documentation is updated
• Contributor is in AUTHORS.md

[codecov]

Codecov Report

Merging #7015 into app-support will increase coverage by 0.04%.
The diff coverage is 73.33%.

Impacted Files	Coverage Δ
...ibri/core/assets/src/state/modules/core/actions.js	23.47% <ø> (+0.35%)	⬆️
...ri/core/assets/src/state/modules/core/mutations.js	41.17% <ø> (+2.28%)	⬆️
kolibri/plugins/device/api.py	86.59% <ø> (+3.57%)	⬆️
kolibri/plugins/device/api_urls.py	100.00% <ø> (ø)
...gins/learn/assets/src/modules/coreLearn/actions.js	31.57% <0.00%> (+0.80%)	⬆️
...ibri/plugins/learn/assets/src/views/LearnIndex.vue	57.14% <ø> (ø)
...ri/plugins/user/assets/src/modules/pluginModule.js	0.00% <0.00%> (ø)
...plugins/user/assets/src/views/SignInPage/index.vue	29.10% <ø> (ø)
kolibri/core/auth/api.py	86.70% <50.00%> (-0.45%)	⬇️
...ibri/core/assets/src/state/modules/core/getters.js	73.68% <100.00%> (ø)
... and 8 more

[jredrejo]

I have just left a small optimization that could be applied to the code. Appart from t hat, everything is fine from my point of view.
My only concern is that we don't have tests for this behaviour and it's complex enough to deserve them (big problems to the users can appear if it does not work properly). If you don't add them here, please, create an issue so we don't forget them.

Thanks.

[jredrejo]

Just a simple optimization for the cases where the app plugin is not enabled:

+from kolibri.core.device.models import app_is_enabled
 
 
 class KolibriAuthPermissionsFilter(filters.BaseFilterBackend):
@@ -495,7 +496,7 @@ class SessionViewSet(viewsets.ViewSet):
         password = request.data.get("password", "")
         facility_id = request.data.get("facility", None)
 
-        if not allow_other_browsers_to_connect() and not valid_app_key_on_request(
+        if app_is_enabled() and not allow_other_browsers_to_connect() and not valid_app_key_on_request(

[rtibbles]

Yep, I had also just noticed this - important for making sure this setting is a noop for non-app Kolibris!

[rtibbles]

Updated!

[rtibbles]

Follow up issue here: #7019