Release 1.143.2

[odlbot]

James Kachel

• Update verified program course enrollments API to allow for intermediate programs (Update verified program course enrollments API to allow for intermediate programs #3418) (4323f375)

[github-actions]

OpenAPI Changes

Show/hide ## Changes for v0.yaml:

## Changes for v0.yaml:
2 changes: 1 error, 0 warning, 1 info
error	[api-path-removed-without-deprecation] at base/openapi/specs/v0.yaml	
	in API POST /api/v2/verified_program_enrollments/{program_id}/{courserun_id}/
		api path removed without deprecation

info	[endpoint-added] at head/openapi/specs/v0.yaml	
	in API POST /api/v2/verified_program_enrollments/{courserun_id}/
		endpoint added



## Changes for v1.yaml:
2 changes: 1 error, 0 warning, 1 info
error	[api-path-removed-without-deprecation] at base/openapi/specs/v1.yaml	
	in API POST /api/v2/verified_program_enrollments/{program_id}/{courserun_id}/
		api path removed without deprecation

info	[endpoint-added] at head/openapi/specs/v1.yaml	
	in API POST /api/v2/verified_program_enrollments/{courserun_id}/
		endpoint added



## Changes for v2.yaml:
2 changes: 1 error, 0 warning, 1 info
error	[api-path-removed-without-deprecation] at base/openapi/specs/v2.yaml	
	in API POST /api/v2/verified_program_enrollments/{program_id}/{courserun_id}/
		api path removed without deprecation

info	[endpoint-added] at head/openapi/specs/v2.yaml	
	in API POST /api/v2/verified_program_enrollments/{courserun_id}/
		endpoint added

Unexpected changes? Ensure your branch is up-to-date with main (consider rebasing).

[sentry]

Bug: The custom EnrollmentCreationFailedError is not handled, causing an unhandled exception and a 500 error instead of a graceful API response.
_{Severity: HIGH}

Suggested Fix

Modify EnrollmentCreationFailedError to inherit from rest_framework.exceptions.APIException. Set its status_code to an appropriate value, such as 400_BAD_REQUEST or 404_NOT_FOUND, to ensure DRF's exception handler automatically converts it into a proper HTTP response.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: courses/views/v2/__init__.py#L719-L720

Potential issue: The custom exception `EnrollmentCreationFailedError` inherits from
Python's base `Exception` rather than a DRF `APIException`. When this error is raised,
for instance when an audit enrollment creation fails, it is not caught by any
`try...except` blocks. The custom DRF exception handler delegates to the default
handler, which does not process non-`APIException` types. This results in an unhandled
exception, causing the API to return an HTTP 500 Internal Server Error to the client
instead of a more appropriate 4xx error with a meaningful message, violating the API's
error handling contract.

_{Did we get this right? 👍 / 👎 to inform future reviews.}

[sentry]

Bug: A CourseRun.DoesNotExist exception is not caught when querying for a course run, leading to an unhandled exception and a 500 error.
_{Severity: HIGH}

Suggested Fix

Wrap the CourseRun.objects.get() call in a try...except CourseRun.DoesNotExist block. In the except block, raise a rest_framework.exceptions.NotFound exception with a descriptive message to ensure a proper 404 response is returned to the client.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: courses/views/v2/__init__.py#L679

Potential issue: A call to `CourseRun.objects.get()` is made without wrapping it in a
`try...except` block to handle the `CourseRun.DoesNotExist` exception. If an API request
is made with a `courserun_id` that does not exist in the database, this line will raise
an unhandled `DoesNotExist` exception. Neither the custom exception handler nor the
default DRF handler is configured to convert this specific exception into a 404
response. Consequently, a request with an invalid ID will cause an HTTP 500 Internal
Server Error instead of the expected 404 Not Found.

_{Did we get this right? 👍 / 👎 to inform future reviews.}