DO NOT MERGE - DO NOT CLOSE - Dummy PR to track upstream master#824
Draft
kaustavb12 wants to merge 472 commits into
Draft
DO NOT MERGE - DO NOT CLOSE - Dummy PR to track upstream master#824kaustavb12 wants to merge 472 commits into
kaustavb12 wants to merge 472 commits into
Conversation
kaustavb12
changed the title
kaustavb12
changed the title
Adds these rule sets to ruff's select list in pyproject.toml: - F (pyflakes: undefined names, unused imports, etc.) - PT (flake8-pytest-style: pytest best practices) - DJ (flake8-django: Django-specific checks) - UP (pyupgrade: modernise Python syntax) - B (flake8-bugbear: likely bugs and design issues) Existing violations are suppressed with per-line noqa comments in the follow-up commit; this commit just extends the configuration. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Mechanical commit produced by: ruff check --select F,PT,DJ,UP,B --add-noqa . This suppresses all pre-existing violations so that the new rule sets land cleanly. New code added after this point will be checked by these rules without needing suppressions. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
When a `# noqa` annotation is present on an import line inside a multi-group import block, ruff enforces a multi-line parenthesised format for long imports in that block. Wrapping those imports resolves the I001 reports introduced by the previous --add-noqa commit. Upstream issue: astral-sh/ruff#24456 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The import was genuinely unused — it only appeared on the import line with a pylint disable and noqa suppression but was never referenced in the test file. Removing it also cleans up the trailing blank line and lets ruff re-sort the import groups correctly. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The import was genuinely unused — nothing in this file or downstream imports it from here. It was kept with a pylint disable and noqa suppression but serves no purpose. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…s.py Two imports were genuinely unused: - `Mock, patch` from unittest.mock: the file uses `mock.Mock()` and `mock.patch()` via the `mock` module imported on the line above, never the bare names. - `CommentClientMaintenanceError`: imported but never referenced in the file or re-exported to other modules. Both were kept with noqa suppressions that are no longer needed. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The UP032 noqa suppression added by the --add-noqa pass was placed on the continuation line of a backslash-split string literal, where ruff cannot see it (the violation is reported on the line where the string starts). Rather than restructuring the suppression, convert the two-line backslash-continued .format() call to an f-string, which fits within the 120-char line limit and removes the need for any suppression. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
ruff's --add-noqa injected # noqa: UP032 after the backslash line continuation on two multi-line .format() strings in get_expiration_banner_text(), corrupting the syntax (a comment cannot follow a line continuation character). Rather than converting to f-strings, use ruff's block-level suppression (# ruff: disable[UP032] / # ruff: enable[UP032]) which avoids the syntax corruption and results in a smaller diff than an f-string rewrite. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The ruff --add-noqa pass added # noqa: <RULE> comments to all lines with existing violations. Pylint's C0301 (line-too-long) counts the full line including trailing comments, so these additions pushed 292 lines over 120 chars. Add per-line # pylint: disable=line-too-long to each of those lines. On lines that already had a # pylint: disable=<something> clause, extend the existing clause (e.g. # pylint: disable=raise-missing-from,line-too-long) rather than adding a second directive. Also removes # lint-amnesty, prefixes encountered during the edit pass -- these were temporary suppressions that are no longer needed. This suppression is temporary while both pylint and ruff are running. Once we drop pylint (PR 4+), all these per-line # pylint: disable=line-too-long comments can be removed as part of that cleanup. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
fix: apply feedback related to test and types refactor: abstract process in _get_course_keys_from_scopes
Add noqa comments to suppress PT009 linting warnings for unittest-style assertions (assertEqual, assertTrue, etc.) which are appropriate for tests inheriting from unittest.TestCase/ModuleStoreTestCase.
feat: remove change_enterprise_user_username management command
feat: support organization-level scopes for course list [authz]
Push this forward so things don't automatically in a few years for future courses.
…RT_DATE Tests were asserting against the literal `2030-01-01` value instead of importing the constant, causing failures after the default was updated to 2040. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Commit 3453e7d introduced a fix to synchronize DiscussionsConfiguration.enabled (DB) with tab.is_hidden (modulestore) during course imports. This commit improves upon that fix in two ways: * It updates the discussion CourseAppStatus as well, which is necessary in order for the app to be fully enabled. * It adds a data migration to perform the above synchronization retroactively for all existing courses, using the CourseOverTab table.
* feat: use openedx-core branch with strongly-typed keys * chore: update to use strongly-typed IDs from openedx_content * feat: fully typed primary keys for StagedContent model * chore: misc typing improvements + type-check `helpers.py` in CMS * chore: explain mypy error and suppress it for now * chore: use .id instead of .pk
* fix: update legacy attribute key
…hedule & details page changes
validate_timestamp_and_nonce previously returned True unconditionally, allowing any captured LTI launch request to be replayed indefinitely. Now rejects requests whose oauth_timestamp falls outside a ±5-minute window, then atomically records the nonce in the Django cache via cache.add() (OEP-0022 key generation via get_cache_key). A replay returns False immediately because cache.add() only writes when the key is absent. TieredCache is intentionally not used here: it has no atomic add primitive, so a separate get-then-set would leave a race window that defeats the protection. See the updated docstring for details. Documents the requirement for a shared cache backend (Redis or Memcached) in multi-node deployments in both the app and repo READMEs. Fixes GHSA-6gm5-c49g-p3h9 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add missing class docstring to TimestampAndNonceValidatorTest (C0115) - Move time.time patch from class decorator into setUp/addCleanup to eliminate unused mock parameters in every test method (PT019) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Commit generated by workflow `openedx/openedx-platform/.github/workflows/upgrade-one-python-dependency.yml@refs/heads/master` Co-authored-by: bcitro <67378070+bcitro@users.noreply.github.com>
…rt_historicalusersocialauth (#38658) - Add redact_and_delete_historical_social_auth utility that bulk-redacts uid and clears extra_data before bulk-deleting rows. - Invoke the utility from LMSAccountRetirementView.post() in the retirement workflow. - Add and simplify various retirement tests.
Commit generated by workflow `openedx/openedx-platform/.github/workflows/upgrade-one-python-dependency.yml@refs/heads/master` Co-authored-by: bcitro <67378070+bcitro@users.noreply.github.com>
…ata (#38427) - Adds redaction + delete flow for PendingSecondaryEmailChange. - Updates AccountRecovery.retire_recovery_email to redact before delete. - Integrated cleanup into retirement/deactivation flows and management commands. - Adds redact before delete testing utilities.
Remove user retirement Day 0 social-auth unlinking from create retirement so cancel retirement can fully undo.
Fixes for PII annotations Commit generated by workflow `openedx/openedx-platform/.github/workflows/upgrade-one-python-dependency.yml@refs/heads/master`
…-wiki-66758e9 feat: Upgrade Python dependency openedx-django-wiki
… retirement (#38671) When ENABLE_REDACT_HISTORICAL_PII_RETIREMENT is enabled, GeneratedCertificate's django-simple-history table (certificates_historicalgeneratedcertificate) will also have the user's name redacted as part of user retirement.
fix: remove annotated models from safelist and annotate openedx models on PII
The PUT /api/contentstore/v1/videos/{course_id}/download endpoint fetched
every client-supplied files[].url server-side with
requests.get(url, allow_redirects=True) and returned the bytes inside the
ZIP response. Because the URLs were never validated, an authenticated user
with studio read access could point them at internal services or cloud
metadata endpoints and exfiltrate the responses (GHSA-fpf9-9rpr-jvrx).
By design these URLs are always a subset of the course's own VAL
encoded_videos[].url values (the same data the video listing hands the
frontend). Restrict fetches to that allowlist: build the set of legitimate
URLs for the course and reject any request containing a URL outside it
before any HTTP request is made. This eliminates the SSRF rather than
merely narrowing it.
Adds VideoDownloadViewTest (the endpoint previously had no test coverage)
covering the allowed-URL success path, rejection of disallowed URLs without
any outbound request, mixed allowed/disallowed batches, and the non-staff
permission gate.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
fix: int channels safe dict lookup Commit generated by workflow `openedx/openedx-platform/.github/workflows/upgrade-one-python-dependency.yml@refs/heads/master`
Commit generated by workflow `openedx/openedx-platform/.github/workflows/upgrade-one-python-dependency.yml@refs/heads/master` Co-authored-by: bcitro <67378070+bcitro@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Settings
Tutor requirements