muhhshoaib/security-change-user-password-requirements-685: handled password complexity scenarios messages according to Chris Suggestions

muhhshoaib/security-change-user-password-requirements-685: changed the chracteres storage from sets to lists

cdodge/get-ip-restriction-list-from-config: change settings name to make clearer and make sure we are getting values from lms.envs.json

cdodge/make-some-middleware-optional: allow for runtimes to specify which pieces of middleware should be removed. This helps with some performance characteristics.

asadiqbal08/api-address-based-restriction:API Security: IP address based restriction added MCKIN-1108

uncomment the code

Included commits:
* xblock-external-ui: Include CSRF token in the API answer
* xblock-external-ui: Adds support for CORS headers (cross-domain request)
* xblock-external-ui: Include full path when building local_url
* xblock-external-ui: Fix TestHandleXBlockCallback & bok_choy, add tests
* xblock-external-ui: Only return `instance` in `_invoke_xblock_handler()`
* xblock-external-ui: Group resources by hash tag to avoid duplicate loads
* xblock-external-ui: Alternate referer check for CORS requests
* session-cookie-httponly: Allow to disable httponly on session cookies
* remove errant log message
* xblock-no-anonymous: Fail early if the XBlock view is called anonymously

TNL-2413

This reverts commit c94abd27.

This is a public, versioned, RESTful API for importing and
exporting full course content. The code was initially ripped from the
existing import/export API in the CMS contentstore djangoapp and wrapped
in Django Rest Framework view classes. It's a new djangoapp in
the openedx directory which is largely an abstraction off the CMS
Import/Export views.

This PR includes configuration changes. Most notably, Studio is
configured to serve the OAuth2 provider alongside the LMS.

This is the initial thread on the code list:
https://groups.google.com/forum/#!msg/edx-code/DmnHWmly25A/ZqjD1zb4o7oJ

And this thread contains another description of the changes:
https://groups.google.com/d/msg/edx-code/6dP9SEKsmqQ/Pvyn8fBDx68J

There are a numerous non-covered lines, all of which are missing
coverage in the CMS API this was ported from. They're mostly error
conditions, such as handling of multipart file upload errors.

This change adds a Django authentication backend which, when installed
will authenticate users based on their LTI identity rather than using
a username/password combination. The authentication method determines
first whether a user with the given username exists and, if so, whether
that user is associated with an LTI identity. It also verifies that
the LTI consumer and user ID passed to the LTI launch match those
stored in the LtiUser table. This will always be the case if the
authentication backend is reached through the LTI code, but it
provides an extra guarantee if the backend is called from elsewhere.

* Add a new cookie for user information
* Make marketing cookie names configurable.
* Handle URL reversal when URLs don't exist (in Studio)
* Move cookie code from student/helpers.py into its own module.

remove references to middleware that were missed previously

use key apis rather than local implementation of key conversion.  remove local implementationa

remove spurious test for attribute

fix test setUp to avoid unneeded flattening

code quality fixes

add security check ensuring that the coach is coach for *this* CCX.

prevent ccx/deprecated course id problems

1.  do not allow ccx objects to be created if the course id is deprecated
2.  filter out any ccx memberships that involve deprecated course ids (in case there are bad ccxs in the database)

Fix test failures and errors arising from incorrect code path execution

Create context manager to handle unwrapping and restoring ccx values for the modulestore wrapper, employ it throughout modulestore wrapper implementation

* Add end-point for initiating a request for credit from a provider.
* Add an end-point for a provider to update the status of a request (approved / denied).

Also moves the default icons to the badges subfolder to avoid storage conflicts.

Parsing the ECOMMERCE_API_URL yields a URL root only accessible from within the VPC.

Parsing the ECOMMERCE_API_URL yields a URL root only accessible from within the VPC.

Serve branded footer JSON/HTML/CSS/JS from an API endpoint
in the branding app.  Refactor OpenEdX and EdX.org footer templates
to use the Python version of the API, ensuring that the API
values are consistent with the footer included in main.html.

Detailed changes:

* Added footer API end-point to the branding app.
* Footer API allows the language to be set with querystring parameters.
* Footer API allows showing/hiding of the OpenEdX logo using querystring parameters.
* Deprecate ENABLE_FOOTER_V3 in favor of the branding API configuration flag.
* Move no referrer script into main.html from the edx footer template.
* Rename rwd_header_footer.js to rwd_header.js
* Cache API responses.

Authors:
Awais Qureshi, Aamir Khan, Will Daly

- added the abstract and concrete layers of enrollment report provider
- created a celery task.
-added the button in the e-commerce reports section

added the enrollment data backend

added the payment data and start writing the test cases.

updated the code with the feedback suggestions and wrote some test cases.
- all the downloadable reports are now visible in the ecommerce download section.
Pending instructor tasks is also visible in the ecommerce section

added the fields in the user profile information
changed the report store configuration key
added the new http endpoint for financial reports to add more permissions for finance_admin to access.

fix quality issues

added test cases to check csv content data

rebased with master and resolved conflicts

changed the log messages

added the changes as per code clintonb suggestions during code review

updated the test cases for the finance_admin decorator

changes suggested by clinton.

Created and moved Table level filters to the Custom Manager for the CourseEnrollment model.

ecommerce.js file was loaded twice in the instructor_dashboard.js fixed the issues

added the registration code column in the csv

added the full gender in the csv file

Update data sources and add display name translations for the report columns

fix meta name

Make sure the reports section does not appear on non whitelabel courses

pylint fixes

expand out enumerated values

Use native checkboxes for courseware license options
In Studio settings editor for video module, don't show license if feature-flagged off
Don't let Scope.contents fields leak to Studio editor
JS gettext() must all be on the same line for i18n
Add docstrings for bok-choy tests
Remove LicenseMixin from HTMLDescriptor
Responding to UX review feedback
Add aria-pressed attribute
Use https links instead of protocol-relative links for links to creativecommons.org
Remove license from course outline page in Studio

TNL-2073

TNL-2054

TNL-1789

Final official name is Custom Courses for EdX (CCX), rename all code to remove previous name.

Rename the FEATURE constant used to identify this feature

Rename the middleware for the CCX change

rename the constant used for storing the current poc id on the session.

rename the _PocContext threading local

rename the override provider in all places where it is referenced

`PersonalOnlineCoursesOverrideProvider` -> `CustomCoursesForEdxOverrideProvider`

generally rename symbols from overrides.py to replace `poc` with `ccx` where possible without changing model names or attributes

rename more symbols from poc to ccx
rename util functions from app utils module

general symbol renaming poc -> ccx in views.py and related url changes

Rename the coach role wherever it is used.

reword poc_coach to ccx_coach

UI rename

replace POC with CCX globally

template context variable renamed

rename poc_ to ccx_ in urls and all related locations (views, js, scss etc)

remove pocs migrations

Final massive renaming, including models.  Re-built migration.

cleaning up a few tailing references

Fix reference typo in schedule template JS

undo modifications made on the fly in test setup to ensure that our tests are properly isolated from the rest of the system tests.

Fixes jazkarta/edx-platform#38

Clean up some leftover strings and comments

fixing more strings and comments in python files

fix a naming error in the schedule tab that was causing problems in deleting courseware items.

Fixes jazkarta/edx-platform#36

updating tests and utility code to match changes in infrastructure from latest rebase

Use client's session to set POC for test, now that we have the capability to do that.

Use a middleware to set the current POC one time per request, and avoid having to look up the stack for the current request in 'get_current_poc'.

Fetch all overrides for a block at one time.

Speed up the lineage computation by doing some caching.

Unused import.

Get field overrides once per user per block.

Streamline configuration.

Fix poc config tuples