Bump python-social-auth to upstream's latest master

[bradenmacdonald]

Summary
The python-social-auth and python-saml projects have merged our changes. This switches us back to using official PyPI releases, which are now compatible with our new SAML backend.

This also pulls in the OAuth2 backend required to support Office 365 logins, therefore providing a replacement for most of #8248.

This is part of the Shibboleth/SSO work and is being merged to the shibboleth-tpa feature branch

Details
Noteworthy changelog entries between python-social-auth version 0.2.7 and 0.2.11:

• SAML Backend
• Avoid storing empty values from user details
• Added provider for Microsoft Azure Active Directory OAuth2
• Fixes "ImportError: No module named packages.urllib3.poolmanager" error (bumps 'requests' version)
• Make URLs trailing slash be configurable by setting. Refs More xblock.save() calls to handle fields set during inits #505

For python-saml, the only commits added to the PyPI release that weren't previously included in our fork are:

• additional tests, comments, and code cleanup
• a small bugfix to the metadata "valid until" time specification code
• PR 67, "NameIDFormat/NameIDPolicy Improvements" was rejected and an alternate fix was included: SAML-Toolkits/python-saml@3a5847b . I have tested this and it seems to work well with both of our current testing IdPs (TestShib and UBC Staging).

Sandbox:
http://sandbox5.opencraft.com/login has been updated to use the new versions via PyPI (on June 24)

Reviewers
@Kelketek and @rlucioni

[openedx-webhooks]

Thanks for the pull request, @bradenmacdonald! I've created OSPR-669 to keep track of it in JIRA. JIRA is a place for product owners to prioritize feature reviews by the engineering development teams.

Feel free to add as much of the following information to the ticket:

• supporting documentation
• edx-code email threads
• timeline information ('this must be merged by XX date', and why that is)
• partner information ('this is a course on edx.org')
• any other information that can help Product understand the context for the PR

All technical communication about the code itself will still be done via the Github pull request interface. As a reminder, our process documentation is here.

[bradenmacdonald]

Jenkins, test this please.

[Kelketek]

👍

[RobDolinMS]

This PR is required for #8155 to subsume #8248.

[bradenmacdonald]

@cpennington This is ready for your review. (It's small)

[sarina]

@bradenmacdonald do you have a link to the diff of the changes?

[sarina]

@bradenmacdonald and/or release notes? that would help evaluate the change.

[sarina]

@cpennington should the platform team or destination team review this?

[bradenmacdonald]

@sarina The upstream changelog is here. The platform is currently using python-social-auth version 0.2.7, and this bumps it to the upcoming release that will probably be called v 0.2.11.

The changelog entries that seem to potentially be relevant to us are:

• SAML Backend
• Avoid storing empty values from user details
• Added provider for Microsoft Azure Active Directory OAuth2
• Fixes "ImportError: No module named packages.urllib3.poolmanager" error (bumps 'requests' version)
• Make URLs trailing slash be configurable by setting. Refs More xblock.save() calls to handle fields set during inits #505

[cpennington]

@sarina I took a brief skim, but its probably worth destination edx look a little closer.

[rlucioni]

@bradenmacdonald I've found omab to be very responsive to version bump requests. Have you tried asking him to release 0.2.11 on PyPI?

[bradenmacdonald]

@rlucioni Good idea. I've just asked him now.

[RobDolinMS]

@sarina I see that this has the label "Awaiting Prioritization" Can this be given the necessary priority to make sure it is included in this release?

[sarina]

Renzo has already started reviewing this. I will try my hardest but we are
beset with performance issues right now; < 1 week is really tight
turnaround for a pull request exactly because unanticipated issues may come
up at any moment.

On Tue, Jun 23, 2015 at 7:53 PM, Rob Dolin notifications@github.com wrote:

@sarina https://github.com/sarina I see that this has the label
"Awaiting Prioritization" Can this be given the necessary priority to make
sure it is included in this release?

—
Reply to this email directly or view it on GitHub
https://github.com/edx/edx-platform/pull/8599#issuecomment-114677067.

[sarina]

Keep in mind if your goal is by the end of the week to make Cypress, we
will be cutting Cypress after SSO has merged. So that should not be a
concern.

On Tue, Jun 23, 2015 at 9:48 PM, Sarina Canelake sarina@edx.org wrote:

Renzo has already started reviewing this. I will try my hardest but we are
beset with performance issues right now; < 1 week is really tight
turnaround for a pull request exactly because unanticipated issues may come
up at any moment.

On Tue, Jun 23, 2015 at 7:53 PM, Rob Dolin notifications@github.com
wrote:

@sarina https://github.com/sarina I see that this has the label
"Awaiting Prioritization" Can this be given the necessary priority to make
sure it is included in this release?

—
Reply to this email directly or view it on GitHub
https://github.com/edx/edx-platform/pull/8599#issuecomment-114677067.

[rlucioni]

Looks like a new version of python-saml will also be uploaded to PyPI today.

[omab]

FYI, python-social-auth v0.2.11 was released a few minutes ago.

[rlucioni]

Thanks for the heads-up @omab.

[bradenmacdonald]

I just updated this PR to use 0.2.11 and tested it locally - everything seems great. 3 of the 4 python-saml PRs have been merged so far so I'll watch for a new release of that as well, and then do a final update of this.

[bradenmacdonald]

A new version of python-saml was released today that included three of my four changes plus an alternative to my other proposed change. I have updated this PR and its description accordingly. We can now use PyPI versions for both of the new python packages needed for Shibboleth/SSO :)

I have switched http://sandbox5.opencraft.com to use these PyPI versions and confirmed that it is still working with our test Shibboleth providers (TestShib and UBC).

@Kelketek Can you please take another look and confirm that your +1 stands?
@rlucioni I think this is ready for a final look.

Build failure is unrelated and has been fixed on master, but I'd rather not rebase the feature branch while there are four open PRs against it undergoing active review.

[rlucioni]

@bradenmacdonald 👍 . I'll wait for a look from @Kelketek before merging.

[Kelketek]

test this please

👍 if the tests pass.

[rlucioni]

@Kelketek as @bradenmacdonald wrote, the single failing test is unrelated and has been fixed in master. I'm going to go ahead and merge this.