Old Registration and Login implementations
Over the past 7+ years, the edX platform has accumulated multiple implementations for Registration and Login. As this is a security-sensitive part of the platform, with features for authentication, SSO, password control, session management, etc, it is important for the safety of our users and the security of our system that we keep this code as streamlined and comprehensible as possible.
Unfortunately, this is not the case today since we have the following multiple flavors (of which only the first 2 have now been deleted):
v1a: Login and Registration via Modals (this was fortunately deleted a while back)
v1b: External Auth (deleted as part of DEPR-6)
v2: signin_user, register_user (moved to deprecated.py in Ironwood)
In order for the edx-platform to be efficient, remain relevant in its competitive landscape, and scale sublinearly with its ongoing maintenance, we need to move forward with less tangled and comprehensible code in its core.
Therefore, as part of the Architecture team's replatforming effort, we are removing unneeded login/registration code and consolidating to a single implementation. We will also be implementing a new micro-frontend (statically-served React-framework-based frontend) for Login and Registration. But the deprecation and removal process for the Django server-side implementation will be tracked separately in DEPR-17.
This removal effort will remain compatible with the existing latest API, as implemented in v4. The majority of the effort will involve refactoring and consolidating the current implementation and removing all old implementations.
Since this effort is actively being resourced and pursued by the Architecture team as part of their work on rewriting the Login and Registration pages as micro-frontends, we are targeting immediate removal of these old, already deprecated, implementations. So these changes will be included as part of the next Open edX release (Juniper), which is currently targeted in the first half of 2020.
: We think this is done.
Is this DEPR work now completed?
The removal of v2 login and registration templates: