feat: replace enterprise_support import with AccountSettingsReadOnlyFieldsRequested filter#38223
Closed
kiram15 wants to merge 322 commits into
Closed
feat: replace enterprise_support import with AccountSettingsReadOnlyFieldsRequested filter#38223kiram15 wants to merge 322 commits into
kiram15 wants to merge 322 commits into
Conversation
…97a2a0 feat: Upgrade Python dependency edx-enterprise
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* fix: restrict PDF rendering to relative paths * fix: enhance PDF viewer security by removing file param and communicating via postMessage * fix: remove HTML escaping from chapter URLs and titles in PDF viewer * fix: refactor PDF viewer integration for improved chapter navigation and security * fix: enhance security in StaticPdfBookTest by removing file parameter exposure * fix: secure PDF viewer iframe by removing unnecessary file parameter * fix: add newline at end of static_pdfbook.html for proper file termination --------- Co-authored-by: papphelix <ppatro-apphelix@2u.com>
chore: updated version of enterprise-integrated-channels
Implements soft delete functionality for discussion threads, responses, and comments using the is_deleted flag instead of permanently deleting records. This enables safe deletion and restoration of discussion content while preserving existing data.
Co-authored-by: papphelix <ppatro-apphelix@2u.com>
…store (#85) * fix: use target user enrollment for org-level bulk delete and bulk restore
Upgrade snowflake connector version Commit generated by workflow `edx/edx-platform/.github/workflows/upgrade-one-python-dependency.yml@refs/heads/release-ulmo`
…tegrated-channels-b3b7258 feat: Upgrade Python dependency enterprise-integrated-channels
Added permission for privileged users to restore deleted content .
* feat: Upgrade Python dependency edx-enterprise Commit generated by workflow `openedx/edx-platform/.github/workflows/upgrade-one-python-dependency.yml@refs/heads/master` * fix: typo fix to trigger tests --------- Co-authored-by: kiram15 <31229189+kiram15@users.noreply.github.com>
feat: Upgrade Python dependency edx-enterprise (openedx#37920)
…#97) Removed the permission of bulk delete from course admin and course staff as they did not have the individual deletion privilage .
feat: add endpoint to get value of unified translations toggle
Updated model app labels Commit generated by workflow `edx/edx-platform/.github/workflows/upgrade-one-python-dependency.yml@refs/heads/release-ulmo`
* fix: enable games xblock conditionally in component templates * fix: correct games xblock addition to component types
allows instances to set the variable `ATLAS_EXTRA_SOURCES` so they can add their own sources to `make pull_translations`.
Adds waffle switch for webhook integration functions Commit generated by workflow `edx/edx-platform/.github/workflows/upgrade-one-python-dependency.yml@refs/heads/release-ulmo`
NOTE: This is a cherrypick of `30f8ae30793cc6f67ba0ab2786e8742a458929ea` security patch from the release/ulmo branch (GHSA-4xv3-5j4x-q8g4). `clean_thread_html_body()` was missing `<style>` from its tag denylist, allowing arbitrary CSS to survive sanitization and be rendered via the `|safe` filter in email templates. This enabled CSS-based email tracking (IP disclosure via background-image/import), content spoofing, and phishing via pseudo-elements. Uses `decompose()` rather than `unwrap()` so the CSS text content is also removed, not just the tag wrapper. Ref: GHSA-4xv3-5j4x-q8g4 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds `validate_saml_metadata_url()` to third_party_auth utils, which enforces HTTPS and blocks loopback, link-local (including cloud metadata endpoints like 169.254.169.254), and reserved IP addresses. RFC 1918 private ranges are blocked by default and can be opted out via `SAML_METADATA_URL_ALLOW_PRIVATE_IPS = True` for deployments where the SAML IdP lives on the same private network. Calls the validator in `fetch_saml_metadata()` before `requests.get()`, also adds a 30s request timeout and removes the previous non-enforcing HTTP warning. Addresses the platform-side fetch path described in: GHSA-328g-7h4g-r2m9 Note: the primary exploit path (`sync_provider_data` endpoint) now lives in edx-enterprise following the migration documented in docs/decisions/0025-saml-admin-views-in-enterprise-plugin.rst and will need a corresponding fix there. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The previous two commits are patches cherry-picked from upstream, but here in the 2U fork of platform it generates weird lint errors we do not understand: ``` openedx/envs/common.py:1588:0: E7670: setting annotation (SAML_METADATA_URL_ALLOW_PRIVATE_IPS) cannot have a boolean value (setting-boolean-default-value) ``` I thought maybe it was related to us running an outdated version of edx-lint (5.6.0 vs 6.0.0 in upstream platform) but upgrading did not fix the errors.
Upstream patch "fix: block SSRF in SAML metadata URL fetching" introduced a long line. How they didn't catch this upstream, I don't know.
fix: block SSRF in SAML metadata URL fetching
April 24 security fixes
…ation feat: Add discussion moderation and restore telemetry
feat: add telemetry for bulk discussion user post workflows
feat: ENT-11771 Option for disabling email during TPA
fix: ENT-11771 SAML login - Allow email editing if emtpy
This PR fixes an issue where the “Load more comments” button was not rendering in discussion threads, preventing users from viewing additional comments beyond the initial set.
kiram15
force-pushed
the
kiram15/ENT-11510
branch
2 times, most recently
from
c89d533 to
77d4b62
Compare
kiram15
force-pushed
the
kiram15/ENT-11510
branch
5 times, most recently
from
75c1d02 to
267ca0c
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Removes the direct import of get_enterprise_readonly_account_fields from openedx.features.enterprise_support.utils in accounts/api.py and replaces it with a call to the AccountSettingsReadOnlyFieldsRequested openedx-filter. Adds the filter to OPEN_EDX_FILTERS_CONFIG. Updates tests to mock the filter instead of the old enterprise_support imports.
ENT-11510
Description
Describe what this pull request changes, and why. Include implications for people using this change.
Design decisions and their rationales should be documented in the repo (docstring / ADR), per
OEP-19, and can be
linked here.
Useful information to include:
"Developer", and "Operator".
changes.
Supporting information
Link to other information about the change, such as Jira issues, GitHub issues, or Discourse discussions.
Be sure to check they are publicly readable, or if not, repeat the information here.
Testing instructions
Please provide detailed step-by-step instructions for testing this change.
Deadline
"None" if there's no rush, or provide a specific date or event (and reason) if there is one.
Other information
Include anything else that will help reviewers and consumers understand the change.