From d2e2da3b6296cf2e7beb28be026763eab4a6ae08 Mon Sep 17 00:00:00 2001
From: Pooja Kulkarni <pooja@opencraft.com>
Date: Wed, 4 Jan 2023 14:02:54 -0500
Subject: [PATCH 01/11] refactor: rename descriptor -> block within
 lms/djangoapps/mobile_api

Co-authored-by: Agrendalath <piotr@surowiec.it>
---
 lms/djangoapps/mobile_api/decorators.py  | 2 +-
 lms/djangoapps/mobile_api/models.py      | 2 +-
 lms/djangoapps/mobile_api/users/views.py | 8 ++++----
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/lms/djangoapps/mobile_api/decorators.py b/lms/djangoapps/mobile_api/decorators.py
index c91d88fdb635..ea309ce23f15 100644
--- a/lms/djangoapps/mobile_api/decorators.py
+++ b/lms/djangoapps/mobile_api/decorators.py
@@ -29,7 +29,7 @@ def _decorator(func):
         def _wrapper(self, request, *args, **kwargs):
             """
             Expects kwargs to contain 'course_id'.
-            Passes the course descriptor to the given decorated function.
+            Passes the course block to the given decorated function.
             Raises 404 if access to course is disallowed.
             """
             course_id = CourseKey.from_string(kwargs.pop('course_id'))
diff --git a/lms/djangoapps/mobile_api/models.py b/lms/djangoapps/mobile_api/models.py
index f2a912e78c61..ba6f73721456 100644
--- a/lms/djangoapps/mobile_api/models.py
+++ b/lms/djangoapps/mobile_api/models.py
@@ -93,7 +93,7 @@ class IgnoreMobileAvailableFlagConfig(ConfigurationModel):
     Configuration for the mobile_available flag. Default is false.
 
     Enabling this configuration will cause the mobile_available flag check in
-    access.py._is_descriptor_mobile_available to ignore the mobile_available
+    access.py._is_block_mobile_available to ignore the mobile_available
     flag.
 
     .. no_pii:
diff --git a/lms/djangoapps/mobile_api/users/views.py b/lms/djangoapps/mobile_api/users/views.py
index ae0733d5cd92..8f5277fe509a 100644
--- a/lms/djangoapps/mobile_api/users/views.py
+++ b/lms/djangoapps/mobile_api/users/views.py
@@ -141,7 +141,7 @@ def _last_visited_block_path(self, request, course):
         the course block. If there is no such visit, the first item deep enough down the course
         tree is used.
         """
-        field_data_cache = FieldDataCache.cache_for_descriptor_descendents(
+        field_data_cache = FieldDataCache.cache_for_block_descendents(
             course.id, request.user, course, depth=2)
 
         course_block = get_block_for_descriptor(
@@ -174,14 +174,14 @@ def _update_last_visited_module_id(self, request, course, module_key, modificati
         """
         Saves the module id if the found modification_date is less recent than the passed modification date
         """
-        field_data_cache = FieldDataCache.cache_for_descriptor_descendents(
+        field_data_cache = FieldDataCache.cache_for_block_descendents(
             course.id, request.user, course, depth=2)
         try:
-            block_descriptor = modulestore().get_item(module_key)
+            descriptor = modulestore().get_item(module_key)
         except ItemNotFoundError:
             return Response(errors.ERROR_INVALID_MODULE_ID, status=400)
         block = get_block_for_descriptor(
-            request.user, request, block_descriptor, field_data_cache, course.id, course=course
+            request.user, request, descriptor, field_data_cache, course.id, course=course
         )
 
         if modification_date:

From e58284bc6190e7ad4bc0f7f3bd66d6e28990b42d Mon Sep 17 00:00:00 2001
From: Moeez Zahid <moeezzahid1996@gmail.com>
Date: Mon, 19 Jun 2023 19:46:25 +0500
Subject: [PATCH 02/11] fix: Add platform name to mobile config cache key
 (#32504)

---
 lms/djangoapps/mobile_api/middleware.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lms/djangoapps/mobile_api/middleware.py b/lms/djangoapps/mobile_api/middleware.py
index d4a2d0adb253..5fbfb23f4c80 100644
--- a/lms/djangoapps/mobile_api/middleware.py
+++ b/lms/djangoapps/mobile_api/middleware.py
@@ -99,7 +99,7 @@ def _get_version_info(self, request):
                 request_cache_dict[self.USER_APP_VERSION] = platform.version
                 last_supported_date_cache_key = self._get_cache_key_name(
                     self.LAST_SUPPORTED_DATE_HEADER,
-                    platform.version
+                    platform.NAME + platform.version
                 )
                 latest_version_cache_key = self._get_cache_key_name(self.LATEST_VERSION_HEADER, platform.NAME)
                 cached_data = cache.get_many([last_supported_date_cache_key, latest_version_cache_key])

From a82217f075ca298cb54e7c04bdc9de1fefdecd78 Mon Sep 17 00:00:00 2001
From: Moeez Zahid <moeezzahid1996@gmail.com>
Date: Wed, 23 Aug 2023 16:20:20 +0500
Subject: [PATCH 03/11] refactor: Add logging to mobile_api app (#33064)

---
 lms/djangoapps/mobile_api/course_info/views.py | 3 +++
 lms/djangoapps/mobile_api/users/views.py       | 7 +++++++
 2 files changed, 10 insertions(+)

diff --git a/lms/djangoapps/mobile_api/course_info/views.py b/lms/djangoapps/mobile_api/course_info/views.py
index fc48a7c4f932..bd34336cc824 100644
--- a/lms/djangoapps/mobile_api/course_info/views.py
+++ b/lms/djangoapps/mobile_api/course_info/views.py
@@ -147,6 +147,7 @@ def post(self, request, *args, **kwargs):
         course_key = request.data.get('course_key')
 
         if not user_id or not course_key:
+            log.error('User id and course key are required. %s %s', user_id, course_key)
             return Response(
                 'User id and course key are required',
                 status=status.HTTP_400_BAD_REQUEST,
@@ -156,6 +157,7 @@ def post(self, request, *args, **kwargs):
             user_id = int(user_id)
             user = User.objects.get(id=user_id)
         except User.DoesNotExist:
+            log.error('Provided user id does not correspond to an existing user %s', user_id)
             return Response(
                 'Provided user id does not correspond to an existing user',
                 status=status.HTTP_400_BAD_REQUEST,
@@ -164,6 +166,7 @@ def post(self, request, *args, **kwargs):
         try:
             course_key = CourseKey.from_string(course_key)
         except InvalidKeyError:
+            log.error('Provided course key is not valid %s', course_key)
             return Response(
                 'Provided course key is not valid',
                 status=status.HTTP_400_BAD_REQUEST,
diff --git a/lms/djangoapps/mobile_api/users/views.py b/lms/djangoapps/mobile_api/users/views.py
index 8f5277fe509a..049678dcd7ba 100644
--- a/lms/djangoapps/mobile_api/users/views.py
+++ b/lms/djangoapps/mobile_api/users/views.py
@@ -3,6 +3,8 @@
 """
 
 
+import logging
+
 from completion.exceptions import UnavailableCompletionData
 from completion.utilities import get_key_to_last_completed_block
 from django.contrib.auth.models import User  # lint-amnesty, pylint: disable=imported-auth-user
@@ -38,6 +40,8 @@
 from ..decorators import mobile_course_access, mobile_view
 from .serializers import CourseEnrollmentSerializer, CourseEnrollmentSerializerv05, UserSerializer
 
+log = logging.getLogger(__name__)
+
 
 @mobile_view(is_user=True)
 class UserDetail(generics.RetrieveAPIView):
@@ -179,6 +183,7 @@ def _update_last_visited_module_id(self, request, course, module_key, modificati
         try:
             descriptor = modulestore().get_item(module_key)
         except ItemNotFoundError:
+            log.error(f"{errors.ERROR_INVALID_MODULE_ID} %s", module_key)
             return Response(errors.ERROR_INVALID_MODULE_ID, status=400)
         block = get_block_for_descriptor(
             request.user, request, descriptor, field_data_cache, course.id, course=course
@@ -229,12 +234,14 @@ def patch(self, request, course, *args, **kwargs):  # lint-amnesty, pylint: disa
         if modification_date_string:
             modification_date = dateparse.parse_datetime(modification_date_string)
             if not modification_date or not modification_date.tzinfo:
+                log.error(f"{errors.ERROR_INVALID_MODIFICATION_DATE} %s", modification_date_string)
                 return Response(errors.ERROR_INVALID_MODIFICATION_DATE, status=400)
 
         if module_id:
             try:
                 module_key = UsageKey.from_string(module_id)
             except InvalidKeyError:
+                log.error(f"{errors.ERROR_INVALID_MODULE_ID} %s", module_id)
                 return Response(errors.ERROR_INVALID_MODULE_ID, status=400)
 
             return self._update_last_visited_module_id(request, course, module_key, modification_date)

From 86137ef8b84ac38b8863ab4d5a910ab190e2a9b6 Mon Sep 17 00:00:00 2001
From: Feanil Patel <feanil@axim.org>
Date: Fri, 29 Sep 2023 13:24:31 -0400
Subject: [PATCH 04/11] test: Update more tests that had short passwords.

Conflicts:
	lms/djangoapps/instructor/tests/test_filters.py
	lms/djangoapps/learner_recommendations/tests/test_views.py
	openedx/core/djangoapps/notifications/tests/test_views.py
---
 .../tests/test_course_create_rerun.py         |  2 +-
 .../contentstore/tests/test_course_listing.py |  4 +-
 .../tests/test_course_settings.py             |  4 +-
 .../contentstore/tests/test_i18n.py           |  2 +-
 .../tests/test_users_default_role.py          |  2 +-
 cms/djangoapps/contentstore/tests/tests.py    |  2 +-
 .../views/tests/test_certificates.py          | 10 ++--
 .../views/tests/test_organizations.py         |  5 +-
 cms/djangoapps/maintenance/tests.py           | 16 +++---
 .../course_modes/tests/test_admin.py          |  2 +-
 common/djangoapps/student/tests/factories.py  |  4 +-
 .../student/tests/test_admin_views.py         | 17 ++++---
 .../student/tests/test_bulk_email_settings.py |  2 +-
 .../djangoapps/student/tests/test_filters.py  |  2 +-
 .../student/tests/test_retirement.py          |  2 +-
 .../student/tests/test_userstanding.py        |  2 +-
 common/djangoapps/student/tests/test_views.py |  7 ++-
 common/djangoapps/student/tests/tests.py      | 29 ++++++-----
 .../third_party_auth/tests/specs/base.py      |  2 +-
 .../third_party_auth/tests/test_admin.py      |  7 ++-
 lms/djangoapps/badges/api/tests.py            |  2 +-
 .../bulk_email/tests/test_course_optout.py    | 10 ++--
 lms/djangoapps/bulk_email/tests/test_email.py |  2 +-
 .../bulk_email/tests/test_err_handling.py     |  2 +-
 .../bulk_email/tests/test_signals.py          |  4 +-
 lms/djangoapps/ccx/api/v0/tests/test_views.py |  8 +--
 lms/djangoapps/ccx/tests/test_views.py        | 31 ++++++------
 lms/djangoapps/ccx/tests/utils.py             |  6 +--
 .../commerce/api/v1/tests/test_views.py       |  2 +-
 lms/djangoapps/commerce/tests/test_views.py   |  5 +-
 .../course_api/blocks/tests/test_views.py     | 14 +++---
 .../transformers/tests/helpers.py             |  4 +-
 lms/djangoapps/course_wiki/tests/tests.py     |  2 +-
 lms/djangoapps/courseware/tests/helpers.py    |  4 +-
 lms/djangoapps/courseware/tests/test_about.py |  2 +-
 .../courseware/tests/test_access.py           |  6 +--
 .../courseware/tests/test_block_render.py     |  4 +-
 .../courseware/tests/test_course_survey.py    |  2 +-
 .../tests/test_discussion_xblock.py           |  2 +-
 .../courseware/tests/test_entrance_exam.py    |  6 +--
 .../courseware/tests/test_masquerade.py       | 10 ++--
 .../courseware/tests/test_split_module.py     |  4 +-
 .../tests/test_submitting_problems.py         |  2 +-
 lms/djangoapps/courseware/tests/test_tabs.py  |  6 +--
 .../tests/test_view_authentication.py         |  4 +-
 lms/djangoapps/courseware/tests/test_views.py | 28 +++++------
 lms/djangoapps/courseware/testutils.py        |  2 +-
 .../django_comment_client/base/tests.py       |  4 +-
 .../discussion/rest_api/tests/test_views.py   | 16 +++---
 lms/djangoapps/discussion/tests/test_views.py | 22 ++++----
 .../grades/rest_api/v1/tests/mixins.py        |  2 +-
 .../grades/rest_api/v1/tests/test_views.py    |  2 +-
 .../grades/tests/integration/test_access.py   |  4 +-
 .../grades/tests/integration/test_events.py   |  4 +-
 .../grades/tests/integration/test_problems.py | 10 ++--
 lms/djangoapps/instructor/tests/test_api.py   | 50 +++++++++----------
 .../tests/test_api_email_localization.py      |  2 +-
 .../instructor/tests/test_certificates.py     | 40 +++++++--------
 lms/djangoapps/instructor/tests/test_email.py |  4 +-
 .../instructor/tests/test_proctoring.py       |  2 +-
 .../instructor/tests/test_spoc_gradebook.py   |  2 +-
 .../tests/views/test_instructor_dashboard.py  | 14 +++---
 .../rest_api/v1/tests/test_views.py           | 22 ++++----
 .../instructor_task/tests/test_base.py        |  2 +-
 .../api/v0/tests/test_views.py                |  6 +--
 .../learner_dashboard/tests/test_programs.py  | 11 ++--
 .../learner_dashboard/tests/test_views.py     |  7 ++-
 .../tests/test_views.py                       |  5 +-
 lms/djangoapps/mobile_api/testutils.py        |  2 +-
 lms/djangoapps/staticbook/tests.py            |  2 +-
 lms/djangoapps/survey/tests/test_models.py    |  2 +-
 lms/djangoapps/survey/tests/test_utils.py     |  2 +-
 lms/djangoapps/survey/tests/test_views.py     |  2 +-
 .../verify_student/tests/test_views.py        | 16 +++---
 .../contentserver/test/test_contentserver.py  | 14 +++---
 .../course_apps/rest_api/tests/test_views.py  |  2 +-
 .../tests/test_dot_overrides.py               | 19 ++++---
 .../oauth_dispatch/tests/test_views.py        | 11 ++--
 .../safe_sessions/tests/test_middleware.py    | 12 +++--
 .../tests/test_theme_style_overrides.py       |  5 +-
 .../djangoapps/theming/tests/test_views.py    |  2 +-
 .../user_api/accounts/tests/test_api.py       |  2 +-
 .../djangoapps/user_api/tests/test_views.py   |  1 +
 .../verification_api/tests/test_views.py      |  2 +-
 .../user_authn/api/tests/test_views.py        |  4 +-
 .../core/djangoapps/user_authn/tests/utils.py |  2 +-
 .../user_authn/views/tests/test_password.py   |  8 +--
 .../tests/test_course_expiration.py           | 10 ++--
 .../tests/views/test_course_sock.py           |  2 +-
 .../tests/views/test_masquerade.py            |  2 +-
 .../test_crowdsource_hinter.py                |  4 +-
 .../xblock_integration/test_recommender.py    |  6 +--
 .../xblock_integration/xblock_testcase.py     |  6 +--
 xmodule/modulestore/tests/django_utils.py     |  2 +-
 94 files changed, 340 insertions(+), 330 deletions(-)

diff --git a/cms/djangoapps/contentstore/tests/test_course_create_rerun.py b/cms/djangoapps/contentstore/tests/test_course_create_rerun.py
index 1d1b1177d0dc..deef95d03eae 100644
--- a/cms/djangoapps/contentstore/tests/test_course_create_rerun.py
+++ b/cms/djangoapps/contentstore/tests/test_course_create_rerun.py
@@ -50,7 +50,7 @@ def setUp(self):
         self.factory = RequestFactory()
         self.global_admin = AdminFactory()
         self.client = AjaxEnabledTestClient()
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         self.course_create_rerun_url = reverse('course_handler')
         self.course_start = datetime.datetime.utcnow()
         self.course_end = self.course_start + datetime.timedelta(days=30)
diff --git a/cms/djangoapps/contentstore/tests/test_course_listing.py b/cms/djangoapps/contentstore/tests/test_course_listing.py
index 461a1281f55d..66c16dc6dd8c 100644
--- a/cms/djangoapps/contentstore/tests/test_course_listing.py
+++ b/cms/djangoapps/contentstore/tests/test_course_listing.py
@@ -56,12 +56,12 @@ def setUp(self):
         super().setUp()
         # create and log in a staff user.
         # create and log in a non-staff user
-        self.user = UserFactory()
+        self.user = UserFactory(password=self.TEST_PASSWORD)
         self.factory = RequestFactory()
         self.request = self.factory.get('/course')
         self.request.user = self.user
         self.client = AjaxEnabledTestClient()
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
     def _create_course_with_access_groups(self, course_location, user=None):
         """
diff --git a/cms/djangoapps/contentstore/tests/test_course_settings.py b/cms/djangoapps/contentstore/tests/test_course_settings.py
index be7691ee7e45..fb701137287b 100644
--- a/cms/djangoapps/contentstore/tests/test_course_settings.py
+++ b/cms/djangoapps/contentstore/tests/test_course_settings.py
@@ -1866,10 +1866,10 @@ def _get_course_details_response(self, global_staff):
         """
         Return the course details page as either global or non-global staff
         """
-        user = UserFactory(is_staff=global_staff)
+        user = UserFactory(is_staff=global_staff, password=self.TEST_PASSWORD)
         CourseInstructorRole(self.course.id).add_users(user)
 
-        self.client.login(username=user.username, password='test')
+        self.client.login(username=user.username, password=self.TEST_PASSWORD)
 
         return self.client.get_html(self.course_details_url)
 
diff --git a/cms/djangoapps/contentstore/tests/test_i18n.py b/cms/djangoapps/contentstore/tests/test_i18n.py
index ebd5616b9d5e..516261f39739 100644
--- a/cms/djangoapps/contentstore/tests/test_i18n.py
+++ b/cms/djangoapps/contentstore/tests/test_i18n.py
@@ -193,7 +193,7 @@ def setUp(self):
 
         self.uname = 'testuser'
         self.email = 'test+courses@edx.org'
-        self.password = 'foo'
+        self.password = 'password'
 
         # Create the use so we can log them in.
         self.user = UserFactory.create(username=self.uname, email=self.email, password=self.password)
diff --git a/cms/djangoapps/contentstore/tests/test_users_default_role.py b/cms/djangoapps/contentstore/tests/test_users_default_role.py
index 590efc0bff67..1abf0a0ec697 100644
--- a/cms/djangoapps/contentstore/tests/test_users_default_role.py
+++ b/cms/djangoapps/contentstore/tests/test_users_default_role.py
@@ -27,7 +27,7 @@ def setUp(self):
         # create and log in a staff user.
         self.user = UserFactory(is_staff=True)
         self.client = AjaxEnabledTestClient()
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
         # create a course via the view handler to create course
         self.course_key = self.store.make_course_key('Org_1', 'Course_1', 'Run_1')
diff --git a/cms/djangoapps/contentstore/tests/tests.py b/cms/djangoapps/contentstore/tests/tests.py
index f212bc39f1d8..bd2c3dbfd3c8 100644
--- a/cms/djangoapps/contentstore/tests/tests.py
+++ b/cms/djangoapps/contentstore/tests/tests.py
@@ -95,7 +95,7 @@ def setUp(self):
         super().setUp()
 
         self.email = 'a@b.com'
-        self.pw = 'xyz'
+        self.pw = 'password1234'
         self.username = 'testuser'
         self.client = AjaxEnabledTestClient()
         # clear the cache so ratelimiting won't affect these tests
diff --git a/cms/djangoapps/contentstore/views/tests/test_certificates.py b/cms/djangoapps/contentstore/views/tests/test_certificates.py
index 76dfb3be95d7..7af7a448de10 100644
--- a/cms/djangoapps/contentstore/views/tests/test_certificates.py
+++ b/cms/djangoapps/contentstore/views/tests/test_certificates.py
@@ -249,7 +249,7 @@ def test_cannot_create_certificate_if_user_has_no_write_permissions(self):
         Tests user without write permissions on course should not able to create certificate
         """
         user = UserFactory()
-        self.client.login(username=user.username, password='test')
+        self.client.login(username=user.username, password=self.TEST_PASSWORD)
         response = self.client.ajax_post(
             self._url(),
             data=CERTIFICATE_JSON
@@ -635,7 +635,7 @@ def test_delete_certificate_without_write_permissions(self, signatory_path):
         """
         self._add_course_certificates(count=2, signatory_count=1, asset_path_format=signatory_path)
         user = UserFactory()
-        self.client.login(username=user.username, password='test')
+        self.client.login(username=user.username, password=self.TEST_PASSWORD)
         response = self.client.delete(
             self._url(cid=1),
             content_type="application/json",
@@ -653,7 +653,7 @@ def test_delete_certificate_without_global_staff_permissions(self, signatory_pat
         user = UserFactory()
         for role in [CourseInstructorRole, CourseStaffRole]:
             role(self.course.id).add_users(user)
-        self.client.login(username=user.username, password='test')
+        self.client.login(username=user.username, password=self.TEST_PASSWORD)
         response = self.client.delete(
             self._url(cid=1),
             content_type="application/json",
@@ -681,7 +681,7 @@ def test_update_active_certificate_without_global_staff_permissions(self, signat
         user = UserFactory()
         for role in [CourseInstructorRole, CourseStaffRole]:
             role(self.course.id).add_users(user)
-        self.client.login(username=user.username, password='test')
+        self.client.login(username=user.username, password=self.TEST_PASSWORD)
         response = self.client.put(
             self._url(cid=1),
             data=json.dumps(cert_data),
@@ -799,7 +799,7 @@ def test_certificate_activation_without_write_permissions(self, activate, signat
         test_url = reverse_course_url('certificate_activation_handler', self.course.id)
         self._add_course_certificates(count=1, signatory_count=2, asset_path_format=signatory_path)
         user = UserFactory()
-        self.client.login(username=user.username, password='test')
+        self.client.login(username=user.username, password=self.TEST_PASSWORD)
         response = self.client.post(
             test_url,
             data=json.dumps({"is_active": activate}),
diff --git a/cms/djangoapps/contentstore/views/tests/test_organizations.py b/cms/djangoapps/contentstore/views/tests/test_organizations.py
index 6f3b67671101..cf3a376f3461 100644
--- a/cms/djangoapps/contentstore/views/tests/test_organizations.py
+++ b/cms/djangoapps/contentstore/views/tests/test_organizations.py
@@ -14,8 +14,9 @@ class TestOrganizationListing(TestCase):
     """Verify Organization listing behavior."""
     def setUp(self):
         super().setUp()
-        self.staff = UserFactory(is_staff=True)
-        self.client.login(username=self.staff.username, password='test')
+        self.password = "password1234"
+        self.staff = UserFactory(is_staff=True, password=self.password)
+        self.client.login(username=self.staff.username, password=self.password)
         self.org_names_listing_url = reverse('organizations')
         self.org_short_names = ["alphaX", "betaX", "orgX"]
         for index, short_name in enumerate(self.org_short_names):
diff --git a/cms/djangoapps/maintenance/tests.py b/cms/djangoapps/maintenance/tests.py
index dd060c4c0113..a487f8e37faa 100644
--- a/cms/djangoapps/maintenance/tests.py
+++ b/cms/djangoapps/maintenance/tests.py
@@ -30,7 +30,7 @@ class TestMaintenanceIndex(ModuleStoreTestCase):
     def setUp(self):
         super().setUp()
         self.user = AdminFactory()
-        login_success = self.client.login(username=self.user.username, password='test')
+        login_success = self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         self.assertTrue(login_success)
         self.view_url = reverse('maintenance:maintenance_index')
 
@@ -56,7 +56,7 @@ class MaintenanceViewTestCase(ModuleStoreTestCase):
     def setUp(self):
         super().setUp()
         self.user = AdminFactory()
-        login_success = self.client.login(username=self.user.username, password='test')
+        login_success = self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         self.assertTrue(login_success)
 
     def verify_error_message(self, data, error_message):
@@ -110,8 +110,8 @@ def test_non_global_staff_access(self, url):
         """
         Test that all maintenance app views are not accessible to non-global-staff user.
         """
-        user = UserFactory(username='test', email='test@example.com', password='test')
-        login_success = self.client.login(username=user.username, password='test')
+        user = UserFactory(username='test', email='test@example.com', password=self.TEST_PASSWORD)
+        login_success = self.client.login(username=user.username, password=self.TEST_PASSWORD)
         self.assertTrue(login_success)
 
         response = self.client.get(url)
@@ -245,13 +245,13 @@ def setUp(self):
         self.admin = AdminFactory.create(
             email='staff@edx.org',
             username='admin',
-            password='pass'
+            password=self.TEST_PASSWORD
         )
-        self.client.login(username=self.admin.username, password='pass')
+        self.client.login(username=self.admin.username, password=self.TEST_PASSWORD)
         self.non_staff_user = UserFactory.create(
             email='test@edx.org',
             username='test',
-            password='pass'
+            password=self.TEST_PASSWORD
         )
 
     def test_index(self):
@@ -301,7 +301,7 @@ def _test_403(self, viewname, kwargs=None):
         self.assertEqual(response.status_code, 403)
 
     def test_authorization(self):
-        self.client.login(username=self.non_staff_user, password='pass')
+        self.client.login(username=self.non_staff_user, password=self.TEST_PASSWORD)
         announcement = Announcement.objects.create(content="Test Delete")
         announcement.save()
 
diff --git a/common/djangoapps/course_modes/tests/test_admin.py b/common/djangoapps/course_modes/tests/test_admin.py
index 52640dc52fe5..25b6558d24ab 100644
--- a/common/djangoapps/course_modes/tests/test_admin.py
+++ b/common/djangoapps/course_modes/tests/test_admin.py
@@ -54,7 +54,7 @@ def test_expiration_timezone(self):
             '_expiration_datetime_1': expiration.time(),
         }
 
-        self.client.login(username=user.username, password='test')
+        self.client.login(username=user.username, password=self.TEST_PASSWORD)
 
         # Create a new course mode from django admin page
         response = self.client.post(reverse('admin:course_modes_coursemode_add'), data=data)
diff --git a/common/djangoapps/student/tests/factories.py b/common/djangoapps/student/tests/factories.py
index 708082412516..506d1818e4c4 100644
--- a/common/djangoapps/student/tests/factories.py
+++ b/common/djangoapps/student/tests/factories.py
@@ -35,7 +35,7 @@
 from openedx.core.djangoapps.content.course_overviews.models import CourseOverview
 from openedx.core.djangoapps.content.course_overviews.tests.factories import CourseOverviewFactory
 
-TEST_PASSWORD = 'test'
+TEST_PASSWORD = 'password'
 
 
 class GroupFactory(DjangoModelFactory):  # lint-amnesty, pylint: disable=missing-class-docstring
@@ -81,7 +81,7 @@ class Meta:
         model = User
         django_get_or_create = ('email', 'username')
 
-    _DEFAULT_PASSWORD = 'test'
+    _DEFAULT_PASSWORD = 'password'
 
     username = factory.Sequence('robot{}'.format)
     email = factory.Sequence('robot+test+{}@edx.org'.format)
diff --git a/common/djangoapps/student/tests/test_admin_views.py b/common/djangoapps/student/tests/test_admin_views.py
index 5c6350c2f0ce..7ae693606daf 100644
--- a/common/djangoapps/student/tests/test_admin_views.py
+++ b/common/djangoapps/student/tests/test_admin_views.py
@@ -53,7 +53,7 @@ def test_save_valid_data(self):
             'email': self.user.email
         }
 
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
         # # adding new role from django admin page
         response = self.client.post(reverse('admin:student_courseaccessrole_add'), data=data)
@@ -78,7 +78,7 @@ def test_save_without_org_and_course_data(self):
             'course_id': str(self.course.id)
         }
 
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
         # # adding new role from django admin page
         response = self.client.post(reverse('admin:student_courseaccessrole_add'), data=data)
@@ -96,7 +96,7 @@ def test_save_with_course_only(self):
 
         }
 
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
         # # adding new role from django admin page
         response = self.client.post(reverse('admin:student_courseaccessrole_add'), data=data)
@@ -115,7 +115,7 @@ def test_save_with_org_only(self):
 
         }
 
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
         # # adding new role from django admin page
         response = self.client.post(reverse('admin:student_courseaccessrole_add'), data=data)
@@ -136,7 +136,7 @@ def test_save_with_invalid_course(self):
             'email': email
         }
 
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
         # Adding new role with invalid data
         response = self.client.post(reverse('admin:student_courseaccessrole_add'), data=data)
@@ -163,7 +163,7 @@ def test_save_valid_course_invalid_org(self):
             'email': self.user.email
         }
 
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
         # # adding new role from django admin page
         response = self.client.post(reverse('admin:student_courseaccessrole_add'), data=data)
@@ -230,7 +230,7 @@ def setUp(self):
             user=self.user,
             course_id=self.course.id,  # pylint: disable=no-member
         )
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
     @ddt.data(*ADMIN_URLS)
     @ddt.unpack
@@ -326,11 +326,12 @@ def setUpClass(cls):
         super().setUpClass()
         cls.user = UserFactory.create(username='§', is_staff=True, is_superuser=True)
         cls.user.save()
+        cls.TEST_PASSWORD = 'password'
 
     def setUp(self):
         """Setup."""
         super().setUp()
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         self.user2 = UserFactory.create(username='Zażółć gęślą jaźń')
         self.user_lockout_until = datetime.datetime.now(UTC)
         LoginFailures.objects.create(user=self.user, failure_count=10, lockout_until=self.user_lockout_until)
diff --git a/common/djangoapps/student/tests/test_bulk_email_settings.py b/common/djangoapps/student/tests/test_bulk_email_settings.py
index d9bfd15621ca..308ccf66e09d 100644
--- a/common/djangoapps/student/tests/test_bulk_email_settings.py
+++ b/common/djangoapps/student/tests/test_bulk_email_settings.py
@@ -33,7 +33,7 @@ def setUp(self):
         # Create student account
         student = UserFactory.create()
         CourseEnrollmentFactory.create(user=student, course_id=self.course.id)
-        self.client.login(username=student.username, password="test")
+        self.client.login(username=student.username, password=self.TEST_PASSWORD)
 
         self.url = reverse('dashboard')
         # URL for email settings modal
diff --git a/common/djangoapps/student/tests/test_filters.py b/common/djangoapps/student/tests/test_filters.py
index 6e429fd39a5c..376595a8507b 100644
--- a/common/djangoapps/student/tests/test_filters.py
+++ b/common/djangoapps/student/tests/test_filters.py
@@ -316,7 +316,7 @@ class StudentDashboardFiltersTest(ModuleStoreTestCase):
     def setUp(self):  # pylint: disable=arguments-differ
         super().setUp()
         self.user = UserFactory()
-        self.client.login(username=self.user.username, password="test")
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         self.dashboard_url = reverse("dashboard")
         self.first_course = CourseFactory.create(
             org="test1", course="course1", display_name="run1",
diff --git a/common/djangoapps/student/tests/test_retirement.py b/common/djangoapps/student/tests/test_retirement.py
index a7e5fac86571..96c0034a0e7c 100644
--- a/common/djangoapps/student/tests/test_retirement.py
+++ b/common/djangoapps/student/tests/test_retirement.py
@@ -260,7 +260,7 @@ def setUp(self):
             'username': 'username',
             'email': 'foo_bar' + '@bar.com',
             'name': 'foo bar',
-            'password': '123',
+            'password': '12345678',
             'terms_of_service': 'true',
             'honor_code': 'true',
         }
diff --git a/common/djangoapps/student/tests/test_userstanding.py b/common/djangoapps/student/tests/test_userstanding.py
index 832127e474ed..e7b9bab233a1 100644
--- a/common/djangoapps/student/tests/test_userstanding.py
+++ b/common/djangoapps/student/tests/test_userstanding.py
@@ -43,7 +43,7 @@ def setUp(self):
             (self.non_staff, self.non_staff_client),
             (self.admin, self.admin_client),
         ]:
-            client.login(username=user.username, password='test')
+            client.login(username=user.username, password='password')
 
         UserStandingFactory.create(
             user=self.bad_user,
diff --git a/common/djangoapps/student/tests/test_views.py b/common/djangoapps/student/tests/test_views.py
index b9518efa0446..1230f8320a75 100644
--- a/common/djangoapps/student/tests/test_views.py
+++ b/common/djangoapps/student/tests/test_views.py
@@ -49,7 +49,6 @@
 from xmodule.modulestore.tests.django_utils import SharedModuleStoreTestCase  # lint-amnesty, pylint: disable=wrong-import-order
 from xmodule.modulestore.tests.factories import CourseFactory, BlockFactory  # lint-amnesty, pylint: disable=wrong-import-order
 
-PASSWORD = 'test'
 TOMORROW = now() + timedelta(days=1)
 ONE_WEEK_AGO = now() - timedelta(weeks=1)
 THREE_YEARS_FROM_NOW = now() + timedelta(days=(365 * 3))
@@ -81,7 +80,7 @@ def setUp(self):
         self.user = UserFactory()
         self.enrollment = CourseEnrollmentFactory(course_id=self.course.id, user=self.user)
         self.cert_status = 'processing'
-        self.client.login(username=self.user.username, password=PASSWORD)
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
     def mock_cert(self, _user, _course_overview):
         """ Return a preset certificate status. """
@@ -212,7 +211,7 @@ def setUp(self):
         """
         super().setUp()
         self.user = UserFactory()
-        self.client.login(username=self.user.username, password=PASSWORD)
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         self.path = reverse('dashboard')
 
     def set_course_sharing_urls(self, set_marketing, set_social_sharing):
@@ -1018,7 +1017,7 @@ class TestCourseDashboardNoticesRedirects(SharedModuleStoreTestCase):
     def setUp(self):
         super().setUp()
         self.user = UserFactory()
-        self.client.login(username=self.user.username, password=PASSWORD)
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         self.path = reverse('dashboard')
 
     def test_check_for_unacknowledged_notices(self):
diff --git a/common/djangoapps/student/tests/tests.py b/common/djangoapps/student/tests/tests.py
index b41ad2f856d6..a90b2504d137 100644
--- a/common/djangoapps/student/tests/tests.py
+++ b/common/djangoapps/student/tests/tests.py
@@ -278,7 +278,7 @@ class DashboardTest(ModuleStoreTestCase, TestVerificationBase):
     def setUp(self):
         super().setUp()
         self.course = CourseFactory.create()
-        self.user = UserFactory.create(username="jack", email="jack@fake.edx.org", password='test')
+        self.user = UserFactory.create(username="jack", email="jack@fake.edx.org", password=self.TEST_PASSWORD)
         self.client = Client()
         cache.clear()
 
@@ -307,7 +307,7 @@ def test_verification_status_visible(self):
         """
         Test that the certificate verification status for courses is visible on the dashboard.
         """
-        self.client.login(username="jack", password="test")
+        self.client.login(username="jack", password=self.TEST_PASSWORD)
         self._check_verification_status_on('verified', 'You&#39;re enrolled as a verified student')
         self._check_verification_status_on('honor', 'You&#39;re enrolled as an honor code student')
         self._check_verification_status_off('audit', '')
@@ -345,7 +345,7 @@ def test_verification_status_invisible(self):
         Test that the certificate verification status for courses is not visible on the dashboard
         if the verified certificates setting is off.
         """
-        self.client.login(username="jack", password="test")
+        self.client.login(username="jack", password=self.TEST_PASSWORD)
         self._check_verification_status_off('verified', 'You\'re enrolled as a verified student')
         self._check_verification_status_off('honor', 'You\'re enrolled as an honor code student')
         self._check_verification_status_off('audit', '')
@@ -371,7 +371,7 @@ def test_course_mode_info(self):
     @skip_unless_lms
     def test_linked_in_add_to_profile_btn_not_appearing_without_config(self):
         # Without linked-in config don't show Add Certificate to LinkedIn button
-        self.client.login(username="jack", password="test")
+        self.client.login(username="jack", password=self.TEST_PASSWORD)
 
         CourseModeFactory.create(
             course_id=self.course.id,
@@ -409,7 +409,7 @@ def test_linked_in_add_to_profile_btn_not_appearing_without_config(self):
     def test_linked_in_add_to_profile_btn_with_certificate(self):
         # If user has a certificate with valid linked-in config then Add Certificate to LinkedIn button
         # should be visible. and it has URL value with valid parameters.
-        self.client.login(username="jack", password="test")
+        self.client.login(username="jack", password=self.TEST_PASSWORD)
 
         linkedin_config = LinkedInAddToProfileConfiguration.objects.create(company_identifier='1337', enabled=True)
         CourseModeFactory.create(
@@ -480,7 +480,7 @@ def test_dashboard_metadata_caching(self):
         # Create a course and log in the user.
         # Creating a new course will trigger a publish event and the course will be cached
         test_course = CourseFactory.create(emit_signals=True)
-        self.client.login(username="jack", password="test")
+        self.client.login(username="jack", password=self.TEST_PASSWORD)
 
         with check_mongo_calls(0):
             CourseEnrollment.enroll(self.user, test_course.id)
@@ -495,7 +495,7 @@ def test_dashboard_metadata_caching(self):
 
     @skip_unless_lms
     def test_dashboard_header_nav_has_find_courses(self):
-        self.client.login(username="jack", password="test")
+        self.client.login(username="jack", password=self.TEST_PASSWORD)
         response = self.client.get(reverse("dashboard"))
 
         # "Explore courses" is shown in the side panel
@@ -542,7 +542,7 @@ def setUp(self):
         super().setUp()
         self.org = 'fakeX'
         self.course = CourseFactory.create(org=self.org)
-        self.user = UserFactory.create(username='jack', email='jack@fake.edx.org', password='test')
+        self.user = UserFactory.create(username='jack', email='jack@fake.edx.org', password=self.TEST_PASSWORD)
         CourseModeFactory.create(mode_slug='no-id-professional', course_id=self.course.id)
         CourseEnrollment.enroll(self.user, self.course.location.course_key, mode='no-id-professional')
         cache.clear()
@@ -564,7 +564,7 @@ def test_course_mode_visible(self, site_domain, site_configuration_values):
             'course_org_filter': self.org
         })
         self.set_up_site(site_domain, site_configuration_values)
-        self.client.login(username='jack', password='test')
+        self.client.login(username='jack', password=self.TEST_PASSWORD)
         response = self.client.get(reverse('dashboard'))
         self.assertContains(response, 'class="course professional"')
 
@@ -585,7 +585,7 @@ def test_course_mode_invisible(self, site_domain, site_configuration_values):
             'course_org_filter': self.org
         })
         self.set_up_site(site_domain, site_configuration_values)
-        self.client.login(username='jack', password='test')
+        self.client.login(username='jack', password=self.TEST_PASSWORD)
         response = self.client.get(reverse('dashboard'))
         self.assertNotContains(response, 'class="course professional"')
 
@@ -899,8 +899,8 @@ class ChangeEnrollmentViewTest(ModuleStoreTestCase):
     def setUp(self):
         super().setUp()
         self.course = CourseFactory.create()
-        self.user = UserFactory.create(password='secret')
-        self.client.login(username=self.user.username, password='secret')
+        self.user = UserFactory.create(password=self.TEST_PASSWORD)
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         self.url = reverse('change_enrollment')
 
     def _enroll_through_view(self, course):
@@ -1056,14 +1056,13 @@ def test_anonymous_id_secret_key_changes_result_in_diff_values_for_same_new_user
 class RelatedProgramsTests(ProgramsApiConfigMixin, SharedModuleStoreTestCase):
     """Tests verifying that related programs appear on the course dashboard."""
     maxDiff = None
-    password = 'test'
     related_programs_preface = 'Related Programs'
 
     @classmethod
     def setUpClass(cls):
         super().setUpClass()
 
-        cls.user = UserFactory()
+        cls.user = UserFactory(password=cls.TEST_PASSWORD)
         cls.course = CourseFactory()
         cls.enrollment = CourseEnrollmentFactory(user=cls.user, course_id=cls.course.id)  # pylint: disable=no-member
 
@@ -1073,7 +1072,7 @@ def setUp(self):
         self.url = reverse('dashboard')
 
         self.create_programs_config()
-        self.client.login(username=self.user.username, password=self.password)
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
         course_run = CourseRunFactory(key=str(self.course.id))  # pylint: disable=no-member
         course = CatalogCourseFactory(course_runs=[course_run])
diff --git a/common/djangoapps/third_party_auth/tests/specs/base.py b/common/djangoapps/third_party_auth/tests/specs/base.py
index 9a51049d86b4..b7efc310a1fc 100644
--- a/common/djangoapps/third_party_auth/tests/specs/base.py
+++ b/common/djangoapps/third_party_auth/tests/specs/base.py
@@ -481,7 +481,7 @@ def _test_login(self):
         # The AJAX on the page will log them in:
         ajax_login_response = self.client.post(
             reverse('user_api_login_session', kwargs={'api_version': 'v1'}),
-            {'email': self.user.email, 'password': 'test'}
+            {'email': self.user.email, 'password': 'password'}
         )
         assert ajax_login_response.status_code == 200
         # Then the AJAX will finish the third party auth:
diff --git a/common/djangoapps/third_party_auth/tests/test_admin.py b/common/djangoapps/third_party_auth/tests/test_admin.py
index c5481a3a09b4..a1b2e2235d9f 100644
--- a/common/djangoapps/third_party_auth/tests/test_admin.py
+++ b/common/djangoapps/third_party_auth/tests/test_admin.py
@@ -14,6 +14,9 @@
 from common.djangoapps.third_party_auth.tests.utils import skip_unless_thirdpartyauth
 
 
+TEST_PASSWORD = 'password'
+
+
 # This is necessary because cms does not implement third party auth
 @skip_unless_thirdpartyauth()
 class Oauth2ProviderConfigAdminTest(testutil.TestCase):
@@ -36,9 +39,9 @@ def test_oauth2_provider_edit_icon_image(self):
         prepopulated correctly, and that we can clear and update the image.
         """
         # Login as a super user
-        user = UserFactory.create(is_staff=True, is_superuser=True)
+        user = UserFactory.create(is_staff=True, is_superuser=True, password=TEST_PASSWORD)
         user.save()
-        self.client.login(username=user.username, password='test')
+        self.client.login(username=user.username, password=TEST_PASSWORD)
 
         # Get baseline provider count
         providers = OAuth2ProviderConfig.objects.all()
diff --git a/lms/djangoapps/badges/api/tests.py b/lms/djangoapps/badges/api/tests.py
index e0031c29dee4..cadb30d11a9a 100644
--- a/lms/djangoapps/badges/api/tests.py
+++ b/lms/djangoapps/badges/api/tests.py
@@ -29,7 +29,7 @@ def setUp(self):
         self.course = CourseFactory.create()
         self.user = UserFactory.create()
         # Password defined by factory.
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
     def url(self):
         """
diff --git a/lms/djangoapps/bulk_email/tests/test_course_optout.py b/lms/djangoapps/bulk_email/tests/test_course_optout.py
index a618545bcd68..fe0f70fbdc3b 100644
--- a/lms/djangoapps/bulk_email/tests/test_course_optout.py
+++ b/lms/djangoapps/bulk_email/tests/test_course_optout.py
@@ -40,7 +40,7 @@ def setUp(self):
         # load initial content (since we don't run migrations as part of tests):
         call_command("loaddata", "course_email_template.json")
 
-        self.client.login(username=self.student.username, password="test")
+        self.client.login(username=self.student.username, password=self.TEST_PASSWORD)
 
         self.send_mail_url = reverse('send_email', kwargs={'course_id': str(self.course.id)})
         self.success_content = {
@@ -70,7 +70,7 @@ def test_optout_course(self):
 
         self.client.logout()
 
-        self.client.login(username=self.instructor.username, password="test")
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
         self.navigate_to_email_view()
 
         test_email = {
@@ -92,7 +92,7 @@ def test_optout_using_unsubscribe_link_in_email(self):
         """
         self.client.logout()
 
-        self.client.login(username=self.instructor.username, password="test")
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
 
         unsubscribe_link = get_unsubscribed_link(self.student.username, str(self.course.id))
         response = self.client.post(unsubscribe_link, {'unsubscribe': True})
@@ -122,7 +122,7 @@ def test_optin_course(self):
 
         assert CourseEnrollment.is_enrolled(self.student, self.course.id)
 
-        self.client.login(username=self.instructor.username, password="test")
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
         self.navigate_to_email_view()
 
         test_email = {
@@ -155,7 +155,7 @@ def setUp(self):
         self.student = UserFactory.create()
         CourseEnrollmentFactory.create(user=self.student, course_id=self.course.id)
 
-        self.client.login(username=self.student.username, password="test")
+        self.client.login(username=self.student.username, password=self.TEST_PASSWORD)
 
         self._set_email_optout(False)
         self.policy = CourseEmailOptout()
diff --git a/lms/djangoapps/bulk_email/tests/test_email.py b/lms/djangoapps/bulk_email/tests/test_email.py
index b67864381bfa..ba95bd26ddda 100644
--- a/lms/djangoapps/bulk_email/tests/test_email.py
+++ b/lms/djangoapps/bulk_email/tests/test_email.py
@@ -87,7 +87,7 @@ def login_as_user(self, user):
         """
         Log in self.client as user.
         """
-        self.client.login(username=user.username, password="test")
+        self.client.login(username=user.username, password=self.TEST_PASSWORD)
 
     def goto_instructor_dash_email_view(self):
         """
diff --git a/lms/djangoapps/bulk_email/tests/test_err_handling.py b/lms/djangoapps/bulk_email/tests/test_err_handling.py
index 3f3ffe9b6977..06e9a1dce40f 100644
--- a/lms/djangoapps/bulk_email/tests/test_err_handling.py
+++ b/lms/djangoapps/bulk_email/tests/test_err_handling.py
@@ -53,7 +53,7 @@ def setUp(self):
         course_title = "ẗëṡẗ title ｲ乇丂ｲ ﾶ乇丂丂ﾑg乇 ｷo尺 ﾑﾚﾚ тэѕт мэѕѕаБэ"
         self.course = CourseFactory.create(display_name=course_title)
         self.instructor = AdminFactory.create()
-        self.client.login(username=self.instructor.username, password="test")
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
 
         # load initial content (since we don't run migrations as part of tests):
         call_command("loaddata", "course_email_template.json")
diff --git a/lms/djangoapps/bulk_email/tests/test_signals.py b/lms/djangoapps/bulk_email/tests/test_signals.py
index ea369fa80524..1a3715284b12 100644
--- a/lms/djangoapps/bulk_email/tests/test_signals.py
+++ b/lms/djangoapps/bulk_email/tests/test_signals.py
@@ -33,7 +33,7 @@ def setUp(self):
         # load initial content (since we don't run migrations as part of tests):
         call_command("loaddata", "course_email_template.json")
 
-        self.client.login(username=self.student.username, password="test")
+        self.client.login(username=self.student.username, password=self.TEST_PASSWORD)
 
         self.send_mail_url = reverse('send_email', kwargs={'course_id': str(self.course.id)})
         self.success_content = {
@@ -78,7 +78,7 @@ def test_optout_course(self):
         force_optout_all(sender=self.__class__, user=self.student)
 
         # Try to send a bulk course email
-        self.client.login(username=self.instructor.username, password="test")
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
         self.send_test_email()
 
         # Assert that self.student.email not in mail.to, outbox should only contain "myself" target
diff --git a/lms/djangoapps/ccx/api/v0/tests/test_views.py b/lms/djangoapps/ccx/api/v0/tests/test_views.py
index 489a776e6ef4..5bd491c2df23 100644
--- a/lms/djangoapps/ccx/api/v0/tests/test_views.py
+++ b/lms/djangoapps/ccx/api/v0/tests/test_views.py
@@ -33,7 +33,7 @@
 from lms.djangoapps.instructor.enrollment import enroll_email, get_email_params
 from openedx.core.lib.courses import get_course_by_id
 
-USER_PASSWORD = 'test'
+USER_PASSWORD = 'password'
 
 
 class CcxRestApiTest(CcxTestCase, APITestCase):
@@ -760,7 +760,7 @@ def test_authorization_no_oauth_staff(self):
         """
         # create a staff user
         staff_user = UserFactory.create(
-            username='test_staff_user', email='test_staff_user@openedx.org', password='test',
+            username='test_staff_user', email='test_staff_user@openedx.org', password=USER_PASSWORD,
         )
         # add staff role to the staff user
         CourseStaffRole(self.master_course_key).add_users(staff_user)
@@ -779,7 +779,7 @@ def test_authorization_no_oauth_instructor(self):
         """
         # create an instructor user
         instructor_user = UserFactory.create(
-            username='test_instructor_user', email='test_instructor_user@openedx.org', password='test',
+            username='test_instructor_user', email='test_instructor_user@openedx.org', password=USER_PASSWORD,
         )
         # add instructor role to the instructor user
         CourseInstructorRole(self.master_course_key).add_users(instructor_user)
@@ -798,7 +798,7 @@ def test_authorization_no_oauth_other_coach(self):
         """
         # create an coach user
         coach_user = UserFactory.create(
-            username='test_coach_user', email='test_coach_user@openedx.org', password='test',
+            username='test_coach_user', email='test_coach_user@openedx.org', password=USER_PASSWORD,
         )
         # add coach role to the coach user
         CourseCcxCoachRole(self.master_course_key).add_users(coach_user)
diff --git a/lms/djangoapps/ccx/tests/test_views.py b/lms/djangoapps/ccx/tests/test_views.py
index b18ed5c2aae1..6dd569c0fb59 100644
--- a/lms/djangoapps/ccx/tests/test_views.py
+++ b/lms/djangoapps/ccx/tests/test_views.py
@@ -129,13 +129,14 @@ def setUp(self):
         ccx = self.make_ccx()
         ccx_key = CCXLocator.from_course_locator(self.course.id, ccx.id)
         self.url = reverse('ccx_coach_dashboard', kwargs={'course_id': ccx_key})
+        self.TEST_PASSWORD = 'password'
 
     def test_staff_access_coach_dashboard(self):
         """
         User is staff, should access coach dashboard.
         """
         staff = self.make_staff()
-        self.client.login(username=staff.username, password="test")
+        self.client.login(username=staff.username, password=self.TEST_PASSWORD)
 
         response = self.client.get(self.url)
         assert response.status_code == 200
@@ -145,7 +146,7 @@ def test_instructor_access_coach_dashboard(self):
         User is instructor, should access coach dashboard.
         """
         instructor = self.make_instructor()
-        self.client.login(username=instructor.username, password="test")
+        self.client.login(username=instructor.username, password=self.TEST_PASSWORD)
 
         # Now access URL
         response = self.client.get(self.url)
@@ -155,8 +156,8 @@ def test_forbidden_user_access_coach_dashboard(self):
         """
         Assert user with no access must not see dashboard.
         """
-        user = UserFactory.create(password="test")
-        self.client.login(username=user.username, password="test")
+        user = UserFactory.create(password=self.TEST_PASSWORD)
+        self.client.login(username=user.username, password=self.TEST_PASSWORD)
         response = self.client.get(self.url)
         assert response.status_code == 403
 
@@ -211,12 +212,12 @@ def assert_progress_summary(self, ccx_course_key, due):
         """
         assert signal and schedule update.
         """
-        student = UserFactory.create(is_staff=False, password="test")
+        student = UserFactory.create(is_staff=False, password=self.TEST_PASSWORD)
         CourseEnrollment.enroll(student, ccx_course_key)
         assert CourseEnrollment.objects.filter(course_id=ccx_course_key, user=student).exists()
 
         # login as student
-        self.client.login(username=student.username, password="test")
+        self.client.login(username=student.username, password=self.TEST_PASSWORD)
         progress_page_response = self.client.get(
             reverse('progress', kwargs={'course_id': ccx_course_key})
         )
@@ -236,7 +237,7 @@ def test_edit_schedule(self):
         self.make_coach()
         ccx = self.make_ccx()
         ccx_course_key = CCXLocator.from_course_locator(self.course.id, str(ccx.id))
-        self.client.login(username=self.coach.username, password="test")
+        self.client.login(username=self.coach.username, password=self.TEST_PASSWORD)
 
         url = reverse('ccx_coach_dashboard', kwargs={'course_id': ccx_course_key})
         response = self.client.get(url)
@@ -295,7 +296,7 @@ def setUp(self):
         """
         super().setUp()
         # Login with the instructor account
-        self.client.login(username=self.coach.username, password="test")
+        self.client.login(username=self.coach.username, password=self.TEST_PASSWORD)
 
         # adding staff to master course.
         staff = UserFactory()
@@ -315,8 +316,8 @@ def test_not_a_coach(self):
         ccx = self.make_ccx()
 
         # create session of non-coach user
-        user = UserFactory.create(password="test")
-        self.client.login(username=user.username, password="test")
+        user = UserFactory.create(password=self.TEST_PASSWORD)
+        self.client.login(username=user.username, password=self.TEST_PASSWORD)
         url = reverse(
             'ccx_coach_dashboard',
             kwargs={'course_id': CCXLocator.from_course_locator(self.course.id, ccx.id)})
@@ -841,7 +842,7 @@ def setUp(self):
         self.mstore = modulestore()
 
         # Login with the instructor account
-        self.client.login(username=self.coach.username, password="test")
+        self.client.login(username=self.coach.username, password=self.TEST_PASSWORD)
 
         # adding staff to master course.
         staff = UserFactory()
@@ -981,7 +982,7 @@ def setUp(self):
 
         # Create instructor account
         self.coach = coach = AdminFactory.create()
-        self.client.login(username=coach.username, password="test")
+        self.client.login(username=coach.username, password=self.TEST_PASSWORD)
 
         # Create CCX
         role = CourseCcxCoachRole(self._course.id)
@@ -1009,7 +1010,7 @@ def setUp(self):
         self.course = get_course_by_id(self.ccx_key, depth=None)
         CourseOverview.load_from_module_store(self.course.id)
         setup_students_and_grades(self)
-        self.client.login(username=coach.username, password="test")
+        self.client.login(username=coach.username, password=self.TEST_PASSWORD)
         self.addCleanup(RequestCache.clear_all_namespaces)
         from xmodule.modulestore.django import SignalHandler
 
@@ -1068,7 +1069,7 @@ def test_student_progress(self):
         get_course.return_value = self.course
         self.addCleanup(patch_context.stop)
 
-        self.client.login(username=self.student.username, password="test")  # lint-amnesty, pylint: disable=no-member
+        self.client.login(username=self.student.username, password=self.TEST_PASSWORD)  # lint-amnesty, pylint: disable=no-member
         url = reverse(
             'progress',
             kwargs={'course_id': self.ccx_key}
@@ -1194,7 +1195,7 @@ def setUp(self):
 
         # Create a Split Mongo course and enroll a student user in it.
         self.student_password = "foobar"
-        self.student = UserFactory.create(username="test", password=self.student_password, is_staff=False)
+        self.student = UserFactory.create(username=self.TEST_PASSWORD, password=self.student_password, is_staff=False)
         self.split_course = SampleCourseFactory.create(default_store=ModuleStoreEnum.Type.split)
         CourseEnrollment.enroll(self.student, self.split_course.id)
 
diff --git a/lms/djangoapps/ccx/tests/utils.py b/lms/djangoapps/ccx/tests/utils.py
index 4d36353b9a75..4f8c34e14c2d 100644
--- a/lms/djangoapps/ccx/tests/utils.py
+++ b/lms/djangoapps/ccx/tests/utils.py
@@ -68,7 +68,7 @@ def setUp(self):
         """
         super().setUp()
         # Create instructor account
-        self.coach = UserFactory.create(password="test")
+        self.coach = UserFactory.create()
         # create an instance of modulestore
         self.mstore = modulestore()
 
@@ -76,7 +76,7 @@ def make_staff(self):
         """
         create staff user.
         """
-        staff = UserFactory.create(password="test")
+        staff = UserFactory.create()
         role = CourseStaffRole(self.course.id)
         role.add_users(staff)
 
@@ -86,7 +86,7 @@ def make_instructor(self):
         """
         create instructor user.
         """
-        instructor = UserFactory.create(password="test")
+        instructor = UserFactory.create()
         role = CourseInstructorRole(self.course.id)
         role.add_users(instructor)
 
diff --git a/lms/djangoapps/commerce/api/v1/tests/test_views.py b/lms/djangoapps/commerce/api/v1/tests/test_views.py
index 47de5d8ff598..68f3d92d52af 100644
--- a/lms/djangoapps/commerce/api/v1/tests/test_views.py
+++ b/lms/djangoapps/commerce/api/v1/tests/test_views.py
@@ -23,7 +23,7 @@
 from ....tests.mocks import mock_order_endpoint
 from ....tests.test_views import UserMixin
 
-PASSWORD = 'test'
+PASSWORD = 'password'
 JSON_CONTENT_TYPE = 'application/json'
 
 
diff --git a/lms/djangoapps/commerce/tests/test_views.py b/lms/djangoapps/commerce/tests/test_views.py
index 9af2ee7d9701..8932c826c7fc 100644
--- a/lms/djangoapps/commerce/tests/test_views.py
+++ b/lms/djangoapps/commerce/tests/test_views.py
@@ -3,6 +3,9 @@
 from common.djangoapps.student.tests.factories import UserFactory
 
 
+TEST_PASSWORD = "password"
+
+
 class UserMixin:
     """ Mixin for tests involving users. """
 
@@ -12,4 +15,4 @@ def setUp(self):
 
     def _login(self):
         """ Log into LMS. """
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=TEST_PASSWORD)
diff --git a/lms/djangoapps/course_api/blocks/tests/test_views.py b/lms/djangoapps/course_api/blocks/tests/test_views.py
index 72e5e430f6d8..e2426708d6bc 100644
--- a/lms/djangoapps/course_api/blocks/tests/test_views.py
+++ b/lms/djangoapps/course_api/blocks/tests/test_views.py
@@ -60,7 +60,7 @@ def setUp(self):
         self.admin_user = AdminFactory.create()
         self.data_researcher = UserFactory.create()
         CourseDataResearcherRole(self.course_key).add_users(self.data_researcher)
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         CourseEnrollmentFactory.create(user=self.user, course_id=self.course_key)
 
         # default values for url and query_params
@@ -248,7 +248,7 @@ def test_public_course_all_blocks_and_empty_username(self):
         self.client.logout()
         self.verify_response(403, cacheable=False)
         # Verify response for a staff user.
-        self.client.login(username=self.admin_user.username, password='test')
+        self.client.login(username=self.admin_user.username, password=self.TEST_PASSWORD)
         self.verify_response(cacheable=False)
 
     def test_non_existent_course(self):
@@ -269,7 +269,7 @@ def test_no_user_staff_not_all_blocks(self):
         self.verify_response(400)
 
     def test_no_user_staff_all_blocks(self):
-        self.client.login(username=self.admin_user.username, password='test')
+        self.client.login(username=self.admin_user.username, password=self.TEST_PASSWORD)
         self.query_params.pop('username')
         self.query_params['all_blocks'] = True
         self.verify_response()
@@ -319,7 +319,7 @@ def test_extra_field_when_requested(self):
             - other_course_settings
             - course_visibility
         """
-        self.client.login(username=self.admin_user.username, password='test')
+        self.client.login(username=self.admin_user.username, password=self.TEST_PASSWORD)
         response = self.verify_response(params={
             'all_blocks': True,
             'requested_fields': ['other_course_settings', 'course_visibility'],
@@ -351,7 +351,7 @@ def test_extra_field_when_not_requested(self):
             - other_course_settings
             - course_visibility
         """
-        self.client.login(username=self.admin_user.username, password='test')
+        self.client.login(username=self.admin_user.username, password=self.TEST_PASSWORD)
         response = self.verify_response(params={
             'all_blocks': True,
             'requested_fields': ['course_visibility'],
@@ -370,7 +370,7 @@ def test_data_researcher_access(self):
         """
         Test if data researcher has access to the api endpoint
         """
-        self.client.login(username=self.data_researcher.username, password='test')
+        self.client.login(username=self.data_researcher.username, password=self.TEST_PASSWORD)
 
         self.verify_response(params={
             'all_blocks': True,
@@ -556,7 +556,7 @@ def setUpClass(cls):
     def setUp(self):
         super().setUp()
         self.admin_user = AdminFactory.create()
-        self.client.login(username=self.admin_user.username, password='test')
+        self.client.login(username=self.admin_user.username, password=self.TEST_PASSWORD)
         self.usage_key = list(self.non_orphaned_block_usage_keys)[0]
         self.url = reverse(
             'blocks_metadata',
diff --git a/lms/djangoapps/course_blocks/transformers/tests/helpers.py b/lms/djangoapps/course_blocks/transformers/tests/helpers.py
index 27e7a686abcd..29c15e828976 100644
--- a/lms/djangoapps/course_blocks/transformers/tests/helpers.py
+++ b/lms/djangoapps/course_blocks/transformers/tests/helpers.py
@@ -50,7 +50,7 @@ def setUp(self):
         """
         super().setUp()
         # Set up users.
-        self.password = 'test'
+        self.password = 'password'
         self.user = UserFactory.create(password=self.password)
         self.staff = UserFactory.create(password=self.password, is_staff=True)
 
@@ -253,7 +253,7 @@ def setUp(self):
                     parent_block.children.append(self.xblock_keys[i])
                     update_block(parent_block)
 
-        self.password = 'test'
+        self.password = 'password'
         self.student = UserFactory.create(is_staff=False, username='test_student', password=self.password)
         self.staff = UserFactory.create(is_staff=True, username='test_staff', password=self.password)
         CourseEnrollmentFactory.create(
diff --git a/lms/djangoapps/course_wiki/tests/tests.py b/lms/djangoapps/course_wiki/tests/tests.py
index 8cdd93115d6b..1afdea5d741e 100644
--- a/lms/djangoapps/course_wiki/tests/tests.py
+++ b/lms/djangoapps/course_wiki/tests/tests.py
@@ -24,7 +24,7 @@ def setUp(self):
         # Create two accounts
         self.student = 'view@test.com'
         self.instructor = 'view2@test.com'
-        self.password = 'foo'
+        self.password = 'password'
         for username, email in [('u1', self.student), ('u2', self.instructor)]:
             self.create_account(username, email, self.password)
             self.activate_user(email)
diff --git a/lms/djangoapps/courseware/tests/helpers.py b/lms/djangoapps/courseware/tests/helpers.py
index 6a3869109860..4892cef1bef4 100644
--- a/lms/djangoapps/courseware/tests/helpers.py
+++ b/lms/djangoapps/courseware/tests/helpers.py
@@ -127,7 +127,7 @@ def setup_course(self):  # lint-amnesty, pylint: disable=missing-function-docstr
         self.clients = {user.username: Client() for user in self.users}
         self.login_statuses = [
             self.clients[user.username].login(
-                username=user.username, password='test')
+                username=user.username, password=self.TEST_PASSWORD)
             for user in self.users
         ]
 
@@ -171,7 +171,7 @@ def setup_user(self):
         Create a user account, activate, and log in.
         """
         self.email = 'foo@test.com'  # lint-amnesty, pylint: disable=attribute-defined-outside-init
-        self.password = 'bar'  # lint-amnesty, pylint: disable=attribute-defined-outside-init
+        self.password = 'password'  # lint-amnesty, pylint: disable=attribute-defined-outside-init
         self.username = 'test'  # lint-amnesty, pylint: disable=attribute-defined-outside-init
         self.user = self.create_account(
             self.username,
diff --git a/lms/djangoapps/courseware/tests/test_about.py b/lms/djangoapps/courseware/tests/test_about.py
index f1f915fd02f4..f6c71119a7ad 100644
--- a/lms/djangoapps/courseware/tests/test_about.py
+++ b/lms/djangoapps/courseware/tests/test_about.py
@@ -284,7 +284,7 @@ def test_enrollment_cap(self):
         # pylint: disable=attribute-defined-outside-init
         # create a new account since the first account is already enrolled in the course
         self.email = 'foo_second@test.com'
-        self.password = 'bar'
+        self.password = 'password'
         self.username = 'test_second'
         self.create_account(self.username, self.email, self.password)
         self.activate_user(self.email)
diff --git a/lms/djangoapps/courseware/tests/test_access.py b/lms/djangoapps/courseware/tests/test_access.py
index b472234d41f8..45d36ad0a7f8 100644
--- a/lms/djangoapps/courseware/tests/test_access.py
+++ b/lms/djangoapps/courseware/tests/test_access.py
@@ -82,8 +82,8 @@ def setUp(self):
         super().setUp()
 
         # Create ccx coach account
-        self.coach = AdminFactory.create(password="test")
-        self.client.login(username=self.coach.username, password="test")
+        self.coach = AdminFactory.create(password=self.TEST_PASSWORD)
+        self.client.login(username=self.coach.username, password=self.TEST_PASSWORD)
 
         # assign role to coach
         role = CourseCcxCoachRole(self.course.id)
@@ -152,7 +152,7 @@ def test_access_student_progress_ccx(self):
         assert resp.status_code == 200
 
         # Assert access of a student
-        self.client.login(username=student.username, password='test')
+        self.client.login(username=student.username, password=self.TEST_PASSWORD)
         resp = self.client.get(reverse('student_progress', args=[str(ccx_locator), self.coach.id]))
         assert resp.status_code == 404
 
diff --git a/lms/djangoapps/courseware/tests/test_block_render.py b/lms/djangoapps/courseware/tests/test_block_render.py
index b0c14e3dbf0d..ed0f41f44f01 100644
--- a/lms/djangoapps/courseware/tests/test_block_render.py
+++ b/lms/djangoapps/courseware/tests/test_block_render.py
@@ -354,7 +354,7 @@ def test_anonymous_post_xblock_callback(self):
 
     def test_session_authentication(self):
         """ Test that the xblock endpoint supports session authentication."""
-        self.client.login(username=self.mock_user.username, password="test")
+        self.client.login(username=self.mock_user.username, password=self.TEST_PASSWORD)
         dispatch_url = self._get_dispatch_url()
         response = self.client.post(dispatch_url)
         assert 200 == response.status_code
@@ -399,7 +399,7 @@ def test_missing_position_handler(self):
         """
         Test that sending POST request without or invalid position argument don't raise server error
         """
-        self.client.login(username=self.mock_user.username, password="test")
+        self.client.login(username=self.mock_user.username, password=self.TEST_PASSWORD)
         dispatch_url = self._get_dispatch_url()
         response = self.client.post(dispatch_url)
         assert 200 == response.status_code
diff --git a/lms/djangoapps/courseware/tests/test_course_survey.py b/lms/djangoapps/courseware/tests/test_course_survey.py
index d729add1b6c8..e5aa97cfaa2a 100644
--- a/lms/djangoapps/courseware/tests/test_course_survey.py
+++ b/lms/djangoapps/courseware/tests/test_course_survey.py
@@ -22,7 +22,7 @@ class SurveyViewsTests(LoginEnrollmentTestCase, SharedModuleStoreTestCase, XssTe
     """
     All tests for the views.py file
     """
-    STUDENT_INFO = [('view@test.com', 'foo')]
+    STUDENT_INFO = [('view@test.com', 'password1234')]
 
     @classmethod
     def setUpClass(cls):
diff --git a/lms/djangoapps/courseware/tests/test_discussion_xblock.py b/lms/djangoapps/courseware/tests/test_discussion_xblock.py
index 4ea3d12b4e63..39ce8d765ac8 100644
--- a/lms/djangoapps/courseware/tests/test_discussion_xblock.py
+++ b/lms/djangoapps/courseware/tests/test_discussion_xblock.py
@@ -363,7 +363,7 @@ def test_discussion_student_view_data(self):
         """
         Tests that course block api returns student_view_data for discussion xblock
         """
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         url = reverse('blocks_in_block_tree', kwargs={'usage_key_string': str(self.course_usage_key)})
         query_params = {
             'depth': 'all',
diff --git a/lms/djangoapps/courseware/tests/test_entrance_exam.py b/lms/djangoapps/courseware/tests/test_entrance_exam.py
index 7024ea5c3c3b..3811bd9ab021 100644
--- a/lms/djangoapps/courseware/tests/test_entrance_exam.py
+++ b/lms/djangoapps/courseware/tests/test_entrance_exam.py
@@ -136,7 +136,7 @@ def setUp(self):
         self.request = get_mock_request(UserFactory())
         self.course = self.update_course(self.course, self.request.user.id)
 
-        self.client.login(username=self.request.user.username, password="test")
+        self.client.login(username=self.request.user.username, password=self.TEST_PASSWORD)
         CourseEnrollment.enroll(self.request.user, self.course.id)
 
         self.expected_locked_toc = (
@@ -257,7 +257,7 @@ def test_skip_entrance_exam_gating(self):
 
         # hit skip entrance exam api in instructor app
         instructor = InstructorFactory(course_key=self.course.id)
-        self.client.login(username=instructor.username, password='test')
+        self.client.login(username=instructor.username, password=self.TEST_PASSWORD)
         url = reverse('mark_student_can_skip_entrance_exam', kwargs={'course_id': str(self.course.id)})
         response = self.client.post(url, {
             'unique_student_identifier': self.request.user.email,
@@ -277,7 +277,7 @@ def test_entrance_exam_gating_for_staff(self):
         self.client.logout()
         staff_user = StaffFactory(course_key=self.course.id)
         staff_user.is_staff = True
-        self.client.login(username=staff_user.username, password='test')
+        self.client.login(username=staff_user.username, password=self.TEST_PASSWORD)
 
         # assert staff has access to all toc
         self.request.user = staff_user
diff --git a/lms/djangoapps/courseware/tests/test_masquerade.py b/lms/djangoapps/courseware/tests/test_masquerade.py
index 43041b1437e1..9d211b05ea21 100644
--- a/lms/djangoapps/courseware/tests/test_masquerade.py
+++ b/lms/djangoapps/courseware/tests/test_masquerade.py
@@ -88,7 +88,7 @@ def setUp(self):
         super().setUp()
 
         self.test_user = self.create_user()
-        self.login(self.test_user.email, 'test')
+        self.login(self.test_user.email, self.TEST_PASSWORD)
         self.enroll(self.course, True)
 
     def get_courseware_page(self):
@@ -298,12 +298,12 @@ def setUp(self):
     def login_staff(self):
         """ Login as a staff user """
         self.logout()
-        self.login(self.test_user.email, 'test')
+        self.login(self.test_user.email, self.TEST_PASSWORD)
 
     def login_student(self):
         """ Login as a student """
         self.logout()
-        self.login(self.student_user.email, 'test')
+        self.login(self.student_user.email, self.TEST_PASSWORD)
 
     def submit_answer(self, response1, response2):
         """
@@ -351,7 +351,7 @@ def test_masquerade_as_specific_student(self, username):
         student = UserFactory.create(username=username)
         CourseEnrollment.enroll(student, self.course.id)
         self.logout()
-        self.login(student.email, 'test')
+        self.login(student.email, self.TEST_PASSWORD)
         # Answer correctly as the student, and check progress.
         self.submit_answer('Correct', 'Correct')
         assert self.get_progress_detail() == '2/2'
@@ -378,7 +378,7 @@ def test_masquerade_as_specific_student(self, username):
 
         # Verify the student state did not change.
         self.logout()
-        self.login(student.email, 'test')
+        self.login(student.email, self.TEST_PASSWORD)
         assert self.get_progress_detail() == '2/2'
 
     def test_masquerading_with_language_preference(self):
diff --git a/lms/djangoapps/courseware/tests/test_split_module.py b/lms/djangoapps/courseware/tests/test_split_module.py
index 7e6b88718eac..5026f05ca221 100644
--- a/lms/djangoapps/courseware/tests/test_split_module.py
+++ b/lms/djangoapps/courseware/tests/test_split_module.py
@@ -59,7 +59,7 @@ def setUp(self):
 
         self.student = UserFactory.create()
         CourseEnrollmentFactory.create(user=self.student, course_id=self.course.id)
-        self.client.login(username=self.student.username, password='test')
+        self.client.login(username=self.student.username, password=self.TEST_PASSWORD)
 
         self.included_usage_keys = None
         self.excluded_usage_keys = None
@@ -309,7 +309,7 @@ def setUp(self):
 
         self.student = UserFactory.create()
         CourseEnrollmentFactory.create(user=self.student, course_id=self.course.id)
-        self.client.login(username=self.student.username, password='test')
+        self.client.login(username=self.student.username, password=self.TEST_PASSWORD)
 
     def test_changing_position_works(self):
         # Make a mock FieldDataCache for this course, so we can get the course block
diff --git a/lms/djangoapps/courseware/tests/test_submitting_problems.py b/lms/djangoapps/courseware/tests/test_submitting_problems.py
index 8ffcea0298bf..9536067f52be 100644
--- a/lms/djangoapps/courseware/tests/test_submitting_problems.py
+++ b/lms/djangoapps/courseware/tests/test_submitting_problems.py
@@ -154,7 +154,7 @@ def setUp(self):
         # create a test student
         self.course = CourseFactory.create(display_name=self.COURSE_NAME, number=self.COURSE_SLUG)
         self.student = 'view@test.com'
-        self.password = 'foo'
+        self.password = 'password'
         self.create_account('u1', self.student, self.password)
         self.activate_user(self.student)
         self.enroll(self.course)
diff --git a/lms/djangoapps/courseware/tests/test_tabs.py b/lms/djangoapps/courseware/tests/test_tabs.py
index db59fa373bc5..6ad7ef73de01 100644
--- a/lms/djangoapps/courseware/tests/test_tabs.py
+++ b/lms/djangoapps/courseware/tests/test_tabs.py
@@ -404,7 +404,7 @@ def test_get_course_tabs_list_skipped_entrance_exam(self):
         # login as instructor hit skip entrance exam api in instructor app
         instructor = InstructorFactory(course_key=self.course.id)
         self.client.logout()
-        self.client.login(username=instructor.username, password='test')
+        self.client.login(username=instructor.username, password=self.TEST_PASSWORD)
 
         url = reverse('mark_student_can_skip_entrance_exam', kwargs={'course_id': str(self.course.id)})
         response = self.client.post(url, {
@@ -426,7 +426,7 @@ def test_course_tabs_list_for_staff_members(self):
         # Login as member of staff
         self.client.logout()
         staff_user = StaffFactory(course_key=self.course.id)
-        self.client.login(username=staff_user.username, password='test')
+        self.client.login(username=staff_user.username, password=self.TEST_PASSWORD)
         course_tab_list = get_course_tab_list(staff_user, self.course)
         assert len(course_tab_list) == 4
 
@@ -685,7 +685,7 @@ def test_course_tabs_staff_only(self):
         # Login as member of staff
         self.client.logout()
         staff_user = StaffFactory(course_key=self.course.id)
-        self.client.login(username=staff_user.username, password='test')
+        self.client.login(username=staff_user.username, password=self.TEST_PASSWORD)
         course_tab_list_staff = get_course_tab_list(staff_user, self.course)
         name_list_staff = [x.name for x in course_tab_list_staff]
         assert 'Static Tab Free' in name_list_staff
diff --git a/lms/djangoapps/courseware/tests/test_view_authentication.py b/lms/djangoapps/courseware/tests/test_view_authentication.py
index 42f2275e0fd2..aa53561ee56b 100644
--- a/lms/djangoapps/courseware/tests/test_view_authentication.py
+++ b/lms/djangoapps/courseware/tests/test_view_authentication.py
@@ -29,7 +29,7 @@ class TestViewAuth(EnterpriseTestConsentRequired, ModuleStoreTestCase, LoginEnro
     Check that view authentication works properly.
     """
 
-    ACCOUNT_INFO = [('view@test.com', 'foo'), ('view2@test.com', 'foo')]
+    ACCOUNT_INFO = [('view@test.com', 'password1234'), ('view2@test.com', 'password1234')]
     ENABLED_SIGNALS = ['course_published']
 
     @staticmethod
@@ -111,7 +111,7 @@ def _check_staff(self, course):
         self.assert_request_status_code(302, url)
 
     def login(self, user):  # lint-amnesty, pylint: disable=arguments-differ
-        return super().login(user.email, 'test')
+        return super().login(user.email, self.TEST_PASSWORD)
 
     def setUp(self):
         super().setUp()
diff --git a/lms/djangoapps/courseware/tests/test_views.py b/lms/djangoapps/courseware/tests/test_views.py
index 45c969b7b1d5..c87fba07005b 100644
--- a/lms/djangoapps/courseware/tests/test_views.py
+++ b/lms/djangoapps/courseware/tests/test_views.py
@@ -712,7 +712,7 @@ def test_submission_history_accepts_valid_ids(self):
         # log into a staff account
         admin = AdminFactory()
 
-        assert self.client.login(username=admin.username, password='test')
+        assert self.client.login(username=admin.username, password=TEST_PASSWORD)
 
         url = reverse('submission_history', kwargs={
             'course_id': str(self.course_key),
@@ -727,7 +727,7 @@ def test_submission_history_xss(self):
         # log into a staff account
         admin = AdminFactory()
 
-        assert self.client.login(username=admin.username, password='test')
+        assert self.client.login(username=admin.username, password=TEST_PASSWORD)
 
         # try it with an existing user and a malicious location
         url = reverse('submission_history', kwargs={
@@ -751,7 +751,7 @@ def test_submission_history_contents(self):
         # log into a staff account
         admin = AdminFactory.create()
 
-        assert self.client.login(username=admin.username, password='test')
+        assert self.client.login(username=admin.username, password=TEST_PASSWORD)
 
         usage_key = self.course_key.make_usage_key('problem', 'test-history')
         state_client = DjangoXBlockUserStateClient(admin)
@@ -814,7 +814,7 @@ def test_submission_history_timezone(self, timezone, hour_diff):
                 course_key = course.id
                 client = Client()
                 admin = AdminFactory.create()
-                assert client.login(username=admin.username, password='test')
+                assert client.login(username=admin.username, password=TEST_PASSWORD)
                 state_client = DjangoXBlockUserStateClient(admin)
                 usage_key = course_key.make_usage_key('problem', 'test-history')
                 state_client.set(
@@ -1253,7 +1253,7 @@ class ProgressPageBaseTests(ModuleStoreTestCase):
     def setUp(self):
         super().setUp()
         self.user = UserFactory.create()
-        assert self.client.login(username=self.user.username, password='test')
+        assert self.client.login(username=self.user.username, password=TEST_PASSWORD)
 
         self.setup_course()
 
@@ -1352,7 +1352,7 @@ def test_unenrolled_student_progress_for_credit_course(self):
         # Create a new course, a user which will not be enrolled in course, admin user for staff access
         course = CourseFactory.create(default_store=ModuleStoreEnum.Type.split)
         admin = AdminFactory.create()
-        assert self.client.login(username=admin.username, password='test')
+        assert self.client.login(username=admin.username, password=TEST_PASSWORD)
 
         # Create and enable Credit course
         CreditCourse.objects.create(course_key=course.id, enabled=True)
@@ -1646,7 +1646,7 @@ def test_progress_with_course_duration_limits(self, course_mode):
         """
         CourseDurationLimitConfig.objects.create(enabled=True, enabled_as_of=datetime(2018, 1, 1))
         user = UserFactory.create()
-        assert self.client.login(username=user.username, password='test')
+        assert self.client.login(username=user.username, password=TEST_PASSWORD)
         add_course_mode(self.course, mode_slug=CourseMode.AUDIT)
         add_course_mode(self.course)
         CourseEnrollmentFactory(user=user, course_id=self.course.id, mode=course_mode)
@@ -1679,7 +1679,7 @@ def test_progress_without_course_duration_limits(self, course_mode):
         """
         CourseDurationLimitConfig.objects.create(enabled=False)
         user = UserFactory.create()
-        assert self.client.login(username=user.username, password='test')
+        assert self.client.login(username=user.username, password=TEST_PASSWORD)
         CourseModeFactory.create(
             course_id=self.course.id,
             mode_slug=course_mode
@@ -1698,7 +1698,7 @@ def test_message_for_ineligible_mode(self, course_mode):
          in an ineligible mode.
         """
         user = UserFactory.create()
-        assert self.client.login(username=user.username, password='test')
+        assert self.client.login(username=user.username, password=TEST_PASSWORD)
         CourseEnrollmentFactory(user=user, course_id=self.course.id, mode=course_mode)
 
         with patch('lms.djangoapps.grades.course_grade_factory.CourseGradeFactory.read') as mock_create:
@@ -2081,7 +2081,7 @@ def test_progress_page_hide_scores_from_learner(self, show_correctness, due_date
         self.setup_course(show_correctness=show_correctness, due_date=due_date, graded=graded)
         self.add_problem()
 
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=TEST_PASSWORD)
         resp = self._get_progress_page()
 
         # Ensure that expected text is present
@@ -2133,7 +2133,7 @@ def test_progress_page_hide_scores_from_staff(self, show_correctness, due_date_n
         self.add_problem()
 
         # Login as a course staff user to view the student progress page.
-        self.client.login(username=self.staff_user.username, password='test')
+        self.client.login(username=self.staff_user.username, password=TEST_PASSWORD)
 
         resp = self._get_student_progress_page()
 
@@ -3198,7 +3198,7 @@ class EnterpriseConsentTestCase(EnterpriseTestConsentRequired, ModuleStoreTestCa
     def setUp(self):
         super().setUp()
         self.user = UserFactory.create()
-        assert self.client.login(username=self.user.username, password='test')
+        assert self.client.login(username=self.user.username, password=TEST_PASSWORD)
         self.course = CourseFactory.create()
         CourseOverview.load_from_module_store(self.course.id)
         CourseEnrollmentFactory(user=self.user, course_id=self.course.id)
@@ -3298,7 +3298,7 @@ def test_preview_no_redirect(self):
             # Previews will not redirect to the mfe
             course_staff = UserFactory.create(is_staff=False)
             CourseStaffRole(self.course_key).add_users(course_staff)
-            self.client.login(username=course_staff.username, password='test')
+            self.client.login(username=course_staff.username, password=TEST_PASSWORD)
             assert self.client.get(preview_url).status_code == 200
 
 
@@ -3435,7 +3435,7 @@ def test_course_wide_resources(self, url_name, param, is_instructor, is_rendered
         CourseEnrollmentFactory(user=user, course_id=course.id)
         if is_instructor:
             allow_access(course, user, 'instructor')
-        assert self.client.login(username=user.username, password='test')
+        assert self.client.login(username=user.username, password=TEST_PASSWORD)
 
         kwargs = None
         if param == 'course_id':
diff --git a/lms/djangoapps/courseware/testutils.py b/lms/djangoapps/courseware/testutils.py
index d55495f4aa3f..1eb8f18a206e 100644
--- a/lms/djangoapps/courseware/testutils.py
+++ b/lms/djangoapps/courseware/testutils.py
@@ -82,7 +82,7 @@ def login(self):
         """
         Logs in the test user.
         """
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password='password')
 
     def course_options(self):
         """
diff --git a/lms/djangoapps/discussion/django_comment_client/base/tests.py b/lms/djangoapps/discussion/django_comment_client/base/tests.py
index ad6d021cd18d..94fa8d4ca1d5 100644
--- a/lms/djangoapps/discussion/django_comment_client/base/tests.py
+++ b/lms/djangoapps/discussion/django_comment_client/base/tests.py
@@ -241,7 +241,7 @@ def set_up_course(self, block_count=0):
         with patch('common.djangoapps.student.models.user.cc.User.save'):
             uname = 'student'
             email = 'student@edx.org'
-            self.password = 'test'
+            self.password = 'password'
 
             # Create the user and make them active so we can log them in.
             self.student = UserFactory.create(username=uname, email=email, password=self.password)
@@ -464,7 +464,7 @@ def setUp(self):
         with patch('common.djangoapps.student.models.user.cc.User.save'):
             uname = 'student'
             email = 'student@edx.org'
-            self.password = 'test'
+            self.password = 'password'
 
             # Create the user and make them active so we can log them in.
             self.student = UserFactory.create(username=uname, email=email, password=self.password)
diff --git a/lms/djangoapps/discussion/rest_api/tests/test_views.py b/lms/djangoapps/discussion/rest_api/tests/test_views.py
index dccabe1facdf..aaf22ccaff29 100644
--- a/lms/djangoapps/discussion/rest_api/tests/test_views.py
+++ b/lms/djangoapps/discussion/rest_api/tests/test_views.py
@@ -2785,7 +2785,7 @@ def setUp(self):
             discussion_topics={"Test Topic": {"id": "test_topic"}}
         )
         self.path = reverse('discussion_course_settings', kwargs={'course_id': str(self.course.id)})
-        self.password = 'edx'
+        self.password = 'password'
         self.user = UserFactory(username='staff', password=self.password, is_staff=True)
 
     def _get_oauth_headers(self, user):
@@ -3083,7 +3083,7 @@ def setUp(self):
             run="z",
             start=datetime.now(UTC),
         )
-        self.password = 'edx'
+        self.password = 'password'
         self.user = UserFactory(username='staff', password=self.password, is_staff=True)
         course_key = CourseKey.from_string('course-v1:x+y+z')
         seed_permissions_roles(course_key)
@@ -3305,7 +3305,7 @@ def test_regular_user(self):
         """
         Tests that for a regular user stats are returned without flag counts
         """
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         response = self.client.get(self.url)
         data = response.json()
         assert data["results"] == self.stats_without_flags
@@ -3315,7 +3315,7 @@ def test_moderator_user(self):
         """
         Tests that for a moderator user stats are returned with flag counts
         """
-        self.client.login(username=self.moderator.username, password='test')
+        self.client.login(username=self.moderator.username, password=self.TEST_PASSWORD)
         response = self.client.get(self.url)
         data = response.json()
         assert data["results"] == self.stats
@@ -3335,7 +3335,7 @@ def test_sorting(self, username, ordering_requested, ordering_performed):
         """
         Test valid sorting options and defaults
         """
-        self.client.login(username=username, password='test')
+        self.client.login(username=username, password=self.TEST_PASSWORD)
         params = {}
         if ordering_requested:
             params = {"order_by": ordering_requested}
@@ -3353,7 +3353,7 @@ def test_sorting_error_regular_user(self, order_by):
         """
         Test for invalid sorting options for regular users.
         """
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         response = self.client.get(self.url, {"order_by": order_by})
         assert "order_by" in response.json()["field_errors"]
 
@@ -3368,7 +3368,7 @@ def test_with_username_param(self, username_search_string, comma_separated_usern
         Test for endpoint with username param.
         """
         params = {'username': username_search_string}
-        self.client.login(username=self.moderator.username, password='test')
+        self.client.login(username=self.moderator.username, password=self.TEST_PASSWORD)
         self.client.get(self.url, params)
         assert urlparse(
             httpretty.last_request().path  # lint-amnesty, pylint: disable=no-member
@@ -3383,7 +3383,7 @@ def test_with_username_param_with_no_matches(self):
         Test for endpoint with username param with no matches.
         """
         params = {'username': 'unknown'}
-        self.client.login(username=self.moderator.username, password='test')
+        self.client.login(username=self.moderator.username, password=self.TEST_PASSWORD)
         response = self.client.get(self.url, params)
         data = response.json()
         self.assertFalse(data['results'])
diff --git a/lms/djangoapps/discussion/tests/test_views.py b/lms/djangoapps/discussion/tests/test_views.py
index 6b7f2de3ee5f..09aebf8b81da 100644
--- a/lms/djangoapps/discussion/tests/test_views.py
+++ b/lms/djangoapps/discussion/tests/test_views.py
@@ -463,7 +463,7 @@ def test_private_team_thread_html(self, mock_request):
         CourseTeamFactory.create(discussion_topic_id=discussion_topic_id)
         user_not_in_team = UserFactory.create()
         CourseEnrollmentFactory.create(user=user_not_in_team, course_id=self.course.id)
-        self.client.login(username=user_not_in_team.username, password='test')
+        self.client.login(username=user_not_in_team.username, password=self.TEST_PASSWORD)
 
         mock_request.side_effect = make_mock_request_impl(
             course=self.course,
@@ -624,7 +624,7 @@ def test_ajax(self, mock_request):
     def test_html(self, mock_request):
         _mock_text, mock_thread_id = self._create_mock_cohorted_thread(mock_request)
 
-        self.client.login(username=self.student.username, password='test')
+        self.client.login(username=self.student.username, password=self.TEST_PASSWORD)
         response = self.client.get(
             reverse('single_thread', kwargs={
                 'course_id': str(self.course.id),
@@ -758,7 +758,7 @@ def call_view(self, mock_request, commentable_id, user, group_id, pass_group_id=
         if is_ajax:
             headers['HTTP_X_REQUESTED_WITH'] = "XMLHttpRequest"
 
-        self.client.login(username=user.username, password='test')
+        self.client.login(username=user.username, password=self.TEST_PASSWORD)
 
         return self.client.get(
             reverse('single_thread', args=[str(self.course.id), commentable_id, "dummy_thread_id"]),
@@ -824,7 +824,7 @@ def call_view(self, mock_request, user):  # lint-amnesty, pylint: disable=missin
             text="dummy content",
             thread_list=self.thread_list
         )
-        self.client.login(username=user.username, password='test')
+        self.client.login(username=user.username, password=self.TEST_PASSWORD)
         return self.client.get(
             reverse("forum_form_discussion", args=[str(self.course.id)]),
             HTTP_X_REQUESTED_WITH="XMLHttpRequest"
@@ -889,7 +889,7 @@ def assert_can_access(self, user, discussion_id, thread_id, should_have_access):
         verify that the user does not have access to that thread.
         """
         def call_single_thread():
-            self.client.login(username=user.username, password='test')
+            self.client.login(username=user.username, password=self.TEST_PASSWORD)
             return self.client.get(
                 reverse('single_thread', args=[str(self.course.id), discussion_id, thread_id])
             )
@@ -1113,7 +1113,7 @@ def call_view(self, mock_request, commentable_id, user, group_id, pass_group_id=
         if is_ajax:
             headers['HTTP_X_REQUESTED_WITH'] = "XMLHttpRequest"
 
-        self.client.login(username=user.username, password='test')
+        self.client.login(username=user.username, password=self.TEST_PASSWORD)
         return self.client.get(
             reverse("forum_form_discussion", args=[str(self.course.id)]),
             data=request_data,
@@ -1165,7 +1165,7 @@ def call_view_for_profiled_user(
         if is_ajax:
             headers['HTTP_X_REQUESTED_WITH'] = "XMLHttpRequest"
 
-        self.client.login(username=requesting_user.username, password='test')
+        self.client.login(username=requesting_user.username, password=self.TEST_PASSWORD)
         return self.client.get(
             reverse('user_profile', args=[str(self.course.id), profiled_user.id]),
             data=request_data,
@@ -1414,7 +1414,7 @@ def get_response(self, mock_request, params, **headers):  # lint-amnesty, pylint
         mock_request.side_effect = make_mock_request_impl(
             course=self.course, text=self.TEST_THREAD_TEXT, thread_id=self.TEST_THREAD_ID
         )
-        self.client.login(username=self.student.username, password='test')
+        self.client.login(username=self.student.username, password=self.TEST_PASSWORD)
 
         response = self.client.get(
             reverse('user_profile', kwargs={
@@ -2295,7 +2295,7 @@ def test_redirect_from_legacy_base_url_to_new_experience(self):
         """
 
         with override_waffle_flag(ENABLE_DISCUSSIONS_MFE, True):
-            self.client.login(username=self.user.username, password='test')
+            self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
             url = reverse("forum_form_discussion", args=[self.course.id])
             response = self.client.get(url)
             assert response.status_code == 302
@@ -2310,7 +2310,7 @@ def test_redirect_from_legacy_profile_url_to_new_experience(self):
         """
 
         with override_waffle_flag(ENABLE_DISCUSSIONS_MFE, True):
-            self.client.login(username=self.user.username, password='test')
+            self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
             url = reverse("user_profile", args=[self.course.id, self.user.id])
             response = self.client.get(url)
             assert response.status_code == 302
@@ -2325,7 +2325,7 @@ def test_redirect_from_legacy_single_thread_to_new_experience(self):
         """
 
         with override_waffle_flag(ENABLE_DISCUSSIONS_MFE, True):
-            self.client.login(username=self.user.username, password='test')
+            self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
             url = reverse("single_thread", args=[self.course.id, "test_discussion", "test_thread"])
             response = self.client.get(url)
             assert response.status_code == 302
diff --git a/lms/djangoapps/grades/rest_api/v1/tests/mixins.py b/lms/djangoapps/grades/rest_api/v1/tests/mixins.py
index e5e7f269e3a2..9131ebd290bd 100644
--- a/lms/djangoapps/grades/rest_api/v1/tests/mixins.py
+++ b/lms/djangoapps/grades/rest_api/v1/tests/mixins.py
@@ -97,7 +97,7 @@ def _create_user_program_enrollments(self, *users, **kwargs):  # lint-amnesty, p
 
     def setUp(self):
         super().setUp()
-        self.password = 'test'
+        self.password = 'password'
         self.global_staff = GlobalStaffFactory.create()
         self.student = UserFactory(password=self.password, username='student', email='student@example.com')
         self.other_student = UserFactory(
diff --git a/lms/djangoapps/grades/rest_api/v1/tests/test_views.py b/lms/djangoapps/grades/rest_api/v1/tests/test_views.py
index 1fbfb6070dd3..0dd6ea257314 100644
--- a/lms/djangoapps/grades/rest_api/v1/tests/test_views.py
+++ b/lms/djangoapps/grades/rest_api/v1/tests/test_views.py
@@ -548,7 +548,7 @@ class CourseSubmissionHistoryWithDataTest(TestSubmittingProblems):
     def setUp(self):
         super().setUp()
         self.namespaced_url = 'grades_api:v1:submission_history'
-        self.password = 'test'
+        self.password = 'password'
         self.basic_setup()
         self.global_staff = GlobalStaffFactory.create()
 
diff --git a/lms/djangoapps/grades/tests/integration/test_access.py b/lms/djangoapps/grades/tests/integration/test_access.py
index 380962b19e99..6545094a3ce5 100644
--- a/lms/djangoapps/grades/tests/integration/test_access.py
+++ b/lms/djangoapps/grades/tests/integration/test_access.py
@@ -73,9 +73,9 @@ def setUp(self):
         self.addCleanup(set_current_request, None)
         self.request = get_mock_request(UserFactory())
         self.student = self.request.user
-        self.client.login(username=self.student.username, password="test")
+        self.client.login(username=self.student.username, password=self.TEST_PASSWORD)
         CourseEnrollment.enroll(self.student, self.course.id)
-        self.instructor = UserFactory.create(is_staff=True, username='test_instructor', password='test')
+        self.instructor = UserFactory.create(is_staff=True, username='test_instructor', password=self.TEST_PASSWORD)
         self.refresh_course()
 
     def test_subsection_access_changed(self):
diff --git a/lms/djangoapps/grades/tests/integration/test_events.py b/lms/djangoapps/grades/tests/integration/test_events.py
index 868b55eeae67..881ad049b3d8 100644
--- a/lms/djangoapps/grades/tests/integration/test_events.py
+++ b/lms/djangoapps/grades/tests/integration/test_events.py
@@ -70,9 +70,9 @@ def setUp(self):
         self.addCleanup(set_current_request, None)
         self.request = get_mock_request(UserFactory())
         self.student = self.request.user
-        self.client.login(username=self.student.username, password="test")
+        self.client.login(username=self.student.username, password=self.TEST_PASSWORD)
         CourseEnrollment.enroll(self.student, self.course.id)
-        self.instructor = UserFactory.create(is_staff=True, username='test_instructor', password='test')
+        self.instructor = UserFactory.create(is_staff=True, username='test_instructor', password=self.TEST_PASSWORD)
         self.refresh_course()
 
     @patch('lms.djangoapps.grades.events.tracker')
diff --git a/lms/djangoapps/grades/tests/integration/test_problems.py b/lms/djangoapps/grades/tests/integration/test_problems.py
index 36c54bec86e9..b4a2d06c9f45 100644
--- a/lms/djangoapps/grades/tests/integration/test_problems.py
+++ b/lms/djangoapps/grades/tests/integration/test_problems.py
@@ -43,9 +43,8 @@ def setUpClass(cls):
 
     def setUp(self):
         super().setUp()
-        password = 'test'
-        self.student = UserFactory.create(is_staff=False, username='test_student', password=password)
-        self.client.login(username=self.student.username, password=password)
+        self.student = UserFactory.create(is_staff=False, username='test_student', password=self.TEST_PASSWORD)
+        self.client.login(username=self.student.username, password=self.TEST_PASSWORD)
         self.addCleanup(set_current_request, None)
         self.request = get_mock_request(self.student)
         self.course_structure = get_course_blocks(self.student, self.course.location)
@@ -58,8 +57,7 @@ def load_scoreable_course(cls):
         For details on the contents and structure of the file, see
         `common/test/data/scoreable/README`.
         """
-        password = 'test'
-        user = UserFactory.create(is_staff=False, username='test_student', password=password)
+        user = UserFactory.create(is_staff=False, username='test_student', password=cls.TEST_PASSWORD)
 
         course_items = import_course_from_xml(
             cls.store,
@@ -144,7 +142,7 @@ def setUp(self):
         '''
         self.addCleanup(set_current_request, None)
         self.request = get_mock_request(UserFactory())
-        self.client.login(username=self.request.user.username, password="test")
+        self.client.login(username=self.request.user.username, password=self.TEST_PASSWORD)
         CourseEnrollment.enroll(self.request.user, self.course.id)
 
     def _get_altered_metadata(self, alterations):
diff --git a/lms/djangoapps/instructor/tests/test_api.py b/lms/djangoapps/instructor/tests/test_api.py
index 54adcb3e3638..1bcf42967f3b 100644
--- a/lms/djangoapps/instructor/tests/test_api.py
+++ b/lms/djangoapps/instructor/tests/test_api.py
@@ -325,7 +325,7 @@ def setUp(self):
         """
         super().setUp()
         global_user = GlobalStaffFactory()
-        self.client.login(username=global_user.username, password='test')
+        self.client.login(username=global_user.username, password=self.TEST_PASSWORD)
 
     @ddt.data(*INSTRUCTOR_POST_ENDPOINTS)
     def test_endpoints_reject_get(self, data):
@@ -478,7 +478,7 @@ def test_student_level(self):
         """
         Ensure that an enrolled student can't access staff or instructor endpoints.
         """
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
         for endpoint, args in self.staff_level_endpoints:
             self._access_endpoint(
@@ -518,7 +518,7 @@ def test_staff_level(self):
         CourseEnrollment.enroll(staff_member, self.course.id)
         CourseFinanceAdminRole(self.course.id).add_users(staff_member)
         CourseDataResearcherRole(self.course.id).add_users(staff_member)
-        self.client.login(username=staff_member.username, password='test')
+        self.client.login(username=staff_member.username, password=self.TEST_PASSWORD)
         # Try to promote to forums admin - not working
         # update_forum_role(self.course.id, staff_member, FORUM_ROLE_ADMINISTRATOR, 'allow')
 
@@ -558,7 +558,7 @@ def test_instructor_level(self):
 
         CourseFinanceAdminRole(self.course.id).add_users(inst)
         CourseDataResearcherRole(self.course.id).add_users(inst)
-        self.client.login(username=inst.username, password='test')
+        self.client.login(username=inst.username, password=self.TEST_PASSWORD)
 
         for endpoint, args in self.staff_level_endpoints:
             expected_status = 200
@@ -631,7 +631,7 @@ def setUp(self):
         self.audit_course_instructor = InstructorFactory(course_key=self.audit_course.id)
         self.white_label_course_instructor = InstructorFactory(course_key=self.white_label_course.id)
 
-        self.client.login(username=self.instructor.username, password='test')
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
 
         self.not_enrolled_student = UserFactory(
             username='NotEnrolledStudent',
@@ -961,7 +961,7 @@ def test_audit_enrollment_mode(self):
         Test that enrollment mode for audit courses (paid courses) is 'audit'.
         """
         # Login Audit Course instructor
-        self.client.login(username=self.audit_course_instructor.username, password='test')
+        self.client.login(username=self.audit_course_instructor.username, password=self.TEST_PASSWORD)
 
         csv_content = b"test_student_wl@example.com,test_student_wl,Test Student,USA"
         uploaded_file = SimpleUploadedFile("temp.csv", csv_content)
@@ -992,7 +992,7 @@ def test_honor_enrollment_mode(self):
         self.white_label_course_mode.save()
 
         # Login Audit Course instructor
-        self.client.login(username=self.white_label_course_instructor.username, password='test')
+        self.client.login(username=self.white_label_course_instructor.username, password=self.TEST_PASSWORD)
 
         csv_content = b"test_student_wl@example.com,test_student_wl,Test Student,USA"
         uploaded_file = SimpleUploadedFile("temp.csv", csv_content)
@@ -1040,7 +1040,7 @@ def setUp(self):
 
         self.request = RequestFactory().request()
         self.instructor = InstructorFactory(course_key=self.course.id)
-        self.client.login(username=self.instructor.username, password='test')
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
 
         self.enrolled_student = UserFactory(username='EnrolledStudent', first_name='Enrolled', last_name='Student')
         CourseEnrollment.enroll(
@@ -1889,7 +1889,7 @@ def setUp(self):
         super().setUp()
 
         self.instructor = InstructorFactory(course_key=self.course.id)
-        self.client.login(username=self.instructor.username, password='test')
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
 
         self.beta_tester = BetaTesterFactory(course_key=self.course.id)
         CourseEnrollment.enroll(
@@ -2234,7 +2234,7 @@ def setUp(self):
         super().setUp()
 
         self.instructor = InstructorFactory(course_key=self.course.id)
-        self.client.login(username=self.instructor.username, password='test')
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
 
         self.other_instructor = InstructorFactory(course_key=self.course.id)
         self.other_staff = StaffFactory(course_key=self.course.id)
@@ -2474,7 +2474,7 @@ def setUp(self):
         self.course_mode.save()
         self.instructor = InstructorFactory(course_key=self.course.id)
         CourseDataResearcherRole(self.course.id).add_users(self.instructor)
-        self.client.login(username=self.instructor.username, password='test')
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
 
         self.students = [UserFactory() for _ in range(6)]
         for student in self.students:
@@ -2616,7 +2616,7 @@ def test_get_students_features_teams(self, has_teams):
             }))
             course_instructor = InstructorFactory(course_key=self.course.id)
             CourseDataResearcherRole(self.course.id).add_users(course_instructor)
-            self.client.login(username=course_instructor.username, password='test')
+            self.client.login(username=course_instructor.username, password=self.TEST_PASSWORD)
 
         url = reverse('get_students_features', kwargs={'course_id': str(self.course.id)})
 
@@ -2988,7 +2988,7 @@ def setUpClass(cls):
     def setUp(self):
         super().setUp()
         self.instructor = InstructorFactory(course_key=self.course.id)
-        self.client.login(username=self.instructor.username, password='test')
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
 
         self.student = UserFactory()
         CourseEnrollment.enroll(self.student, self.course.id)
@@ -3174,7 +3174,7 @@ def setUp(self):
         self.instructor = InstructorFactory(course_key=self.course.id)
         # Add instructor to invalid ee course
         CourseInstructorRole(self.course_with_invalid_ee.id).add_users(self.instructor)
-        self.client.login(username=self.instructor.username, password='test')
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
 
         self.student = UserFactory()
         CourseEnrollment.enroll(self.student, self.course.id)
@@ -3277,7 +3277,7 @@ def test_entrance_exam_delete_state_with_staff(self):
         """ Test entrance exam delete state failure with staff access. """
         self.client.logout()
         staff_user = StaffFactory(course_key=self.course.id)
-        self.client.login(username=staff_user.username, password='test')
+        self.client.login(username=staff_user.username, password=self.TEST_PASSWORD)
         url = reverse('reset_student_attempts_for_entrance_exam',
                       kwargs={'course_id': str(self.course.id)})
         response = self.client.post(url, {
@@ -3430,7 +3430,7 @@ def setUp(self):
         }
 
         self.instructor = InstructorFactory(course_key=self.course.id)
-        self.client.login(username=self.instructor.username, password='test')
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
 
     def tearDown(self):
         super().tearDown()
@@ -3450,7 +3450,7 @@ def test_send_email_but_not_logged_in(self):
     def test_send_email_but_not_staff(self):
         self.client.logout()
         student = UserFactory()
-        self.client.login(username=student.username, password='test')
+        self.client.login(username=student.username, password=self.TEST_PASSWORD)
         url = reverse('send_email', kwargs={'course_id': str(self.course.id)})
         response = self.client.post(url, self.full_test_message)
         assert response.status_code == 403
@@ -3647,7 +3647,7 @@ def setUpClass(cls):
     def setUp(self):
         super().setUp()
         self.instructor = InstructorFactory(course_key=self.course.id)
-        self.client.login(username=self.instructor.username, password='test')
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
 
         self.student = UserFactory()
         CourseEnrollment.enroll(self.student, self.course.id)
@@ -3784,7 +3784,7 @@ def setUp(self):
         super().setUp()
 
         self.instructor = InstructorFactory(course_key=self.course.id)
-        self.client.login(username=self.instructor.username, password='test')
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
         self.tasks = {}
         self.emails = {}
         self.emails_info = {}
@@ -4046,7 +4046,7 @@ def setUp(self):
         CourseEnrollmentFactory.create(user=self.user1, course_id=self.course.id)
         CourseEnrollmentFactory.create(user=self.user2, course_id=self.course.id)
         self.instructor = InstructorFactory(course_key=self.course.id)
-        self.client.login(username=self.instructor.username, password='test')
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
         extract_dates(None, self.course.id)
 
     def test_change_due_date(self):
@@ -4222,7 +4222,7 @@ def setUp(self):
         CourseEnrollmentFactory.create(user=self.user1, course_id=self.course.id)
         CourseEnrollmentFactory.create(user=self.user2, course_id=self.course.id)
         self.instructor = InstructorFactory(course_key=self.course.id)
-        self.client.login(username=self.instructor.username, password='test')
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
         extract_dates(None, self.course.id)
 
     @override_waffle_flag(RELATIVE_DATES_FLAG, active=True)
@@ -4267,7 +4267,7 @@ def setUpClass(cls):
     def setUp(self):
         super().setUp()
         self.instructor = InstructorFactory(course_key=self.course.id)
-        self.client.login(username=self.instructor.username, password='test')
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
 
     def generate_certificate(self, course_id, mode, status):
         """
@@ -4395,7 +4395,7 @@ def expect_error_on_file_content(self, file_content, error, file_suffix='.csv'):
         """
         Verify that we get the error we expect for a given file input.
         """
-        self.client.login(username=self.staff_user.username, password='test')
+        self.client.login(username=self.staff_user.username, password=self.TEST_PASSWORD)
         response = self.call_add_users_to_cohorts(file_content, suffix=file_suffix)
         assert response.status_code == 400
         result = json.loads(response.content.decode('utf-8'))
@@ -4408,7 +4408,7 @@ def verify_success_on_file_content(self, file_content, mock_store_upload, mock_c
         background task.
         """
         mock_store_upload.return_value = (None, 'fake_file_name.csv')
-        self.client.login(username=self.staff_user.username, password='test')
+        self.client.login(username=self.staff_user.username, password=self.TEST_PASSWORD)
         response = self.call_add_users_to_cohorts(file_content)
         assert response.status_code == 204
         assert mock_store_upload.called
@@ -4454,7 +4454,7 @@ def test_non_staff_no_access(self):
         """
         Verify that we can't access the view when we aren't a staff user.
         """
-        self.client.login(username=self.non_staff_user.username, password='test')
+        self.client.login(username=self.non_staff_user.username, password=self.TEST_PASSWORD)
         response = self.call_add_users_to_cohorts('')
         assert response.status_code == 403
 
diff --git a/lms/djangoapps/instructor/tests/test_api_email_localization.py b/lms/djangoapps/instructor/tests/test_api_email_localization.py
index e0cef6a7af0b..a23b94ece021 100644
--- a/lms/djangoapps/instructor/tests/test_api_email_localization.py
+++ b/lms/djangoapps/instructor/tests/test_api_email_localization.py
@@ -35,7 +35,7 @@ def setUp(self):
         # Esperanto.
         self.instructor = InstructorFactory(course_key=self.course.id)
         set_user_preference(self.instructor, LANGUAGE_KEY, 'zh-cn')
-        self.client.login(username=self.instructor.username, password='test')
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
 
         self.student = UserFactory.create()
         set_user_preference(self.student, LANGUAGE_KEY, 'eo')
diff --git a/lms/djangoapps/instructor/tests/test_certificates.py b/lms/djangoapps/instructor/tests/test_certificates.py
index 5350d1d07f71..11fd82bfb302 100644
--- a/lms/djangoapps/instructor/tests/test_certificates.py
+++ b/lms/djangoapps/instructor/tests/test_certificates.py
@@ -64,11 +64,11 @@ def setUp(self):
 
     def test_visible_only_to_global_staff(self):
         # Instructors don't see the certificates section
-        self.client.login(username=self.instructor.username, password="test")
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
         self._assert_certificates_visible(False)
 
         # Global staff can see the certificates section
-        self.client.login(username=self.global_staff.username, password="test")
+        self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD)
         self._assert_certificates_visible(True)
 
     def test_visible_only_when_feature_flag_enabled(self):
@@ -77,17 +77,17 @@ def test_visible_only_when_feature_flag_enabled(self):
         cache.clear()
 
         # Now even global staff can't see the certificates section
-        self.client.login(username=self.global_staff.username, password="test")
+        self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD)
         self._assert_certificates_visible(False)
 
     @ddt.data("started", "error", "success")
     def test_show_certificate_status(self, status):
-        self.client.login(username=self.global_staff.username, password="test")
+        self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD)
         with self._certificate_status("honor", status):
             self._assert_certificate_status("honor", status)
 
     def test_show_enabled_button(self):
-        self.client.login(username=self.global_staff.username, password="test")
+        self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD)
 
         # Initially, no example certs are generated, so
         # the enable button should be disabled
@@ -104,7 +104,7 @@ def test_show_enabled_button(self):
             self._assert_enable_certs_button(False)
 
     def test_can_disable_even_after_failure(self):
-        self.client.login(username=self.global_staff.username, password="test")
+        self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD)
 
         with self._certificate_status("honor", "error"):
             # When certs are disabled for a course, then don't allow them
@@ -127,7 +127,7 @@ def test_show_enabled_button_for_html_certs(self):
         self.course.cert_html_view_enabled = True
         self.course.save()
         self.store.update_item(self.course, self.global_staff.id)
-        self.client.login(username=self.global_staff.username, password="test")
+        self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD)
         response = self.client.get(self.url)
         self.assertContains(response, 'Enable Student-Generated Certificates')
         self.assertContains(response, 'enable-certificates-submit')
@@ -143,7 +143,7 @@ def test_buttons_for_html_certs_in_self_paced_course(self):
         self.course.cert_html_view_enabled = True
         self.course.save()
         self.store.update_item(self.course, self.global_staff.id)
-        self.client.login(username=self.global_staff.username, password="test")
+        self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD)
         response = self.client.get(self.url)
         self.assertContains(response, 'Enable Student-Generated Certificates')
         self.assertContains(response, 'enable-certificates-submit')
@@ -233,18 +233,18 @@ def test_allow_only_global_staff(self, url_name):
         url = reverse(url_name, kwargs={'course_id': self.course.id})
 
         # Instructors do not have access
-        self.client.login(username=self.instructor.username, password='test')
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
         response = self.client.post(url)
         assert response.status_code == 403
 
         # Global staff have access
-        self.client.login(username=self.global_staff.username, password='test')
+        self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD)
         response = self.client.post(url)
         assert response.status_code == 302
 
     @ddt.data(True, False)
     def test_enable_certificate_generation(self, is_enabled):
-        self.client.login(username=self.global_staff.username, password='test')
+        self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD)
         url = reverse(
             'enable_certificate_generation',
             kwargs={'course_id': str(self.course.id)}
@@ -274,7 +274,7 @@ def test_certificate_generation_api_without_global_staff(self):
         user who made the request is not member of global staff.
         """
         user = UserFactory.create()
-        self.client.login(username=user.username, password='test')
+        self.client.login(username=user.username, password=self.TEST_PASSWORD)
         url = reverse(
             'start_certificate_generation',
             kwargs={'course_id': str(self.course.id)}
@@ -283,7 +283,7 @@ def test_certificate_generation_api_without_global_staff(self):
         response = self.client.post(url)
         assert response.status_code == 403
 
-        self.client.login(username=self.instructor.username, password='test')
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
         response = self.client.post(url)
         assert response.status_code == 403
 
@@ -292,7 +292,7 @@ def test_certificate_generation_api_with_global_staff(self):
         Test certificates generation api endpoint returns success status when called with
         valid course key
         """
-        self.client.login(username=self.global_staff.username, password='test')
+        self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD)
         url = reverse(
             'start_certificate_generation',
             kwargs={'course_id': str(self.course.id)}
@@ -319,7 +319,7 @@ def test_certificate_regeneration_success(self):
         )
 
         # Login the client and access the url with 'certificate_statuses'
-        self.client.login(username=self.global_staff.username, password='test')
+        self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD)
         url = reverse('start_certificate_regeneration', kwargs={'course_id': str(self.course.id)})
         response = self.client.post(url, data={'certificate_statuses': [CertificateStatuses.downloadable]})
 
@@ -352,7 +352,7 @@ def test_certificate_regeneration_error(self):
         )
 
         # Login the client and access the url without 'certificate_statuses'
-        self.client.login(username=self.global_staff.username, password='test')
+        self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD)
         url = reverse('start_certificate_regeneration', kwargs={'course_id': str(self.course.id)})
         response = self.client.post(url)
 
@@ -419,7 +419,7 @@ def setUp(self):
         # Enable certificate generation
         cache.clear()
         CertificateGenerationConfiguration.objects.create(enabled=True)
-        self.client.login(username=self.global_staff.username, password='test')
+        self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD)
 
     def test_certificate_exception_added_successfully(self):
         """
@@ -712,7 +712,7 @@ def setUp(self):
         # Enable certificate generation
         cache.clear()
         CertificateGenerationConfiguration.objects.create(enabled=True)
-        self.client.login(username=self.global_staff.username, password='test')
+        self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD)
 
     def test_generate_certificate_exceptions_all_students(self):
         """
@@ -830,7 +830,7 @@ def setUp(self):
         CourseEnrollment.enroll(self.enrolled_user_2, self.course.id)
 
         # Global staff can see the certificates section
-        self.client.login(username=self.global_staff.username, password="test")
+        self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD)
 
     def test_create_allowlist_exception_record(self):
         """
@@ -1026,7 +1026,7 @@ def setUp(self):
         )
 
         # Global staff can see the certificates section
-        self.client.login(username=self.global_staff.username, password="test")
+        self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD)
 
     def test_invalidate_certificate(self):
         """
diff --git a/lms/djangoapps/instructor/tests/test_email.py b/lms/djangoapps/instructor/tests/test_email.py
index a84c728c30e9..322c734fa613 100644
--- a/lms/djangoapps/instructor/tests/test_email.py
+++ b/lms/djangoapps/instructor/tests/test_email.py
@@ -40,7 +40,7 @@ def setUp(self):
 
         # Create instructor account
         instructor = AdminFactory.create()
-        self.client.login(username=instructor.username, password="test")
+        self.client.login(username=instructor.username, password=self.TEST_PASSWORD)
 
     def tearDown(self):
         super().tearDown()
@@ -148,7 +148,7 @@ def setUp(self):
 
         # Create instructor account
         instructor = AdminFactory.create()
-        self.client.login(username=instructor.username, password="test")
+        self.client.login(username=instructor.username, password=self.TEST_PASSWORD)
 
         # URL for instructor dash
         self.url = reverse('instructor_dashboard', kwargs={'course_id': str(self.course_key)})
diff --git a/lms/djangoapps/instructor/tests/test_proctoring.py b/lms/djangoapps/instructor/tests/test_proctoring.py
index 42fdb13a7f45..cd6be1517328 100644
--- a/lms/djangoapps/instructor/tests/test_proctoring.py
+++ b/lms/djangoapps/instructor/tests/test_proctoring.py
@@ -36,7 +36,7 @@ def setUp(self):
 
         # Create instructor account
         self.instructor = AdminFactory.create()
-        self.client.login(username=self.instructor.username, password="test")
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
 
     def setup_course_url(self, course):
         """
diff --git a/lms/djangoapps/instructor/tests/test_spoc_gradebook.py b/lms/djangoapps/instructor/tests/test_spoc_gradebook.py
index bf574e8f506f..221ed3603e27 100644
--- a/lms/djangoapps/instructor/tests/test_spoc_gradebook.py
+++ b/lms/djangoapps/instructor/tests/test_spoc_gradebook.py
@@ -56,7 +56,7 @@ def setUp(self):
         super().setUp()
 
         instructor = AdminFactory.create()
-        self.client.login(username=instructor.username, password='test')
+        self.client.login(username=instructor.username, password=self.TEST_PASSWORD)
         self.users = [UserFactory.create() for _ in range(USER_COUNT)]
         for user in self.users:
             CourseEnrollmentFactory.create(user=user, course_id=self.course.id)
diff --git a/lms/djangoapps/instructor/tests/views/test_instructor_dashboard.py b/lms/djangoapps/instructor/tests/views/test_instructor_dashboard.py
index bca16977a98c..db455f02587d 100644
--- a/lms/djangoapps/instructor/tests/views/test_instructor_dashboard.py
+++ b/lms/djangoapps/instructor/tests/views/test_instructor_dashboard.py
@@ -85,7 +85,7 @@ def setUp(self):
         self.course_mode.save()
         # Create instructor account
         self.instructor = AdminFactory.create()
-        self.client.login(username=self.instructor.username, password="test")
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
 
         # URL for instructor dash
         self.url = reverse('instructor_dashboard', kwargs={'course_id': str(self.course.id)})
@@ -169,7 +169,7 @@ def test_discussion_tab_for_course_staff_role(self, access_role, is_pages_and_re
                     org=self.course.id.org
                 )
                 set_course_cohorted(self.course.id, True)
-                self.client.login(username=self.user.username, password='test')
+                self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
                 response = self.client.get(self.url).content.decode('utf-8')
                 self.assertEqual(discussion_section in response, is_discussion_tab_available)
 
@@ -192,7 +192,7 @@ def test_discussion_tab_for_global_user(self, is_pages_and_resources_enabled,
             with override_waffle_flag(OVERRIDE_DISCUSSION_LEGACY_SETTINGS_FLAG, is_legacy_discussion_setting_enabled):
                 user = UserFactory.create(is_staff=True)
                 set_course_cohorted(self.course.id, True)
-                self.client.login(username=user.username, password='test')
+                self.client.login(username=user.username, password=self.TEST_PASSWORD)
                 response = self.client.get(self.url).content.decode('utf-8')
                 self.assertEqual(discussion_section in response, is_discussion_tab_available)
 
@@ -224,7 +224,7 @@ def test_data_download(self, access_role, can_access, waffle_status):
                 role=access_role,
                 org=self.course.id.org
             )
-            self.client.login(username=user.username, password="test")
+            self.client.login(username=user.username, password=self.TEST_PASSWORD)
             response = self.client.get(self.url)
             if can_access:
                 self.assertContains(response, download_section)
@@ -244,7 +244,7 @@ def test_data_download_only(self):
             role='data_researcher',
             org=self.course.id.org
         )
-        self.client.login(username=user.username, password="test")
+        self.client.login(username=user.username, password=self.TEST_PASSWORD)
         response = self.client.get(self.url)
         matches = re.findall(
             rb'<li class="nav-item"><button type="button" class="btn-link .*" data-section=".*">.*',
@@ -320,7 +320,7 @@ def test_student_admin_staff_instructor(self):
 
         # But staff user can only see specific grades
         staff = StaffFactory(course_key=self.course.id)
-        self.client.login(username=staff.username, password="test")
+        self.client.login(username=staff.username, password=self.TEST_PASSWORD)
         response = self.client.get(self.url)
         self.assertNotContains(response, '<h4 class="hd hd-4">Adjust all enrolled learners')
         self.assertContains(response, '<h4 class="hd hd-4">View a specific learner&#39;s grades and progress')
@@ -620,7 +620,7 @@ def setUp(self):
         self.course_mode.save()
         # Create instructor account
         self.instructor = AdminFactory.create()
-        self.client.login(username=self.instructor.username, password="test")
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
 
     def test_spoc_gradebook_mongo_calls(self):
         """
diff --git a/lms/djangoapps/instructor_task/rest_api/v1/tests/test_views.py b/lms/djangoapps/instructor_task/rest_api/v1/tests/test_views.py
index fb7f2a1ad2dc..bb338f0bf480 100644
--- a/lms/djangoapps/instructor_task/rest_api/v1/tests/test_views.py
+++ b/lms/djangoapps/instructor_task/rest_api/v1/tests/test_views.py
@@ -128,7 +128,7 @@ def test_list_tasks_basic_permissions(self, username, expected_status):
         Test case that verifies the permissions of the ListScheduledBulkEmailInstructorTasks view. A user without staff,
         instructor, or GlobalStaff access should not be able to retrieve the bulk email schedules for a course.
         """
-        self.client.login(username=username, password="test")
+        self.client.login(username=username, password=self.TEST_PASSWORD)
         response = self.client.get(self._build_api_url(self.course1.id))
         assert response.status_code == expected_status
 
@@ -143,7 +143,7 @@ def test_list_tasks(self):
         # add a "In Progress" task which shouldn't be returned in our results
         self._create_scheduled_course_emails_for_course(self.course1.id, self.instructor_course1, PROGRESS, 1)
 
-        self.client.login(username=self.instructor_course1.username, password="test")
+        self.client.login(username=self.instructor_course1.username, password=self.TEST_PASSWORD)
         response = self.client.get(self._build_api_url(self.course1.id))
         results = response.data.get("results")
 
@@ -169,7 +169,7 @@ def test_delete_schedules(self):
         expected_task_output_msg = "Task revoked before running"
 
         self._create_scheduled_course_emails_for_course(self.course1.id, self.instructor_course1, SCHEDULED, 3)
-        self.client.login(username=self.instructor_course1.username, password="test")
+        self.client.login(username=self.instructor_course1.username, password=self.TEST_PASSWORD)
         response = self.client.get(self._build_api_url(self.course1.id))
         results = response.data.get("results")
 
@@ -199,7 +199,7 @@ def test_delete_schedules_schedule_does_not_exist(self):
 
         This test verifies the response received when we try to delete a task schedule that does not exist.
         """
-        self.client.login(username=self.instructor_course1.username, password="test")
+        self.client.login(username=self.instructor_course1.username, password=self.TEST_PASSWORD)
         response = self.client.delete(f"{self._build_api_url(self.course1.id)}123456789")
         assert response.status_code == 404
 
@@ -214,7 +214,7 @@ def test_delete_schedule_task_already_processed(self):
         task = InstructorTask.objects.get(course_id=self.course1.id)
         schedule = InstructorTaskSchedule.objects.get(task=task)
 
-        self.client.login(username=self.instructor_course1.username, password="test")
+        self.client.login(username=self.instructor_course1.username, password=self.TEST_PASSWORD)
         response = self.client.delete(f"{self._build_api_url(self.course1.id)}{schedule.id}")
         assert response.status_code == 400
 
@@ -232,7 +232,7 @@ def test_update_schedule_new_date(self):
             "schedule": schedule_datetime.strftime('%Y-%m-%dT%H:%M:%SZ'),
             "browser_timezone": "UTC"
         }
-        self.client.login(username=self.instructor_course1.username, password="test")
+        self.client.login(username=self.instructor_course1.username, password=self.TEST_PASSWORD)
         response = self.client.patch(
             f"{self._build_api_url(self.course1.id)}{task_schedule.id}",
             data=json.dumps(data),
@@ -262,7 +262,7 @@ def test_update_schedule_edit_email(self):
             }
         }
 
-        self.client.login(username=self.instructor_course1.username, password="test")
+        self.client.login(username=self.instructor_course1.username, password=self.TEST_PASSWORD)
         response = self.client.patch(
             f"{self._build_api_url(self.course1.id)}{task_schedule.id}",
             data=json.dumps(data),
@@ -296,7 +296,7 @@ def test_update_schedule_bad_date(self):
             f"Cannot update instructor task schedule '{task_schedule.id}', the updated schedule occurs in the past"
         )
 
-        self.client.login(username=self.instructor_course1.username, password="test")
+        self.client.login(username=self.instructor_course1.username, password=self.TEST_PASSWORD)
         response = self.client.patch(
             f"{self._build_api_url(self.course1.id)}{task_schedule.id}",
             data=json.dumps(data),
@@ -328,7 +328,7 @@ def test_update_schedule_bad_email_target_data(self):
             f"Subject{email_id}'"
         )
 
-        self.client.login(username=self.instructor_course1.username, password="test")
+        self.client.login(username=self.instructor_course1.username, password=self.TEST_PASSWORD)
         response = self.client.patch(
             f"{self._build_api_url(self.course1.id)}{task_schedule.id}",
             data=json.dumps(data),
@@ -359,7 +359,7 @@ def test_update_schedule_mismatched_email_id(self):
             "specified in the request does not match the email id associated with the task"
         )
 
-        self.client.login(username=self.instructor_course1.username, password="test")
+        self.client.login(username=self.instructor_course1.username, password=self.TEST_PASSWORD)
         response = self.client.patch(
             f"{self._build_api_url(self.course1.id)}{task_schedule.id}",
             data=json.dumps(data),
@@ -379,7 +379,7 @@ def test_update_schedule_dne(self):
             "browser_timezone": "UTC"
         }
 
-        self.client.login(username=self.instructor_course1.username, password="test")
+        self.client.login(username=self.instructor_course1.username, password=self.TEST_PASSWORD)
         response = self.client.patch(
             f"{self._build_api_url(self.course1.id)}8675309",
             data=json.dumps(data),
diff --git a/lms/djangoapps/instructor_task/tests/test_base.py b/lms/djangoapps/instructor_task/tests/test_base.py
index 2f1fcfdc5eb8..a11403f5a60c 100644
--- a/lms/djangoapps/instructor_task/tests/test_base.py
+++ b/lms/djangoapps/instructor_task/tests/test_base.py
@@ -161,7 +161,7 @@ def login_username(self, username):
         if self.current_user != username:
             self.logout()
             user_email = User.objects.get(username=username).email
-            self.login(user_email, "test")
+            self.login(user_email, self.TEST_PASSWORD)
             self.current_user = username
 
     def _create_user(self, username, email=None, is_staff=False, mode='honor', enrollment_active=True):
diff --git a/lms/djangoapps/learner_dashboard/api/v0/tests/test_views.py b/lms/djangoapps/learner_dashboard/api/v0/tests/test_views.py
index aaaafb89a2d8..7a51f4680d35 100644
--- a/lms/djangoapps/learner_dashboard/api/v0/tests/test_views.py
+++ b/lms/djangoapps/learner_dashboard/api/v0/tests/test_views.py
@@ -54,7 +54,6 @@
 class TestProgramProgressDetailView(ProgramsApiConfigMixin, SharedModuleStoreTestCase):
     """Unit tests for the program progress detail page."""
     program_uuid = str(uuid4())
-    password = 'test'
     url = reverse_lazy('learner_dashboard:v0:program_progress_detail', kwargs={'program_uuid': program_uuid})
 
     @classmethod
@@ -75,7 +74,7 @@ def setUp(self):
         super().setUp()
 
         self.user = UserFactory()
-        self.client.login(username=self.user.username, password=self.password)
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
     def assert_program_data_present(self, response):
         """Verify that program data is present."""
@@ -148,7 +147,6 @@ class TestProgramsView(SharedModuleStoreTestCase, ProgramCacheMixin):
 
     enterprise_uuid = str(uuid4())
     program_uuid = str(uuid4())
-    password = 'test'
     url = reverse_lazy('learner_dashboard:v0:program_list', kwargs={'enterprise_uuid': enterprise_uuid})
 
     @classmethod
@@ -188,7 +186,7 @@ def setUpClass(cls):
 
     def setUp(self):
         super().setUp()
-        self.client.login(username=self.user.username, password=self.password)
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         self.set_program_in_catalog_cache(self.program_uuid, self.program)
         ProgramEnrollmentFactory.create(
             user=self.user,
diff --git a/lms/djangoapps/learner_dashboard/tests/test_programs.py b/lms/djangoapps/learner_dashboard/tests/test_programs.py
index 6b2b1604515d..c1b699c44afa 100644
--- a/lms/djangoapps/learner_dashboard/tests/test_programs.py
+++ b/lms/djangoapps/learner_dashboard/tests/test_programs.py
@@ -55,7 +55,6 @@ def load_serialized_data(response, key):
 class TestProgramListing(ProgramsApiConfigMixin, SharedModuleStoreTestCase):
     """Unit tests for the program listing page."""
     maxDiff = None
-    password = 'test'
     url = reverse_lazy('program_listing_view')
 
     @classmethod
@@ -75,7 +74,7 @@ def setUp(self):
         super().setUp()
 
         self.user = UserFactory()
-        self.client.login(username=self.user.username, password=self.password)
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
     @classmethod
     def program_sort_key(cls, program):
@@ -112,7 +111,7 @@ def test_login_required(self, mock_get_programs):
             '{}?next={}'.format(reverse('signin_user'), self.url)
         )
 
-        self.client.login(username=self.user.username, password=self.password)
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
         response = self.client.get(self.url)
         assert response.status_code == 200
@@ -224,7 +223,7 @@ def setUp(self):
         super().setUp()
 
         self.user = UserFactory()
-        self.client.login(username=self.user.username, password=self.password)
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
     def assert_program_data_present(self, response):
         """Verify that program data is present."""
@@ -277,7 +276,7 @@ def test_login_required(self, mock_get_programs, mock_get_pathways):
             '{}?next={}'.format(reverse('signin_user'), self.url)
         )
 
-        self.client.login(username=self.user.username, password=self.password)
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
         with mock.patch('lms.djangoapps.learner_dashboard.programs.get_certificates') as certs:
             certs.return_value = [{'type': 'program', 'url': '/'}]
@@ -324,7 +323,7 @@ def setUpClass(cls):
     def setUp(self):
         super().setUp()
         self.user = UserFactory()
-        self.client.login(username=self.user.username, password=self.password)
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         self.set_program_in_catalog_cache(self.program_uuid, self.program)
         self.create_programs_config()
 
diff --git a/lms/djangoapps/learner_dashboard/tests/test_views.py b/lms/djangoapps/learner_dashboard/tests/test_views.py
index d38b2876f514..03f7da1d8c6d 100644
--- a/lms/djangoapps/learner_dashboard/tests/test_views.py
+++ b/lms/djangoapps/learner_dashboard/tests/test_views.py
@@ -26,7 +26,6 @@
 class TestProgramDiscussionIframeView(SharedModuleStoreTestCase, ProgramCacheMixin):
     """Unit tests for the program details page."""
     program_uuid = str(uuid4())
-    password = 'test'
     url = reverse_lazy('program_discussion', kwargs={'program_uuid': program_uuid})
 
     @classmethod
@@ -41,7 +40,7 @@ def setUpClass(cls):
     def setUp(self):
         super().setUp()
         self.user = UserFactory()
-        self.client.login(username=self.user.username, password=self.password)
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         self.set_program_in_catalog_cache(self.program_uuid, self.program)
         ProgramEnrollmentFactory.create(
             user=self.user,
@@ -103,7 +102,7 @@ def test_api_returns_discussions_iframe(self, staff):
         """
         if staff:
             self.user = UserFactory(is_staff=True)
-            self.client.login(username=self.user.username, password=self.password)
+            self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         discussion_config = ProgramDiscussionsConfiguration.objects.create(
             program_uuid=self.program_uuid,
             enabled=True,
@@ -126,7 +125,7 @@ def test_program_without_enrollment(self):
         Test if API returns default response in case a non staff user has no enrollment in the program
         """
         self.user = UserFactory()
-        self.client.login(username=self.user.username, password=self.password)
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         response = self.client.get(self.url)
         default_response = {
             'tab_view_enabled': False,
diff --git a/lms/djangoapps/learner_recommendations/tests/test_views.py b/lms/djangoapps/learner_recommendations/tests/test_views.py
index d582eaf334a8..5be5b09e7471 100644
--- a/lms/djangoapps/learner_recommendations/tests/test_views.py
+++ b/lms/djangoapps/learner_recommendations/tests/test_views.py
@@ -23,8 +23,9 @@ class TestRecommendationsBase(APITestCase):
 
     def setUp(self):
         super().setUp()
-        self.user = UserFactory()
-        self.client.login(username=self.user.username, password="test")
+        self.TEST_PASSWORD = 'password'
+        self.user = UserFactory(password=self.TEST_PASSWORD)
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         self.recommended_courses = [
             "MITx+6.00.1x",
             "IBM+PY0101EN",
diff --git a/lms/djangoapps/mobile_api/testutils.py b/lms/djangoapps/mobile_api/testutils.py
index fe2804782a06..9c60cdabcc16 100644
--- a/lms/djangoapps/mobile_api/testutils.py
+++ b/lms/djangoapps/mobile_api/testutils.py
@@ -50,7 +50,7 @@ def setUp(self):
             certificate_available_date=datetime.datetime.now(pytz.UTC)
         )
         self.user = UserFactory.create()
-        self.password = 'test'
+        self.password = 'password'
         self.username = self.user.username
         self.api_version = API_V1
         IgnoreMobileAvailableFlagConfig(enabled=False).save()
diff --git a/lms/djangoapps/staticbook/tests.py b/lms/djangoapps/staticbook/tests.py
index 81c67523f248..919ee16c4fef 100644
--- a/lms/djangoapps/staticbook/tests.py
+++ b/lms/djangoapps/staticbook/tests.py
@@ -60,7 +60,7 @@ def make_course(self, **kwargs):
         self.course = CourseFactory.create(**kwargs)
         user = UserFactory.create()
         CourseEnrollmentFactory.create(user=user, course_id=self.course.id)
-        self.client.login(username=user.username, password='test')
+        self.client.login(username=user.username, password=self.TEST_PASSWORD)
 
     def make_url(self, url_name, **kwargs):
         """
diff --git a/lms/djangoapps/survey/tests/test_models.py b/lms/djangoapps/survey/tests/test_models.py
index 0fb2b5fe7476..0ca820652a17 100644
--- a/lms/djangoapps/survey/tests/test_models.py
+++ b/lms/djangoapps/survey/tests/test_models.py
@@ -30,7 +30,7 @@ def setUp(self):
         self.client = Client()
 
         # Create two accounts
-        self.password = 'abc'
+        self.password = 'password'
         self.student = UserFactory.create(
             username='student', email='student@test.com', password=self.password,
         )
diff --git a/lms/djangoapps/survey/tests/test_utils.py b/lms/djangoapps/survey/tests/test_utils.py
index 2764380b5620..5dea69117e82 100644
--- a/lms/djangoapps/survey/tests/test_utils.py
+++ b/lms/djangoapps/survey/tests/test_utils.py
@@ -28,7 +28,7 @@ def setUp(self):
         self.client = Client()
 
         # Create two accounts
-        self.password = 'abc'
+        self.password = 'password'
         self.student = UserFactory.create(
             username='student', email='student@test.com', password=self.password,
         )
diff --git a/lms/djangoapps/survey/tests/test_views.py b/lms/djangoapps/survey/tests/test_views.py
index 1e2ff04ba9a2..83b74b3c5e10 100644
--- a/lms/djangoapps/survey/tests/test_views.py
+++ b/lms/djangoapps/survey/tests/test_views.py
@@ -29,7 +29,7 @@ def setUp(self):
         self.client = Client()
 
         # Create two accounts
-        self.password = 'abc'
+        self.password = 'password'
         self.student = UserFactory.create(username='student', email='student@test.com', password=self.password)
 
         self.test_survey_name = 'TestSurvey'
diff --git a/lms/djangoapps/verify_student/tests/test_views.py b/lms/djangoapps/verify_student/tests/test_views.py
index ea2ccb891988..9e81b9e837ec 100644
--- a/lms/djangoapps/verify_student/tests/test_views.py
+++ b/lms/djangoapps/verify_student/tests/test_views.py
@@ -122,8 +122,8 @@ def test_start_new_verification(self):
         Test the case where the user has no pending `PhotoVerificationAttempts`,
         but is just starting their first.
         """
-        UserFactory.create(username="rusty", password="test")
-        self.client.login(username="rusty", password="test")
+        UserFactory.create(username="rusty", password="password")
+        self.client.login(username="rusty", password="password")
 
     def must_be_logged_in(self):
         self.assertHttpForbidden(self.client.get(self.start_url()))  # lint-amnesty, pylint: disable=no-member
@@ -1055,11 +1055,11 @@ def setUp(self):
         """ Create a user and course. """
         super().setUp()
 
-        self.user = UserFactory.create(username="test", password="test")
+        self.user = UserFactory.create(username="test", password="password")
         self.course = CourseFactory.create()
         for mode, min_price in (('audit', 0), ('honor', 0), ('verified', 100)):
             CourseModeFactory.create(mode_slug=mode, course_id=self.course.id, min_price=min_price, sku=self.make_sku())
-        self.client.login(username="test", password="test")
+        self.client.login(username="test", password="password")
 
     def _assert_checked_out(
         self,
@@ -1868,7 +1868,7 @@ def setUp(self):
         super().setUp()
 
         self.user = AdminFactory()
-        login_success = self.client.login(username=self.user.username, password='test')
+        login_success = self.client.login(username=self.user.username, password='password')
         assert login_success
         self.attempt = SoftwareSecurePhotoVerification(
             status="submitted",
@@ -1895,7 +1895,7 @@ def test_photo_url_view_returns_404_if_invalid_receipt_id(self):
 
     def test_403_for_non_staff(self):
         self.user = UserFactory()
-        login_success = self.client.login(username=self.user.username, password='test')
+        login_success = self.client.login(username=self.user.username, password='password')
         assert login_success
         url = reverse('verification_photo_urls', kwargs={'receipt_id': str(self.receipt_id)})
         response = self.client.get(url)
@@ -1934,7 +1934,7 @@ class TestDecodeImageViews(MockS3Boto3Mixin, TestVerificationBase):
     def setUp(self):
         super().setUp()
         self.user = AdminFactory()
-        login_success = self.client.login(username=self.user.username, password='test')
+        login_success = self.client.login(username=self.user.username, password='password')
         assert login_success
 
     def _mock_submit_images(self):
@@ -1995,7 +1995,7 @@ def test_download_image_response(self, img_type, _mock_get_storage):
     @ddt.data("face", "photo_id")
     def test_403_for_non_staff(self, img_type):
         self.user = UserFactory()
-        login_success = self.client.login(username=self.user.username, password='test')
+        login_success = self.client.login(username=self.user.username, password='password')
         assert login_success
 
         self._mock_submit_images()
diff --git a/openedx/core/djangoapps/contentserver/test/test_contentserver.py b/openedx/core/djangoapps/contentserver/test/test_contentserver.py
index 700eff642778..e9ee1f7ee5b2 100644
--- a/openedx/core/djangoapps/contentserver/test/test_contentserver.py
+++ b/openedx/core/djangoapps/contentserver/test/test_contentserver.py
@@ -156,7 +156,7 @@ def test_locked_versioned_asset(self):
         CourseEnrollment.enroll(self.non_staff_usr, self.course_key)
         assert CourseEnrollment.is_enrolled(self.non_staff_usr, self.course_key)
 
-        self.client.login(username=self.non_staff_usr, password='test')
+        self.client.login(username=self.non_staff_usr, password=self.TEST_PASSWORD)
         resp = self.client.get(self.url_locked_versioned)
         assert resp.status_code == 200
 
@@ -167,7 +167,7 @@ def test_locked_versioned_old_styleasset(self):
         CourseEnrollment.enroll(self.non_staff_usr, self.course_key)
         assert CourseEnrollment.is_enrolled(self.non_staff_usr, self.course_key)
 
-        self.client.login(username=self.non_staff_usr, password='test')
+        self.client.login(username=self.non_staff_usr, password=self.TEST_PASSWORD)
         resp = self.client.get(self.url_locked_versioned_old_style, follow=True)
         assert resp.status_code == 200
 
@@ -185,7 +185,7 @@ def test_locked_asset_not_registered(self):
         Test that locked assets behave appropriately in case user is logged in
         in but not registered for the course.
         """
-        self.client.login(username=self.non_staff_usr, password='test')
+        self.client.login(username=self.non_staff_usr, password=self.TEST_PASSWORD)
         resp = self.client.get(self.url_locked)
         assert resp.status_code == 403
 
@@ -197,7 +197,7 @@ def test_locked_asset_registered(self):
         CourseEnrollment.enroll(self.non_staff_usr, self.course_key)
         assert CourseEnrollment.is_enrolled(self.non_staff_usr, self.course_key)
 
-        self.client.login(username=self.non_staff_usr, password='test')
+        self.client.login(username=self.non_staff_usr, password=self.TEST_PASSWORD)
         resp = self.client.get(self.url_locked)
         assert resp.status_code == 200
 
@@ -205,7 +205,7 @@ def test_locked_asset_staff(self):
         """
         Test that locked assets behave appropriately in case user is staff.
         """
-        self.client.login(username=self.staff_usr, password='test')
+        self.client.login(username=self.staff_usr, password=self.TEST_PASSWORD)
         resp = self.client.get(self.url_locked)
         assert resp.status_code == 200
 
@@ -320,7 +320,7 @@ def test_cache_headers_with_ttl_locked(self, mock_get_cache_ttl):
         CourseEnrollment.enroll(self.non_staff_usr, self.course_key)
         assert CourseEnrollment.is_enrolled(self.non_staff_usr, self.course_key)
 
-        self.client.login(username=self.non_staff_usr, password='test')
+        self.client.login(username=self.non_staff_usr, password=self.TEST_PASSWORD)
         resp = self.client.get(self.url_locked)
         assert resp.status_code == 200
         assert 'Expires' not in resp
@@ -350,7 +350,7 @@ def test_cache_headers_without_ttl_locked(self, mock_get_cache_ttl):
         CourseEnrollment.enroll(self.non_staff_usr, self.course_key)
         assert CourseEnrollment.is_enrolled(self.non_staff_usr, self.course_key)
 
-        self.client.login(username=self.non_staff_usr, password='test')
+        self.client.login(username=self.non_staff_usr, password=self.TEST_PASSWORD)
         resp = self.client.get(self.url_locked)
         assert resp.status_code == 200
         assert 'Expires' not in resp
diff --git a/openedx/core/djangoapps/course_apps/rest_api/tests/test_views.py b/openedx/core/djangoapps/course_apps/rest_api/tests/test_views.py
index 2c1e615229b6..768643a7a204 100644
--- a/openedx/core/djangoapps/course_apps/rest_api/tests/test_views.py
+++ b/openedx/core/djangoapps/course_apps/rest_api/tests/test_views.py
@@ -32,7 +32,7 @@ def setUp(self):
         self.instructor = UserFactory()
         self.user = UserFactory()
         self.client = Client()
-        self.client.login(username=self.instructor.username, password="test")
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
         self.url = reverse("course_apps_api:v1:course_apps", kwargs=dict(course_id=self.course.id))
         CourseStaffRole(self.course.id).add_users(self.instructor)
 
diff --git a/openedx/core/djangoapps/oauth_dispatch/tests/test_dot_overrides.py b/openedx/core/djangoapps/oauth_dispatch/tests/test_dot_overrides.py
index 37bc12ceaa27..549917474789 100644
--- a/openedx/core/djangoapps/oauth_dispatch/tests/test_dot_overrides.py
+++ b/openedx/core/djangoapps/oauth_dispatch/tests/test_dot_overrides.py
@@ -31,19 +31,20 @@ class AuthenticateTestCase(TestCase):
 
     def setUp(self):
         super().setUp()
+        self.TEST_PASSWORD = 'password'
         self.user = UserFactory.create(
             username='darkhelmet',
-            password='12345',
+            password=self.TEST_PASSWORD,
             email='darkhelmet@spaceball_one.org',
         )
         self.validator = EdxOAuth2Validator()
 
     def test_authenticate_with_username(self):
-        user = self.validator._authenticate(username='darkhelmet', password='12345')
+        user = self.validator._authenticate(username='darkhelmet', password=self.TEST_PASSWORD)
         assert self.user == user
 
     def test_authenticate_with_email(self):
-        user = self.validator._authenticate(username='darkhelmet@spaceball_one.org', password='12345')
+        user = self.validator._authenticate(username='darkhelmet@spaceball_one.org', password=self.TEST_PASSWORD)
         assert self.user == user
 
 
@@ -56,9 +57,10 @@ class CustomValidationTestCase(TestCase):
     """
     def setUp(self):
         super().setUp()
+        self.TEST_PASSWORD = "password"
         self.user = UserFactory.create(
             username='darkhelmet',
-            password='12345',
+            password=self.TEST_PASSWORD,
             email='darkhelmet@spaceball_one.org',
         )
         self.validator = EdxOAuth2Validator()
@@ -67,13 +69,13 @@ def setUp(self):
     def test_active_user_validates(self):
         assert self.user.is_active
         request = self.request_factory.get('/')
-        assert self.validator.validate_user('darkhelmet', '12345', client=None, request=request)
+        assert self.validator.validate_user('darkhelmet', self.TEST_PASSWORD, client=None, request=request)
 
     def test_inactive_user_validates(self):
         self.user.is_active = False
         self.user.save()
         request = self.request_factory.get('/')
-        assert self.validator.validate_user('darkhelmet', '12345', client=None, request=request)
+        assert self.validator.validate_user('darkhelmet', self.TEST_PASSWORD, client=None, request=request)
 
 
 @skip_unless_lms
@@ -87,9 +89,10 @@ class CustomAuthorizationViewTestCase(TestCase):
     """
     def setUp(self):
         super().setUp()
+        self.TEST_PASSWORD = 'password'
         self.dot_adapter = adapters.DOTAdapter()
-        self.user = UserFactory()
-        self.client.login(username=self.user.username, password='test')
+        self.user = UserFactory(password=self.TEST_PASSWORD)
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
         self.restricted_dot_app = self._create_restricted_app()
         self._create_expired_token(self.restricted_dot_app)
diff --git a/openedx/core/djangoapps/oauth_dispatch/tests/test_views.py b/openedx/core/djangoapps/oauth_dispatch/tests/test_views.py
index d6ed9ca30cbf..276e4b7825d1 100644
--- a/openedx/core/djangoapps/oauth_dispatch/tests/test_views.py
+++ b/openedx/core/djangoapps/oauth_dispatch/tests/test_views.py
@@ -86,8 +86,9 @@ class _DispatchingViewTestCase(TestCase):
     """
     def setUp(self):
         super().setUp()
+        self.TEST_PASSWORD = "password"
         self.dot_adapter = adapters.DOTAdapter()
-        self.user = UserFactory()
+        self.user = UserFactory(password=self.TEST_PASSWORD)
         self.dot_app = self.dot_adapter.create_public_client(
             name='test dot application',
             user=self.user,
@@ -148,7 +149,7 @@ def _post_body(self, user, client, token_type=None, scope=None, asymmetric_jwt=N
 
         if grant_type == dot_models.Application.GRANT_PASSWORD:
             body['username'] = user.username
-            body['password'] = 'test'
+            body['password'] = self.TEST_PASSWORD
         elif grant_type == dot_models.Application.GRANT_CLIENT_CREDENTIALS:
             body['client_secret'] = client.client_secret
 
@@ -598,7 +599,7 @@ def setUp(self):
     @ddt.unpack
     def test_post_authorization_view(self, client_type, allow_field):
         oauth_application = getattr(self, f'{client_type}_app')
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         response = self.client.post(
             '/oauth2/authorize/',
             {
@@ -620,7 +621,7 @@ def test_check_dot_authorization_page_get(self):
         Make sure we get the overridden Authorization page - not
         the default django-oauth-toolkit when we perform a page load
         """
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         response = self.client.get(
             '/oauth2/authorize/',
             {
@@ -787,7 +788,7 @@ def access_token_post_body_with_password(self):
             'client_id': self.dot_app.client_id,
             'grant_type': 'password',
             'username': self.user.username,
-            'password': 'test',
+            'password': self.TEST_PASSWORD,
         }
 
     def access_token_post_body_with_refresh_token(self, refresh_token):
diff --git a/openedx/core/djangoapps/safe_sessions/tests/test_middleware.py b/openedx/core/djangoapps/safe_sessions/tests/test_middleware.py
index babc3160f81e..c81a4aff776b 100644
--- a/openedx/core/djangoapps/safe_sessions/tests/test_middleware.py
+++ b/openedx/core/djangoapps/safe_sessions/tests/test_middleware.py
@@ -36,6 +36,7 @@ def setUp(self):
         self.user = UserFactory.create()
         self.addCleanup(set_current_request, None)
         self.request = get_mock_request()
+        self.TEST_PASSWORD = 'password'
 
     def assert_response(self, safe_cookie_data=None, success=True):
         """
@@ -79,7 +80,7 @@ def assert_user_in_session(self):
     @patch("openedx.core.djangoapps.safe_sessions.middleware.LOG_REQUEST_USER_CHANGES", False)
     @patch("openedx.core.djangoapps.safe_sessions.middleware.track_request_user_changes")
     def test_success(self, mock_log_request_user_changes):
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         session_id = self.client.session.session_key
         safe_cookie_data = SafeCookieData.create(session_id, self.user.id)
 
@@ -106,7 +107,7 @@ def test_success(self, mock_log_request_user_changes):
     @patch("openedx.core.djangoapps.safe_sessions.middleware.LOG_REQUEST_USER_CHANGES", True)
     @patch("openedx.core.djangoapps.safe_sessions.middleware.track_request_user_changes")
     def test_log_request_user_on(self, mock_log_request_user_changes):
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         session_id = self.client.session.session_key
         safe_cookie_data = SafeCookieData.create(session_id, self.user.id)
 
@@ -134,7 +135,7 @@ def test_parse_error_at_step_1(self):
         self.assert_no_session()
 
     def test_invalid_user_at_step_4(self):
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         safe_cookie_data = SafeCookieData.create(self.client.session.session_key, 'no_such_user')
         self.request.META['HTTP_ACCEPT'] = 'text/html'
         with self.assert_incorrect_user_logged():
@@ -258,7 +259,8 @@ class TestSafeSessionMiddleware(TestSafeSessionsLogMixin, CacheIsolationTestCase
 
     def setUp(self):
         super().setUp()
-        self.user = UserFactory.create()
+        self.TEST_PASSWORD = 'password'
+        self.user = UserFactory.create(password=self.TEST_PASSWORD)
         self.addCleanup(set_current_request, None)
         self.request = get_mock_request()
         self.client.response = HttpResponse()
@@ -278,7 +280,7 @@ def set_up_for_success(self):
         """
         Set up request for success path -- everything up until process_response().
         """
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
         session_id = self.client.session.session_key
         safe_cookie_data = SafeCookieData.create(session_id, self.user.id)
diff --git a/openedx/core/djangoapps/theming/tests/test_theme_style_overrides.py b/openedx/core/djangoapps/theming/tests/test_theme_style_overrides.py
index 21b9ba952a3e..bc38553c98a6 100644
--- a/openedx/core/djangoapps/theming/tests/test_theme_style_overrides.py
+++ b/openedx/core/djangoapps/theming/tests/test_theme_style_overrides.py
@@ -24,14 +24,15 @@ def setUp(self):
         Clear static file finders cache and register cleanup methods.
         """
         super().setUp()
-        self.user = UserFactory()
+        self.TEST_PASSWORD = 'password'
+        self.user = UserFactory(password=self.TEST_PASSWORD)
 
         # Clear the internal staticfiles caches, to get test isolation.
         staticfiles.finders.get_finder.cache_clear()
 
     def _login(self):
         """ Log into LMS. """
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
     @with_comprehensive_theme("test-theme")
     def test_footer(self):
diff --git a/openedx/core/djangoapps/theming/tests/test_views.py b/openedx/core/djangoapps/theming/tests/test_views.py
index 3eefd7bed890..8ea0d1d5bb17 100644
--- a/openedx/core/djangoapps/theming/tests/test_views.py
+++ b/openedx/core/djangoapps/theming/tests/test_views.py
@@ -13,7 +13,7 @@
 
 THEMING_ADMIN_URL = '/theming/admin'
 TEST_THEME_NAME = 'test-theme'
-TEST_PASSWORD = 'test'
+TEST_PASSWORD = 'password'
 
 
 class TestThemingViews(TestCase):
diff --git a/openedx/core/djangoapps/user_api/accounts/tests/test_api.py b/openedx/core/djangoapps/user_api/accounts/tests/test_api.py
index fb4686d13934..f7af42dd6b03 100644
--- a/openedx/core/djangoapps/user_api/accounts/tests/test_api.py
+++ b/openedx/core/djangoapps/user_api/accounts/tests/test_api.py
@@ -88,7 +88,7 @@ class TestAccountApi(UserSettingsEventTestMixin, EmailTemplateTagMixin, CreateAc
     This includes the specific types of error raised, and default behavior when optional arguments
     are not specified.
     """
-    password = "test"
+    password = "password"
 
     def setUp(self):
         super().setUp()
diff --git a/openedx/core/djangoapps/user_api/tests/test_views.py b/openedx/core/djangoapps/user_api/tests/test_views.py
index aaf2daf96f76..f8d272df77df 100644
--- a/openedx/core/djangoapps/user_api/tests/test_views.py
+++ b/openedx/core/djangoapps/user_api/tests/test_views.py
@@ -33,6 +33,7 @@ class UserAPITestCase(ApiTestCase):
     Parent test case for User API workflow coverage
     """
     LIST_URI = USER_LIST_URI
+    TEST_PASSWORD = "password"
 
     def get_uri_for_user(self, target_user):
         """Given a user object, get the URI for the corresponding resource"""
diff --git a/openedx/core/djangoapps/user_api/verification_api/tests/test_views.py b/openedx/core/djangoapps/user_api/verification_api/tests/test_views.py
index 1a5d4fe46bdc..46b3d65678f8 100644
--- a/openedx/core/djangoapps/user_api/verification_api/tests/test_views.py
+++ b/openedx/core/djangoapps/user_api/verification_api/tests/test_views.py
@@ -23,7 +23,7 @@ class VerificationViewTestsMixinBase:
     """ Base class for the tests on verification views """
     VIEW_NAME = None
     CREATED_AT = datetime.datetime.strptime(FROZEN_TIME, '%Y-%m-%d')
-    PASSWORD = 'test'
+    PASSWORD = 'password'
 
     def setUp(self):
         freezer = freezegun.freeze_time(FROZEN_TIME)
diff --git a/openedx/core/djangoapps/user_authn/api/tests/test_views.py b/openedx/core/djangoapps/user_authn/api/tests/test_views.py
index d8ab2c37c1a1..3d5927115022 100644
--- a/openedx/core/djangoapps/user_authn/api/tests/test_views.py
+++ b/openedx/core/djangoapps/user_authn/api/tests/test_views.py
@@ -390,9 +390,9 @@ def setUp(self):
         Create a user, then log in.
         """
         super().setUp()
-        self.user = UserFactory()
+        self.user = UserFactory(password=self.TEST_PASSWORD)
         Registration().register(self.user)
-        result = self.client.login(username=self.user.username, password="test")
+        result = self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         assert result, 'Could not log in'
         self.path = reverse('send_account_activation_email')
 
diff --git a/openedx/core/djangoapps/user_authn/tests/utils.py b/openedx/core/djangoapps/user_authn/tests/utils.py
index 4b002eef310a..1ec522e430db 100644
--- a/openedx/core/djangoapps/user_authn/tests/utils.py
+++ b/openedx/core/djangoapps/user_authn/tests/utils.py
@@ -58,7 +58,7 @@ class AuthAndScopesTestMixin:
             self.student.
     """
     default_scopes = None
-    user_password = 'test'
+    user_password = 'password'
 
     def setUp(self):
         super().setUp()
diff --git a/openedx/core/djangoapps/user_authn/views/tests/test_password.py b/openedx/core/djangoapps/user_authn/views/tests/test_password.py
index 764a2178af36..408a04d0c115 100644
--- a/openedx/core/djangoapps/user_authn/views/tests/test_password.py
+++ b/openedx/core/djangoapps/user_authn/views/tests/test_password.py
@@ -99,8 +99,8 @@ class TestPasswordChange(CreateAccountMixin, CacheIsolationTestCase):
 
     USERNAME = "heisenberg"
     ALTERNATE_USERNAME = "walt"
-    OLD_PASSWORD = "ḅḷüëṡḳÿ"
-    NEW_PASSWORD = "B🄸🄶B🄻🅄🄴"
+    OLD_PASSWORD = "ḅḷüëṡḳÿ1"
+    NEW_PASSWORD = "B🄸🄶B🄻🅄🄴1"
     OLD_EMAIL = "walter@graymattertech.com"
     NEW_EMAIL = "walt@savewalterwhite.com"
 
@@ -192,11 +192,11 @@ def test_password_change_from_support_tools(self, is_superuser, is_staff, reset_
         UserFactory.create(
             username='edx',
             email='edx@example.com',
-            password='edx',
+            password='password',
             is_superuser=is_superuser,
             is_staff=is_staff,
         )
-        self.client.login(username='edx', password='edx')
+        self.client.login(username='edx', password='password')
 
         response = self._change_password_from_support(email_from_support_tools=self.OLD_EMAIL)
         assert response.status_code == 200
diff --git a/openedx/features/course_duration_limits/tests/test_course_expiration.py b/openedx/features/course_duration_limits/tests/test_course_expiration.py
index 32a352d66e6e..b794ef3076c4 100644
--- a/openedx/features/course_duration_limits/tests/test_course_expiration.py
+++ b/openedx/features/course_duration_limits/tests/test_course_expiration.py
@@ -249,7 +249,7 @@ def test_masquerade(self, masquerade_config, show_expiration_banner, mock_get_co
             mode='audit'
         )
         CourseInstructorRole(self.course.id).add_users(instructor)
-        self.client.login(username=instructor.username, password='test')
+        self.client.login(username=instructor.username, password=self.TEST_PASSWORD)
 
         self.update_masquerade(**masquerade_config)
 
@@ -285,7 +285,7 @@ def test_masquerade_in_holdback(self, mock_get_course_run_details):
             mode='audit'
         )
         CourseInstructorRole(self.course.id).add_users(instructor)
-        self.client.login(username=instructor.username, password='test')
+        self.client.login(username=instructor.username, password=self.TEST_PASSWORD)
 
         self.update_masquerade(username='audit')
 
@@ -320,7 +320,7 @@ def test_masquerade_expired(self, mock_get_course_run_details):
             mode='audit'
         )
         CourseInstructorRole(self.course.id).add_users(instructor)
-        self.client.login(username=instructor.username, password='test')
+        self.client.login(username=instructor.username, password=self.TEST_PASSWORD)
 
         self.update_masquerade(username='audit')
 
@@ -370,7 +370,7 @@ def test_no_banner_when_masquerading_as_staff(self, role_factory, mock_get_cours
             mode='audit'
         )
 
-        self.client.login(username=staff_user.username, password='test')
+        self.client.login(username=staff_user.username, password=self.TEST_PASSWORD)
 
         self.update_masquerade(username=expired_staff.username)
 
@@ -418,7 +418,7 @@ def test_no_banner_when_masquerading_as_forum_staff(self, role_name, mock_get_co
             mode='audit'
         )
 
-        self.client.login(username=staff_user.username, password='test')
+        self.client.login(username=staff_user.username, password=self.TEST_PASSWORD)
 
         self.update_masquerade(username=expired_staff.username)
 
diff --git a/openedx/features/course_experience/tests/views/test_course_sock.py b/openedx/features/course_experience/tests/views/test_course_sock.py
index cdc80168ab1c..5985850f34cc 100644
--- a/openedx/features/course_experience/tests/views/test_course_sock.py
+++ b/openedx/features/course_experience/tests/views/test_course_sock.py
@@ -20,7 +20,7 @@
 
 from .helpers import add_course_mode
 
-TEST_PASSWORD = 'test'
+TEST_PASSWORD = 'password'
 TEST_VERIFICATION_SOCK_LOCATOR = '<div class="verification-sock"'
 
 
diff --git a/openedx/features/course_experience/tests/views/test_masquerade.py b/openedx/features/course_experience/tests/views/test_masquerade.py
index 0e9660c0158d..1fb8f0ecd640 100644
--- a/openedx/features/course_experience/tests/views/test_masquerade.py
+++ b/openedx/features/course_experience/tests/views/test_masquerade.py
@@ -17,7 +17,7 @@
 from .helpers import add_course_mode
 from .test_course_sock import TEST_VERIFICATION_SOCK_LOCATOR
 
-TEST_PASSWORD = 'test'
+TEST_PASSWORD = 'password'
 
 
 class MasqueradeTestBase(SharedModuleStoreTestCase, MasqueradeMixin):
diff --git a/openedx/tests/xblock_integration/test_crowdsource_hinter.py b/openedx/tests/xblock_integration/test_crowdsource_hinter.py
index a2fffdc6e90c..91fde1b22d6e 100644
--- a/openedx/tests/xblock_integration/test_crowdsource_hinter.py
+++ b/openedx/tests/xblock_integration/test_crowdsource_hinter.py
@@ -21,8 +21,8 @@ class TestCrowdsourceHinter(SharedModuleStoreTestCase, LoginEnrollmentTestCase):
     Create the test environment with the crowdsourcehinter xblock.
     """
     STUDENTS = [
-        {'email': 'view@test.com', 'password': 'foo'},
-        {'email': 'view2@test.com', 'password': 'foo'}
+        {'email': 'view@test.com', 'password': 'password1234'},
+        {'email': 'view2@test.com', 'password': 'password1234'}
     ]
     XBLOCK_NAMES = ['crowdsourcehinter']
 
diff --git a/openedx/tests/xblock_integration/test_recommender.py b/openedx/tests/xblock_integration/test_recommender.py
index a494fc9c13c2..4ae29bbf4e56 100644
--- a/openedx/tests/xblock_integration/test_recommender.py
+++ b/openedx/tests/xblock_integration/test_recommender.py
@@ -27,8 +27,8 @@ class TestRecommender(SharedModuleStoreTestCase, LoginEnrollmentTestCase):
     Check that Recommender state is saved properly
     """
     STUDENTS = [
-        {'email': 'view@test.com', 'password': 'foo'},
-        {'email': 'view2@test.com', 'password': 'foo'}
+        {'email': 'view@test.com', 'password': 'password1234'},
+        {'email': 'view2@test.com', 'password': 'password1234'}
     ]
     XBLOCK_NAMES = ['recommender', 'recommender_second']
 
@@ -141,7 +141,7 @@ def enroll_staff(self, staff):
         Staff login and enroll for the course
         """
         email = staff.email
-        password = 'test'
+        password = self.TEST_PASSWORD
         self.login(email, password)
         self.enroll(self.course, verify=True)
 
diff --git a/openedx/tests/xblock_integration/xblock_testcase.py b/openedx/tests/xblock_integration/xblock_testcase.py
index e75ca9a63d41..9c3cd480c2b5 100644
--- a/openedx/tests/xblock_integration/xblock_testcase.py
+++ b/openedx/tests/xblock_integration/xblock_testcase.py
@@ -282,9 +282,9 @@ class XBlockStudentTestCaseMixin:
     Creates a default set of students for XBlock tests
     '''
     student_list = [
-        {'email': 'alice@test.edx.org', 'password': 'foo'},
-        {'email': 'bob@test.edx.org', 'password': 'foo'},
-        {'email': 'eve@test.edx.org', 'password': 'foo'},
+        {'email': 'alice@test.edx.org', 'password': 'password1234'},
+        {'email': 'bob@test.edx.org', 'password': 'password1234'},
+        {'email': 'eve@test.edx.org', 'password': 'password1234'},
     ]
 
     def setUp(self):
diff --git a/xmodule/modulestore/tests/django_utils.py b/xmodule/modulestore/tests/django_utils.py
index fcc01763fdc7..4f565507cbd2 100644
--- a/xmodule/modulestore/tests/django_utils.py
+++ b/xmodule/modulestore/tests/django_utils.py
@@ -369,7 +369,7 @@ class ModuleStoreTestUsersMixin():
     """
     A mixin to help manage test users.
     """
-    TEST_PASSWORD = 'test'
+    TEST_PASSWORD = 'password'
 
     def create_user_for_course(self, course, user_type=CourseUserType.ENROLLED):
         """

From 875265b231729e82a460c6b816c34db95cd37ea4 Mon Sep 17 00:00:00 2001
From: Feanil Patel <feanil@axim.org>
Date: Wed, 11 Oct 2023 13:44:09 -0400
Subject: [PATCH 05/11] test: Update to an even longer password.

Conflicts:
	common/djangoapps/student/tests/test_email.py
	lms/djangoapps/learner_recommendations/tests/test_views.py
	openedx/core/djangoapps/notifications/tests/test_views.py
---
 .../contentstore/tests/test_i18n.py           |  2 +-
 common/djangoapps/student/tests/factories.py  |  4 +--
 .../student/tests/test_admin_views.py         |  4 +--
 common/djangoapps/student/tests/test_email.py |  6 ++--
 .../student/tests/test_retirement.py          |  2 +-
 .../student/tests/test_userstanding.py        |  2 +-
 .../third_party_auth/tests/specs/base.py      |  2 +-
 .../third_party_auth/tests/test_admin.py      |  2 +-
 lms/djangoapps/ccx/api/v0/tests/test_views.py |  2 +-
 lms/djangoapps/ccx/tests/test_views.py        |  2 +-
 .../commerce/api/v1/tests/test_views.py       |  2 +-
 lms/djangoapps/commerce/tests/test_views.py   |  2 +-
 .../transformers/tests/helpers.py             |  4 +--
 lms/djangoapps/course_wiki/tests/tests.py     |  2 +-
 lms/djangoapps/courseware/tests/helpers.py    |  2 +-
 lms/djangoapps/courseware/tests/test_about.py |  2 +-
 .../courseware/tests/test_course_survey.py    |  2 +-
 .../tests/test_submitting_problems.py         |  2 +-
 .../tests/test_view_authentication.py         |  2 +-
 lms/djangoapps/courseware/testutils.py        |  2 +-
 .../django_comment_client/base/tests.py       |  4 +--
 .../discussion/rest_api/tests/test_views.py   | 34 +++++++++----------
 .../grades/rest_api/v1/tests/mixins.py        |  2 +-
 .../grades/rest_api/v1/tests/test_views.py    |  2 +-
 .../tests/test_views.py                       |  2 +-
 lms/djangoapps/mobile_api/testutils.py        |  2 +-
 lms/djangoapps/survey/tests/test_models.py    |  2 +-
 lms/djangoapps/survey/tests/test_utils.py     |  2 +-
 lms/djangoapps/survey/tests/test_views.py     |  2 +-
 .../verify_student/tests/test_views.py        | 16 ++++-----
 .../tests/test_dot_overrides.py               |  6 ++--
 .../oauth_dispatch/tests/test_views.py        |  2 +-
 .../safe_sessions/tests/test_middleware.py    |  4 +--
 .../tests/test_theme_style_overrides.py       |  2 +-
 .../djangoapps/theming/tests/test_views.py    |  2 +-
 .../user_api/accounts/tests/test_api.py       |  2 +-
 .../djangoapps/user_api/tests/test_views.py   |  2 +-
 .../verification_api/tests/test_views.py      |  2 +-
 .../core/djangoapps/user_authn/tests/utils.py |  2 +-
 .../user_authn/views/tests/test_password.py   |  4 +--
 .../tests/views/test_course_sock.py           |  2 +-
 .../tests/views/test_masquerade.py            |  2 +-
 .../test_crowdsource_hinter.py                |  4 +--
 .../xblock_integration/test_recommender.py    |  4 +--
 .../xblock_integration/xblock_testcase.py     |  6 ++--
 xmodule/modulestore/tests/django_utils.py     |  2 +-
 46 files changed, 83 insertions(+), 83 deletions(-)

diff --git a/cms/djangoapps/contentstore/tests/test_i18n.py b/cms/djangoapps/contentstore/tests/test_i18n.py
index 516261f39739..b77740d33f1a 100644
--- a/cms/djangoapps/contentstore/tests/test_i18n.py
+++ b/cms/djangoapps/contentstore/tests/test_i18n.py
@@ -193,7 +193,7 @@ def setUp(self):
 
         self.uname = 'testuser'
         self.email = 'test+courses@edx.org'
-        self.password = 'password'
+        self.password = 'Password1234'
 
         # Create the use so we can log them in.
         self.user = UserFactory.create(username=self.uname, email=self.email, password=self.password)
diff --git a/common/djangoapps/student/tests/factories.py b/common/djangoapps/student/tests/factories.py
index 506d1818e4c4..27e245288dd6 100644
--- a/common/djangoapps/student/tests/factories.py
+++ b/common/djangoapps/student/tests/factories.py
@@ -35,7 +35,7 @@
 from openedx.core.djangoapps.content.course_overviews.models import CourseOverview
 from openedx.core.djangoapps.content.course_overviews.tests.factories import CourseOverviewFactory
 
-TEST_PASSWORD = 'password'
+TEST_PASSWORD = 'Password1234'
 
 
 class GroupFactory(DjangoModelFactory):  # lint-amnesty, pylint: disable=missing-class-docstring
@@ -81,7 +81,7 @@ class Meta:
         model = User
         django_get_or_create = ('email', 'username')
 
-    _DEFAULT_PASSWORD = 'password'
+    _DEFAULT_PASSWORD = 'Password1234'
 
     username = factory.Sequence('robot{}'.format)
     email = factory.Sequence('robot+test+{}@edx.org'.format)
diff --git a/common/djangoapps/student/tests/test_admin_views.py b/common/djangoapps/student/tests/test_admin_views.py
index 7ae693606daf..2914bcd61c43 100644
--- a/common/djangoapps/student/tests/test_admin_views.py
+++ b/common/djangoapps/student/tests/test_admin_views.py
@@ -324,9 +324,9 @@ class LoginFailuresAdminTest(TestCase):
     def setUpClass(cls):
         """Setup class"""
         super().setUpClass()
-        cls.user = UserFactory.create(username='§', is_staff=True, is_superuser=True)
+        cls.TEST_PASSWORD = 'Password1234'
+        cls.user = UserFactory.create(username='§', password=cls.TEST_PASSWORD, is_staff=True, is_superuser=True)
         cls.user.save()
-        cls.TEST_PASSWORD = 'password'
 
     def setUp(self):
         """Setup."""
diff --git a/common/djangoapps/student/tests/test_email.py b/common/djangoapps/student/tests/test_email.py
index 7f1287fba048..bcede1821376 100644
--- a/common/djangoapps/student/tests/test_email.py
+++ b/common/djangoapps/student/tests/test_email.py
@@ -136,7 +136,7 @@ def _create_account(self):
         params = {
             'username': 'test_user',
             'email': 'test_user@example.com',
-            'password': 'edx',
+            'password': 'Password1234',
             'name': 'Test User',
             'honor_code': True,
             'terms_of_service': True
@@ -319,7 +319,7 @@ def setUp(self, tracker='common.djangoapps.student.views.management.tracker'):
         self.new_email = 'new.email@edx.org'
         self.req_factory = RequestFactory()
         self.request = self.req_factory.post('unused_url', data={
-            'password': 'test',
+            'password': 'Password1234',
             'new_email': self.new_email
         })
         self.request.user = self.user
@@ -628,7 +628,7 @@ def setUp(self, tracker='common.djangoapps.student.views.management.tracker'):
         self.new_secondary_email = 'new.secondary.email@edx.org'
         self.req_factory = RequestFactory()
         self.request = self.req_factory.post('unused_url', data={
-            'password': 'test',
+            'password': 'Password1234',
             'new_email': self.new_secondary_email
         })
         self.request.user = self.user
diff --git a/common/djangoapps/student/tests/test_retirement.py b/common/djangoapps/student/tests/test_retirement.py
index 96c0034a0e7c..ffeb1af14fa2 100644
--- a/common/djangoapps/student/tests/test_retirement.py
+++ b/common/djangoapps/student/tests/test_retirement.py
@@ -260,7 +260,7 @@ def setUp(self):
             'username': 'username',
             'email': 'foo_bar' + '@bar.com',
             'name': 'foo bar',
-            'password': '12345678',
+            'password': 'Password1234',
             'terms_of_service': 'true',
             'honor_code': 'true',
         }
diff --git a/common/djangoapps/student/tests/test_userstanding.py b/common/djangoapps/student/tests/test_userstanding.py
index e7b9bab233a1..67fcebda28f6 100644
--- a/common/djangoapps/student/tests/test_userstanding.py
+++ b/common/djangoapps/student/tests/test_userstanding.py
@@ -43,7 +43,7 @@ def setUp(self):
             (self.non_staff, self.non_staff_client),
             (self.admin, self.admin_client),
         ]:
-            client.login(username=user.username, password='password')
+            client.login(username=user.username, password='Password1234')
 
         UserStandingFactory.create(
             user=self.bad_user,
diff --git a/common/djangoapps/third_party_auth/tests/specs/base.py b/common/djangoapps/third_party_auth/tests/specs/base.py
index b7efc310a1fc..0acae6605422 100644
--- a/common/djangoapps/third_party_auth/tests/specs/base.py
+++ b/common/djangoapps/third_party_auth/tests/specs/base.py
@@ -481,7 +481,7 @@ def _test_login(self):
         # The AJAX on the page will log them in:
         ajax_login_response = self.client.post(
             reverse('user_api_login_session', kwargs={'api_version': 'v1'}),
-            {'email': self.user.email, 'password': 'password'}
+            {'email': self.user.email, 'password': 'Password1234'}
         )
         assert ajax_login_response.status_code == 200
         # Then the AJAX will finish the third party auth:
diff --git a/common/djangoapps/third_party_auth/tests/test_admin.py b/common/djangoapps/third_party_auth/tests/test_admin.py
index a1b2e2235d9f..0acfb3492a6f 100644
--- a/common/djangoapps/third_party_auth/tests/test_admin.py
+++ b/common/djangoapps/third_party_auth/tests/test_admin.py
@@ -14,7 +14,7 @@
 from common.djangoapps.third_party_auth.tests.utils import skip_unless_thirdpartyauth
 
 
-TEST_PASSWORD = 'password'
+TEST_PASSWORD = 'Password1234'
 
 
 # This is necessary because cms does not implement third party auth
diff --git a/lms/djangoapps/ccx/api/v0/tests/test_views.py b/lms/djangoapps/ccx/api/v0/tests/test_views.py
index 5bd491c2df23..94af11f732de 100644
--- a/lms/djangoapps/ccx/api/v0/tests/test_views.py
+++ b/lms/djangoapps/ccx/api/v0/tests/test_views.py
@@ -33,7 +33,7 @@
 from lms.djangoapps.instructor.enrollment import enroll_email, get_email_params
 from openedx.core.lib.courses import get_course_by_id
 
-USER_PASSWORD = 'password'
+USER_PASSWORD = 'Password1234'
 
 
 class CcxRestApiTest(CcxTestCase, APITestCase):
diff --git a/lms/djangoapps/ccx/tests/test_views.py b/lms/djangoapps/ccx/tests/test_views.py
index 6dd569c0fb59..e993d5dc0b7b 100644
--- a/lms/djangoapps/ccx/tests/test_views.py
+++ b/lms/djangoapps/ccx/tests/test_views.py
@@ -129,7 +129,7 @@ def setUp(self):
         ccx = self.make_ccx()
         ccx_key = CCXLocator.from_course_locator(self.course.id, ccx.id)
         self.url = reverse('ccx_coach_dashboard', kwargs={'course_id': ccx_key})
-        self.TEST_PASSWORD = 'password'
+        self.TEST_PASSWORD = 'Password1234'
 
     def test_staff_access_coach_dashboard(self):
         """
diff --git a/lms/djangoapps/commerce/api/v1/tests/test_views.py b/lms/djangoapps/commerce/api/v1/tests/test_views.py
index 68f3d92d52af..0d9557c31a54 100644
--- a/lms/djangoapps/commerce/api/v1/tests/test_views.py
+++ b/lms/djangoapps/commerce/api/v1/tests/test_views.py
@@ -23,7 +23,7 @@
 from ....tests.mocks import mock_order_endpoint
 from ....tests.test_views import UserMixin
 
-PASSWORD = 'password'
+PASSWORD = 'Password1234'
 JSON_CONTENT_TYPE = 'application/json'
 
 
diff --git a/lms/djangoapps/commerce/tests/test_views.py b/lms/djangoapps/commerce/tests/test_views.py
index 8932c826c7fc..410d2520cc35 100644
--- a/lms/djangoapps/commerce/tests/test_views.py
+++ b/lms/djangoapps/commerce/tests/test_views.py
@@ -3,7 +3,7 @@
 from common.djangoapps.student.tests.factories import UserFactory
 
 
-TEST_PASSWORD = "password"
+TEST_PASSWORD = "Password1234"
 
 
 class UserMixin:
diff --git a/lms/djangoapps/course_blocks/transformers/tests/helpers.py b/lms/djangoapps/course_blocks/transformers/tests/helpers.py
index 29c15e828976..4060052be84b 100644
--- a/lms/djangoapps/course_blocks/transformers/tests/helpers.py
+++ b/lms/djangoapps/course_blocks/transformers/tests/helpers.py
@@ -50,7 +50,7 @@ def setUp(self):
         """
         super().setUp()
         # Set up users.
-        self.password = 'password'
+        self.password = 'Password1234'
         self.user = UserFactory.create(password=self.password)
         self.staff = UserFactory.create(password=self.password, is_staff=True)
 
@@ -253,7 +253,7 @@ def setUp(self):
                     parent_block.children.append(self.xblock_keys[i])
                     update_block(parent_block)
 
-        self.password = 'password'
+        self.password = 'Password1234'
         self.student = UserFactory.create(is_staff=False, username='test_student', password=self.password)
         self.staff = UserFactory.create(is_staff=True, username='test_staff', password=self.password)
         CourseEnrollmentFactory.create(
diff --git a/lms/djangoapps/course_wiki/tests/tests.py b/lms/djangoapps/course_wiki/tests/tests.py
index 1afdea5d741e..f81b285afd35 100644
--- a/lms/djangoapps/course_wiki/tests/tests.py
+++ b/lms/djangoapps/course_wiki/tests/tests.py
@@ -24,7 +24,7 @@ def setUp(self):
         # Create two accounts
         self.student = 'view@test.com'
         self.instructor = 'view2@test.com'
-        self.password = 'password'
+        self.password = 'Password1234'
         for username, email in [('u1', self.student), ('u2', self.instructor)]:
             self.create_account(username, email, self.password)
             self.activate_user(email)
diff --git a/lms/djangoapps/courseware/tests/helpers.py b/lms/djangoapps/courseware/tests/helpers.py
index 4892cef1bef4..6f3509864a49 100644
--- a/lms/djangoapps/courseware/tests/helpers.py
+++ b/lms/djangoapps/courseware/tests/helpers.py
@@ -171,7 +171,7 @@ def setup_user(self):
         Create a user account, activate, and log in.
         """
         self.email = 'foo@test.com'  # lint-amnesty, pylint: disable=attribute-defined-outside-init
-        self.password = 'password'  # lint-amnesty, pylint: disable=attribute-defined-outside-init
+        self.password = 'Password1234'  # lint-amnesty, pylint: disable=attribute-defined-outside-init
         self.username = 'test'  # lint-amnesty, pylint: disable=attribute-defined-outside-init
         self.user = self.create_account(
             self.username,
diff --git a/lms/djangoapps/courseware/tests/test_about.py b/lms/djangoapps/courseware/tests/test_about.py
index f6c71119a7ad..d53d620d3e34 100644
--- a/lms/djangoapps/courseware/tests/test_about.py
+++ b/lms/djangoapps/courseware/tests/test_about.py
@@ -284,7 +284,7 @@ def test_enrollment_cap(self):
         # pylint: disable=attribute-defined-outside-init
         # create a new account since the first account is already enrolled in the course
         self.email = 'foo_second@test.com'
-        self.password = 'password'
+        self.password = 'Password1234'
         self.username = 'test_second'
         self.create_account(self.username, self.email, self.password)
         self.activate_user(self.email)
diff --git a/lms/djangoapps/courseware/tests/test_course_survey.py b/lms/djangoapps/courseware/tests/test_course_survey.py
index e5aa97cfaa2a..98b5842cd2b5 100644
--- a/lms/djangoapps/courseware/tests/test_course_survey.py
+++ b/lms/djangoapps/courseware/tests/test_course_survey.py
@@ -22,7 +22,7 @@ class SurveyViewsTests(LoginEnrollmentTestCase, SharedModuleStoreTestCase, XssTe
     """
     All tests for the views.py file
     """
-    STUDENT_INFO = [('view@test.com', 'password1234')]
+    STUDENT_INFO = [('view@test.com', 'Password1234')]
 
     @classmethod
     def setUpClass(cls):
diff --git a/lms/djangoapps/courseware/tests/test_submitting_problems.py b/lms/djangoapps/courseware/tests/test_submitting_problems.py
index 9536067f52be..dee37a09c1d9 100644
--- a/lms/djangoapps/courseware/tests/test_submitting_problems.py
+++ b/lms/djangoapps/courseware/tests/test_submitting_problems.py
@@ -154,7 +154,7 @@ def setUp(self):
         # create a test student
         self.course = CourseFactory.create(display_name=self.COURSE_NAME, number=self.COURSE_SLUG)
         self.student = 'view@test.com'
-        self.password = 'password'
+        self.password = 'Password1234'
         self.create_account('u1', self.student, self.password)
         self.activate_user(self.student)
         self.enroll(self.course)
diff --git a/lms/djangoapps/courseware/tests/test_view_authentication.py b/lms/djangoapps/courseware/tests/test_view_authentication.py
index aa53561ee56b..67ada18e850e 100644
--- a/lms/djangoapps/courseware/tests/test_view_authentication.py
+++ b/lms/djangoapps/courseware/tests/test_view_authentication.py
@@ -29,7 +29,7 @@ class TestViewAuth(EnterpriseTestConsentRequired, ModuleStoreTestCase, LoginEnro
     Check that view authentication works properly.
     """
 
-    ACCOUNT_INFO = [('view@test.com', 'password1234'), ('view2@test.com', 'password1234')]
+    ACCOUNT_INFO = [('view@test.com', 'Password1234'), ('view2@test.com', 'Password1234')]
     ENABLED_SIGNALS = ['course_published']
 
     @staticmethod
diff --git a/lms/djangoapps/courseware/testutils.py b/lms/djangoapps/courseware/testutils.py
index 1eb8f18a206e..6227a74a1ebe 100644
--- a/lms/djangoapps/courseware/testutils.py
+++ b/lms/djangoapps/courseware/testutils.py
@@ -82,7 +82,7 @@ def login(self):
         """
         Logs in the test user.
         """
-        self.client.login(username=self.user.username, password='password')
+        self.client.login(username=self.user.username, password='Password1234')
 
     def course_options(self):
         """
diff --git a/lms/djangoapps/discussion/django_comment_client/base/tests.py b/lms/djangoapps/discussion/django_comment_client/base/tests.py
index 94fa8d4ca1d5..03fbf7485a01 100644
--- a/lms/djangoapps/discussion/django_comment_client/base/tests.py
+++ b/lms/djangoapps/discussion/django_comment_client/base/tests.py
@@ -241,7 +241,7 @@ def set_up_course(self, block_count=0):
         with patch('common.djangoapps.student.models.user.cc.User.save'):
             uname = 'student'
             email = 'student@edx.org'
-            self.password = 'password'
+            self.password = 'Password1234'
 
             # Create the user and make them active so we can log them in.
             self.student = UserFactory.create(username=uname, email=email, password=self.password)
@@ -464,7 +464,7 @@ def setUp(self):
         with patch('common.djangoapps.student.models.user.cc.User.save'):
             uname = 'student'
             email = 'student@edx.org'
-            self.password = 'password'
+            self.password = 'Password1234'
 
             # Create the user and make them active so we can log them in.
             self.student = UserFactory.create(username=uname, email=email, password=self.password)
diff --git a/lms/djangoapps/discussion/rest_api/tests/test_views.py b/lms/djangoapps/discussion/rest_api/tests/test_views.py
index aaf22ccaff29..447609eebabd 100644
--- a/lms/djangoapps/discussion/rest_api/tests/test_views.py
+++ b/lms/djangoapps/discussion/rest_api/tests/test_views.py
@@ -87,7 +87,7 @@ def setUp(self):
             start=datetime.now(UTC),
             discussion_topics={"Test Topic": {"id": "test_topic"}}
         )
-        self.password = "password"
+        self.password = "Password1234"
         self.user = UserFactory.create(password=self.password)
         # Ensure that parental controls don't apply to this user
         self.user.profile.year_of_birth = 1970
@@ -168,7 +168,7 @@ def setUp(self):
                 content_type="image/jpeg",
             ),
         }
-        self.user = UserFactory.create(password="password")
+        self.user = UserFactory.create(password=self.TEST_PASSWORD)
         self.course = CourseFactory.create(org='a', course='b', run='c', start=datetime.now(UTC))
         self.url = reverse("upload_file", kwargs={"course_id": str(self.course.id)})
 
@@ -176,7 +176,7 @@ def user_login(self):
         """
         Authenticates the test client with the example user.
         """
-        self.client.login(username=self.user.username, password="password")
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
     def enroll_user_in_course(self):
         """
@@ -320,10 +320,10 @@ def setUp(self):
         self.addCleanup(httpretty.reset)
         self.addCleanup(httpretty.disable)
 
-        self.user = UserFactory.create(password="password")
+        self.user = UserFactory.create(password=self.TEST_PASSWORD)
         self.register_get_user_response(self.user)
 
-        self.other_user = UserFactory.create(password="password")
+        self.other_user = UserFactory.create(password=self.TEST_PASSWORD)
         self.register_get_user_response(self.other_user)
 
         self.course = CourseFactory.create(org="a", course="b", run="c", start=datetime.now(UTC))
@@ -405,7 +405,7 @@ def test_request_by_unauthorized_user(self):
         they're not either enrolled or staff members.
         """
         self.register_mock_endpoints()
-        self.client.login(username=self.other_user.username, password="password")
+        self.client.login(username=self.other_user.username, password=self.TEST_PASSWORD)
         response = self.client.get(self.url)
         assert response.status_code == status.HTTP_404_NOT_FOUND
         assert json.loads(response.content)["developer_message"] == "Course not found."
@@ -416,7 +416,7 @@ def test_request_by_enrolled_user(self):
         comments in that course.
         """
         self.register_mock_endpoints()
-        self.client.login(username=self.other_user.username, password="password")
+        self.client.login(username=self.other_user.username, password=self.TEST_PASSWORD)
         CourseEnrollmentFactory.create(user=self.other_user, course_id=self.course.id)
         self.assert_successful_response(self.client.get(self.url))
 
@@ -425,7 +425,7 @@ def test_request_by_global_staff(self):
         Staff users are allowed to get any user's comments.
         """
         self.register_mock_endpoints()
-        self.client.login(username=self.other_user.username, password="password")
+        self.client.login(username=self.other_user.username, password=self.TEST_PASSWORD)
         GlobalStaff().add_users(self.other_user)
         self.assert_successful_response(self.client.get(self.url))
 
@@ -436,7 +436,7 @@ def test_request_by_course_staff(self, role):
         course.
         """
         self.register_mock_endpoints()
-        self.client.login(username=self.other_user.username, password="password")
+        self.client.login(username=self.other_user.username, password=self.TEST_PASSWORD)
         role(course_key=self.course.id).add_users(self.other_user)
         self.assert_successful_response(self.client.get(self.url))
 
@@ -445,7 +445,7 @@ def test_request_with_non_existent_user(self):
         Requests for users that don't exist result in a 404 response.
         """
         self.register_mock_endpoints()
-        self.client.login(username=self.other_user.username, password="password")
+        self.client.login(username=self.other_user.username, password=self.TEST_PASSWORD)
         GlobalStaff().add_users(self.other_user)
         url = self.build_url("non_existent", self.course.id)
         response = self.client.get(url)
@@ -456,7 +456,7 @@ def test_request_with_non_existent_course(self):
         Requests for courses that don't exist result in a 404 response.
         """
         self.register_mock_endpoints()
-        self.client.login(username=self.other_user.username, password="password")
+        self.client.login(username=self.other_user.username, password=self.TEST_PASSWORD)
         GlobalStaff().add_users(self.other_user)
         url = self.build_url(self.user.username, "course-v1:x+y+z")
         response = self.client.get(url)
@@ -467,7 +467,7 @@ def test_request_with_invalid_course_id(self):
         Requests with invalid course ID should fail form validation.
         """
         self.register_mock_endpoints()
-        self.client.login(username=self.other_user.username, password="password")
+        self.client.login(username=self.other_user.username, password=self.TEST_PASSWORD)
         GlobalStaff().add_users(self.other_user)
         url = self.build_url(self.user.username, "an invalid course")
         response = self.client.get(url)
@@ -484,7 +484,7 @@ def test_request_with_empty_results_page(self):
         self.register_get_threads_response(threads=[], page=1, num_pages=1)
         self.register_get_comments_response(comments=[], page=1, num_pages=1)
 
-        self.client.login(username=self.other_user.username, password="password")
+        self.client.login(username=self.other_user.username, password=self.TEST_PASSWORD)
         GlobalStaff().add_users(self.other_user)
         url = self.build_url(self.user.username, self.course.id, page=2)
         response = self.client.get(url)
@@ -928,7 +928,7 @@ class CourseTopicsViewV3Test(DiscussionAPIViewTestMixin, CommentsServiceMockMixi
     """
     def setUp(self) -> None:
         super().setUp()
-        self.password = "password"
+        self.password = self.TEST_PASSWORD
         self.user = UserFactory.create(password=self.password)
         self.client.login(username=self.user.username, password=self.password)
         self.staff = AdminFactory.create()
@@ -2785,7 +2785,7 @@ def setUp(self):
             discussion_topics={"Test Topic": {"id": "test_topic"}}
         )
         self.path = reverse('discussion_course_settings', kwargs={'course_id': str(self.course.id)})
-        self.password = 'password'
+        self.password = self.TEST_PASSWORD
         self.user = UserFactory(username='staff', password=self.password, is_staff=True)
 
     def _get_oauth_headers(self, user):
@@ -3083,7 +3083,7 @@ def setUp(self):
             run="z",
             start=datetime.now(UTC),
         )
-        self.password = 'password'
+        self.password = self.TEST_PASSWORD
         self.user = UserFactory(username='staff', password=self.password, is_staff=True)
         course_key = CourseKey.from_string('course-v1:x+y+z')
         seed_permissions_roles(course_key)
@@ -3291,7 +3291,7 @@ def setUp(self) -> None:
             user = UserFactory.create(
                 username=stat['username'],
                 email=f"{stat['username']}@example.com",
-                password='12345'
+                password=self.TEST_PASSWORD
             )
             CourseEnrollment.enroll(user, self.course.id, mode='audit')
 
diff --git a/lms/djangoapps/grades/rest_api/v1/tests/mixins.py b/lms/djangoapps/grades/rest_api/v1/tests/mixins.py
index 9131ebd290bd..1d3a6a0b4551 100644
--- a/lms/djangoapps/grades/rest_api/v1/tests/mixins.py
+++ b/lms/djangoapps/grades/rest_api/v1/tests/mixins.py
@@ -97,7 +97,7 @@ def _create_user_program_enrollments(self, *users, **kwargs):  # lint-amnesty, p
 
     def setUp(self):
         super().setUp()
-        self.password = 'password'
+        self.password = self.TEST_PASSWORD
         self.global_staff = GlobalStaffFactory.create()
         self.student = UserFactory(password=self.password, username='student', email='student@example.com')
         self.other_student = UserFactory(
diff --git a/lms/djangoapps/grades/rest_api/v1/tests/test_views.py b/lms/djangoapps/grades/rest_api/v1/tests/test_views.py
index 0dd6ea257314..e5d82998b687 100644
--- a/lms/djangoapps/grades/rest_api/v1/tests/test_views.py
+++ b/lms/djangoapps/grades/rest_api/v1/tests/test_views.py
@@ -548,7 +548,7 @@ class CourseSubmissionHistoryWithDataTest(TestSubmittingProblems):
     def setUp(self):
         super().setUp()
         self.namespaced_url = 'grades_api:v1:submission_history'
-        self.password = 'password'
+        self.password = 'Password1234'
         self.basic_setup()
         self.global_staff = GlobalStaffFactory.create()
 
diff --git a/lms/djangoapps/learner_recommendations/tests/test_views.py b/lms/djangoapps/learner_recommendations/tests/test_views.py
index 5be5b09e7471..a41666f6baec 100644
--- a/lms/djangoapps/learner_recommendations/tests/test_views.py
+++ b/lms/djangoapps/learner_recommendations/tests/test_views.py
@@ -23,7 +23,7 @@ class TestRecommendationsBase(APITestCase):
 
     def setUp(self):
         super().setUp()
-        self.TEST_PASSWORD = 'password'
+        self.TEST_PASSWORD = 'Password1234'
         self.user = UserFactory(password=self.TEST_PASSWORD)
         self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         self.recommended_courses = [
diff --git a/lms/djangoapps/mobile_api/testutils.py b/lms/djangoapps/mobile_api/testutils.py
index 9c60cdabcc16..abd4e0a4e003 100644
--- a/lms/djangoapps/mobile_api/testutils.py
+++ b/lms/djangoapps/mobile_api/testutils.py
@@ -50,7 +50,7 @@ def setUp(self):
             certificate_available_date=datetime.datetime.now(pytz.UTC)
         )
         self.user = UserFactory.create()
-        self.password = 'password'
+        self.password = 'Password1234'
         self.username = self.user.username
         self.api_version = API_V1
         IgnoreMobileAvailableFlagConfig(enabled=False).save()
diff --git a/lms/djangoapps/survey/tests/test_models.py b/lms/djangoapps/survey/tests/test_models.py
index 0ca820652a17..e8c6619da647 100644
--- a/lms/djangoapps/survey/tests/test_models.py
+++ b/lms/djangoapps/survey/tests/test_models.py
@@ -30,7 +30,7 @@ def setUp(self):
         self.client = Client()
 
         # Create two accounts
-        self.password = 'password'
+        self.password = 'Password1234'
         self.student = UserFactory.create(
             username='student', email='student@test.com', password=self.password,
         )
diff --git a/lms/djangoapps/survey/tests/test_utils.py b/lms/djangoapps/survey/tests/test_utils.py
index 5dea69117e82..77b0b0f4f961 100644
--- a/lms/djangoapps/survey/tests/test_utils.py
+++ b/lms/djangoapps/survey/tests/test_utils.py
@@ -28,7 +28,7 @@ def setUp(self):
         self.client = Client()
 
         # Create two accounts
-        self.password = 'password'
+        self.password = 'Password1234'
         self.student = UserFactory.create(
             username='student', email='student@test.com', password=self.password,
         )
diff --git a/lms/djangoapps/survey/tests/test_views.py b/lms/djangoapps/survey/tests/test_views.py
index 83b74b3c5e10..9f537de46526 100644
--- a/lms/djangoapps/survey/tests/test_views.py
+++ b/lms/djangoapps/survey/tests/test_views.py
@@ -29,7 +29,7 @@ def setUp(self):
         self.client = Client()
 
         # Create two accounts
-        self.password = 'password'
+        self.password = 'Password1234'
         self.student = UserFactory.create(username='student', email='student@test.com', password=self.password)
 
         self.test_survey_name = 'TestSurvey'
diff --git a/lms/djangoapps/verify_student/tests/test_views.py b/lms/djangoapps/verify_student/tests/test_views.py
index 9e81b9e837ec..c537ff6fc251 100644
--- a/lms/djangoapps/verify_student/tests/test_views.py
+++ b/lms/djangoapps/verify_student/tests/test_views.py
@@ -122,8 +122,8 @@ def test_start_new_verification(self):
         Test the case where the user has no pending `PhotoVerificationAttempts`,
         but is just starting their first.
         """
-        UserFactory.create(username="rusty", password="password")
-        self.client.login(username="rusty", password="password")
+        UserFactory.create(username="rusty", password='Password1234')
+        self.client.login(username="rusty", password='Password1234')
 
     def must_be_logged_in(self):
         self.assertHttpForbidden(self.client.get(self.start_url()))  # lint-amnesty, pylint: disable=no-member
@@ -1055,11 +1055,11 @@ def setUp(self):
         """ Create a user and course. """
         super().setUp()
 
-        self.user = UserFactory.create(username="test", password="password")
+        self.user = UserFactory.create(username="test", password='Password1234')
         self.course = CourseFactory.create()
         for mode, min_price in (('audit', 0), ('honor', 0), ('verified', 100)):
             CourseModeFactory.create(mode_slug=mode, course_id=self.course.id, min_price=min_price, sku=self.make_sku())
-        self.client.login(username="test", password="password")
+        self.client.login(username="test", password='Password1234')
 
     def _assert_checked_out(
         self,
@@ -1868,7 +1868,7 @@ def setUp(self):
         super().setUp()
 
         self.user = AdminFactory()
-        login_success = self.client.login(username=self.user.username, password='password')
+        login_success = self.client.login(username=self.user.username, password='Password1234')
         assert login_success
         self.attempt = SoftwareSecurePhotoVerification(
             status="submitted",
@@ -1895,7 +1895,7 @@ def test_photo_url_view_returns_404_if_invalid_receipt_id(self):
 
     def test_403_for_non_staff(self):
         self.user = UserFactory()
-        login_success = self.client.login(username=self.user.username, password='password')
+        login_success = self.client.login(username=self.user.username, password='Password1234')
         assert login_success
         url = reverse('verification_photo_urls', kwargs={'receipt_id': str(self.receipt_id)})
         response = self.client.get(url)
@@ -1934,7 +1934,7 @@ class TestDecodeImageViews(MockS3Boto3Mixin, TestVerificationBase):
     def setUp(self):
         super().setUp()
         self.user = AdminFactory()
-        login_success = self.client.login(username=self.user.username, password='password')
+        login_success = self.client.login(username=self.user.username, password='Password1234')
         assert login_success
 
     def _mock_submit_images(self):
@@ -1995,7 +1995,7 @@ def test_download_image_response(self, img_type, _mock_get_storage):
     @ddt.data("face", "photo_id")
     def test_403_for_non_staff(self, img_type):
         self.user = UserFactory()
-        login_success = self.client.login(username=self.user.username, password='password')
+        login_success = self.client.login(username=self.user.username, password='Password1234')
         assert login_success
 
         self._mock_submit_images()
diff --git a/openedx/core/djangoapps/oauth_dispatch/tests/test_dot_overrides.py b/openedx/core/djangoapps/oauth_dispatch/tests/test_dot_overrides.py
index 549917474789..dc38b18c6eef 100644
--- a/openedx/core/djangoapps/oauth_dispatch/tests/test_dot_overrides.py
+++ b/openedx/core/djangoapps/oauth_dispatch/tests/test_dot_overrides.py
@@ -31,7 +31,7 @@ class AuthenticateTestCase(TestCase):
 
     def setUp(self):
         super().setUp()
-        self.TEST_PASSWORD = 'password'
+        self.TEST_PASSWORD = 'Password1234'
         self.user = UserFactory.create(
             username='darkhelmet',
             password=self.TEST_PASSWORD,
@@ -57,7 +57,7 @@ class CustomValidationTestCase(TestCase):
     """
     def setUp(self):
         super().setUp()
-        self.TEST_PASSWORD = "password"
+        self.TEST_PASSWORD = 'Password1234'
         self.user = UserFactory.create(
             username='darkhelmet',
             password=self.TEST_PASSWORD,
@@ -89,7 +89,7 @@ class CustomAuthorizationViewTestCase(TestCase):
     """
     def setUp(self):
         super().setUp()
-        self.TEST_PASSWORD = 'password'
+        self.TEST_PASSWORD = 'Password1234'
         self.dot_adapter = adapters.DOTAdapter()
         self.user = UserFactory(password=self.TEST_PASSWORD)
         self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
diff --git a/openedx/core/djangoapps/oauth_dispatch/tests/test_views.py b/openedx/core/djangoapps/oauth_dispatch/tests/test_views.py
index 276e4b7825d1..3ed4c2aca52b 100644
--- a/openedx/core/djangoapps/oauth_dispatch/tests/test_views.py
+++ b/openedx/core/djangoapps/oauth_dispatch/tests/test_views.py
@@ -86,7 +86,7 @@ class _DispatchingViewTestCase(TestCase):
     """
     def setUp(self):
         super().setUp()
-        self.TEST_PASSWORD = "password"
+        self.TEST_PASSWORD = 'Password1234'
         self.dot_adapter = adapters.DOTAdapter()
         self.user = UserFactory(password=self.TEST_PASSWORD)
         self.dot_app = self.dot_adapter.create_public_client(
diff --git a/openedx/core/djangoapps/safe_sessions/tests/test_middleware.py b/openedx/core/djangoapps/safe_sessions/tests/test_middleware.py
index c81a4aff776b..166bdc6edaf3 100644
--- a/openedx/core/djangoapps/safe_sessions/tests/test_middleware.py
+++ b/openedx/core/djangoapps/safe_sessions/tests/test_middleware.py
@@ -36,7 +36,7 @@ def setUp(self):
         self.user = UserFactory.create()
         self.addCleanup(set_current_request, None)
         self.request = get_mock_request()
-        self.TEST_PASSWORD = 'password'
+        self.TEST_PASSWORD = 'Password1234'
 
     def assert_response(self, safe_cookie_data=None, success=True):
         """
@@ -259,7 +259,7 @@ class TestSafeSessionMiddleware(TestSafeSessionsLogMixin, CacheIsolationTestCase
 
     def setUp(self):
         super().setUp()
-        self.TEST_PASSWORD = 'password'
+        self.TEST_PASSWORD = 'Password1234'
         self.user = UserFactory.create(password=self.TEST_PASSWORD)
         self.addCleanup(set_current_request, None)
         self.request = get_mock_request()
diff --git a/openedx/core/djangoapps/theming/tests/test_theme_style_overrides.py b/openedx/core/djangoapps/theming/tests/test_theme_style_overrides.py
index bc38553c98a6..d7578f25eb87 100644
--- a/openedx/core/djangoapps/theming/tests/test_theme_style_overrides.py
+++ b/openedx/core/djangoapps/theming/tests/test_theme_style_overrides.py
@@ -24,7 +24,7 @@ def setUp(self):
         Clear static file finders cache and register cleanup methods.
         """
         super().setUp()
-        self.TEST_PASSWORD = 'password'
+        self.TEST_PASSWORD = 'Password1234'
         self.user = UserFactory(password=self.TEST_PASSWORD)
 
         # Clear the internal staticfiles caches, to get test isolation.
diff --git a/openedx/core/djangoapps/theming/tests/test_views.py b/openedx/core/djangoapps/theming/tests/test_views.py
index 8ea0d1d5bb17..5b5503702cd8 100644
--- a/openedx/core/djangoapps/theming/tests/test_views.py
+++ b/openedx/core/djangoapps/theming/tests/test_views.py
@@ -13,7 +13,7 @@
 
 THEMING_ADMIN_URL = '/theming/admin'
 TEST_THEME_NAME = 'test-theme'
-TEST_PASSWORD = 'password'
+TEST_PASSWORD = 'Password1234'
 
 
 class TestThemingViews(TestCase):
diff --git a/openedx/core/djangoapps/user_api/accounts/tests/test_api.py b/openedx/core/djangoapps/user_api/accounts/tests/test_api.py
index f7af42dd6b03..b856f3fc845b 100644
--- a/openedx/core/djangoapps/user_api/accounts/tests/test_api.py
+++ b/openedx/core/djangoapps/user_api/accounts/tests/test_api.py
@@ -88,7 +88,7 @@ class TestAccountApi(UserSettingsEventTestMixin, EmailTemplateTagMixin, CreateAc
     This includes the specific types of error raised, and default behavior when optional arguments
     are not specified.
     """
-    password = "password"
+    password = 'Password1234'
 
     def setUp(self):
         super().setUp()
diff --git a/openedx/core/djangoapps/user_api/tests/test_views.py b/openedx/core/djangoapps/user_api/tests/test_views.py
index f8d272df77df..28b4c57505fc 100644
--- a/openedx/core/djangoapps/user_api/tests/test_views.py
+++ b/openedx/core/djangoapps/user_api/tests/test_views.py
@@ -33,7 +33,7 @@ class UserAPITestCase(ApiTestCase):
     Parent test case for User API workflow coverage
     """
     LIST_URI = USER_LIST_URI
-    TEST_PASSWORD = "password"
+    TEST_PASSWORD = 'Password1234'
 
     def get_uri_for_user(self, target_user):
         """Given a user object, get the URI for the corresponding resource"""
diff --git a/openedx/core/djangoapps/user_api/verification_api/tests/test_views.py b/openedx/core/djangoapps/user_api/verification_api/tests/test_views.py
index 46b3d65678f8..c585936e21ad 100644
--- a/openedx/core/djangoapps/user_api/verification_api/tests/test_views.py
+++ b/openedx/core/djangoapps/user_api/verification_api/tests/test_views.py
@@ -23,7 +23,7 @@ class VerificationViewTestsMixinBase:
     """ Base class for the tests on verification views """
     VIEW_NAME = None
     CREATED_AT = datetime.datetime.strptime(FROZEN_TIME, '%Y-%m-%d')
-    PASSWORD = 'password'
+    PASSWORD = 'Password1234'
 
     def setUp(self):
         freezer = freezegun.freeze_time(FROZEN_TIME)
diff --git a/openedx/core/djangoapps/user_authn/tests/utils.py b/openedx/core/djangoapps/user_authn/tests/utils.py
index 1ec522e430db..09ca85145f35 100644
--- a/openedx/core/djangoapps/user_authn/tests/utils.py
+++ b/openedx/core/djangoapps/user_authn/tests/utils.py
@@ -58,7 +58,7 @@ class AuthAndScopesTestMixin:
             self.student.
     """
     default_scopes = None
-    user_password = 'password'
+    user_password = 'Password1234'
 
     def setUp(self):
         super().setUp()
diff --git a/openedx/core/djangoapps/user_authn/views/tests/test_password.py b/openedx/core/djangoapps/user_authn/views/tests/test_password.py
index 408a04d0c115..a403298a6e78 100644
--- a/openedx/core/djangoapps/user_authn/views/tests/test_password.py
+++ b/openedx/core/djangoapps/user_authn/views/tests/test_password.py
@@ -192,11 +192,11 @@ def test_password_change_from_support_tools(self, is_superuser, is_staff, reset_
         UserFactory.create(
             username='edx',
             email='edx@example.com',
-            password='password',
+            password='Password1234',
             is_superuser=is_superuser,
             is_staff=is_staff,
         )
-        self.client.login(username='edx', password='password')
+        self.client.login(username='edx', password='Password1234')
 
         response = self._change_password_from_support(email_from_support_tools=self.OLD_EMAIL)
         assert response.status_code == 200
diff --git a/openedx/features/course_experience/tests/views/test_course_sock.py b/openedx/features/course_experience/tests/views/test_course_sock.py
index 5985850f34cc..5c612e3ca85f 100644
--- a/openedx/features/course_experience/tests/views/test_course_sock.py
+++ b/openedx/features/course_experience/tests/views/test_course_sock.py
@@ -20,7 +20,7 @@
 
 from .helpers import add_course_mode
 
-TEST_PASSWORD = 'password'
+TEST_PASSWORD = 'Password1234'
 TEST_VERIFICATION_SOCK_LOCATOR = '<div class="verification-sock"'
 
 
diff --git a/openedx/features/course_experience/tests/views/test_masquerade.py b/openedx/features/course_experience/tests/views/test_masquerade.py
index 1fb8f0ecd640..0f555e27f7e2 100644
--- a/openedx/features/course_experience/tests/views/test_masquerade.py
+++ b/openedx/features/course_experience/tests/views/test_masquerade.py
@@ -17,7 +17,7 @@
 from .helpers import add_course_mode
 from .test_course_sock import TEST_VERIFICATION_SOCK_LOCATOR
 
-TEST_PASSWORD = 'password'
+TEST_PASSWORD = 'Password1234'
 
 
 class MasqueradeTestBase(SharedModuleStoreTestCase, MasqueradeMixin):
diff --git a/openedx/tests/xblock_integration/test_crowdsource_hinter.py b/openedx/tests/xblock_integration/test_crowdsource_hinter.py
index 91fde1b22d6e..cf2cc368e6ba 100644
--- a/openedx/tests/xblock_integration/test_crowdsource_hinter.py
+++ b/openedx/tests/xblock_integration/test_crowdsource_hinter.py
@@ -21,8 +21,8 @@ class TestCrowdsourceHinter(SharedModuleStoreTestCase, LoginEnrollmentTestCase):
     Create the test environment with the crowdsourcehinter xblock.
     """
     STUDENTS = [
-        {'email': 'view@test.com', 'password': 'password1234'},
-        {'email': 'view2@test.com', 'password': 'password1234'}
+        {'email': 'view@test.com', 'password': 'Password1234'},
+        {'email': 'view2@test.com', 'password': 'Password1234'}
     ]
     XBLOCK_NAMES = ['crowdsourcehinter']
 
diff --git a/openedx/tests/xblock_integration/test_recommender.py b/openedx/tests/xblock_integration/test_recommender.py
index 4ae29bbf4e56..ae06b09db162 100644
--- a/openedx/tests/xblock_integration/test_recommender.py
+++ b/openedx/tests/xblock_integration/test_recommender.py
@@ -27,8 +27,8 @@ class TestRecommender(SharedModuleStoreTestCase, LoginEnrollmentTestCase):
     Check that Recommender state is saved properly
     """
     STUDENTS = [
-        {'email': 'view@test.com', 'password': 'password1234'},
-        {'email': 'view2@test.com', 'password': 'password1234'}
+        {'email': 'view@test.com', 'password': 'Password1234'},
+        {'email': 'view2@test.com', 'password': 'Password1234'}
     ]
     XBLOCK_NAMES = ['recommender', 'recommender_second']
 
diff --git a/openedx/tests/xblock_integration/xblock_testcase.py b/openedx/tests/xblock_integration/xblock_testcase.py
index 9c3cd480c2b5..e9488b3f21f2 100644
--- a/openedx/tests/xblock_integration/xblock_testcase.py
+++ b/openedx/tests/xblock_integration/xblock_testcase.py
@@ -282,9 +282,9 @@ class XBlockStudentTestCaseMixin:
     Creates a default set of students for XBlock tests
     '''
     student_list = [
-        {'email': 'alice@test.edx.org', 'password': 'password1234'},
-        {'email': 'bob@test.edx.org', 'password': 'password1234'},
-        {'email': 'eve@test.edx.org', 'password': 'password1234'},
+        {'email': 'alice@test.edx.org', 'password': 'Password1234'},
+        {'email': 'bob@test.edx.org', 'password': 'Password1234'},
+        {'email': 'eve@test.edx.org', 'password': 'Password1234'},
     ]
 
     def setUp(self):
diff --git a/xmodule/modulestore/tests/django_utils.py b/xmodule/modulestore/tests/django_utils.py
index 4f565507cbd2..952a88800f7c 100644
--- a/xmodule/modulestore/tests/django_utils.py
+++ b/xmodule/modulestore/tests/django_utils.py
@@ -369,7 +369,7 @@ class ModuleStoreTestUsersMixin():
     """
     A mixin to help manage test users.
     """
-    TEST_PASSWORD = 'password'
+    TEST_PASSWORD = 'Password1234'
 
     def create_user_for_course(self, course, user_type=CourseUserType.ENROLLED):
         """

From 704af1acb3fc9b82754638e37efe8be5521c6f3f Mon Sep 17 00:00:00 2001
From: Feanil Patel <feanil@axim.org>
Date: Mon, 16 Oct 2023 11:37:37 -0400
Subject: [PATCH 06/11] test: Update to reuse variables in more places.

Some of the places where we had explicit copies of the password were not
necessary so we referece the exsting TEST_PASSWORD variable where
possible.
---
 cms/djangoapps/contentstore/tests/test_i18n.py |  2 +-
 lms/djangoapps/course_api/tests/mixins.py      |  2 +-
 .../transformers/tests/helpers.py              |  4 ++--
 lms/djangoapps/course_wiki/tests/tests.py      |  2 +-
 .../tests/test_submitting_problems.py          |  2 +-
 .../grades/rest_api/v1/tests/test_views.py     |  2 +-
 lms/djangoapps/mobile_api/testutils.py         |  2 +-
 lms/djangoapps/survey/tests/test_utils.py      |  2 +-
 lms/djangoapps/survey/tests/test_views.py      |  2 +-
 .../verify_student/tests/test_views.py         | 18 ++++++++++--------
 .../test_crowdsource_hinter.py                 |  4 ++--
 11 files changed, 22 insertions(+), 20 deletions(-)

diff --git a/cms/djangoapps/contentstore/tests/test_i18n.py b/cms/djangoapps/contentstore/tests/test_i18n.py
index b77740d33f1a..5b233eb72f04 100644
--- a/cms/djangoapps/contentstore/tests/test_i18n.py
+++ b/cms/djangoapps/contentstore/tests/test_i18n.py
@@ -193,7 +193,7 @@ def setUp(self):
 
         self.uname = 'testuser'
         self.email = 'test+courses@edx.org'
-        self.password = 'Password1234'
+        self.password = self.TEST_PASSWORD
 
         # Create the use so we can log them in.
         self.user = UserFactory.create(username=self.uname, email=self.email, password=self.password)
diff --git a/lms/djangoapps/course_api/tests/mixins.py b/lms/djangoapps/course_api/tests/mixins.py
index 2940826c68c4..46671867b72c 100644
--- a/lms/djangoapps/course_api/tests/mixins.py
+++ b/lms/djangoapps/course_api/tests/mixins.py
@@ -8,7 +8,7 @@
 from common.djangoapps.student.tests.factories import UserFactory, CourseEnrollmentFactory, CourseAccessRoleFactory
 from xmodule.modulestore.tests.factories import ToyCourseFactory  # lint-amnesty, pylint: disable=wrong-import-order
 
-TEST_PASSWORD = 'edx'
+TEST_PASSWORD = 'Password1234'
 
 
 class CourseApiFactoryMixin:
diff --git a/lms/djangoapps/course_blocks/transformers/tests/helpers.py b/lms/djangoapps/course_blocks/transformers/tests/helpers.py
index 4060052be84b..fb78946280fd 100644
--- a/lms/djangoapps/course_blocks/transformers/tests/helpers.py
+++ b/lms/djangoapps/course_blocks/transformers/tests/helpers.py
@@ -50,7 +50,7 @@ def setUp(self):
         """
         super().setUp()
         # Set up users.
-        self.password = 'Password1234'
+        self.password = self.TEST_PASSWORD
         self.user = UserFactory.create(password=self.password)
         self.staff = UserFactory.create(password=self.password, is_staff=True)
 
@@ -253,7 +253,7 @@ def setUp(self):
                     parent_block.children.append(self.xblock_keys[i])
                     update_block(parent_block)
 
-        self.password = 'Password1234'
+        self.password = self.TEST_PASSWORD
         self.student = UserFactory.create(is_staff=False, username='test_student', password=self.password)
         self.staff = UserFactory.create(is_staff=True, username='test_staff', password=self.password)
         CourseEnrollmentFactory.create(
diff --git a/lms/djangoapps/course_wiki/tests/tests.py b/lms/djangoapps/course_wiki/tests/tests.py
index f81b285afd35..7fc86947d4fa 100644
--- a/lms/djangoapps/course_wiki/tests/tests.py
+++ b/lms/djangoapps/course_wiki/tests/tests.py
@@ -24,7 +24,7 @@ def setUp(self):
         # Create two accounts
         self.student = 'view@test.com'
         self.instructor = 'view2@test.com'
-        self.password = 'Password1234'
+        self.password = self.TEST_PASSWORD
         for username, email in [('u1', self.student), ('u2', self.instructor)]:
             self.create_account(username, email, self.password)
             self.activate_user(email)
diff --git a/lms/djangoapps/courseware/tests/test_submitting_problems.py b/lms/djangoapps/courseware/tests/test_submitting_problems.py
index dee37a09c1d9..4d55645d7a5f 100644
--- a/lms/djangoapps/courseware/tests/test_submitting_problems.py
+++ b/lms/djangoapps/courseware/tests/test_submitting_problems.py
@@ -154,7 +154,7 @@ def setUp(self):
         # create a test student
         self.course = CourseFactory.create(display_name=self.COURSE_NAME, number=self.COURSE_SLUG)
         self.student = 'view@test.com'
-        self.password = 'Password1234'
+        self.password = self.TEST_PASSWORD
         self.create_account('u1', self.student, self.password)
         self.activate_user(self.student)
         self.enroll(self.course)
diff --git a/lms/djangoapps/grades/rest_api/v1/tests/test_views.py b/lms/djangoapps/grades/rest_api/v1/tests/test_views.py
index e5d82998b687..cd2107ec7c29 100644
--- a/lms/djangoapps/grades/rest_api/v1/tests/test_views.py
+++ b/lms/djangoapps/grades/rest_api/v1/tests/test_views.py
@@ -548,7 +548,7 @@ class CourseSubmissionHistoryWithDataTest(TestSubmittingProblems):
     def setUp(self):
         super().setUp()
         self.namespaced_url = 'grades_api:v1:submission_history'
-        self.password = 'Password1234'
+        self.password = self.TEST_PASSWORD
         self.basic_setup()
         self.global_staff = GlobalStaffFactory.create()
 
diff --git a/lms/djangoapps/mobile_api/testutils.py b/lms/djangoapps/mobile_api/testutils.py
index abd4e0a4e003..f74d4b45a5fd 100644
--- a/lms/djangoapps/mobile_api/testutils.py
+++ b/lms/djangoapps/mobile_api/testutils.py
@@ -50,7 +50,7 @@ def setUp(self):
             certificate_available_date=datetime.datetime.now(pytz.UTC)
         )
         self.user = UserFactory.create()
-        self.password = 'Password1234'
+        self.password = self.TEST_PASSWORD
         self.username = self.user.username
         self.api_version = API_V1
         IgnoreMobileAvailableFlagConfig(enabled=False).save()
diff --git a/lms/djangoapps/survey/tests/test_utils.py b/lms/djangoapps/survey/tests/test_utils.py
index 77b0b0f4f961..4f5e86dae703 100644
--- a/lms/djangoapps/survey/tests/test_utils.py
+++ b/lms/djangoapps/survey/tests/test_utils.py
@@ -28,7 +28,7 @@ def setUp(self):
         self.client = Client()
 
         # Create two accounts
-        self.password = 'Password1234'
+        self.password = self.TEST_PASSWORD
         self.student = UserFactory.create(
             username='student', email='student@test.com', password=self.password,
         )
diff --git a/lms/djangoapps/survey/tests/test_views.py b/lms/djangoapps/survey/tests/test_views.py
index 9f537de46526..07ddd34e0576 100644
--- a/lms/djangoapps/survey/tests/test_views.py
+++ b/lms/djangoapps/survey/tests/test_views.py
@@ -29,7 +29,7 @@ def setUp(self):
         self.client = Client()
 
         # Create two accounts
-        self.password = 'Password1234'
+        self.password = self.TEST_PASSWORD
         self.student = UserFactory.create(username='student', email='student@test.com', password=self.password)
 
         self.test_survey_name = 'TestSurvey'
diff --git a/lms/djangoapps/verify_student/tests/test_views.py b/lms/djangoapps/verify_student/tests/test_views.py
index c537ff6fc251..77ee515d3757 100644
--- a/lms/djangoapps/verify_student/tests/test_views.py
+++ b/lms/djangoapps/verify_student/tests/test_views.py
@@ -93,6 +93,8 @@ def mock_render_to_response(*args, **kwargs):
 3W+sdGFUK3GH1NAX71VxbAlFVLUetcMwai1+wXmGkRw6A7YezVFnhw==
 -----END RSA PRIVATE KEY-----"""
 
+TEST_PASSWORD = 'Password1234'
+
 
 def _mock_payment_processors():
     """
@@ -122,8 +124,8 @@ def test_start_new_verification(self):
         Test the case where the user has no pending `PhotoVerificationAttempts`,
         but is just starting their first.
         """
-        UserFactory.create(username="rusty", password='Password1234')
-        self.client.login(username="rusty", password='Password1234')
+        UserFactory.create(username="rusty", password=TEST_PASSWORD)
+        self.client.login(username="rusty", password=TEST_PASSWORD)
 
     def must_be_logged_in(self):
         self.assertHttpForbidden(self.client.get(self.start_url()))  # lint-amnesty, pylint: disable=no-member
@@ -1055,11 +1057,11 @@ def setUp(self):
         """ Create a user and course. """
         super().setUp()
 
-        self.user = UserFactory.create(username="test", password='Password1234')
+        self.user = UserFactory.create(username="test", password=TEST_PASSWORD)
         self.course = CourseFactory.create()
         for mode, min_price in (('audit', 0), ('honor', 0), ('verified', 100)):
             CourseModeFactory.create(mode_slug=mode, course_id=self.course.id, min_price=min_price, sku=self.make_sku())
-        self.client.login(username="test", password='Password1234')
+        self.client.login(username="test", password=TEST_PASSWORD)
 
     def _assert_checked_out(
         self,
@@ -1868,7 +1870,7 @@ def setUp(self):
         super().setUp()
 
         self.user = AdminFactory()
-        login_success = self.client.login(username=self.user.username, password='Password1234')
+        login_success = self.client.login(username=self.user.username, password=TEST_PASSWORD)
         assert login_success
         self.attempt = SoftwareSecurePhotoVerification(
             status="submitted",
@@ -1895,7 +1897,7 @@ def test_photo_url_view_returns_404_if_invalid_receipt_id(self):
 
     def test_403_for_non_staff(self):
         self.user = UserFactory()
-        login_success = self.client.login(username=self.user.username, password='Password1234')
+        login_success = self.client.login(username=self.user.username, password=TEST_PASSWORD)
         assert login_success
         url = reverse('verification_photo_urls', kwargs={'receipt_id': str(self.receipt_id)})
         response = self.client.get(url)
@@ -1934,7 +1936,7 @@ class TestDecodeImageViews(MockS3Boto3Mixin, TestVerificationBase):
     def setUp(self):
         super().setUp()
         self.user = AdminFactory()
-        login_success = self.client.login(username=self.user.username, password='Password1234')
+        login_success = self.client.login(username=self.user.username, password=TEST_PASSWORD)
         assert login_success
 
     def _mock_submit_images(self):
@@ -1995,7 +1997,7 @@ def test_download_image_response(self, img_type, _mock_get_storage):
     @ddt.data("face", "photo_id")
     def test_403_for_non_staff(self, img_type):
         self.user = UserFactory()
-        login_success = self.client.login(username=self.user.username, password='Password1234')
+        login_success = self.client.login(username=self.user.username, password=TEST_PASSWORD)
         assert login_success
 
         self._mock_submit_images()
diff --git a/openedx/tests/xblock_integration/test_crowdsource_hinter.py b/openedx/tests/xblock_integration/test_crowdsource_hinter.py
index cf2cc368e6ba..61f1097481c7 100644
--- a/openedx/tests/xblock_integration/test_crowdsource_hinter.py
+++ b/openedx/tests/xblock_integration/test_crowdsource_hinter.py
@@ -21,8 +21,8 @@ class TestCrowdsourceHinter(SharedModuleStoreTestCase, LoginEnrollmentTestCase):
     Create the test environment with the crowdsourcehinter xblock.
     """
     STUDENTS = [
-        {'email': 'view@test.com', 'password': 'Password1234'},
-        {'email': 'view2@test.com', 'password': 'Password1234'}
+        {'email': 'view@test.com', 'password': SharedModuleStoreTestCase.TEST_PASSWORD},
+        {'email': 'view2@test.com', 'password': SharedModuleStoreTestCase.TEST_PASSWORD}
     ]
     XBLOCK_NAMES = ['crowdsourcehinter']
 

From d653bf5ded11717b54dd807004e88367b80c5da8 Mon Sep 17 00:00:00 2001
From: Moeez Zahid <moeezzahid1996@gmail.com>
Date: Tue, 27 Feb 2024 19:30:21 +0500
Subject: [PATCH 07/11] refactor: Increase size for mobile config singelton
 value (#34288)

Co-authored-by: Abdul  Moeez Zahid <abdul.moeez@025907584957.2tor.net>
---
 .../0005_alter_mobileconfig_value.py           | 18 ++++++++++++++++++
 lms/djangoapps/mobile_api/models.py            |  2 +-
 2 files changed, 19 insertions(+), 1 deletion(-)
 create mode 100644 lms/djangoapps/mobile_api/migrations/0005_alter_mobileconfig_value.py

diff --git a/lms/djangoapps/mobile_api/migrations/0005_alter_mobileconfig_value.py b/lms/djangoapps/mobile_api/migrations/0005_alter_mobileconfig_value.py
new file mode 100644
index 000000000000..21390296d630
--- /dev/null
+++ b/lms/djangoapps/mobile_api/migrations/0005_alter_mobileconfig_value.py
@@ -0,0 +1,18 @@
+# Generated by Django 4.2.10 on 2024-02-23 06:14
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('mobile_api', '0004_mobileconfig'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='mobileconfig',
+            name='value',
+            field=models.CharField(max_length=1000),
+        ),
+    ]
diff --git a/lms/djangoapps/mobile_api/models.py b/lms/djangoapps/mobile_api/models.py
index ba6f73721456..c80126996ace 100644
--- a/lms/djangoapps/mobile_api/models.py
+++ b/lms/djangoapps/mobile_api/models.py
@@ -110,7 +110,7 @@ class MobileConfig(TimeStampedModel):
     .. no_pii:
     """
     name = models.CharField(max_length=255)
-    value = models.CharField(max_length=255)
+    value = models.CharField(max_length=1000)
 
     class Meta:
         app_label = "mobile_api"

From a2347fd95d6ce2aa472d514b555be44cf10b3350 Mon Sep 17 00:00:00 2001
From: Kyrylo Kireiev <90455454+KyryloKireiev@users.noreply.github.com>
Date: Wed, 10 Jul 2024 18:07:41 +0300
Subject: [PATCH 08/11] feat: [FC-0047] Extend mobile API with course progress
 and primary courses on dashboard view (#34848)

* feat: [AXM-24] Update structure for course enrollments API (#2515)
---------
Co-authored-by: Glib Glugovskiy <glib.glugovskiy@raccoongang.com>

* feat: [AXM-53] add assertions for primary course (#2522)
---------
Co-authored-by: monteri <36768631+monteri@users.noreply.github.com>

* feat: [AXM-297] Add progress to assignments in BlocksInfoInCourseView API (#2546)
---------
Co-authored-by: NiedielnitsevIvan <81557788+NiedielnitsevIvan@users.noreply.github.com>
Co-authored-by: Glib Glugovskiy <glib.glugovskiy@raccoongang.com>
Co-authored-by: monteri <36768631+monteri@users.noreply.github.com>

Conflicts:
	lms/djangoapps/courseware/courses.py
	lms/djangoapps/mobile_api/users/tests.py
---
 .../student/models/course_enrollment.py       |  62 ++
 .../course_api/blocks/tests/test_views.py     |   8 +-
 lms/djangoapps/courseware/courses.py          | 109 +++-
 .../mobile_api/course_info/constants.py       |   5 +
 .../mobile_api/course_info/serializers.py     |  11 +-
 .../mobile_api/course_info/views.py           |  51 +-
 .../tests/test_course_info_serializers.py     |  46 +-
 .../tests/test_course_info_views.py           |  28 +
 lms/djangoapps/mobile_api/users/enums.py      |  22 +
 .../mobile_api/users/serializers.py           |  93 ++-
 lms/djangoapps/mobile_api/users/tests.py      | 617 +++++++++++++++++-
 lms/djangoapps/mobile_api/users/views.py      | 164 ++++-
 lms/djangoapps/mobile_api/utils.py            |   1 +
 lms/urls.py                                   |   2 +-
 .../features/course_duration_limits/access.py |   4 +-
 15 files changed, 1184 insertions(+), 39 deletions(-)
 create mode 100644 lms/djangoapps/mobile_api/course_info/constants.py
 create mode 100644 lms/djangoapps/mobile_api/users/enums.py

diff --git a/common/djangoapps/student/models/course_enrollment.py b/common/djangoapps/student/models/course_enrollment.py
index f879762679f4..106ddb4e3849 100644
--- a/common/djangoapps/student/models/course_enrollment.py
+++ b/common/djangoapps/student/models/course_enrollment.py
@@ -129,11 +129,73 @@ class UnenrollmentNotAllowed(CourseEnrollmentException):
     pass
 
 
+class CourseEnrollmentQuerySet(models.QuerySet):
+    """
+    Custom queryset for CourseEnrollment with Table-level filter methods.
+    """
+
+    def active(self):
+        """
+        Returns a queryset of CourseEnrollment objects for courses that are currently active.
+        """
+        return self.filter(is_active=True)
+
+    def without_certificates(self, username):
+        """
+        Returns a queryset of CourseEnrollment objects for courses that do not have a certificate.
+        """
+        return self.exclude(course_id__in=self.get_user_course_ids_with_certificates(username))
+
+    def with_certificates(self, username):
+        """
+        Returns a queryset of CourseEnrollment objects for courses that have a certificate.
+        """
+        return self.filter(course_id__in=self.get_user_course_ids_with_certificates(username))
+
+    def in_progress(self, username, time_zone=UTC):
+        """
+        Returns a queryset of CourseEnrollment objects for courses that are currently in progress.
+        """
+        now = datetime.now(time_zone)
+        return self.active().without_certificates(username).filter(
+            Q(course__start__lte=now, course__end__gte=now)
+            | Q(course__start__isnull=True, course__end__isnull=True)
+            | Q(course__start__isnull=True, course__end__gte=now)
+            | Q(course__start__lte=now, course__end__isnull=True),
+        )
+
+    def completed(self, username):
+        """
+        Returns a queryset of CourseEnrollment objects for courses that have been completed.
+        """
+        return self.active().with_certificates(username)
+
+    def expired(self, username, time_zone=UTC):
+        """
+        Returns a queryset of CourseEnrollment objects for courses that have expired.
+        """
+        now = datetime.now(time_zone)
+        return self.active().without_certificates(username).filter(course__end__lt=now)
+
+    def get_user_course_ids_with_certificates(self, username):
+        """
+        Gets user's course ids with certificates.
+        """
+        from lms.djangoapps.certificates.models import GeneratedCertificate  # pylint: disable=import-outside-toplevel
+        course_ids_with_certificates = GeneratedCertificate.objects.filter(
+            user__username=username
+        ).values_list('course_id', flat=True)
+        return course_ids_with_certificates
+
+
 class CourseEnrollmentManager(models.Manager):
     """
     Custom manager for CourseEnrollment with Table-level filter methods.
     """
 
+    def get_queryset(self):
+        return CourseEnrollmentQuerySet(self.model, using=self._db)
+
     def is_small_course(self, course_id):
         """
         Returns false if the number of enrollments are one greater than 'max_enrollments' else true
diff --git a/lms/djangoapps/course_api/blocks/tests/test_views.py b/lms/djangoapps/course_api/blocks/tests/test_views.py
index e2426708d6bc..9898e72c8f25 100644
--- a/lms/djangoapps/course_api/blocks/tests/test_views.py
+++ b/lms/djangoapps/course_api/blocks/tests/test_views.py
@@ -5,7 +5,7 @@
 
 from datetime import datetime
 from unittest import mock
-from unittest.mock import Mock
+from unittest.mock import MagicMock, Mock
 from urllib.parse import urlencode, urlunparse
 
 from completion.test_utils import CompletionWaffleTestMixin, submit_completions_for_testing
@@ -207,8 +207,9 @@ def test_not_authenticated_public_course_with_all_blocks(self):
         self.query_params['all_blocks'] = True
         self.verify_response(403)
 
+    @mock.patch('lms.djangoapps.courseware.courses.get_course_assignments', return_value=[])
     @mock.patch("lms.djangoapps.course_api.blocks.forms.permissions.is_course_public", Mock(return_value=True))
-    def test_not_authenticated_public_course_with_blank_username(self):
+    def test_not_authenticated_public_course_with_blank_username(self, get_course_assignment_mock: MagicMock) -> None:
         """
         Verify behaviour when accessing course blocks of a public course for anonymous user anonymously.
         """
@@ -366,7 +367,8 @@ def test_extra_field_when_not_requested(self):
                 block_data['type'] == 'course'
             )
 
-    def test_data_researcher_access(self):
+    @mock.patch('lms.djangoapps.courseware.courses.get_course_assignments', return_value=[])
+    def test_data_researcher_access(self, get_course_assignment_mock: MagicMock) -> None:
         """
         Test if data researcher has access to the api endpoint
         """
diff --git a/lms/djangoapps/courseware/courses.py b/lms/djangoapps/courseware/courses.py
index 6ded860329fb..d0a73821098f 100644
--- a/lms/djangoapps/courseware/courses.py
+++ b/lms/djangoapps/courseware/courses.py
@@ -12,6 +12,7 @@
 from crum import get_current_request
 from dateutil.parser import parse as parse_date
 from django.conf import settings
+from django.core.cache import cache
 from django.http import Http404, QueryDict
 from django.urls import reverse
 from django.utils.translation import gettext as _
@@ -35,6 +36,7 @@
 )
 from lms.djangoapps.courseware.access_utils import check_authentication, check_data_sharing_consent, check_enrollment, \
     check_correct_active_enterprise_customer, is_priority_access_error
+from lms.djangoapps.courseware.context_processor import get_user_timezone_or_last_seen_timezone_or_utc
 from lms.djangoapps.courseware.courseware_access_exception import CoursewareAccessException
 from lms.djangoapps.courseware.date_summary import (
     CertificateAvailableDate,
@@ -50,7 +52,9 @@
 from lms.djangoapps.courseware.masquerade import check_content_start_date_for_masquerade_user
 from lms.djangoapps.courseware.model_data import FieldDataCache
 from lms.djangoapps.courseware.block_render import get_block
+from lms.djangoapps.grades.api import CourseGradeFactory
 from lms.djangoapps.survey.utils import SurveyRequiredAccessError, check_survey_required_and_unanswered
+from openedx.core.djangoapps.content.block_structure.api import get_block_structure_manager
 from openedx.core.djangoapps.content.course_overviews.models import CourseOverview
 from openedx.core.djangoapps.enrollments.api import get_course_enrollment_details
 from openedx.core.djangoapps.site_configuration import helpers as configuration_helpers
@@ -587,7 +591,7 @@ def get_course_blocks_completion_summary(course_key, user):
 
 
 @request_cached()
-def get_course_assignments(course_key, user, include_access=False):  # lint-amnesty, pylint: disable=too-many-statements
+def get_course_assignments(course_key, user, include_access=False, include_without_due=False,):  # lint-amnesty, pylint: disable=too-many-statements
     """
     Returns a list of assignment (at the subsection/sequential level) due dates for the given course.
 
@@ -607,7 +611,8 @@ def get_course_assignments(course_key, user, include_access=False):  # lint-amne
         for subsection_key in block_data.get_children(section_key):
             due = block_data.get_xblock_field(subsection_key, 'due')
             graded = block_data.get_xblock_field(subsection_key, 'graded', False)
-            if due and graded:
+
+            if (due or include_without_due) and graded:
                 first_component_block_id = get_first_component_of_block(subsection_key, block_data)
                 contains_gated_content = include_access and block_data.get_xblock_field(
                     subsection_key, 'contains_gated_content', False)
@@ -624,7 +629,11 @@ def get_course_assignments(course_key, user, include_access=False):  # lint-amne
                 else:
                     complete = False
 
-                past_due = not complete and due < now
+                if due:
+                    past_due = not complete and due < now
+                else:
+                    past_due = False
+                    due = None
                 assignments.append(_Assignment(
                     subsection_key, title, url, due, contains_gated_content,
                     complete, past_due, assignment_type, None, first_component_block_id
@@ -701,6 +710,39 @@ def get_course_assignments(course_key, user, include_access=False):  # lint-amne
     return assignments
 
 
+def get_assignments_grades(user, course_id, cache_timeout):
+    """
+    Calculate the progress of the assignment for the user in the course.
+
+    Arguments:
+        user (User): Django User object.
+        course_id (CourseLocator): The course key.
+        cache_timeout (int): Cache timeout in seconds
+    Returns:
+        list (ReadSubsectionGrade, ZeroSubsectionGrade): The list with assignments grades.
+    """
+    is_staff = bool(has_access(user, 'staff', course_id))
+
+    try:
+        course = get_course_with_access(user, 'load', course_id)
+        cache_key = f'course_block_structure_{str(course_id)}_{str(course.course_version)}_{user.id}'
+        collected_block_structure = cache.get(cache_key)
+        if not collected_block_structure:
+            collected_block_structure = get_block_structure_manager(course_id).get_collected()
+            cache.set(cache_key, collected_block_structure, cache_timeout)
+
+        course_grade = CourseGradeFactory().read(user, collected_block_structure=collected_block_structure)
+
+        # recalculate course grade from visible grades (stored grade was calculated over all grades, visible or not)
+        course_grade.update(visible_grades_only=True, has_staff_access=is_staff)
+        subsection_grades = list(course_grade.subsection_grades.values())
+    except Exception as err:  # pylint: disable=broad-except
+        log.warning(f'Could not get grades for the course: {course_id}, error: {err}')
+        return []
+
+    return subsection_grades
+
+
 def get_first_component_of_block(block_key, block_data):
     """
     This function returns the first leaf block of a section(block_key)
@@ -956,3 +998,64 @@ def get_course_chapter_ids(course_key):
         log.exception('Failed to retrieve course from modulestore.')
         return []
     return [str(chapter_key) for chapter_key in chapter_keys if chapter_key.block_type == 'chapter']
+
+
+def get_past_and_future_course_assignments(request, user, course):
+    """
+    Returns the future assignment data and past assignments data for given user and course.
+
+    Arguments:
+        request (Request): The HTTP GET request.
+        user (User): The user for whom the assignments are received.
+        course (Course): Course object for whom the assignments are received.
+    Returns:
+        tuple (list, list): Tuple of `past_assignments` list and `next_assignments` list.
+                            `next_assignments` list contains only uncompleted assignments.
+    """
+    assignments = get_course_assignment_date_blocks(course, user, request, include_past_dates=True)
+    past_assignments = []
+    future_assignments = []
+
+    timezone = get_user_timezone_or_last_seen_timezone_or_utc(user)
+    for assignment in sorted(assignments, key=lambda x: x.date):
+        if assignment.date < datetime.now(timezone):
+            past_assignments.append(assignment)
+        else:
+            if not assignment.complete:
+                future_assignments.append(assignment)
+
+    if future_assignments:
+        future_assignment_date = future_assignments[0].date.date()
+        next_assignments = [
+            assignment for assignment in future_assignments if assignment.date.date() == future_assignment_date
+        ]
+    else:
+        next_assignments = []
+
+    return next_assignments, past_assignments
+
+
+def get_assignments_completions(course_key, user):
+    """
+    Calculate the progress of the user in the course by assignments.
+
+    Arguments:
+        course_key (CourseLocator): The Course for which course progress is requested.
+        user (User): The user for whom course progress is requested.
+    Returns:
+        dict (dict): Dictionary contains information about total assignments count
+                     in the given course and how many assignments the user has completed.
+    """
+    course_assignments = get_course_assignments(course_key, user, include_without_due=True)
+
+    total_assignments_count = 0
+    assignments_completed = 0
+
+    if course_assignments:
+        total_assignments_count = len(course_assignments)
+        assignments_completed = len([assignment for assignment in course_assignments if assignment.complete])
+
+    return {
+        'total_assignments_count': total_assignments_count,
+        'assignments_completed': assignments_completed,
+    }
diff --git a/lms/djangoapps/mobile_api/course_info/constants.py b/lms/djangoapps/mobile_api/course_info/constants.py
new file mode 100644
index 000000000000..d62cb463951a
--- /dev/null
+++ b/lms/djangoapps/mobile_api/course_info/constants.py
@@ -0,0 +1,5 @@
+"""
+Common constants for the `course_info` API.
+"""
+
+BLOCK_STRUCTURE_CACHE_TIMEOUT = 60 * 60  # 1 hour
diff --git a/lms/djangoapps/mobile_api/course_info/serializers.py b/lms/djangoapps/mobile_api/course_info/serializers.py
index d7a9471088aa..69bed47b03fc 100644
--- a/lms/djangoapps/mobile_api/course_info/serializers.py
+++ b/lms/djangoapps/mobile_api/course_info/serializers.py
@@ -2,7 +2,7 @@
 Course Info serializers
 """
 from rest_framework import serializers
-from typing import Union
+from typing import Dict, Union
 
 from common.djangoapps.course_modes.models import CourseMode
 from common.djangoapps.student.models import CourseEnrollment
@@ -13,6 +13,7 @@
 from lms.djangoapps.courseware.access import has_access
 from lms.djangoapps.courseware.access import administrative_accesses_to_course_for_user
 from lms.djangoapps.courseware.access_utils import check_course_open_for_learner
+from lms.djangoapps.courseware.courses import get_assignments_completions
 from lms.djangoapps.mobile_api.users.serializers import ModeSerializer
 from openedx.core.djangoapps.content.course_overviews.models import CourseOverview
 from openedx.features.course_duration_limits.access import get_user_course_expiration_date
@@ -31,6 +32,7 @@ class CourseInfoOverviewSerializer(serializers.ModelSerializer):
     course_sharing_utm_parameters = serializers.SerializerMethodField()
     course_about = serializers.SerializerMethodField('get_course_about_url')
     course_modes = serializers.SerializerMethodField()
+    course_progress = serializers.SerializerMethodField()
 
     class Meta:
         model = CourseOverview
@@ -47,6 +49,7 @@ class Meta:
             'course_sharing_utm_parameters',
             'course_about',
             'course_modes',
+            'course_progress',
         )
 
     @staticmethod
@@ -75,6 +78,12 @@ def get_course_modes(self, course_overview):
             for mode in course_modes
         ]
 
+    def get_course_progress(self, obj: CourseOverview) -> Dict[str, int]:
+        """
+        Gets course progress calculated by course completed assignments.
+        """
+        return get_assignments_completions(obj.id, self.context.get('user'))
+
 
 class MobileCourseEnrollmentSerializer(serializers.ModelSerializer):
     """
diff --git a/lms/djangoapps/mobile_api/course_info/views.py b/lms/djangoapps/mobile_api/course_info/views.py
index bd34336cc824..0279c59cf55c 100644
--- a/lms/djangoapps/mobile_api/course_info/views.py
+++ b/lms/djangoapps/mobile_api/course_info/views.py
@@ -3,7 +3,7 @@
 """
 
 import logging
-from typing import Optional, Union
+from typing import Dict, Optional, Union
 
 import django
 from django.contrib.auth import get_user_model
@@ -17,9 +17,10 @@
 from common.djangoapps.student.models import CourseEnrollment, User as StudentUser
 from common.djangoapps.static_replace import make_static_urls_absolute
 from lms.djangoapps.certificates.api import certificate_downloadable_status
-from lms.djangoapps.courseware.courses import get_course_info_section_block
+from lms.djangoapps.courseware.courses import get_assignments_grades, get_course_info_section_block
 from lms.djangoapps.course_goals.models import UserActivity
 from lms.djangoapps.course_api.blocks.views import BlocksInCourseView
+from lms.djangoapps.mobile_api.course_info.constants import BLOCK_STRUCTURE_CACHE_TIMEOUT
 from lms.djangoapps.mobile_api.course_info.serializers import (
     CourseInfoOverviewSerializer,
     CourseAccessSerializer,
@@ -269,6 +270,11 @@ class BlocksInfoInCourseView(BlocksInCourseView):
             course, chapter, sequential, vertical, html, problem, video, and
             discussion.
         display_name: (str) The display name of the block.
+        course_progress: (dict) Contains information about how many assignments are in the course
+            and how many assignments the student has completed.
+            Included here:
+                * total_assignments_count: (int) Total course's assignments count.
+                * assignments_completed: (int) Assignments witch the student has completed.
 
     **Returns**
 
@@ -357,8 +363,14 @@ def list(self, request, **kwargs):  # pylint: disable=W0221
 
             course_info_context = {}
             if requested_user := self.get_requested_user(request.user, requested_username):
+                self._extend_sequential_info_with_assignment_progress(
+                    requested_user,
+                    course_key,
+                    response.data['blocks'],
+                )
+
                 course_info_context = {
-                    'user': requested_user
+                    'user': requested_user,
                 }
                 user_enrollment = CourseEnrollment.get_enrollment(user=requested_user, course_key=course_key)
                 course_data.update({
@@ -380,3 +392,36 @@ def list(self, request, **kwargs):  # pylint: disable=W0221
 
             response.data.update(course_data)
         return response
+
+    @staticmethod
+    def _extend_sequential_info_with_assignment_progress(
+        requested_user: User,
+        course_id: CourseKey,
+        blocks_info_data: Dict[str, Dict],
+    ) -> None:
+        """
+        Extends sequential xblock info with assignment's name and progress.
+        """
+        subsection_grades = get_assignments_grades(requested_user, course_id, BLOCK_STRUCTURE_CACHE_TIMEOUT)
+        grades_with_locations = {str(grade.location): grade for grade in subsection_grades}
+
+        for block_id, block_info in blocks_info_data.items():
+            if block_info['type'] == 'sequential':
+                grade = grades_with_locations.get(block_id)
+                if grade:
+                    graded_total = grade.graded_total if grade.graded else None
+                    points_earned = graded_total.earned if graded_total else 0
+                    points_possible = graded_total.possible if graded_total else 0
+                    assignment_type = grade.format
+                else:
+                    points_earned, points_possible, assignment_type = 0, 0, None
+
+                block_info.update(
+                    {
+                        'assignment_progress': {
+                            'assignment_type': assignment_type,
+                            'num_points_earned': points_earned,
+                            'num_points_possible': points_possible,
+                        }
+                    }
+                )
diff --git a/lms/djangoapps/mobile_api/tests/test_course_info_serializers.py b/lms/djangoapps/mobile_api/tests/test_course_info_serializers.py
index 6c50f68d6811..d94fe3c11262 100644
--- a/lms/djangoapps/mobile_api/tests/test_course_info_serializers.py
+++ b/lms/djangoapps/mobile_api/tests/test_course_info_serializers.py
@@ -147,7 +147,8 @@ def setUp(self):
         self.user = UserFactory()
         self.course_overview = CourseOverviewFactory()
 
-    def test_get_media(self):
+    @patch('lms.djangoapps.mobile_api.course_info.serializers.get_assignments_completions')
+    def test_get_media(self, get_assignments_completions_mock: MagicMock) -> None:
         output_data = CourseInfoOverviewSerializer(self.course_overview, context={'user': self.user}).data
 
         self.assertIn('media', output_data)
@@ -156,16 +157,53 @@ def test_get_media(self):
         self.assertIn('small', output_data['media']['image'])
         self.assertIn('large', output_data['media']['image'])
 
-    @patch('lms.djangoapps.mobile_api.course_info.serializers.get_link_for_about_page', return_value='mock_about_link')
-    def test_get_course_sharing_utm_parameters(self, mock_get_link_for_about_page: MagicMock) -> None:
+    @patch('lms.djangoapps.mobile_api.course_info.serializers.get_assignments_completions')
+    @patch(
+        'lms.djangoapps.mobile_api.course_info.serializers.get_link_for_about_page',
+        return_value='mock_about_link'
+    )
+    def test_get_course_sharing_utm_parameters(
+        self,
+        mock_get_link_for_about_page: MagicMock,
+        get_assignments_completions_mock: MagicMock,
+    ) -> None:
         output_data = CourseInfoOverviewSerializer(self.course_overview, context={'user': self.user}).data
 
         self.assertEqual(output_data['course_about'], mock_get_link_for_about_page.return_value)
         mock_get_link_for_about_page.assert_called_once_with(self.course_overview)
 
-    def test_get_course_modes(self):
+    @patch('lms.djangoapps.mobile_api.course_info.serializers.get_assignments_completions')
+    def test_get_course_modes(self, get_assignments_completions_mock: MagicMock) -> None:
         expected_course_modes = [{'slug': 'audit', 'sku': None, 'android_sku': None, 'ios_sku': None, 'min_price': 0}]
 
         output_data = CourseInfoOverviewSerializer(self.course_overview, context={'user': self.user}).data
 
         self.assertListEqual(output_data['course_modes'], expected_course_modes)
+
+    @patch('lms.djangoapps.courseware.courses.get_course_assignments')
+    def test_get_course_progress_no_assignments(self, get_course_assignment_mock: MagicMock) -> None:
+        expected_course_progress = {'total_assignments_count': 0, 'assignments_completed': 0}
+
+        output_data = CourseInfoOverviewSerializer(self.course_overview, context={'user': self.user}).data
+
+        self.assertIn('course_progress', output_data)
+        self.assertDictEqual(output_data['course_progress'], expected_course_progress)
+        get_course_assignment_mock.assert_called_once_with(
+            self.course_overview.id, self.user, include_without_due=True
+        )
+
+    @patch('lms.djangoapps.courseware.courses.get_course_assignments')
+    def test_get_course_progress_with_assignments(self, get_course_assignment_mock: MagicMock) -> None:
+        assignments_mock = [
+            Mock(complete=False), Mock(complete=False), Mock(complete=True), Mock(complete=True), Mock(complete=True)
+        ]
+        get_course_assignment_mock.return_value = assignments_mock
+        expected_course_progress = {'total_assignments_count': 5, 'assignments_completed': 3}
+
+        output_data = CourseInfoOverviewSerializer(self.course_overview, context={'user': self.user}).data
+
+        self.assertIn('course_progress', output_data)
+        self.assertDictEqual(output_data['course_progress'], expected_course_progress)
+        get_course_assignment_mock.assert_called_once_with(
+            self.course_overview.id, self.user, include_without_due=True
+        )
diff --git a/lms/djangoapps/mobile_api/tests/test_course_info_views.py b/lms/djangoapps/mobile_api/tests/test_course_info_views.py
index 67d2c79f9017..a5175626a29e 100644
--- a/lms/djangoapps/mobile_api/tests/test_course_info_views.py
+++ b/lms/djangoapps/mobile_api/tests/test_course_info_views.py
@@ -422,3 +422,31 @@ def test_course_modes(self):
 
         self.assertEqual(response.status_code, status.HTTP_200_OK)
         self.assertListEqual(response.data['course_modes'], expected_course_modes)
+
+    def test_extend_sequential_info_with_assignment_progress_get_only_sequential(self) -> None:
+        response = self.verify_response(url=self.url, params={'block_types_filter': 'sequential'})
+
+        expected_results = (
+            {
+                'assignment_type': 'Lecture Sequence',
+                'num_points_earned': 0.0,
+                'num_points_possible': 0.0
+            },
+            {
+                'assignment_type': None,
+                'num_points_earned': 0.0,
+                'num_points_possible': 0.0
+            },
+        )
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        for sequential_info, assignment_progress in zip(response.data['blocks'].values(), expected_results):
+            self.assertDictEqual(sequential_info['assignment_progress'], assignment_progress)
+
+    @ddt.data('chapter', 'vertical', 'problem', 'video', 'html')
+    def test_extend_sequential_info_with_assignment_progress_for_other_types(self, block_type: 'str') -> None:
+        response = self.verify_response(url=self.url, params={'block_types_filter': block_type})
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        for block_info in response.data['blocks'].values():
+            self.assertNotEqual('assignment_progress', block_info)
diff --git a/lms/djangoapps/mobile_api/users/enums.py b/lms/djangoapps/mobile_api/users/enums.py
new file mode 100644
index 000000000000..2a072b082fff
--- /dev/null
+++ b/lms/djangoapps/mobile_api/users/enums.py
@@ -0,0 +1,22 @@
+"""
+Enums for mobile_api users app.
+"""
+from enum import Enum
+
+
+class EnrollmentStatuses(Enum):
+    """
+    Enum for enrollment statuses.
+    """
+
+    ALL = 'all'
+    IN_PROGRESS = 'in_progress'
+    COMPLETED = 'completed'
+    EXPIRED = 'expired'
+
+    @classmethod
+    def values(cls):
+        """
+        Returns string representation of all enum values.
+        """
+        return [e.value for e in cls]
diff --git a/lms/djangoapps/mobile_api/users/serializers.py b/lms/djangoapps/mobile_api/users/serializers.py
index d7005e5f68e7..d8de11e50ff8 100644
--- a/lms/djangoapps/mobile_api/users/serializers.py
+++ b/lms/djangoapps/mobile_api/users/serializers.py
@@ -2,7 +2,11 @@
 Serializer for user API
 """
 
+from typing import Dict, List, Optional
 
+from completion.exceptions import UnavailableCompletionData
+from completion.utilities import get_key_to_last_completed_block
+from opaque_keys.edx.keys import UsageKey
 from rest_framework import serializers
 from rest_framework.reverse import reverse
 
@@ -11,7 +15,13 @@
 from common.djangoapps.util.course import get_encoded_course_sharing_utm_params, get_link_for_about_page
 from lms.djangoapps.certificates.api import certificate_downloadable_status
 from lms.djangoapps.courseware.access import has_access
+from lms.djangoapps.courseware.courses import get_assignments_completions, get_past_and_future_course_assignments
+from lms.djangoapps.course_home_api.dates.serializers import DateSummarySerializer
+from lms.djangoapps.mobile_api.utils import API_V4
 from openedx.features.course_duration_limits.access import get_user_course_expiration_date
+from xmodule.modulestore.django import modulestore
+from xmodule.modulestore.exceptions import ItemNotFoundError, NoPathToItem
+from xmodule.modulestore.search import path_to_location
 
 
 class CourseOverviewField(serializers.RelatedField):  # lint-amnesty, pylint: disable=abstract-method
@@ -97,7 +107,7 @@ def get_audit_access_expires(self, model):
         """
         Returns expiration date for a course audit expiration, if any or null
         """
-        return get_user_course_expiration_date(model.user, model.course)
+        return get_user_course_expiration_date(model.user, model.course, model)
 
     def get_certificate(self, model):
         """Returns the information about the user's certificate in the course."""
@@ -124,6 +134,17 @@ def get_course_modes(self, obj):
             for mode in course_modes
         ]
 
+    def to_representation(self, instance: CourseEnrollment) -> 'OrderedDict':  # lint-amnesty, pylint: disable=unused-variable, line-too-long
+        """
+        Override the to_representation method to add the course_status field to the serialized data.
+        """
+        data = super().to_representation(instance)
+
+        if 'course_progress' in self.context.get('requested_fields', []) and self.context.get('api_version') == API_V4:
+            data['course_progress'] = get_assignments_completions(instance.course_id, instance.user)
+
+        return data
+
     class Meta:
         model = CourseEnrollment
         fields = ('audit_access_expires', 'created', 'mode', 'is_active', 'course', 'certificate', 'course_modes')
@@ -141,6 +162,76 @@ class Meta:
         lookup_field = 'username'
 
 
+class CourseEnrollmentSerializerModifiedForPrimary(CourseEnrollmentSerializer):
+    """
+    Serializes CourseEnrollment models for API v4.
+
+    Adds `course_status` field into serializer data.
+    """
+
+    course_status = serializers.SerializerMethodField()
+    course_progress = serializers.SerializerMethodField()
+    course_assignments = serializers.SerializerMethodField()
+
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.course = modulestore().get_course(self.instance.course.id)
+
+    def get_course_status(self, model: CourseEnrollment) -> Optional[Dict[str, List[str]]]:
+        """
+        Gets course status for the given user's enrollments.
+        """
+        try:
+            block_key = get_key_to_last_completed_block(model.user, model.course.id)
+            path = path_to_location(modulestore(), block_key, self.context['request'], full_path=True)
+        except (ItemNotFoundError, NoPathToItem, UnavailableCompletionData):
+            return None
+
+        path_ids = [str(block) for block in path]
+        unit = modulestore().get_item(UsageKey.from_string(path_ids[3]), depth=0)
+
+        return {
+            'last_visited_module_id': path_ids[2],
+            'last_visited_module_path': path_ids[:3],
+            'last_visited_block_id': path_ids[-1],
+            'last_visited_unit_display_name': unit.display_name,
+        }
+
+    def get_course_progress(self, model: CourseEnrollment) -> Dict[str, int]:
+        """
+        Returns the progress of the user in the course.
+        """
+        return get_assignments_completions(model.course_id, model.user)
+
+    def get_course_assignments(self, model: CourseEnrollment) -> Dict[str, Optional[List[Dict[str, str]]]]:
+        """
+        Returns the future assignment data and past assignments data for the user in the course.
+        """
+        next_assignments, past_assignments = get_past_and_future_course_assignments(
+            self.context.get('request'), model.user, self.course
+        )
+        return {
+            'future_assignments': DateSummarySerializer(next_assignments, many=True).data,
+            'past_assignments': DateSummarySerializer(past_assignments, many=True).data,
+        }
+
+    class Meta:
+        model = CourseEnrollment
+        fields = (
+            'audit_access_expires',
+            'created',
+            'mode',
+            'is_active',
+            'course',
+            'certificate',
+            'course_modes',
+            'course_status',
+            'course_progress',
+            'course_assignments',
+        )
+        lookup_field = 'username'
+
+
 class UserSerializer(serializers.ModelSerializer):
     """
     Serializes User models
diff --git a/lms/djangoapps/mobile_api/users/tests.py b/lms/djangoapps/mobile_api/users/tests.py
index 94ae9b64a1f3..fe1d32f00675 100644
--- a/lms/djangoapps/mobile_api/users/tests.py
+++ b/lms/djangoapps/mobile_api/users/tests.py
@@ -5,7 +5,7 @@
 
 import datetime
 import unittest
-from unittest.mock import patch
+from unittest.mock import MagicMock, Mock, patch
 from urllib.parse import parse_qs
 
 import ddt
@@ -19,6 +19,7 @@
 from django.utils.timezone import now
 from milestones.tests.utils import MilestonesTestCaseMixin
 from opaque_keys.edx.keys import CourseKey
+from rest_framework import status
 
 from common.djangoapps.course_modes.models import CourseMode
 from common.djangoapps.student.models import CourseEnrollment
@@ -28,6 +29,7 @@
 from lms.djangoapps.certificates.data import CertificateStatuses
 from lms.djangoapps.certificates.tests.factories import GeneratedCertificateFactory
 from lms.djangoapps.courseware.access_response import MilestoneAccessError, StartDateError, VisibilityError
+from lms.djangoapps.courseware.models import StudentModule
 from lms.djangoapps.mobile_api.models import MobileConfig
 from lms.djangoapps.mobile_api.testutils import (
     MobileAPITestCase,
@@ -35,7 +37,8 @@
     MobileAuthUserTestMixin,
     MobileCourseAccessTestMixin
 )
-from lms.djangoapps.mobile_api.utils import API_V1, API_V05, API_V2, API_V3
+from lms.djangoapps.mobile_api.users.enums import EnrollmentStatuses
+from lms.djangoapps.mobile_api.utils import API_V1, API_V05, API_V2, API_V3, API_V4
 from openedx.core.lib.courses import course_image_url
 from openedx.core.release import RELEASE_LINE
 from openedx.core.djangoapps.discussions.models import DiscussionsConfiguration
@@ -408,6 +411,616 @@ def test_pagination_enrollment(self):
         assert "next" in response.data["enrollments"]
         assert "previous" in response.data["enrollments"]
 
+    def test_student_dont_have_enrollments(self):
+        """
+        Testing modified `UserCourseEnrollmentsList` view with api_version == v4.
+        """
+        self.login()
+        expected_result = {
+            'configs': {
+                'iap_configs': {}
+            },
+            'user_timezone': 'UTC',
+            'enrollments': {
+                'next': None,
+                'previous': None,
+                'count': 0,
+                'num_pages': 1,
+                'current_page': 1,
+                'start': 0,
+                'results': []
+            }
+        }
+
+        response = self.api_response(api_version=API_V4)
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertDictEqual(expected_result, response.data)
+        self.assertNotIn('primary', response.data)
+
+    def test_student_have_one_enrollment(self):
+        """
+        Testing modified `UserCourseEnrollmentsList` view with api_version == v4.
+        """
+        self.login()
+        course = CourseFactory.create(org="edx", mobile_available=True)
+        self.enroll(course.id)
+        expected_enrollments = {
+            'next': None,
+            'previous': None,
+            'count': 0,
+            'num_pages': 1,
+            'current_page': 1,
+            'start': 0,
+            'results': []
+        }
+
+        response = self.api_response(api_version=API_V4)
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertDictEqual(expected_enrollments, response.data['enrollments'])
+        self.assertIn('primary', response.data)
+        self.assertEqual(str(course.id), response.data['primary']['course']['id'])
+
+    def test_student_have_two_enrollments(self):
+        """
+        Testing modified `UserCourseEnrollmentsList` view with api_version == v4.
+        """
+        self.login()
+        course_first = CourseFactory.create(org="edx", mobile_available=True)
+        course_second = CourseFactory.create(org="edx", mobile_available=True)
+        self.enroll(course_first.id)
+        self.enroll(course_second.id)
+
+        response = self.api_response(api_version=API_V4)
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(len(response.data['enrollments']['results']), 1)
+        self.assertEqual(response.data['enrollments']['count'], 1)
+        self.assertEqual(response.data['enrollments']['results'][0]['course']['id'], str(course_first.id))
+        self.assertIn('primary', response.data)
+        self.assertEqual(response.data['primary']['course']['id'], str(course_second.id))
+
+    def test_student_have_more_then_ten_enrollments(self):
+        """
+        Testing modified `UserCourseEnrollmentsList` view with api_version == v4.
+        """
+        self.login()
+        courses = [CourseFactory.create(org="edx", mobile_available=True) for _ in range(15)]
+        for course in courses:
+            self.enroll(course.id)
+        latest_enrolment = CourseFactory.create(org="edx", mobile_available=True)
+        self.enroll(latest_enrolment.id)
+
+        response = self.api_response(api_version=API_V4)
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data['enrollments']['count'], 15)
+        self.assertEqual(response.data['enrollments']['num_pages'], 3)
+        self.assertEqual(len(response.data['enrollments']['results']), 5)
+        self.assertIn('primary', response.data)
+        self.assertEqual(response.data['primary']['course']['id'], str(latest_enrolment.id))
+
+    def test_student_have_progress_in_old_course_and_enroll_newest_course(self):
+        """
+        Testing modified `UserCourseEnrollmentsList` view with api_version == v4.
+        """
+        self.login()
+        old_course = CourseFactory.create(org="edx", mobile_available=True)
+        self.enroll(old_course.id)
+        courses = [CourseFactory.create(org="edx", mobile_available=True) for _ in range(5)]
+        for course in courses:
+            self.enroll(course.id)
+        new_course = CourseFactory.create(org="edx", mobile_available=True)
+        self.enroll(new_course.id)
+
+        response = self.api_response(api_version=API_V4)
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data['enrollments']['count'], 6)
+        self.assertEqual(len(response.data['enrollments']['results']), 5)
+        # check that we have the new_course in primary section
+        self.assertIn('primary', response.data)
+        self.assertEqual(response.data['primary']['course']['id'], str(new_course.id))
+
+        # doing progress in the old_course
+        StudentModule.objects.create(
+            student=self.user,
+            course_id=old_course.id,
+            module_state_key=old_course.location,
+        )
+        response = self.api_response(api_version=API_V4)
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data['enrollments']['count'], 6)
+        self.assertEqual(len(response.data['enrollments']['results']), 5)
+        # check that now we have the old_course in primary section
+        self.assertIn('primary', response.data)
+        self.assertEqual(response.data['primary']['course']['id'], str(old_course.id))
+
+        # enroll to the newest course
+        newest_course = CourseFactory.create(org="edx", mobile_available=True)
+        self.enroll(newest_course.id)
+
+        response = self.api_response(api_version=API_V4)
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data['enrollments']['count'], 7)
+        self.assertEqual(len(response.data['enrollments']['results']), 5)
+        # check that now we have the newest_course in primary section
+        self.assertIn('primary', response.data)
+        self.assertEqual(response.data['primary']['course']['id'], str(newest_course.id))
+
+    def test_student_enrolled_only_not_mobile_available_courses(self):
+        """
+        Testing modified `UserCourseEnrollmentsList` view with api_version == v4.
+        """
+        self.login()
+        courses = [CourseFactory.create(org="edx", mobile_available=False) for _ in range(3)]
+        for course in courses:
+            self.enroll(course.id)
+        expected_result = {
+            "configs": {
+                "iap_configs": {}
+            },
+            "user_timezone": "UTC",
+            "enrollments": {
+                "next": None,
+                "previous": None,
+                "count": 0,
+                "num_pages": 1,
+                "current_page": 1,
+                "start": 0,
+                "results": []
+            }
+        }
+
+        response = self.api_response(api_version=API_V4)
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertDictEqual(expected_result, response.data)
+        self.assertNotIn('primary', response.data)
+
+    def test_do_progress_in_not_mobile_available_course(self):
+        """
+        Testing modified `UserCourseEnrollmentsList` view with api_version == v4.
+        """
+        self.login()
+        not_mobile_available = CourseFactory.create(org="edx", mobile_available=False)
+        self.enroll(not_mobile_available.id)
+        courses = [CourseFactory.create(org="edx", mobile_available=True) for _ in range(5)]
+        for course in courses:
+            self.enroll(course.id)
+        new_course = CourseFactory.create(org="edx", mobile_available=True)
+        self.enroll(new_course.id)
+
+        response = self.api_response(api_version=API_V4)
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data['enrollments']['count'], 5)
+        self.assertEqual(len(response.data['enrollments']['results']), 5)
+        # check that we have the new_course in primary section
+        self.assertIn('primary', response.data)
+        self.assertEqual(response.data['primary']['course']['id'], str(new_course.id))
+
+        # doing progress in the not_mobile_available course
+        StudentModule.objects.create(
+            student=self.user,
+            course_id=not_mobile_available.id,
+            module_state_key=not_mobile_available.location,
+        )
+        response = self.api_response(api_version=API_V4)
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data['enrollments']['count'], 5)
+        self.assertEqual(len(response.data['enrollments']['results']), 5)
+        # check that we have the new_course in primary section in the same way
+        self.assertIn('primary', response.data)
+        self.assertEqual(response.data['primary']['course']['id'], str(new_course.id))
+
+    def test_pagination_for_user_enrollments_api_v4(self):
+        """
+        Tests `UserCourseEnrollmentsV4Pagination`, api_version == v4.
+        """
+        self.login()
+        courses = [CourseFactory.create(org="my_org", mobile_available=True) for _ in range(15)]
+        for course in courses:
+            self.enroll(course.id)
+
+        response = self.api_response(api_version=API_V4)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data['enrollments']['count'], 14)
+        self.assertEqual(response.data['enrollments']['num_pages'], 3)
+        self.assertEqual(response.data['enrollments']['current_page'], 1)
+        self.assertEqual(len(response.data['enrollments']['results']), 5)
+        self.assertIn('next', response.data['enrollments'])
+        self.assertIn('previous', response.data['enrollments'])
+        self.assertIn('primary', response.data)
+
+    def test_course_status_in_primary_obj_when_student_doesnt_have_progress(self):
+        """
+        Testing modified `UserCourseEnrollmentsList` view with api_version == v4.
+        """
+        self.login()
+        course = CourseFactory.create(org="edx", mobile_available=True)
+        self.enroll(course.id)
+
+        response = self.api_response(api_version=API_V4)
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data['primary']['course_status'], None)
+
+    @patch('lms.djangoapps.mobile_api.users.serializers.get_key_to_last_completed_block')
+    def test_course_status_in_primary_obj_when_student_have_progress(
+        self,
+        get_last_completed_block_mock: MagicMock,
+    ):
+        """
+        Testing modified `UserCourseEnrollmentsList` view with api_version == v4.
+        """
+        self.login()
+        # create test course structure
+        course = CourseFactory.create(org="edx", mobile_available=True)
+        section = BlockFactory.create(
+            parent=course,
+            category="chapter",
+            display_name="section",
+        )
+        subsection = BlockFactory.create(
+            parent=section,
+            category="sequential",
+            display_name="subsection",
+        )
+        vertical = BlockFactory.create(
+            parent=subsection,
+            category="vertical",
+            display_name="test unit",
+        )
+        problem = BlockFactory.create(
+            parent=vertical,
+            category="problem",
+            display_name="problem",
+        )
+        self.enroll(course.id)
+        get_last_completed_block_mock.return_value = problem.location
+        expected_course_status = {
+            'last_visited_module_id': str(subsection.location),
+            'last_visited_module_path': [
+                str(course.location),
+                str(section.location),
+                str(subsection.location),
+            ],
+            'last_visited_block_id': str(problem.location),
+            'last_visited_unit_display_name': vertical.display_name,
+        }
+
+        response = self.api_response(api_version=API_V4)
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data['primary']['course_status'], expected_course_status)
+        get_last_completed_block_mock.assert_called_once_with(self.user, course.id)
+
+    def test_user_enrollment_api_v4_in_progress_status(self):
+        """
+        Testing
+        """
+        self.login()
+        old_course = CourseFactory.create(
+            org="edx",
+            mobile_available=True,
+            start=self.THREE_YEARS_AGO,
+            end=self.LAST_WEEK
+        )
+        actual_course = CourseFactory.create(
+            org="edx",
+            mobile_available=True,
+            start=self.LAST_WEEK,
+            end=self.NEXT_WEEK
+        )
+        infinite_course = CourseFactory.create(
+            org="edx",
+            mobile_available=True,
+            start=self.LAST_WEEK,
+            end=None
+        )
+
+        self.enroll(old_course.id)
+        self.enroll(actual_course.id)
+        self.enroll(infinite_course.id)
+
+        response = self.api_response(api_version=API_V4, data={'status': EnrollmentStatuses.IN_PROGRESS.value})
+        enrollments = response.data['enrollments']
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(enrollments['count'], 2)
+        self.assertEqual(enrollments['results'][1]['course']['id'], str(actual_course.id))
+        self.assertEqual(enrollments['results'][0]['course']['id'], str(infinite_course.id))
+        self.assertNotIn('primary', response.data)
+
+    def test_user_enrollment_api_v4_completed_status(self):
+        """
+        Testing
+        """
+        self.login()
+        old_course = CourseFactory.create(
+            org="edx",
+            mobile_available=True,
+            start=self.THREE_YEARS_AGO,
+            end=self.LAST_WEEK
+        )
+        actual_course = CourseFactory.create(
+            org="edx",
+            mobile_available=True,
+            start=self.LAST_WEEK,
+            end=self.NEXT_WEEK
+        )
+        infinite_course = CourseFactory.create(
+            org="edx",
+            mobile_available=True,
+            start=self.LAST_WEEK,
+            end=None
+        )
+        GeneratedCertificateFactory.create(
+            user=self.user,
+            course_id=infinite_course.id,
+            status=CertificateStatuses.downloadable,
+            mode='verified',
+        )
+
+        self.enroll(old_course.id)
+        self.enroll(actual_course.id)
+        self.enroll(infinite_course.id)
+
+        response = self.api_response(api_version=API_V4, data={'status': EnrollmentStatuses.COMPLETED.value})
+        enrollments = response.data['enrollments']
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(enrollments['count'], 1)
+        self.assertEqual(enrollments['results'][0]['course']['id'], str(infinite_course.id))
+        self.assertNotIn('primary', response.data)
+
+    def test_user_enrollment_api_v4_expired_status(self):
+        """
+        Testing
+        """
+        self.login()
+        old_course = CourseFactory.create(
+            org="edx",
+            mobile_available=True,
+            start=self.THREE_YEARS_AGO,
+            end=self.LAST_WEEK
+        )
+        actual_course = CourseFactory.create(
+            org="edx",
+            mobile_available=True,
+            start=self.LAST_WEEK,
+            end=self.NEXT_WEEK
+        )
+        infinite_course = CourseFactory.create(
+            org="edx",
+            mobile_available=True,
+            start=self.LAST_WEEK,
+            end=None
+        )
+        self.enroll(old_course.id)
+        self.enroll(actual_course.id)
+        self.enroll(infinite_course.id)
+
+        response = self.api_response(api_version=API_V4, data={'status': EnrollmentStatuses.EXPIRED.value})
+        enrollments = response.data['enrollments']
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(enrollments['count'], 1)
+        self.assertEqual(enrollments['results'][0]['course']['id'], str(old_course.id))
+        self.assertNotIn('primary', response.data)
+
+    def test_user_enrollment_api_v4_expired_course_with_certificate(self):
+        """
+        Testing that the API returns a course with
+        an expiration date in the past if the user has a certificate for this course.
+        """
+        self.login()
+        expired_course = CourseFactory.create(
+            org="edx",
+            mobile_available=True,
+            start=self.THREE_YEARS_AGO,
+            end=self.LAST_WEEK
+        )
+        expired_course_with_cert = CourseFactory.create(
+            org="edx",
+            mobile_available=True,
+            start=self.THREE_YEARS_AGO,
+            end=self.LAST_WEEK
+        )
+        GeneratedCertificateFactory.create(
+            user=self.user,
+            course_id=expired_course_with_cert.id,
+            status=CertificateStatuses.downloadable,
+            mode='verified',
+        )
+
+        self.enroll(expired_course_with_cert.id)
+        self.enroll(expired_course.id)
+
+        response = self.api_response(api_version=API_V4, data={'status': EnrollmentStatuses.COMPLETED.value})
+        enrollments = response.data['enrollments']
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(enrollments['count'], 1)
+        self.assertEqual(enrollments['results'][0]['course']['id'], str(expired_course_with_cert.id))
+        self.assertNotIn('primary', response.data)
+
+    def test_user_enrollment_api_v4_status_all(self):
+        """
+        Testing
+        """
+        self.login()
+        old_course = CourseFactory.create(
+            org="edx",
+            mobile_available=True,
+            start=self.THREE_YEARS_AGO,
+            end=self.LAST_WEEK
+        )
+        actual_course = CourseFactory.create(
+            org="edx",
+            mobile_available=True,
+            start=self.LAST_WEEK,
+            end=self.NEXT_WEEK
+        )
+        infinite_course = CourseFactory.create(
+            org="edx",
+            mobile_available=True,
+            start=self.LAST_WEEK,
+            end=None
+        )
+        GeneratedCertificateFactory.create(
+            user=self.user,
+            course_id=infinite_course.id,
+            status=CertificateStatuses.downloadable,
+            mode='verified',
+        )
+
+        self.enroll(old_course.id)
+        self.enroll(actual_course.id)
+        self.enroll(infinite_course.id)
+
+        response = self.api_response(api_version=API_V4, data={'status': EnrollmentStatuses.ALL.value})
+        enrollments = response.data['enrollments']
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(enrollments['count'], 3)
+        self.assertEqual(enrollments['results'][0]['course']['id'], str(infinite_course.id))
+        self.assertEqual(enrollments['results'][1]['course']['id'], str(actual_course.id))
+        self.assertEqual(enrollments['results'][2]['course']['id'], str(old_course.id))
+        self.assertNotIn('primary', response.data)
+
+    def test_response_contains_primary_enrollment_assignments_info(self):
+        self.login()
+        course = CourseFactory.create(org='edx', mobile_available=True)
+        self.enroll(course.id)
+
+        response = self.api_response(api_version=API_V4)
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertIn('course_assignments', response.data['primary'])
+        self.assertIn('past_assignments', response.data['primary']['course_assignments'])
+        self.assertIn('future_assignments', response.data['primary']['course_assignments'])
+        self.assertListEqual(response.data['primary']['course_assignments']['past_assignments'], [])
+        self.assertListEqual(response.data['primary']['course_assignments']['future_assignments'], [])
+
+    @patch('lms.djangoapps.courseware.courses.get_course_assignments', return_value=[])
+    def test_course_progress_in_primary_enrollment_with_no_assignments(
+        self,
+        get_course_assignment_mock: MagicMock,
+    ) -> None:
+        self.login()
+        course = CourseFactory.create(org='edx', mobile_available=True)
+        self.enroll(course.id)
+        expected_course_progress = {'total_assignments_count': 0, 'assignments_completed': 0}
+
+        response = self.api_response(api_version=API_V4)
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertIn('course_progress', response.data['primary'])
+        self.assertDictEqual(response.data['primary']['course_progress'], expected_course_progress)
+
+    @patch(
+        'lms.djangoapps.mobile_api.users.serializers.CourseEnrollmentSerializerModifiedForPrimary'
+        '.get_course_assignments'
+    )
+    @patch('lms.djangoapps.courseware.courses.get_course_assignments')
+    def test_course_progress_in_primary_enrollment_with_assignments(
+        self,
+        get_course_assignment_mock: MagicMock,
+        assignments_mock: MagicMock,
+    ) -> None:
+        self.login()
+        course = CourseFactory.create(org='edx', mobile_available=True)
+        self.enroll(course.id)
+        course_assignments_mock = [
+            Mock(complete=False), Mock(complete=False), Mock(complete=True), Mock(complete=True), Mock(complete=True)
+        ]
+        get_course_assignment_mock.return_value = course_assignments_mock
+        student_assignments_mock = {
+            'future_assignments': [],
+            'past_assignments': [],
+        }
+        assignments_mock.return_value = student_assignments_mock
+        expected_course_progress = {'total_assignments_count': 5, 'assignments_completed': 3}
+
+        response = self.api_response(api_version=API_V4)
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertIn('course_progress', response.data['primary'])
+        self.assertDictEqual(response.data['primary']['course_progress'], expected_course_progress)
+
+    @patch('lms.djangoapps.courseware.courses.get_course_assignments')
+    def test_course_progress_for_secondary_enrollments_no_query_param(
+        self,
+        get_course_assignment_mock: MagicMock,
+    ) -> None:
+        self.login()
+        courses = [CourseFactory.create(org='edx', mobile_available=True) for _ in range(5)]
+        for course in courses:
+            self.enroll(course.id)
+
+        response = self.api_response(api_version=API_V4)
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        for enrollment in response.data['enrollments']['results']:
+            self.assertNotIn('course_progress', enrollment)
+
+    @patch('lms.djangoapps.courseware.courses.get_course_assignments')
+    def test_course_progress_for_secondary_enrollments_with_query_param(
+        self,
+        get_course_assignment_mock: MagicMock,
+    ) -> None:
+        self.login()
+        courses = [CourseFactory.create(org='edx', mobile_available=True) for _ in range(5)]
+        for course in courses:
+            self.enroll(course.id)
+        expected_course_progress = {'total_assignments_count': 0, 'assignments_completed': 0}
+
+        response = self.api_response(api_version=API_V4, data={'requested_fields': 'course_progress'})
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        for enrollment in response.data['enrollments']['results']:
+            self.assertIn('course_progress', enrollment)
+            self.assertDictEqual(enrollment['course_progress'], expected_course_progress)
+
+    @patch(
+        'lms.djangoapps.mobile_api.users.serializers.CourseEnrollmentSerializerModifiedForPrimary'
+        '.get_course_assignments'
+    )
+    @patch('lms.djangoapps.courseware.courses.get_course_assignments')
+    def test_course_progress_for_secondary_enrollments_with_query_param_and_assignments(
+        self,
+        get_course_assignment_mock: MagicMock,
+        assignments_mock: MagicMock,
+    ) -> None:
+        self.login()
+        courses = [CourseFactory.create(org='edx', mobile_available=True) for _ in range(2)]
+        for course in courses:
+            self.enroll(course.id)
+        course_assignments_mock = [
+            Mock(complete=False), Mock(complete=False), Mock(complete=True), Mock(complete=True), Mock(complete=True)
+        ]
+        get_course_assignment_mock.return_value = course_assignments_mock
+        student_assignments_mock = {
+            'future_assignments': [],
+            'past_assignments': [],
+        }
+        assignments_mock.return_value = student_assignments_mock
+        expected_course_progress = {'total_assignments_count': 5, 'assignments_completed': 3}
+
+        response = self.api_response(api_version=API_V4, data={'requested_fields': 'course_progress'})
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertIn('course_progress', response.data['primary'])
+        self.assertDictEqual(response.data['primary']['course_progress'], expected_course_progress)
+        self.assertIn('course_progress', response.data['enrollments']['results'][0])
+        self.assertDictEqual(response.data['enrollments']['results'][0]['course_progress'], expected_course_progress)
+
 
 @override_settings(MKTG_URLS={'ROOT': 'dummy-root'})
 class TestUserEnrollmentCertificates(UrlResetMixin, MobileAPITestCase, MilestonesTestCaseMixin):
diff --git a/lms/djangoapps/mobile_api/users/views.py b/lms/djangoapps/mobile_api/users/views.py
index 049678dcd7ba..d959e188b4ee 100644
--- a/lms/djangoapps/mobile_api/users/views.py
+++ b/lms/djangoapps/mobile_api/users/views.py
@@ -4,13 +4,15 @@
 
 
 import logging
+from functools import cached_property
+from typing import Optional
 
 from completion.exceptions import UnavailableCompletionData
 from completion.utilities import get_key_to_last_completed_block
 from django.contrib.auth.models import User  # lint-amnesty, pylint: disable=imported-auth-user
 from django.contrib.auth.signals import user_logged_in
 from django.db import transaction
-from django.shortcuts import redirect
+from django.shortcuts import get_object_or_404, redirect
 from django.utils import dateparse
 from django.utils.decorators import method_decorator
 from opaque_keys import InvalidKeyError
@@ -26,19 +28,27 @@
 from common.djangoapps.student.models import CourseEnrollment, User  # lint-amnesty, pylint: disable=reimported
 from lms.djangoapps.courseware.access import is_mobile_available_for_user
 from lms.djangoapps.courseware.access_utils import ACCESS_GRANTED
+from lms.djangoapps.courseware.context_processor import get_user_timezone_or_last_seen_timezone_or_utc
 from lms.djangoapps.courseware.courses import get_current_child
 from lms.djangoapps.courseware.model_data import FieldDataCache
 from lms.djangoapps.courseware.block_render import get_block_for_descriptor
+from lms.djangoapps.courseware.models import StudentModule
 from lms.djangoapps.courseware.views.index import save_positions_recursively_up
 from lms.djangoapps.mobile_api.models import MobileConfig
-from lms.djangoapps.mobile_api.utils import API_V1, API_V05, API_V2, API_V3
+from lms.djangoapps.mobile_api.utils import API_V1, API_V05, API_V2, API_V3, API_V4
 from openedx.features.course_duration_limits.access import check_course_expired
 from xmodule.modulestore.django import modulestore  # lint-amnesty, pylint: disable=wrong-import-order
 from xmodule.modulestore.exceptions import ItemNotFoundError  # lint-amnesty, pylint: disable=wrong-import-order
 
 from .. import errors
 from ..decorators import mobile_course_access, mobile_view
-from .serializers import CourseEnrollmentSerializer, CourseEnrollmentSerializerv05, UserSerializer
+from .enums import EnrollmentStatuses
+from .serializers import (
+    CourseEnrollmentSerializer,
+    CourseEnrollmentSerializerModifiedForPrimary,
+    CourseEnrollmentSerializerv05,
+    UserSerializer,
+)
 
 log = logging.getLogger(__name__)
 
@@ -263,6 +273,10 @@ class UserCourseEnrollmentsList(generics.ListAPIView):
         An additional attribute "expiration" has been added to the response, which lists the date
         when access to the course will expire or null if it doesn't expire.
 
+        In v4 we added to the response primary object. Primary object contains the latest user's enrollment
+        or course where user has the latest progress. Primary object has been cut from user's
+        enrolments array and inserted into separated section with key `primary`.
+
     **Example Request**
 
         GET /api/mobile/v1/users/{username}/course_enrollments/
@@ -312,8 +326,12 @@ class UserCourseEnrollmentsList(generics.ListAPIView):
         * mode: The type of certificate registration for this course (honor or
           certified).
         * url: URL to the downloadable version of the certificate, if exists.
+        * course_progress: Contains information about how many assignments are in the course
+          and how many assignments the student has completed.
+        * total_assignments_count: Total course's assignments count.
+        * assignments_completed: Assignments witch the student has completed.
     """
-    queryset = CourseEnrollment.objects.all()
+
     lookup_field = 'username'
 
     # In Django Rest Framework v3, there is a default pagination
@@ -332,7 +350,10 @@ def is_org(self, check_org, course_org):
 
     def get_serializer_context(self):
         context = super().get_serializer_context()
+        requested_fields = self.request.GET.get('requested_fields', '')
+
         context['api_version'] = self.kwargs.get('api_version')
+        context['requested_fields'] = requested_fields.split(',')
         return context
 
     def get_serializer_class(self):
@@ -341,47 +362,142 @@ def get_serializer_class(self):
             return CourseEnrollmentSerializerv05
         return CourseEnrollmentSerializer
 
-    def get_queryset(self):
+    @cached_property
+    def queryset_for_user(self):
+        """
+        Find and return the list of course enrollments for the user.
+
+        In v4 added filtering by statuses.
+        """
         api_version = self.kwargs.get('api_version')
-        enrollments = self.queryset.filter(
-            user__username=self.kwargs['username'],
+        status = self.request.GET.get('status')
+        username = self.kwargs['username']
+
+        queryset = CourseEnrollment.objects.all().select_related('course', 'user').filter(
+            user__username=username,
             is_active=True
-        ).order_by('created').reverse()
-        org = self.request.query_params.get('org', None)
+        ).order_by('-created')
+
+        if api_version == API_V4 and status in EnrollmentStatuses.values():
+            if status == EnrollmentStatuses.IN_PROGRESS.value:
+                queryset = queryset.in_progress(username=username, time_zone=self.user_timezone)
+            elif status == EnrollmentStatuses.COMPLETED.value:
+                queryset = queryset.completed(username=username)
+            elif status == EnrollmentStatuses.EXPIRED.value:
+                queryset = queryset.expired(username=username, time_zone=self.user_timezone)
+
+        return queryset
+
+    def get_queryset(self):
+        api_version = self.kwargs.get('api_version')
+        status = self.request.GET.get('status')
+        mobile_available = self.get_same_org_mobile_available_enrollments()
 
-        same_org = (
-            enrollment for enrollment in enrollments
-            if enrollment.course_overview and self.is_org(org, enrollment.course_overview.org)
-        )
-        mobile_available = (
-            enrollment for enrollment in same_org
-            if is_mobile_available_for_user(self.request.user, enrollment.course_overview)
-        )
         not_duration_limited = (
             enrollment for enrollment in mobile_available
             if check_course_expired(self.request.user, enrollment.course) == ACCESS_GRANTED
         )
 
+        if api_version == API_V4 and status not in EnrollmentStatuses.values():
+            primary_enrollment_obj = self.get_primary_enrollment_by_latest_enrollment_or_progress()
+            if primary_enrollment_obj:
+                mobile_available.remove(primary_enrollment_obj)
+
         if api_version == API_V05:
             # for v0.5 don't return expired courses
             return list(not_duration_limited)
         else:
             # return all courses, with associated expiration
-            return list(mobile_available)
+            return mobile_available
+
+    def get_same_org_mobile_available_enrollments(self) -> list[CourseEnrollment]:
+        """
+        Gets list with `CourseEnrollment` for mobile available courses.
+        """
+        org = self.request.query_params.get('org', None)
+
+        same_org = (
+            enrollment for enrollment in self.queryset_for_user
+            if enrollment.course_overview and self.is_org(org, enrollment.course_overview.org)
+        )
+        mobile_available = (
+            enrollment for enrollment in same_org
+            if is_mobile_available_for_user(self.request.user, enrollment.course_overview)
+        )
+        return list(mobile_available)
 
     def list(self, request, *args, **kwargs):
         response = super().list(request, *args, **kwargs)
         api_version = self.kwargs.get('api_version')
+        status = self.request.GET.get('status')
 
-        if api_version in (API_V2, API_V3):
+        if api_version in (API_V2, API_V3, API_V4):
             enrollment_data = {
                 'configs': MobileConfig.get_structured_configs(),
+                'user_timezone': str(self.user_timezone),
                 'enrollments': response.data
             }
+            if api_version == API_V4 and status not in EnrollmentStatuses.values():
+                primary_enrollment_obj = self.get_primary_enrollment_by_latest_enrollment_or_progress()
+                if primary_enrollment_obj:
+                    serializer = CourseEnrollmentSerializerModifiedForPrimary(
+                        primary_enrollment_obj,
+                        context=self.get_serializer_context(),
+                    )
+                    enrollment_data.update({'primary': serializer.data})
+
             return Response(enrollment_data)
 
         return response
 
+    @cached_property
+    def user_timezone(self):
+        """
+        Get the user's timezone.
+        """
+        return get_user_timezone_or_last_seen_timezone_or_utc(self.get_user())
+
+    def get_user(self) -> User:
+        """
+        Get user object by username.
+        """
+        return get_object_or_404(User, username=self.kwargs['username'])
+
+    def get_primary_enrollment_by_latest_enrollment_or_progress(self) -> Optional[CourseEnrollment]:
+        """
+        Gets primary enrollment obj by latest enrollment or latest progress on the course.
+        """
+        mobile_available = self.get_same_org_mobile_available_enrollments()
+        if not mobile_available:
+            return None
+
+        mobile_available_course_ids = [enrollment.course_id for enrollment in mobile_available]
+
+        latest_enrollment = self.queryset_for_user.filter(
+            course__id__in=mobile_available_course_ids
+        ).order_by('-created').first()
+
+        if not latest_enrollment:
+            return None
+
+        latest_progress = StudentModule.objects.filter(
+            student__username=self.kwargs['username'],
+            course_id__in=mobile_available_course_ids,
+        ).order_by('-modified').first()
+
+        if not latest_progress:
+            return latest_enrollment
+
+        enrollment_with_latest_progress = self.queryset_for_user.filter(
+            course_id=latest_progress.course_id,
+            user__username=self.kwargs['username'],
+        ).first()
+
+        if latest_enrollment.created > latest_progress.modified:
+            return latest_enrollment
+        else:
+            return enrollment_with_latest_progress
+
     # pylint: disable=attribute-defined-outside-init
     @property
     def paginator(self):
@@ -396,6 +512,8 @@ def paginator(self):
 
         if self._paginator is None and api_version == API_V3:
             self._paginator = DefaultPagination()
+        if self._paginator is None and api_version == API_V4:
+            self._paginator = UserCourseEnrollmentsV4Pagination()
 
         return self._paginator
 
@@ -410,3 +528,11 @@ def my_user_info(request, api_version):
     # updating it from the oauth2 related code is too complex
     user_logged_in.send(sender=User, user=request.user, request=request)
     return redirect("user-detail", api_version=api_version, username=request.user.username)
+
+
+class UserCourseEnrollmentsV4Pagination(DefaultPagination):
+    """
+    Pagination for `UserCourseEnrollments` API v4.
+    """
+    page_size = 5
+    max_page_size = 50
diff --git a/lms/djangoapps/mobile_api/utils.py b/lms/djangoapps/mobile_api/utils.py
index 73a0cfea0827..9204b27ab49b 100644
--- a/lms/djangoapps/mobile_api/utils.py
+++ b/lms/djangoapps/mobile_api/utils.py
@@ -6,6 +6,7 @@
 API_V1 = 'v1'
 API_V2 = 'v2'
 API_V3 = 'v3'
+API_V4 = 'v4'
 
 
 def parsed_version(version):
diff --git a/lms/urls.py b/lms/urls.py
index b03c084d0215..78fa5c52b38c 100644
--- a/lms/urls.py
+++ b/lms/urls.py
@@ -222,7 +222,7 @@
 
 if settings.FEATURES.get('ENABLE_MOBILE_REST_API'):
     urlpatterns += [
-        re_path(r'^api/mobile/(?P<api_version>v(3|2|1|0.5))/', include('lms.djangoapps.mobile_api.urls')),
+        re_path(r'^api/mobile/(?P<api_version>v(4|3|2|1|0.5))/', include('lms.djangoapps.mobile_api.urls')),
     ]
 
 if settings.FEATURES.get('ENABLE_OPENBADGES'):
diff --git a/openedx/features/course_duration_limits/access.py b/openedx/features/course_duration_limits/access.py
index ff817a315054..8f73ae2266ea 100644
--- a/openedx/features/course_duration_limits/access.py
+++ b/openedx/features/course_duration_limits/access.py
@@ -68,7 +68,7 @@ def get_user_course_duration(user, course):
     return get_expected_duration(course.id)
 
 
-def get_user_course_expiration_date(user, course):
+def get_user_course_expiration_date(user, course, enrollment=None):
     """
     Return expiration date for given user course pair.
     Return None if the course does not expire.
@@ -81,7 +81,7 @@ def get_user_course_expiration_date(user, course):
     if access_duration is None:
         return None
 
-    enrollment = CourseEnrollment.get_enrollment(user, course.id)
+    enrollment = enrollment or CourseEnrollment.get_enrollment(user, course.id)
     if enrollment is None or enrollment.mode != CourseMode.AUDIT:
         return None
 

From 970df54ac944adf030774a045738a149e1087470 Mon Sep 17 00:00:00 2001
From: Omar Al-Ithawi <i@omardo.com>
Date: Thu, 25 Jul 2024 12:30:11 +0300
Subject: [PATCH 09/11] fix: python 3.8 typing fixes

---
 lms/djangoapps/mobile_api/users/views.py             |  4 ++--
 .../content_tagging/rest_api/v1/serializers.py       |  4 +++-
 openedx/core/djangoapps/content_tagging/rules.py     | 12 ++++++------
 openedx/core/djangoapps/content_tagging/utils.py     |  6 ++++--
 4 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/lms/djangoapps/mobile_api/users/views.py b/lms/djangoapps/mobile_api/users/views.py
index d959e188b4ee..b5b900b4504c 100644
--- a/lms/djangoapps/mobile_api/users/views.py
+++ b/lms/djangoapps/mobile_api/users/views.py
@@ -5,7 +5,7 @@
 
 import logging
 from functools import cached_property
-from typing import Optional
+from typing import Optional, List
 
 from completion.exceptions import UnavailableCompletionData
 from completion.utilities import get_key_to_last_completed_block
@@ -410,7 +410,7 @@ def get_queryset(self):
             # return all courses, with associated expiration
             return mobile_available
 
-    def get_same_org_mobile_available_enrollments(self) -> list[CourseEnrollment]:
+    def get_same_org_mobile_available_enrollments(self) -> List[CourseEnrollment]:
         """
         Gets list with `CourseEnrollment` for mobile available courses.
         """
diff --git a/openedx/core/djangoapps/content_tagging/rest_api/v1/serializers.py b/openedx/core/djangoapps/content_tagging/rest_api/v1/serializers.py
index 8bd26230855a..ac44cec2e12b 100644
--- a/openedx/core/djangoapps/content_tagging/rest_api/v1/serializers.py
+++ b/openedx/core/djangoapps/content_tagging/rest_api/v1/serializers.py
@@ -4,6 +4,8 @@
 
 from __future__ import annotations
 
+from typing import List
+
 from rest_framework import serializers, fields
 
 from openedx_tagging.core.tagging.rest_api.v1.serializers import (
@@ -72,7 +74,7 @@ class TaxonomyOrgSerializer(TaxonomySerializer):
     orgs = serializers.SerializerMethodField()
     all_orgs = serializers.SerializerMethodField()
 
-    def get_orgs(self, obj) -> list[str]:
+    def get_orgs(self, obj) -> List[str]:
         """
         Return the list of orgs for the taxonomy.
         """
diff --git a/openedx/core/djangoapps/content_tagging/rules.py b/openedx/core/djangoapps/content_tagging/rules.py
index 265194860159..ddedd6b26658 100644
--- a/openedx/core/djangoapps/content_tagging/rules.py
+++ b/openedx/core/djangoapps/content_tagging/rules.py
@@ -2,7 +2,7 @@
 
 from __future__ import annotations
 
-from typing import Union
+from typing import Union, List
 
 import django.contrib.auth.models
 import openedx_tagging.core.tagging.rules as oel_tagging
@@ -41,7 +41,7 @@ def is_org_user(user: UserType, orgs: list[Organization]) -> bool:
     return len(get_user_orgs(user, orgs)) > 0
 
 
-def get_admin_orgs(user: UserType, orgs: list[Organization] | None = None) -> list[Organization]:
+def get_admin_orgs(user: UserType, orgs: list[Organization] | None = None) -> List[Organization]:
     """
     Returns a list of orgs that the given user is an org-level staff, from the given list of orgs.
 
@@ -53,7 +53,7 @@ def get_admin_orgs(user: UserType, orgs: list[Organization] | None = None) -> li
     ]
 
 
-def _get_content_creator_orgs(user: UserType, orgs: list[Organization]) -> list[Organization]:
+def _get_content_creator_orgs(user: UserType, orgs: list[Organization]) -> List[Organization]:
     """
     Returns a list of orgs that the given user is an org-level library user or instructor, from the given list of orgs.
     """
@@ -66,7 +66,7 @@ def _get_content_creator_orgs(user: UserType, orgs: list[Organization]) -> list[
     ]
 
 
-def _get_course_user_orgs(user: UserType, orgs: list[Organization]) -> list[Organization]:
+def _get_course_user_orgs(user: UserType, orgs: list[Organization]) -> List[Organization]:
     """
     Returns a list of orgs for courses where the given user is staff or instructor, from the given list of orgs.
 
@@ -97,7 +97,7 @@ def user_has_role_ignore_course_id(user, role_name, org_name) -> bool:
     ]
 
 
-def _get_library_user_orgs(user: UserType, orgs: list[Organization]) -> list[Organization]:
+def _get_library_user_orgs(user: UserType, orgs: list[Organization]) -> List[Organization]:
     """
     Returns a list of orgs (from the given list of orgs) that are associated with libraries that the given user has
     explicitly been granted access to.
@@ -110,7 +110,7 @@ def _get_library_user_orgs(user: UserType, orgs: list[Organization]) -> list[Org
     return list(set(library_orgs).intersection(orgs))
 
 
-def get_user_orgs(user: UserType, orgs: list[Organization] | None = None) -> list[Organization]:
+def get_user_orgs(user: UserType, orgs: list[Organization] | None = None) -> List[Organization]:
     """
     Return a list of orgs that the given user is a member of (instructor or content creator),
     from the given list of orgs.
diff --git a/openedx/core/djangoapps/content_tagging/utils.py b/openedx/core/djangoapps/content_tagging/utils.py
index dee369109bb5..f13d9e389e6f 100644
--- a/openedx/core/djangoapps/content_tagging/utils.py
+++ b/openedx/core/djangoapps/content_tagging/utils.py
@@ -3,6 +3,8 @@
 """
 from __future__ import annotations
 
+from typing import List
+
 from edx_django_utils.cache import RequestCache
 from opaque_keys import InvalidKeyError
 from opaque_keys.edx.keys import CourseKey, UsageKey
@@ -89,7 +91,7 @@ def clear(self):
         """
         self.request_cache.clear()
 
-    def get_orgs(self, org_names: list[str] | None = None) -> list[Organization]:
+    def get_orgs(self, org_names: list[str] | None = None) -> List[Organization]:
         """
         Returns the Organizations with the given name(s), or all Organizations if no names given.
 
@@ -111,7 +113,7 @@ def get_orgs(self, org_names: list[str] | None = None) -> list[Organization]:
 
         return all_orgs.values()
 
-    def get_library_orgs(self, user, org_names: list[str]) -> list[Organization]:
+    def get_library_orgs(self, user, org_names: list[str]) -> List[Organization]:
         """
         Returns the Organizations that are associated with libraries that the given user has explicitly been granted
         access to.

From 1754c44037bf03f00c720c175aacaf8ecedafa37 Mon Sep 17 00:00:00 2001
From: Omar Al-Ithawi <i@omardo.com>
Date: Thu, 25 Jul 2024 13:43:59 +0300
Subject: [PATCH 10/11] fix: fix cache_for_block_descendents cherry-pick test
 failures

---
 lms/djangoapps/mobile_api/users/views.py | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/lms/djangoapps/mobile_api/users/views.py b/lms/djangoapps/mobile_api/users/views.py
index b5b900b4504c..81051057b7aa 100644
--- a/lms/djangoapps/mobile_api/users/views.py
+++ b/lms/djangoapps/mobile_api/users/views.py
@@ -155,7 +155,7 @@ def _last_visited_block_path(self, request, course):
         the course block. If there is no such visit, the first item deep enough down the course
         tree is used.
         """
-        field_data_cache = FieldDataCache.cache_for_block_descendents(
+        field_data_cache = FieldDataCache.cache_for_descriptor_descendents(
             course.id, request.user, course, depth=2)
 
         course_block = get_block_for_descriptor(
@@ -188,15 +188,14 @@ def _update_last_visited_module_id(self, request, course, module_key, modificati
         """
         Saves the module id if the found modification_date is less recent than the passed modification date
         """
-        field_data_cache = FieldDataCache.cache_for_block_descendents(
+        field_data_cache = FieldDataCache.cache_for_descriptor_descendents(
             course.id, request.user, course, depth=2)
         try:
-            descriptor = modulestore().get_item(module_key)
+            block_descriptor = modulestore().get_item(module_key)
         except ItemNotFoundError:
-            log.error(f"{errors.ERROR_INVALID_MODULE_ID} %s", module_key)
             return Response(errors.ERROR_INVALID_MODULE_ID, status=400)
         block = get_block_for_descriptor(
-            request.user, request, descriptor, field_data_cache, course.id, course=course
+            request.user, request, block_descriptor, field_data_cache, course.id, course=course
         )
 
         if modification_date:

From daf827a3ffb2cfc9656d60a26f2566167c54e1e8 Mon Sep 17 00:00:00 2001
From: Omar Al-Ithawi <i@omardo.com>
Date: Thu, 25 Jul 2024 14:03:31 +0300
Subject: [PATCH 11/11] test: skip Redwood-only cherry picked tests for Course
 Recommendation API

---
 .../learner_dashboard/api/v0/tests/test_views.py          | 8 +++++++-
 lms/djangoapps/learner_home/recommendations/test_views.py | 6 ++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/lms/djangoapps/learner_dashboard/api/v0/tests/test_views.py b/lms/djangoapps/learner_dashboard/api/v0/tests/test_views.py
index 7a51f4680d35..886f543156ec 100644
--- a/lms/djangoapps/learner_dashboard/api/v0/tests/test_views.py
+++ b/lms/djangoapps/learner_dashboard/api/v0/tests/test_views.py
@@ -1,7 +1,7 @@
 """
 Unit tests for Learner Dashboard REST APIs and Views
 """
-
+import unittest
 from unittest import mock
 from uuid import uuid4
 
@@ -11,6 +11,8 @@
 from django.urls import reverse_lazy
 from edx_toggles.toggles.testutils import override_waffle_flag
 from enterprise.models import EnterpriseCourseEnrollment
+
+from openedx.core.release import RELEASE_LINE
 from xmodule.modulestore.tests.django_utils import SharedModuleStoreTestCase
 from xmodule.modulestore.tests.factories import (
     CourseFactory as ModuleStoreCourseFactory,
@@ -244,6 +246,10 @@ def test_program_empty_list_if_no_enterprise_enrollments(self):
 
 
 @ddt.ddt
+@unittest.skipIf(
+    RELEASE_LINE == "palm",
+    'Omar note: This is mostly a Redwood test that got here through cherry-picks',
+)
 class TestCourseRecommendationApiView(TestCase):
     """Unit tests for the course recommendations on dashboard page."""
 
diff --git a/lms/djangoapps/learner_home/recommendations/test_views.py b/lms/djangoapps/learner_home/recommendations/test_views.py
index 9edf9002eefe..fc3e13bd2c7f 100644
--- a/lms/djangoapps/learner_home/recommendations/test_views.py
+++ b/lms/djangoapps/learner_home/recommendations/test_views.py
@@ -3,6 +3,7 @@
 """
 
 import json
+import unittest
 from unittest import mock
 from unittest.mock import Mock
 
@@ -19,9 +20,14 @@
 from lms.djangoapps.learner_home.recommendations.waffle import (
     ENABLE_LEARNER_HOME_AMPLITUDE_RECOMMENDATIONS,
 )
+from openedx.core.release import RELEASE_LINE
 
 
 @ddt.ddt
+@unittest.skipIf(
+    RELEASE_LINE == "palm",
+    'Omar note: This is mostly a Redwood test that got here through cherry-picks',
+)
 class TestCourseRecommendationApiView(TestCase):
     """Unit tests for the course recommendations on learner home page."""