Merge branch 'pwnage101/ENT-11510' of github.com:openedx/edx-enterprise into pwnage101/ENT-11510

kiram15 · web-flow · commit 186d67a03527 · 2026-03-30T16:53:16.000Z
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -21,6 +21,10 @@ Unreleased
 ---------------------
 * feat: add AccountSettingsReadOnlyFieldsStep pipeline step (ENT-11510)
 
+[6.8.3] - 2026-03-27
+---------------------
+* fix: Move settings reads out of AppConfig, into consumers
+
 [6.8.2] - 2026-03-26
 ---------------------
 * feat: add admin invite reminder emails (ENT-11581)
diff --git a/enterprise/api/v1/views/coupon_codes.py b/enterprise/api/v1/views/coupon_codes.py
@@ -12,7 +12,7 @@
 from rest_framework.status import HTTP_200_OK, HTTP_400_BAD_REQUEST, HTTP_500_INTERNAL_SERVER_ERROR
 from rest_framework.views import APIView
 
-from django.apps import apps
+from django.conf import settings
 from django.core import mail
 from django.utils.translation import gettext as _
 
@@ -97,9 +97,8 @@ def post(self, request):
             token_enterprise_name=enterprise_name
         )
         body_msg = create_message_body(email, enterprise_name, number_of_codes, notes)
-        app_config = apps.get_app_config("enterprise")
-        from_email_address = app_config.enterprise_integrations_email
-        cs_email = app_config.customer_success_email
+        from_email_address = settings.ENTERPRISE_INTEGRATIONS_EMAIL
+        cs_email = settings.ENTERPRISE_CUSTOMER_SUCCESS_EMAIL
         data = {
             self.REQUIRED_PARAM_EMAIL: email,
             self.REQUIRED_PARAM_ENTERPRISE_NAME: enterprise_name,
diff --git a/enterprise/api_client/client.py b/enterprise/api_client/client.py
@@ -10,7 +10,6 @@
 from edx_rest_api_client.auth import SuppliedJwtAuth
 from edx_rest_api_client.client import OAuthAPIClient
 
-from django.apps import apps
 from django.conf import settings
 
 from enterprise.utils import NotConnectedToOpenEdX  # pylint: disable=cyclic-import
@@ -49,11 +48,10 @@ class BackendServiceAPIClient(APIClientMixin):
     Uses the backend service user to make requests.
     """
     def __init__(self):
-        app_config = apps.get_app_config("enterprise")
         self.client = OAuthAPIClient(
-            app_config.backend_service_edx_oauth2_provider_url,
-            app_config.backend_service_edx_oauth2_key,
-            app_config.backend_service_edx_oauth2_secret
+            base_url=settings.ENTERPRISE_BACKEND_SERVICE_EDX_OAUTH2_PROVIDER_URL,
+            client_id=settings.ENTERPRISE_BACKEND_SERVICE_EDX_OAUTH2_KEY,
+            client_secret=settings.ENTERPRISE_BACKEND_SERVICE_EDX_OAUTH2_SECRET,
         )
 
 
diff --git a/enterprise/apps.py b/enterprise/apps.py
@@ -3,7 +3,6 @@
 """
 
 from django.apps import AppConfig, apps
-from django.conf import settings
 
 from enterprise.constants import USER_POST_SAVE_DISPATCH_UID
 
@@ -28,23 +27,6 @@ class EnterpriseConfig(AppConfig):
 
     name = "enterprise"
     valid_image_extensions = [".png", ]
-    valid_max_image_size = getattr(settings, 'ENTERPRISE_CUSTOMER_LOGO_IMAGE_SIZE', 512)  # Value in KB's
-    customer_success_email = getattr(settings, 'ENTERPRISE_CUSTOMER_SUCCESS_EMAIL', 'customersuccess@edx.org')
-    enterprise_integrations_email = getattr(
-        settings,
-        'ENTERPRISE_INTEGRATIONS_EMAIL',
-        'enterprise-integrations@edx.org'
-    )
-
-    backend_service_edx_oauth2_key = getattr(
-        settings, "ENTERPRISE_BACKEND_SERVICE_EDX_OAUTH2_KEY", "enterprise-backend-service-key"
-    )
-    backend_service_edx_oauth2_secret = getattr(
-        settings, "ENTERPRISE_BACKEND_SERVICE_EDX_OAUTH2_SECRET", "enterprise-backend-service-secret"
-    )
-    backend_service_edx_oauth2_provider_url = getattr(
-        settings, "ENTERPRISE_BACKEND_SERVICE_EDX_OAUTH2_PROVIDER_URL", "http://127.0.0.1:8000/oauth2"
-    )
 
     @property
     def auth_user_model(self):
diff --git a/enterprise/settings/test.py b/enterprise/settings/test.py
@@ -415,3 +415,6 @@ def root(*args):
 ADMIN_INVITE_REMINDER_CADENCE_DAYS = 3
 ADMIN_INVITE_REMINDER_MAX_COUNT = 1
 ADMIN_INVITE_REMINDER_BATCH_SIZE = 500
+
+ENTERPRISE_CUSTOMER_SUCCESS_EMAIL = 'customersuccess@edx.org'
+ENTERPRISE_INTEGRATIONS_EMAIL = 'enterprise-integrations@edx.org'
diff --git a/enterprise/validators.py b/enterprise/validators.py
@@ -8,6 +8,7 @@
 import pgpy
 
 from django.apps import apps
+from django.conf import settings
 from django.core.exceptions import ValidationError
 from django.utils.translation import gettext_lazy as _
 
@@ -45,11 +46,11 @@ def validate_image_size(image):
     """
     Validate that a particular image size.
     """
-    config = get_app_config()
-    valid_max_image_size_in_bytes = config.valid_max_image_size * 1024
-    if config and not image.size <= valid_max_image_size_in_bytes:
+    valid_max_image_size_in_kb = getattr(settings, 'ENTERPRISE_CUSTOMER_LOGO_IMAGE_SIZE', 512)
+    valid_max_image_size_in_bytes = valid_max_image_size_in_kb * 1024
+    if not image.size <= valid_max_image_size_in_bytes:
         raise ValidationError(
-            _("The logo image file size must be less than or equal to %s KB.") % config.valid_max_image_size)
+            _("The logo image file size must be less than or equal to %s KB.") % valid_max_image_size_in_kb)
 
 
 def validate_content_filter_fields(content_filter):
diff --git a/tests/filters/test_accounts.py b/tests/filters/test_accounts.py
@@ -6,7 +6,7 @@
 from django.test import TestCase, override_settings
 
 from enterprise.filters.accounts import AccountSettingsReadOnlyFieldsStep
-from enterprise.models import EnterpriseCustomerUser
+from enterprise.models import EnterpriseCustomerIdentityProvider, EnterpriseCustomerUser
 
 
 class TestAccountSettingsReadOnlyFieldsStep(TestCase):
@@ -33,8 +33,9 @@ def test_returns_unchanged_readonly_fields_when_no_enterprise_user(self, mock_ob
         mock_objects.select_related.return_value.get.side_effect = EnterpriseCustomerUser.DoesNotExist
         step = self._make_step()
         fields = set()
-        result = step.run_filter(readonly_fields=fields, user=self._mock_user())
-        self.assertEqual(result, {"readonly_fields": fields})
+        user = self._mock_user()
+        result = step.run_filter(readonly_fields=fields, user=user)
+        self.assertEqual(result, {"readonly_fields": fields, "user": user})
 
     @patch('enterprise.filters.accounts.UserSocialAuth')
     @patch('enterprise.filters.accounts.EnterpriseCustomerIdentityProvider.objects')
@@ -100,3 +101,59 @@ def test_name_not_added_without_social_auth_record(
 
         self.assertNotIn("name", result["readonly_fields"])
         self.assertIn("email", result["readonly_fields"])
+
+    @patch('enterprise.filters.accounts.EnterpriseCustomerIdentityProvider.objects')
+    @patch('enterprise.filters.accounts.EnterpriseCustomerUser.objects')
+    def test_returns_unchanged_readonly_fields_when_no_idp_record(
+        self, mock_ecu_objects, mock_idp_objects
+    ):
+        """
+        When the enterprise customer has no linked identity provider,
+        readonly_fields is returned unchanged.
+        """
+        user = self._mock_user()
+        mock_ecu_objects.select_related.return_value.get.return_value = MagicMock()
+        mock_idp_objects.get.side_effect = EnterpriseCustomerIdentityProvider.DoesNotExist
+        step = self._make_step()
+        fields = {'existing_field'}
+        result = step.run_filter(readonly_fields=fields, user=user)
+        self.assertEqual(result["readonly_fields"], fields)
+
+    @patch('enterprise.filters.accounts.EnterpriseCustomerIdentityProvider.objects')
+    @patch('enterprise.filters.accounts.EnterpriseCustomerUser.objects')
+    def test_returns_unchanged_readonly_fields_when_third_party_auth_unavailable(
+        self, mock_ecu_objects, mock_idp_objects
+    ):
+        """
+        When third_party_auth is not installed (None), readonly_fields is returned unchanged.
+        """
+        user = self._mock_user()
+        mock_ecu_objects.select_related.return_value.get.return_value = MagicMock()
+        mock_idp_objects.get.return_value = MagicMock(provider_id='saml-test')
+        step = self._make_step()
+        fields = {'existing_field'}
+        with patch('enterprise.filters.accounts.third_party_auth', None):
+            result = step.run_filter(readonly_fields=fields, user=user)
+        self.assertEqual(result["readonly_fields"], fields)
+
+    @patch('enterprise.filters.accounts.EnterpriseCustomerIdentityProvider.objects')
+    @patch('enterprise.filters.accounts.EnterpriseCustomerUser.objects')
+    def test_returns_unchanged_readonly_fields_when_sync_not_enabled(
+        self, mock_ecu_objects, mock_idp_objects
+    ):
+        """
+        When the identity provider exists but sync_learner_profile_data is False,
+        readonly_fields is returned unchanged.
+        """
+        user = self._mock_user()
+        mock_ecu_objects.select_related.return_value.get.return_value = MagicMock()
+        mock_idp_objects.get.return_value = MagicMock(provider_id='saml-test')
+        mock_identity_provider = MagicMock()
+        mock_identity_provider.sync_learner_profile_data = False
+        mock_tpa = MagicMock()
+        mock_tpa.provider.Registry.get.return_value = mock_identity_provider
+        step = self._make_step()
+        fields = {'existing_field'}
+        with patch('enterprise.filters.accounts.third_party_auth', mock_tpa):
+            result = step.run_filter(readonly_fields=fields, user=user)
+        self.assertEqual(result["readonly_fields"], fields)
