mitodl · Anas12091101 · Mar 10, 2026 · Mar 11, 2026 · Mar 11, 2026 · Mar 11, 2026
diff --git a/frontend/public/src/components/EnrolledItemCard.js b/frontend/public/src/components/EnrolledItemCard.js
@@ -520,10 +520,11 @@ export class EnrolledItemCard extends React.Component<
                     className="btn btn-primary btn-gradient-red-to-blue disabled"
                     rel="noopener noreferrer"
                   >
-                    Starts{" "}
-                    {formatPrettyMonthDate(
-                      parseDateString(enrollment.run.start_date)
-                    )}
+                    {enrollment.run.start_date ?
+                      `Starts ${formatPrettyMonthDate(
+                        parseDateString(enrollment.run.start_date)
+                      )}` :
+                      "Coming Soon"}
                   </a>
                 )}
               </div>

diff --git a/frontend/public/src/lib/util.js b/frontend/public/src/lib/util.js
@@ -145,24 +145,24 @@ export const objectToFormData = (object: Object) => {
 }
 
 // Example return values: "January 1, 2019", "December 31, 2019"
-export const formatPrettyDate = (momentDate: Moment) =>
-  momentDate.format("MMMM D, YYYY")
+export const formatPrettyDate = (momentDate: ?Moment) =>
+  momentDate ? momentDate.format("MMMM D, YYYY") : ""
 
 // Example return values: "Jan 1, 2019", "Dec 31, 2019"
-export const formatPrettyShortDate = (momentDate: Moment) =>
-  momentDate.format("MMM D, YYYY")
+export const formatPrettyShortDate = (momentDate: ?Moment) =>
+  momentDate ? momentDate.format("MMM D, YYYY") : ""
 
-export const formatPrettyMonthDate = (momentDate: Moment) =>
-  momentDate.format("MMMM D")
+export const formatPrettyMonthDate = (momentDate: ?Moment) =>
+  momentDate ? momentDate.format("MMMM D") : ""
 
-export const formatPrettyDateUtc = (momentDate: Moment) =>
-  momentDate.tz("UTC").format("MMMM D, YYYY")
+export const formatPrettyDateUtc = (momentDate: ?Moment) =>
+  momentDate ? momentDate.tz("UTC").format("MMMM D, YYYY") : ""
 
-export const formatPrettyDateTimeAmPm = (momentDate: Moment) =>
-  momentDate.format("LLL")
+export const formatPrettyDateTimeAmPm = (momentDate: ?Moment) =>
+  momentDate ? momentDate.format("LLL") : ""
 
-export const formatPrettyDateTimeAmPmTz = (monthDate: Moment) =>
-  monthDate.tz(moment.tz.guess()).format("LLL z")
+export const formatPrettyDateTimeAmPmTz = (monthDate: ?Moment) =>
+  monthDate ? monthDate.tz(moment.tz.guess()).format("LLL z") : ""
 
 export const firstItem = R.view(R.lensIndex(0))
 

diff --git a/main/settings.py b/main/settings.py
@@ -1255,6 +1255,12 @@
     description="Timeout (in seconds) for requests made via the edX API client",
 )
 
+OPENEDX_WEBHOOK_KEY = get_string(
+    name="OPENEDX_WEBHOOK_KEY",
+    default=None,
+    description="Shared secret token used to authenticate incoming webhook requests from Open edX",
+)
+
 # django debug toolbar only in debug mode
 if DEBUG:
     INSTALLED_APPS += ("debug_toolbar",)

diff --git a/openedx/urls.py b/openedx/urls.py
@@ -15,4 +15,9 @@
         views.openedx_private_auth_complete,
         name="openedx-private-oauth-complete-no-apisix",
     ),
+    path(
+        "api/openedx_webhook/enrollment/",
+        views.edx_enrollment_webhook,
+        name="openedx-enrollment-webhook",
+    ),
 )
diff --git a/openedx/views.py b/openedx/views.py
@@ -1,10 +1,171 @@
 """Views for openedx"""
 
+import logging
+
+from django.conf import settings
 from django.http import HttpResponse
+from drf_spectacular.utils import extend_schema
 from rest_framework import status
+from rest_framework.decorators import api_view, permission_classes
+from rest_framework.permissions import AllowAny
+from rest_framework.response import Response
+
+from courses.api import create_run_enrollments
+from courses.models import CourseRun
+from users.models import User
+
+log = logging.getLogger(__name__)
 
 
 def openedx_private_auth_complete(request):  # noqa: ARG001
     """Responds with a simple HTTP_200_OK"""
     # NOTE: this is only meant as a landing endpoint for api.create_edx_auth_token() flow
     return HttpResponse(status=status.HTTP_200_OK)
+
+
+@extend_schema(exclude=True)
+@api_view(["POST"])
+@permission_classes([AllowAny])
+def edx_enrollment_webhook(request):  # noqa: PLR0911, C901
+    """
+    Webhook endpoint that receives enrollment notifications from Open edX.
+
+    When a user needs to be enrolled in a course (e.g., staff/instructor role added),
+    the Open edX plugin POSTs to this endpoint so MITx Online can enroll them as an
+    auditor in the corresponding course run.
+
+    Expected payload:
+        {
+            "email": "instructor@example.com",
+            "course_id": "course-v1:MITx+1.001x+2025_T1",
+            "role": "instructor"
+        }
+    """
+    # --- Authenticate via Bearer token ---
+    webhook_key = getattr(settings, "OPENEDX_WEBHOOK_KEY", None)
+    if not webhook_key:
+        log.error("OPENEDX_WEBHOOK_KEY is not configured")
+        return Response(
+            {"error": "Webhook is not configured"},
+            status=status.HTTP_500_INTERNAL_SERVER_ERROR,
+        )
+
+    auth_header = request.META.get("HTTP_AUTHORIZATION", "")
+    if not auth_header.startswith("Bearer "):
+        return Response(
+            {"error": "Missing or invalid Authorization header"},
+            status=status.HTTP_401_UNAUTHORIZED,
+        )
+
+    token = auth_header[len("Bearer ") :]
+    if token != webhook_key:
+        return Response(
+            {"error": "Invalid webhook token"},
+            status=status.HTTP_403_FORBIDDEN,
+        )
+
+    # --- Validate payload ---
+    email = request.data.get("email")
+    course_id = request.data.get("course_id")
+    role = request.data.get("role", "")
+
+    if not email or not course_id:
+        return Response(
+            {"error": "Missing required fields: email and course_id"},
+            status=status.HTTP_400_BAD_REQUEST,
+        )
+
+    # --- Look up user ---
+    try:
+        user = User.objects.get(email=email)
-        user = User.objects.get(email=email)
+        user = User.objects.get(email__iexact=email)
-        user = User.objects.get(email=email)
+        user = User.objects.get(email__iexact=email)
+    except User.DoesNotExist:
+        log.warning(
+            "Webhook: No user found with email %s for course %s (role: %s)",
+            email,
+            course_id,
+            role,
+        )
+        return Response(
+            {"error": f"User with email {email} not found"},
-            {"error": f"User with email {email} not found"},
+            {"error": f"User not found"},
-            {"error": f"User with email {email} not found"},
+            {"error": f"User not found"},
+            status=status.HTTP_404_NOT_FOUND,
+        )
+    except User.MultipleObjectsReturned:
+        log.warning(
+            "Webhook: Multiple users found with email %s for course %s (role: %s)",
+            email,
+            course_id,
+            role,
+        )
+        return Response(
+            {"error": f"Multiple users found with email {email}"},
+            status=status.HTTP_409_CONFLICT,
+        )
+
+    # --- Look up course run ---
+    try:
+        course_run = CourseRun.objects.get(courseware_id=course_id)
+    except CourseRun.DoesNotExist:
+        log.warning(
+            "Webhook: No course run found with courseware_id %s (user: %s, role: %s)",
+            course_id,
+            email,
+            role,
+        )
+        return Response(
+            {"error": f"Course run with id {course_id} not found"},
+            status=status.HTTP_404_NOT_FOUND,
+        )
+
+    # --- Enroll user as auditor ---
+    try:
+        enrollments, edx_request_success = create_run_enrollments(
+            user,
+            [course_run],
+            keep_failed_enrollments=True,
+        )
+    except Exception:
+        log.exception(
+            "Webhook: Error creating enrollment for user %s in course run %s",
+            email,
+            course_id,
+        )
+        return Response(
+            {"error": "Failed to create enrollment"},
+            status=status.HTTP_500_INTERNAL_SERVER_ERROR,
+        )
+
+    if enrollments:
+        enrollment = enrollments[0]
+        if not edx_request_success:
+            log.warning(
+                "Webhook: Local enrollment created but edX API call failed for user %s in course run %s",
+                email,
+                course_id,
+            )
+        log.info(
+            "Webhook: Successfully enrolled user %s in course run %s as auditor (role: %s, active: %s, edx_synced: %s)",
+            email,
+            course_id,
+            role,
+            enrollment.active,
+            edx_request_success,
+        )
+        return Response(
+            {
+                "message": "Enrollment successful",
+                "enrollment_id": enrollment.id,
+                "active": enrollment.active,
+                "edx_enrolled": enrollment.edx_enrolled,
+            },
+            status=status.HTTP_200_OK,
+        )
+    else:
+        log.error(
+            "Webhook: Enrollment creation returned empty for user %s in course run %s",
+            email,
+            course_id,
+        )
+        return Response(
+            {"error": "Enrollment creation failed"},
+            status=status.HTTP_500_INTERNAL_SERVER_ERROR,
+        )