Old Registration and Login implementations

Description

Removal

Over the past 7+ years, the edX platform has accumulated multiple implementations for Registration and Login. As this is a security-sensitive part of the platform, with features for authentication, SSO, password control, session management, etc, it is important for the safety of our users and the security of our system that we keep this code as streamlined and comprehensible as possible.

Unfortunately, this is not the case today since we have the following multiple flavors (of which only the first 2 have now been deleted):

  1. v1a: Login and Registration via Modals (this was fortunately deleted a while back)

  2. v1b: External Auth (deleted as part of DEPR-6)

  3. v2: signin_user, register_user (moved to deprecated.py in Ironwood)

  4. v3: Combined Login and Registration (defined in register.py and login_form.py)

  5. v4: Latest DRF Views defined in User API (defined in RegistrationView and LoginSessionView)

In order for the edx-platform to be efficient, remain relevant in its competitive landscape, and scale sublinearly with its ongoing maintenance, we need to move forward with less tangled and comprehensible code in its core.

Therefore, as part of the Architecture team's replatforming effort, we are removing unneeded login/registration code and consolidating to a single implementation. We will also be implementing a new micro-frontend (statically-served React-framework-based frontend) for Login and Registration. But the deprecation and removal process for the Django server-side implementation will be tracked separately in DEPR-17.

Replacement

This removal effort will remain compatible with the existing latest API, as implemented in v4. The majority of the effort will involve refactoring and consolidating the current implementation and removing all old implementations.

Target Dates

Since this effort is actively being resourced and pursued by the Architecture team as part of their work on rewriting the Login and Registration pages as micro-frontends, we are targeting immediate removal of these old, already deprecated, implementations. So these changes will be included as part of the next Open edX release (Juniper), which is currently targeted in the first half of 2020.

Assignee

Nimisha Asthagiri

Reporter

Nimisha Asthagiri

Labels

None

Removal Date

2019/11/01

Deprecation Proposal Accepted Date

2019/11/01

Priority

Unset
Configure