learningequality · jonboiser · Jun 10, 2020 · May 18, 2020 · May 29, 2020 · Jun 3, 2020
diff --git a/kolibri/core/assets/src/state/modules/core/actions.js b/kolibri/core/assets/src/state/modules/core/actions.js
@@ -1,3 +1,4 @@
+import client from 'kolibri.client';
 import debounce from 'lodash/debounce';
 import pick from 'lodash/pick';
 import logger from 'kolibri.lib.logging';
@@ -170,6 +171,10 @@ export function clearError(store) {
   store.commit('CORE_SET_ERROR', null);
 }
 
+export function clearLoginError(store) {
+  store.commit('CORE_SET_LOGIN_ERROR', null);
+}
+
 export function handleApiError(store, errorObject) {
   let error = errorObject;
   if (typeof errorObject === 'object' && !(errorObject instanceof Error)) {
@@ -206,6 +211,63 @@ export function setSession(store, { session, clientNow }) {
   store.commit('CORE_SET_SESSION', session);
 }
 
+/**
+ * Signs in user and then sets their password
+ * this is used in the case where a learner has created an
+ * account without a password. At sign in, they will
+ * give a password - we sign them in to create the session,
+ * then we make a request to update their password before
+ * redirecting.
+ *
+ * @param {object} store The store.
+ * @param {object} sessionPayload The session payload.
+ */
+export function kolibriLoginWithNewPassword(store, payload) {
+  store.commit('CORE_SET_SIGN_IN_BUSY', true);
+  Lockr.set(UPDATE_MODAL_DISMISSED, false);
+
+  const { username, password, facility, user } = payload;
+
+  const sessionPayload = {
+    username,
+    password,
+    facility,
+  };
+
+  return SessionResource.saveModel({ data: sessionPayload })
+    .then(() => {
+      const path = `/api/auth/facilityuser/${user.id}/`;
+      const method = 'PATCH';
+      const entity = { password };
+      client({ path, method, entity }).then(() => {
+        // OIDC redirect
+        if (sessionPayload.next) {
+          redirectBrowser(sessionPayload.next);
+        }
+        // Normal redirect on login
+        else {
+          redirectBrowser();
+        }
+      });
+    })
+    .catch(error => {
+      store.commit('CORE_SET_SIGN_IN_BUSY', false);
+      const errorsCaught = CatchErrors(error, [
+        ERROR_CONSTANTS.INVALID_CREDENTIALS,
+        ERROR_CONSTANTS.MISSING_PASSWORD,
+      ]);
+      if (errorsCaught) {
+        if (errorsCaught.includes(ERROR_CONSTANTS.INVALID_CREDENTIALS)) {
+          store.commit('CORE_SET_LOGIN_ERROR', LoginErrors.INVALID_CREDENTIALS);
+        } else if (errorsCaught.includes(ERROR_CONSTANTS.MISSING_PASSWORD)) {
+          store.commit('CORE_SET_LOGIN_ERROR', LoginErrors.PASSWORD_MISSING);
+        }
+      } else {
+        store.dispatch('handleApiError', error);
+      }
+    });
+}
+
 /**
  * Signs in user.
  *
@@ -285,6 +347,16 @@ export function saveDismissedNotification(store, notification_id) {
     });
 }
 
+export function getRemoteAccessPermission(store) {
+  return client({
+    method: 'POST',
+    path: urls['kolibri:kolibri.plugins.device:allowremoteaccess'](),
+  }).then(response => {
+    const data = response.entity;
+    store.commit('SET_REMOTE_BROWSER_PERMISSION', data.allowed);
+  });
+}
+
 export function getFacilities(store) {
   return FacilityResource.fetchCollection().then(facilities => {
     store.commit('CORE_SET_FACILITIES', [...facilities]);

diff --git a/kolibri/core/assets/src/state/modules/core/getters.js b/kolibri/core/assets/src/state/modules/core/getters.js
@@ -33,3 +33,7 @@ export function pageSessionId(state) {
 export function demoBannerVisible(state, getters, rootState) {
   return state.demoBannerVisible && rootState.pageName === 'SIGN_IN';
 }
+
+export function allowRemoteAccess(state) {
+  return state.allowRemoteAccess;
+}
diff --git a/kolibri/core/assets/src/state/modules/core/index.js b/kolibri/core/assets/src/state/modules/core/index.js
@@ -20,6 +20,7 @@ export default {
       list: [],
       currentId: null,
     },
+    allowRemoteAccess: false,
     // facility
     facilityConfig: {},
     facilities: [],

diff --git a/kolibri/core/assets/src/state/modules/core/mutations.js b/kolibri/core/assets/src/state/modules/core/mutations.js
@@ -46,4 +46,7 @@ export default {
   SET_CORE_BANNER_VISIBLE(state) {
     state.demoBannerVisible = true;
   },
+  SET_REMOTE_BROWSER_PERMISSION(state, enabled) {
+    state.allowRemoteAccess = enabled;
+  },
 };
diff --git a/kolibri/core/assets/src/state/modules/session.js b/kolibri/core/assets/src/state/modules/session.js
@@ -39,8 +39,8 @@ export default {
     canManageContent(state) {
       return state.can_manage_content;
     },
-    canAccessUnassignedContent(state) {
-      return state.can_access_unassigned_content;
+    canAccessUnassignedContent(state, getters) {
+      return state.can_access_unassigned_content && getters.allowRemoteAccess;
     },
     isSuperuser(state) {
       return state.kind.includes(UserKinds.SUPERUSER);

diff --git a/kolibri/core/assets/src/views/userAccounts/PasswordTextbox.vue b/kolibri/core/assets/src/views/userAccounts/PasswordTextbox.vue
@@ -11,6 +11,7 @@
       v-bind="$attrs"
       @blur="passwordBlurred = true"
       @input="$emit('update:value', $event)"
+      @keydown.enter="checkErrorsAndSubmit"
     />
 
     <KTextbox
@@ -24,6 +25,7 @@
       :invalidText="shownConfirmationInvalidText"
       :autocomplete="$attrs.autocomplete"
       @blur="confirmationBlurred = true"
+      @keydown.enter="checkErrorsAndSubmit"
     />
   </div>
 
@@ -117,6 +119,14 @@
         this.$emit('update:value', '');
         this.$refs.password.focus();
       },
+      checkErrorsAndSubmit(e) {
+        if (this.valid) {
+          this.$emit('submitNewPassword');
+        } else {
+          // Blurring will cause validation errors to show if needed
+          e.target.blur();
+        }
+      },
     },
     $trs: {
       confirmPasswordLabel: 'Re-enter password',

diff --git a/kolibri/core/auth/api.py b/kolibri/core/auth/api.py
@@ -13,6 +13,7 @@
 from django.contrib.auth import logout
 from django.contrib.auth import update_session_auth_hash
 from django.contrib.auth.models import AnonymousUser
+from django.core.exceptions import ObjectDoesNotExist
 from django.db import transaction
 from django.db.models import OuterRef
 from django.db.models import Q
@@ -475,12 +476,30 @@ def create(self, request):
         username = request.data.get("username", "")
         password = request.data.get("password", "")
         facility_id = request.data.get("facility", None)
+
+        # Find the FacilityUser we're looking for use later on
+        try:
+            unauthenticated_user = FacilityUser.objects.get(
+                username__iexact=username, facility=facility_id
+            )
+        except ObjectDoesNotExist:
+            unauthenticated_user = None
+
         user = authenticate(username=username, password=password, facility=facility_id)
         if user is not None and user.is_active:
             # Correct password, and the user is marked "active"
             login(request, user)
             # Success!
             return self.get_session_response(request)
+        elif (
+            unauthenticated_user is not None
+            and unauthenticated_user.password == "NOT_SPECIFIED"
+        ):
+            # Here - we have a Learner whose password is "NOT_SPECIFIED" because they were created
+            # while the "Require learners to log in with password" setting was disabled - but now
+            # it is enabled again.
+            login(request, unauthenticated_user)
+            return self.get_session_response(request)
         elif (
             not password
             and FacilityUser.objects.filter(

diff --git a/kolibri/core/device/migrations/0008_devicesettings_allow_other_browsers_to_connect.py b/kolibri/core/device/migrations/0008_devicesettings_allow_other_browsers_to_connect.py
@@ -0,0 +1,21 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11.28 on 2020-05-29 18:39
+from __future__ import unicode_literals
+
+from django.db import migrations
+from django.db import models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("device", "0007_deviceappkey"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="devicesettings",
+            name="allow_other_browsers_to_connect",
+            field=models.NullBooleanField(),
+        ),
+    ]
diff --git a/kolibri/core/device/migrations/0009_merge_20200608_1716.py b/kolibri/core/device/migrations/0009_merge_20200608_1716.py
@@ -0,0 +1,15 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11.29 on 2020-06-09 00:16
+from __future__ import unicode_literals
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("device", "0008_merge_20200531_1829"),
+        ("device", "0008_devicesettings_allow_other_browsers_to_connect"),
+    ]
+
+    operations = []
diff --git a/kolibri/core/device/models.py b/kolibri/core/device/models.py
@@ -80,6 +80,7 @@ class DeviceSettings(models.Model):
     allow_peer_unlisted_channel_import = models.BooleanField(default=False)
     allow_learner_unassigned_resource_access = models.BooleanField(default=True)
     name = models.CharField(max_length=50, default=get_device_hostname)
+    allow_other_browsers_to_connect = models.NullBooleanField(null=True)
 
     def save(self, *args, **kwargs):
         self.pk = 1

diff --git a/kolibri/core/device/serializers.py b/kolibri/core/device/serializers.py
@@ -121,6 +121,7 @@ class Meta:
             "allow_guest_access",
             "allow_peer_unlisted_channel_import",
             "allow_learner_unassigned_resource_access",
+            "allow_other_browsers_to_connect",
         )
 
     def create(self, validated_data):

diff --git a/kolibri/core/device/utils.py b/kolibri/core/device/utils.py
@@ -59,6 +59,10 @@ def allow_peer_unlisted_channel_import():
     return get_device_setting("allow_peer_unlisted_channel_import", False)
 
 
+def allow_other_browsers_to_connect():
+    return get_device_setting("allow_other_browsers_to_connect", False)
+
+
 def set_device_settings(**kwargs):
     from .models import DeviceSettings
 

diff --git a/kolibri/core/discovery/utils/filesystem/posix.py b/kolibri/core/discovery/utils/filesystem/posix.py
@@ -76,14 +76,16 @@ def get_drive_list():
 
     if sys.platform == "darwin":
         MOUNT_PARSER = OSX_MOUNT_PARSER
-    elif on_android():
-        MOUNT_PARSER = RAW_MOUNT_PARSER
     else:
         MOUNT_PARSER = LINUX_MOUNT_PARSER
 
     try:
         drivelist = subprocess.Popen("mount", shell=True, stdout=subprocess.PIPE)
         drivelisto, err = drivelist.communicate()
+        # Some Android devices at least now use the LINUX_MOUNT_PARSER format.
+        # Try it and revert to RAW_MOUNT_PARSER if we can't find any matches with it.
+        if on_android() and not MOUNT_PARSER.match(drivelisto.decode()):
+            MOUNT_PARSER = RAW_MOUNT_PARSER
     except OSError:  # couldn't run `mount`, let's try reading the /etc/mounts listing directly
         with open("/proc/mounts") as f:
             drivelisto = f.read()

diff --git a/kolibri/deployment/default/dev_urls.py b/kolibri/deployment/default/dev_urls.py
@@ -43,6 +43,7 @@ def webpack_redirect_view(request):
     url(
         r"^redoc/$", schema_view.with_ui("redoc", cache_timeout=0), name="schema-redoc"
     ),
+    url(r"^api-auth/", include("rest_framework.urls", namespace="rest_framework")),
 ]
 
 if getattr(settings, "DEBUG_PANEL_ACTIVE", False):

diff --git a/kolibri/deployment/default/urls.py b/kolibri/deployment/default/urls.py
@@ -36,7 +36,6 @@
 
 url_patterns_prefixed = [
     url(r"^admin/", include(admin.site.urls)),
-    url(r"^api-auth/", include("rest_framework.urls", namespace="rest_framework")),
     url(r"", include(morango_urls)),
     url(r"", include("kolibri.core.urls")),
     url(r"", include(get_root_urls())),
-Original file line number
+Diff line change
@@ Expand Up / @@ -43,6 +43,7 @@ def webpack_redirect_view(request): @@
         url(
             r"^redoc/$", schema_view.with_ui("redoc", cache_timeout=0), name="schema-redoc"
         ),
+        url(r"^api-auth/", include("rest_framework.urls", namespace="rest_framework")),
     ]
     if getattr(settings, "DEBUG_PANEL_ACTIVE", False):
@@ Expand Down @@