SE-1496 conditionally re-enable user change password form in admin #21616
Conversation
|
Thanks for the pull request, @swalladge! I've created OSPR-3840 to keep track of it in JIRA. JIRA is a place for product owners to prioritize feature reviews by the engineering development teams. Feel free to add as much of the following information to the ticket:
All technical communication about the code itself will still be done via the GitHub pull request interface. As a reminder, our process documentation is here. |
openedx-webhooks
added
needs triage
open-source-contribution
|
@swalladge Thank you for your contribution. Please let me know once all tests are green. |
openedx-webhooks
added
waiting on author
|
@natabene We're not sure what's happening with the tests; they appear to be failing for reasons unrelated to the changes in this PR. We also have a question about the implementation for this that we'd appreciate an early look at: we initially implemented this using waffle switches, but then switched to a django setting in edx@c685617 (the rationale being that a django setting would be more appropriate because changes to this toggle require restarting the server or a redeploy). Which method would edX prefer? Thanks. |
|
It seems that tests are failing on installing configparser==4.0.1, which doesn't exist as a pypi release yet (latest at time of writing is 3.8.1 https://pypi.org/project/configparser/#history ). Strangely, this change was introduced in https://github.com/edx/edx-platform/pull/21609, and the tests run fine. ¯\_(ツ)_/¯ EDIT: configparser 4.0.x was pulled from pypi: jaraco/configparser#45 (comment) EDIT2: opened https://github.com/edx/edx-platform/pull/21634 to fix this until upstream publishes a new release EDIT3: a fix has been merged to master. will rebase this branch as soon as i get a chance. (done) |
|
@marcotuts Can you give this an early look please? |
openedx-webhooks
added
product review
|
If/when this is merged, also merge the documentation change: https://github.com/edx/edx-documentation/pull/1842 |
samuelallan72
force-pushed
the
samuel/gate-change-password
branch
from
c685617 to
3860741
Compare
|
👍
There's still the question of whether we want a feature flag or a Waffle switch, but I'll leave this to edX. Waffle switches are to be applied dynamically, without restart, but this new feature modifies URLs and requires a restart, so therefore a FEATURE flag seems better. @swalladge could you check the sandbox and then ping Ned when it's ready? |
|
@marcotuts This is awaiting your review. |
|
@natabene Any updates on this? For planning purposes. 🙂 |
|
@swalladge No, no updates yet. |
|
Hi! We tested this at eduNEXT and works great 👍 thank you |
|
Ok to move past product review for eng review, thanks! |
openedx-webhooks
added
awaiting prioritization
and removed
product review
|
@swalladge Moving to engineering review |
ormsbee
left a comment
ormsbee
left a comment
There was a problem hiding this comment.
I'm honestly not crazy about adding a way to explicitly bypass password policy like this (and adding a feature flag on top of that). But our handling of auth_user is idiosyncratic enough, and this use case is likely common enough where I'm okay with it. Doing a feature flag is definitely the right way to do this btw – even if it wasn't required at startup time to do urls.py manipulation.
Just one required change request, and then please do the normal squash + copying the context from your PR message to your commit message, and I'll merge. Thank you.
cms/urls.py
Outdated
There was a problem hiding this comment.
Please add this flag to common.py for both the lms and cms envs, defaulting to False. Please also follow the feature flag annotation format (example: https://github.com/edx/edx-platform/blob/master/lms/envs/common.py#L180-L191)
There was a problem hiding this comment.
Thanks @ormsbee ! I have added the flag to the common.py files and tidied the commits.
samuelallan72
force-pushed
the
samuel/gate-change-password
branch
from
22e4597 to
efa2d44
Compare
This was previously disabled because changing another user's password is both not usually recommended and bypasses password policy. Here, we add a feature flag (`ENABLE_CHANGE_USER_PASSWORD_ADMIN`) to allow re-enabling this password change form. This allows continued use of this functionality by clients that require it.
samuelallan72
force-pushed
the
samuel/gate-change-password
branch
from
efa2d44 to
39de23c
Compare
|
jenkins run bokchoy |
|
@swalladge 🎉 Your pull request was merged! Please take a moment to answer a two question survey so we can improve your experience in the future. |
|
EdX Release Notice: This PR has been deployed to the staging environment in preparation for a release to production. |
|
EdX Release Notice: This PR may have caused e2e tests to fail on Stage. If you're a member of the edX org, please visit #e2e-troubleshooting on Slack to help diagnose the cause of these failures. Otherwise, it is the reviewer's responsibility. E2E tests have failed. https://gocd.tools.edx.org/go/tab/pipeline/history/deploy_to_stage |
|
EdX Release Notice: This PR has been deployed to the production environment. |
|
Your PR has finished running tests. There were no failures. |
10 participants
This PR enables setting/changing a user's password from the django admin, gated
behind a django setting FEATURES flag.
Using a django settings option because this affects entries to urls.py, which require a server restart to take effect. Using a waffle switch is misleading, because toggling it without restarting the server afterwards would leave the platform in an invalid state.
This behaviour was disabled across https://github.com/edx/edx-platform/pull/18970 and https://github.com/edx/edx-platform/pull/18972.
We want to re-enable it because our clients use this feature.
JIRA tickets: OSPR-3840
Dependencies: None
Sandbox URL:
Merge deadline: None
Testing instructions:
/admin/auth/user/1/change/)for the password field. (You should not see " but you can change the
password using this form.")
/admin/auth/user/1/password/)/edx/bin/supervisorctl restart lms: cms:from a shell)./admin/auth/user/1/change/)password using this form") is visible.
password can be changed
Author notes and concerns:
Reviewers
Settings