diff --git a/cms/djangoapps/contentstore/tests/test_course_create_rerun.py b/cms/djangoapps/contentstore/tests/test_course_create_rerun.py
index 1d1b1177d0dc..deef95d03eae 100644
--- a/cms/djangoapps/contentstore/tests/test_course_create_rerun.py
+++ b/cms/djangoapps/contentstore/tests/test_course_create_rerun.py
@@ -50,7 +50,7 @@ def setUp(self):
         self.factory = RequestFactory()
         self.global_admin = AdminFactory()
         self.client = AjaxEnabledTestClient()
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         self.course_create_rerun_url = reverse('course_handler')
         self.course_start = datetime.datetime.utcnow()
         self.course_end = self.course_start + datetime.timedelta(days=30)
diff --git a/cms/djangoapps/contentstore/tests/test_course_listing.py b/cms/djangoapps/contentstore/tests/test_course_listing.py
index 461a1281f55d..66c16dc6dd8c 100644
--- a/cms/djangoapps/contentstore/tests/test_course_listing.py
+++ b/cms/djangoapps/contentstore/tests/test_course_listing.py
@@ -56,12 +56,12 @@ def setUp(self):
         super().setUp()
         # create and log in a staff user.
         # create and log in a non-staff user
-        self.user = UserFactory()
+        self.user = UserFactory(password=self.TEST_PASSWORD)
         self.factory = RequestFactory()
         self.request = self.factory.get('/course')
         self.request.user = self.user
         self.client = AjaxEnabledTestClient()
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
     def _create_course_with_access_groups(self, course_location, user=None):
         """
diff --git a/cms/djangoapps/contentstore/tests/test_course_settings.py b/cms/djangoapps/contentstore/tests/test_course_settings.py
index be7691ee7e45..fb701137287b 100644
--- a/cms/djangoapps/contentstore/tests/test_course_settings.py
+++ b/cms/djangoapps/contentstore/tests/test_course_settings.py
@@ -1866,10 +1866,10 @@ def _get_course_details_response(self, global_staff):
         """
         Return the course details page as either global or non-global staff
         """
-        user = UserFactory(is_staff=global_staff)
+        user = UserFactory(is_staff=global_staff, password=self.TEST_PASSWORD)
         CourseInstructorRole(self.course.id).add_users(user)
 
-        self.client.login(username=user.username, password='test')
+        self.client.login(username=user.username, password=self.TEST_PASSWORD)
 
         return self.client.get_html(self.course_details_url)
 
diff --git a/cms/djangoapps/contentstore/tests/test_i18n.py b/cms/djangoapps/contentstore/tests/test_i18n.py
index ebd5616b9d5e..5b233eb72f04 100644
--- a/cms/djangoapps/contentstore/tests/test_i18n.py
+++ b/cms/djangoapps/contentstore/tests/test_i18n.py
@@ -193,7 +193,7 @@ def setUp(self):
 
         self.uname = 'testuser'
         self.email = 'test+courses@edx.org'
-        self.password = 'foo'
+        self.password = self.TEST_PASSWORD
 
         # Create the use so we can log them in.
         self.user = UserFactory.create(username=self.uname, email=self.email, password=self.password)
diff --git a/cms/djangoapps/contentstore/tests/test_users_default_role.py b/cms/djangoapps/contentstore/tests/test_users_default_role.py
index 590efc0bff67..1abf0a0ec697 100644
--- a/cms/djangoapps/contentstore/tests/test_users_default_role.py
+++ b/cms/djangoapps/contentstore/tests/test_users_default_role.py
@@ -27,7 +27,7 @@ def setUp(self):
         # create and log in a staff user.
         self.user = UserFactory(is_staff=True)
         self.client = AjaxEnabledTestClient()
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
         # create a course via the view handler to create course
         self.course_key = self.store.make_course_key('Org_1', 'Course_1', 'Run_1')
diff --git a/cms/djangoapps/contentstore/tests/tests.py b/cms/djangoapps/contentstore/tests/tests.py
index f212bc39f1d8..bd2c3dbfd3c8 100644
--- a/cms/djangoapps/contentstore/tests/tests.py
+++ b/cms/djangoapps/contentstore/tests/tests.py
@@ -95,7 +95,7 @@ def setUp(self):
         super().setUp()
 
         self.email = 'a@b.com'
-        self.pw = 'xyz'
+        self.pw = 'password1234'
         self.username = 'testuser'
         self.client = AjaxEnabledTestClient()
         # clear the cache so ratelimiting won't affect these tests
diff --git a/cms/djangoapps/contentstore/views/tests/test_certificates.py b/cms/djangoapps/contentstore/views/tests/test_certificates.py
index 76dfb3be95d7..7af7a448de10 100644
--- a/cms/djangoapps/contentstore/views/tests/test_certificates.py
+++ b/cms/djangoapps/contentstore/views/tests/test_certificates.py
@@ -249,7 +249,7 @@ def test_cannot_create_certificate_if_user_has_no_write_permissions(self):
         Tests user without write permissions on course should not able to create certificate
         """
         user = UserFactory()
-        self.client.login(username=user.username, password='test')
+        self.client.login(username=user.username, password=self.TEST_PASSWORD)
         response = self.client.ajax_post(
             self._url(),
             data=CERTIFICATE_JSON
@@ -635,7 +635,7 @@ def test_delete_certificate_without_write_permissions(self, signatory_path):
         """
         self._add_course_certificates(count=2, signatory_count=1, asset_path_format=signatory_path)
         user = UserFactory()
-        self.client.login(username=user.username, password='test')
+        self.client.login(username=user.username, password=self.TEST_PASSWORD)
         response = self.client.delete(
             self._url(cid=1),
             content_type="application/json",
@@ -653,7 +653,7 @@ def test_delete_certificate_without_global_staff_permissions(self, signatory_pat
         user = UserFactory()
         for role in [CourseInstructorRole, CourseStaffRole]:
             role(self.course.id).add_users(user)
-        self.client.login(username=user.username, password='test')
+        self.client.login(username=user.username, password=self.TEST_PASSWORD)
         response = self.client.delete(
             self._url(cid=1),
             content_type="application/json",
@@ -681,7 +681,7 @@ def test_update_active_certificate_without_global_staff_permissions(self, signat
         user = UserFactory()
         for role in [CourseInstructorRole, CourseStaffRole]:
             role(self.course.id).add_users(user)
-        self.client.login(username=user.username, password='test')
+        self.client.login(username=user.username, password=self.TEST_PASSWORD)
         response = self.client.put(
             self._url(cid=1),
             data=json.dumps(cert_data),
@@ -799,7 +799,7 @@ def test_certificate_activation_without_write_permissions(self, activate, signat
         test_url = reverse_course_url('certificate_activation_handler', self.course.id)
         self._add_course_certificates(count=1, signatory_count=2, asset_path_format=signatory_path)
         user = UserFactory()
-        self.client.login(username=user.username, password='test')
+        self.client.login(username=user.username, password=self.TEST_PASSWORD)
         response = self.client.post(
             test_url,
             data=json.dumps({"is_active": activate}),
diff --git a/cms/djangoapps/contentstore/views/tests/test_organizations.py b/cms/djangoapps/contentstore/views/tests/test_organizations.py
index 6f3b67671101..cf3a376f3461 100644
--- a/cms/djangoapps/contentstore/views/tests/test_organizations.py
+++ b/cms/djangoapps/contentstore/views/tests/test_organizations.py
@@ -14,8 +14,9 @@ class TestOrganizationListing(TestCase):
     """Verify Organization listing behavior."""
     def setUp(self):
         super().setUp()
-        self.staff = UserFactory(is_staff=True)
-        self.client.login(username=self.staff.username, password='test')
+        self.password = "password1234"
+        self.staff = UserFactory(is_staff=True, password=self.password)
+        self.client.login(username=self.staff.username, password=self.password)
         self.org_names_listing_url = reverse('organizations')
         self.org_short_names = ["alphaX", "betaX", "orgX"]
         for index, short_name in enumerate(self.org_short_names):
diff --git a/cms/djangoapps/maintenance/tests.py b/cms/djangoapps/maintenance/tests.py
index dd060c4c0113..a487f8e37faa 100644
--- a/cms/djangoapps/maintenance/tests.py
+++ b/cms/djangoapps/maintenance/tests.py
@@ -30,7 +30,7 @@ class TestMaintenanceIndex(ModuleStoreTestCase):
     def setUp(self):
         super().setUp()
         self.user = AdminFactory()
-        login_success = self.client.login(username=self.user.username, password='test')
+        login_success = self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         self.assertTrue(login_success)
         self.view_url = reverse('maintenance:maintenance_index')
 
@@ -56,7 +56,7 @@ class MaintenanceViewTestCase(ModuleStoreTestCase):
     def setUp(self):
         super().setUp()
         self.user = AdminFactory()
-        login_success = self.client.login(username=self.user.username, password='test')
+        login_success = self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         self.assertTrue(login_success)
 
     def verify_error_message(self, data, error_message):
@@ -110,8 +110,8 @@ def test_non_global_staff_access(self, url):
         """
         Test that all maintenance app views are not accessible to non-global-staff user.
         """
-        user = UserFactory(username='test', email='test@example.com', password='test')
-        login_success = self.client.login(username=user.username, password='test')
+        user = UserFactory(username='test', email='test@example.com', password=self.TEST_PASSWORD)
+        login_success = self.client.login(username=user.username, password=self.TEST_PASSWORD)
         self.assertTrue(login_success)
 
         response = self.client.get(url)
@@ -245,13 +245,13 @@ def setUp(self):
         self.admin = AdminFactory.create(
             email='staff@edx.org',
             username='admin',
-            password='pass'
+            password=self.TEST_PASSWORD
         )
-        self.client.login(username=self.admin.username, password='pass')
+        self.client.login(username=self.admin.username, password=self.TEST_PASSWORD)
         self.non_staff_user = UserFactory.create(
             email='test@edx.org',
             username='test',
-            password='pass'
+            password=self.TEST_PASSWORD
         )
 
     def test_index(self):
@@ -301,7 +301,7 @@ def _test_403(self, viewname, kwargs=None):
         self.assertEqual(response.status_code, 403)
 
     def test_authorization(self):
-        self.client.login(username=self.non_staff_user, password='pass')
+        self.client.login(username=self.non_staff_user, password=self.TEST_PASSWORD)
         announcement = Announcement.objects.create(content="Test Delete")
         announcement.save()
 
diff --git a/common/djangoapps/course_modes/tests/test_admin.py b/common/djangoapps/course_modes/tests/test_admin.py
index 52640dc52fe5..25b6558d24ab 100644
--- a/common/djangoapps/course_modes/tests/test_admin.py
+++ b/common/djangoapps/course_modes/tests/test_admin.py
@@ -54,7 +54,7 @@ def test_expiration_timezone(self):
             '_expiration_datetime_1': expiration.time(),
         }
 
-        self.client.login(username=user.username, password='test')
+        self.client.login(username=user.username, password=self.TEST_PASSWORD)
 
         # Create a new course mode from django admin page
         response = self.client.post(reverse('admin:course_modes_coursemode_add'), data=data)
diff --git a/common/djangoapps/student/models/course_enrollment.py b/common/djangoapps/student/models/course_enrollment.py
index f879762679f4..106ddb4e3849 100644
--- a/common/djangoapps/student/models/course_enrollment.py
+++ b/common/djangoapps/student/models/course_enrollment.py
@@ -129,11 +129,73 @@ class UnenrollmentNotAllowed(CourseEnrollmentException):
     pass
 
 
+class CourseEnrollmentQuerySet(models.QuerySet):
+    """
+    Custom queryset for CourseEnrollment with Table-level filter methods.
+    """
+
+    def active(self):
+        """
+        Returns a queryset of CourseEnrollment objects for courses that are currently active.
+        """
+        return self.filter(is_active=True)
+
+    def without_certificates(self, username):
+        """
+        Returns a queryset of CourseEnrollment objects for courses that do not have a certificate.
+        """
+        return self.exclude(course_id__in=self.get_user_course_ids_with_certificates(username))
+
+    def with_certificates(self, username):
+        """
+        Returns a queryset of CourseEnrollment objects for courses that have a certificate.
+        """
+        return self.filter(course_id__in=self.get_user_course_ids_with_certificates(username))
+
+    def in_progress(self, username, time_zone=UTC):
+        """
+        Returns a queryset of CourseEnrollment objects for courses that are currently in progress.
+        """
+        now = datetime.now(time_zone)
+        return self.active().without_certificates(username).filter(
+            Q(course__start__lte=now, course__end__gte=now)
+            | Q(course__start__isnull=True, course__end__isnull=True)
+            | Q(course__start__isnull=True, course__end__gte=now)
+            | Q(course__start__lte=now, course__end__isnull=True),
+        )
+
+    def completed(self, username):
+        """
+        Returns a queryset of CourseEnrollment objects for courses that have been completed.
+        """
+        return self.active().with_certificates(username)
+
+    def expired(self, username, time_zone=UTC):
+        """
+        Returns a queryset of CourseEnrollment objects for courses that have expired.
+        """
+        now = datetime.now(time_zone)
+        return self.active().without_certificates(username).filter(course__end__lt=now)
+
+    def get_user_course_ids_with_certificates(self, username):
+        """
+        Gets user's course ids with certificates.
+        """
+        from lms.djangoapps.certificates.models import GeneratedCertificate  # pylint: disable=import-outside-toplevel
+        course_ids_with_certificates = GeneratedCertificate.objects.filter(
+            user__username=username
+        ).values_list('course_id', flat=True)
+        return course_ids_with_certificates
+
+
 class CourseEnrollmentManager(models.Manager):
     """
     Custom manager for CourseEnrollment with Table-level filter methods.
     """
 
+    def get_queryset(self):
+        return CourseEnrollmentQuerySet(self.model, using=self._db)
+
     def is_small_course(self, course_id):
         """
         Returns false if the number of enrollments are one greater than 'max_enrollments' else true
diff --git a/common/djangoapps/student/tests/factories.py b/common/djangoapps/student/tests/factories.py
index 708082412516..27e245288dd6 100644
--- a/common/djangoapps/student/tests/factories.py
+++ b/common/djangoapps/student/tests/factories.py
@@ -35,7 +35,7 @@
 from openedx.core.djangoapps.content.course_overviews.models import CourseOverview
 from openedx.core.djangoapps.content.course_overviews.tests.factories import CourseOverviewFactory
 
-TEST_PASSWORD = 'test'
+TEST_PASSWORD = 'Password1234'
 
 
 class GroupFactory(DjangoModelFactory):  # lint-amnesty, pylint: disable=missing-class-docstring
@@ -81,7 +81,7 @@ class Meta:
         model = User
         django_get_or_create = ('email', 'username')
 
-    _DEFAULT_PASSWORD = 'test'
+    _DEFAULT_PASSWORD = 'Password1234'
 
     username = factory.Sequence('robot{}'.format)
     email = factory.Sequence('robot+test+{}@edx.org'.format)
diff --git a/common/djangoapps/student/tests/test_admin_views.py b/common/djangoapps/student/tests/test_admin_views.py
index 5c6350c2f0ce..2914bcd61c43 100644
--- a/common/djangoapps/student/tests/test_admin_views.py
+++ b/common/djangoapps/student/tests/test_admin_views.py
@@ -53,7 +53,7 @@ def test_save_valid_data(self):
             'email': self.user.email
         }
 
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
         # # adding new role from django admin page
         response = self.client.post(reverse('admin:student_courseaccessrole_add'), data=data)
@@ -78,7 +78,7 @@ def test_save_without_org_and_course_data(self):
             'course_id': str(self.course.id)
         }
 
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
         # # adding new role from django admin page
         response = self.client.post(reverse('admin:student_courseaccessrole_add'), data=data)
@@ -96,7 +96,7 @@ def test_save_with_course_only(self):
 
         }
 
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
         # # adding new role from django admin page
         response = self.client.post(reverse('admin:student_courseaccessrole_add'), data=data)
@@ -115,7 +115,7 @@ def test_save_with_org_only(self):
 
         }
 
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
         # # adding new role from django admin page
         response = self.client.post(reverse('admin:student_courseaccessrole_add'), data=data)
@@ -136,7 +136,7 @@ def test_save_with_invalid_course(self):
             'email': email
         }
 
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
         # Adding new role with invalid data
         response = self.client.post(reverse('admin:student_courseaccessrole_add'), data=data)
@@ -163,7 +163,7 @@ def test_save_valid_course_invalid_org(self):
             'email': self.user.email
         }
 
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
         # # adding new role from django admin page
         response = self.client.post(reverse('admin:student_courseaccessrole_add'), data=data)
@@ -230,7 +230,7 @@ def setUp(self):
             user=self.user,
             course_id=self.course.id,  # pylint: disable=no-member
         )
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
     @ddt.data(*ADMIN_URLS)
     @ddt.unpack
@@ -324,13 +324,14 @@ class LoginFailuresAdminTest(TestCase):
     def setUpClass(cls):
         """Setup class"""
         super().setUpClass()
-        cls.user = UserFactory.create(username='§', is_staff=True, is_superuser=True)
+        cls.TEST_PASSWORD = 'Password1234'
+        cls.user = UserFactory.create(username='§', password=cls.TEST_PASSWORD, is_staff=True, is_superuser=True)
         cls.user.save()
 
     def setUp(self):
         """Setup."""
         super().setUp()
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         self.user2 = UserFactory.create(username='Zażółć gęślą jaźń')
         self.user_lockout_until = datetime.datetime.now(UTC)
         LoginFailures.objects.create(user=self.user, failure_count=10, lockout_until=self.user_lockout_until)
diff --git a/common/djangoapps/student/tests/test_bulk_email_settings.py b/common/djangoapps/student/tests/test_bulk_email_settings.py
index d9bfd15621ca..308ccf66e09d 100644
--- a/common/djangoapps/student/tests/test_bulk_email_settings.py
+++ b/common/djangoapps/student/tests/test_bulk_email_settings.py
@@ -33,7 +33,7 @@ def setUp(self):
         # Create student account
         student = UserFactory.create()
         CourseEnrollmentFactory.create(user=student, course_id=self.course.id)
-        self.client.login(username=student.username, password="test")
+        self.client.login(username=student.username, password=self.TEST_PASSWORD)
 
         self.url = reverse('dashboard')
         # URL for email settings modal
diff --git a/common/djangoapps/student/tests/test_email.py b/common/djangoapps/student/tests/test_email.py
index 7f1287fba048..bcede1821376 100644
--- a/common/djangoapps/student/tests/test_email.py
+++ b/common/djangoapps/student/tests/test_email.py
@@ -136,7 +136,7 @@ def _create_account(self):
         params = {
             'username': 'test_user',
             'email': 'test_user@example.com',
-            'password': 'edx',
+            'password': 'Password1234',
             'name': 'Test User',
             'honor_code': True,
             'terms_of_service': True
@@ -319,7 +319,7 @@ def setUp(self, tracker='common.djangoapps.student.views.management.tracker'):
         self.new_email = 'new.email@edx.org'
         self.req_factory = RequestFactory()
         self.request = self.req_factory.post('unused_url', data={
-            'password': 'test',
+            'password': 'Password1234',
             'new_email': self.new_email
         })
         self.request.user = self.user
@@ -628,7 +628,7 @@ def setUp(self, tracker='common.djangoapps.student.views.management.tracker'):
         self.new_secondary_email = 'new.secondary.email@edx.org'
         self.req_factory = RequestFactory()
         self.request = self.req_factory.post('unused_url', data={
-            'password': 'test',
+            'password': 'Password1234',
             'new_email': self.new_secondary_email
         })
         self.request.user = self.user
diff --git a/common/djangoapps/student/tests/test_filters.py b/common/djangoapps/student/tests/test_filters.py
index 6e429fd39a5c..376595a8507b 100644
--- a/common/djangoapps/student/tests/test_filters.py
+++ b/common/djangoapps/student/tests/test_filters.py
@@ -316,7 +316,7 @@ class StudentDashboardFiltersTest(ModuleStoreTestCase):
     def setUp(self):  # pylint: disable=arguments-differ
         super().setUp()
         self.user = UserFactory()
-        self.client.login(username=self.user.username, password="test")
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         self.dashboard_url = reverse("dashboard")
         self.first_course = CourseFactory.create(
             org="test1", course="course1", display_name="run1",
diff --git a/common/djangoapps/student/tests/test_retirement.py b/common/djangoapps/student/tests/test_retirement.py
index a7e5fac86571..ffeb1af14fa2 100644
--- a/common/djangoapps/student/tests/test_retirement.py
+++ b/common/djangoapps/student/tests/test_retirement.py
@@ -260,7 +260,7 @@ def setUp(self):
             'username': 'username',
             'email': 'foo_bar' + '@bar.com',
             'name': 'foo bar',
-            'password': '123',
+            'password': 'Password1234',
             'terms_of_service': 'true',
             'honor_code': 'true',
         }
diff --git a/common/djangoapps/student/tests/test_userstanding.py b/common/djangoapps/student/tests/test_userstanding.py
index 832127e474ed..67fcebda28f6 100644
--- a/common/djangoapps/student/tests/test_userstanding.py
+++ b/common/djangoapps/student/tests/test_userstanding.py
@@ -43,7 +43,7 @@ def setUp(self):
             (self.non_staff, self.non_staff_client),
             (self.admin, self.admin_client),
         ]:
-            client.login(username=user.username, password='test')
+            client.login(username=user.username, password='Password1234')
 
         UserStandingFactory.create(
             user=self.bad_user,
diff --git a/common/djangoapps/student/tests/test_views.py b/common/djangoapps/student/tests/test_views.py
index b9518efa0446..1230f8320a75 100644
--- a/common/djangoapps/student/tests/test_views.py
+++ b/common/djangoapps/student/tests/test_views.py
@@ -49,7 +49,6 @@
 from xmodule.modulestore.tests.django_utils import SharedModuleStoreTestCase  # lint-amnesty, pylint: disable=wrong-import-order
 from xmodule.modulestore.tests.factories import CourseFactory, BlockFactory  # lint-amnesty, pylint: disable=wrong-import-order
 
-PASSWORD = 'test'
 TOMORROW = now() + timedelta(days=1)
 ONE_WEEK_AGO = now() - timedelta(weeks=1)
 THREE_YEARS_FROM_NOW = now() + timedelta(days=(365 * 3))
@@ -81,7 +80,7 @@ def setUp(self):
         self.user = UserFactory()
         self.enrollment = CourseEnrollmentFactory(course_id=self.course.id, user=self.user)
         self.cert_status = 'processing'
-        self.client.login(username=self.user.username, password=PASSWORD)
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
     def mock_cert(self, _user, _course_overview):
         """ Return a preset certificate status. """
@@ -212,7 +211,7 @@ def setUp(self):
         """
         super().setUp()
         self.user = UserFactory()
-        self.client.login(username=self.user.username, password=PASSWORD)
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         self.path = reverse('dashboard')
 
     def set_course_sharing_urls(self, set_marketing, set_social_sharing):
@@ -1018,7 +1017,7 @@ class TestCourseDashboardNoticesRedirects(SharedModuleStoreTestCase):
     def setUp(self):
         super().setUp()
         self.user = UserFactory()
-        self.client.login(username=self.user.username, password=PASSWORD)
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         self.path = reverse('dashboard')
 
     def test_check_for_unacknowledged_notices(self):
diff --git a/common/djangoapps/student/tests/tests.py b/common/djangoapps/student/tests/tests.py
index b41ad2f856d6..a90b2504d137 100644
--- a/common/djangoapps/student/tests/tests.py
+++ b/common/djangoapps/student/tests/tests.py
@@ -278,7 +278,7 @@ class DashboardTest(ModuleStoreTestCase, TestVerificationBase):
     def setUp(self):
         super().setUp()
         self.course = CourseFactory.create()
-        self.user = UserFactory.create(username="jack", email="jack@fake.edx.org", password='test')
+        self.user = UserFactory.create(username="jack", email="jack@fake.edx.org", password=self.TEST_PASSWORD)
         self.client = Client()
         cache.clear()
 
@@ -307,7 +307,7 @@ def test_verification_status_visible(self):
         """
         Test that the certificate verification status for courses is visible on the dashboard.
         """
-        self.client.login(username="jack", password="test")
+        self.client.login(username="jack", password=self.TEST_PASSWORD)
         self._check_verification_status_on('verified', 'You're enrolled as a verified student')
         self._check_verification_status_on('honor', 'You're enrolled as an honor code student')
         self._check_verification_status_off('audit', '')
@@ -345,7 +345,7 @@ def test_verification_status_invisible(self):
         Test that the certificate verification status for courses is not visible on the dashboard
         if the verified certificates setting is off.
         """
-        self.client.login(username="jack", password="test")
+        self.client.login(username="jack", password=self.TEST_PASSWORD)
         self._check_verification_status_off('verified', 'You\'re enrolled as a verified student')
         self._check_verification_status_off('honor', 'You\'re enrolled as an honor code student')
         self._check_verification_status_off('audit', '')
@@ -371,7 +371,7 @@ def test_course_mode_info(self):
     @skip_unless_lms
     def test_linked_in_add_to_profile_btn_not_appearing_without_config(self):
         # Without linked-in config don't show Add Certificate to LinkedIn button
-        self.client.login(username="jack", password="test")
+        self.client.login(username="jack", password=self.TEST_PASSWORD)
 
         CourseModeFactory.create(
             course_id=self.course.id,
@@ -409,7 +409,7 @@ def test_linked_in_add_to_profile_btn_not_appearing_without_config(self):
     def test_linked_in_add_to_profile_btn_with_certificate(self):
         # If user has a certificate with valid linked-in config then Add Certificate to LinkedIn button
         # should be visible. and it has URL value with valid parameters.
-        self.client.login(username="jack", password="test")
+        self.client.login(username="jack", password=self.TEST_PASSWORD)
 
         linkedin_config = LinkedInAddToProfileConfiguration.objects.create(company_identifier='1337', enabled=True)
         CourseModeFactory.create(
@@ -480,7 +480,7 @@ def test_dashboard_metadata_caching(self):
         # Create a course and log in the user.
         # Creating a new course will trigger a publish event and the course will be cached
         test_course = CourseFactory.create(emit_signals=True)
-        self.client.login(username="jack", password="test")
+        self.client.login(username="jack", password=self.TEST_PASSWORD)
 
         with check_mongo_calls(0):
             CourseEnrollment.enroll(self.user, test_course.id)
@@ -495,7 +495,7 @@ def test_dashboard_metadata_caching(self):
 
     @skip_unless_lms
     def test_dashboard_header_nav_has_find_courses(self):
-        self.client.login(username="jack", password="test")
+        self.client.login(username="jack", password=self.TEST_PASSWORD)
         response = self.client.get(reverse("dashboard"))
 
         # "Explore courses" is shown in the side panel
@@ -542,7 +542,7 @@ def setUp(self):
         super().setUp()
         self.org = 'fakeX'
         self.course = CourseFactory.create(org=self.org)
-        self.user = UserFactory.create(username='jack', email='jack@fake.edx.org', password='test')
+        self.user = UserFactory.create(username='jack', email='jack@fake.edx.org', password=self.TEST_PASSWORD)
         CourseModeFactory.create(mode_slug='no-id-professional', course_id=self.course.id)
         CourseEnrollment.enroll(self.user, self.course.location.course_key, mode='no-id-professional')
         cache.clear()
@@ -564,7 +564,7 @@ def test_course_mode_visible(self, site_domain, site_configuration_values):
             'course_org_filter': self.org
         })
         self.set_up_site(site_domain, site_configuration_values)
-        self.client.login(username='jack', password='test')
+        self.client.login(username='jack', password=self.TEST_PASSWORD)
         response = self.client.get(reverse('dashboard'))
         self.assertContains(response, 'class="course professional"')
 
@@ -585,7 +585,7 @@ def test_course_mode_invisible(self, site_domain, site_configuration_values):
             'course_org_filter': self.org
         })
         self.set_up_site(site_domain, site_configuration_values)
-        self.client.login(username='jack', password='test')
+        self.client.login(username='jack', password=self.TEST_PASSWORD)
         response = self.client.get(reverse('dashboard'))
         self.assertNotContains(response, 'class="course professional"')
 
@@ -899,8 +899,8 @@ class ChangeEnrollmentViewTest(ModuleStoreTestCase):
     def setUp(self):
         super().setUp()
         self.course = CourseFactory.create()
-        self.user = UserFactory.create(password='secret')
-        self.client.login(username=self.user.username, password='secret')
+        self.user = UserFactory.create(password=self.TEST_PASSWORD)
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         self.url = reverse('change_enrollment')
 
     def _enroll_through_view(self, course):
@@ -1056,14 +1056,13 @@ def test_anonymous_id_secret_key_changes_result_in_diff_values_for_same_new_user
 class RelatedProgramsTests(ProgramsApiConfigMixin, SharedModuleStoreTestCase):
     """Tests verifying that related programs appear on the course dashboard."""
     maxDiff = None
-    password = 'test'
     related_programs_preface = 'Related Programs'
 
     @classmethod
     def setUpClass(cls):
         super().setUpClass()
 
-        cls.user = UserFactory()
+        cls.user = UserFactory(password=cls.TEST_PASSWORD)
         cls.course = CourseFactory()
         cls.enrollment = CourseEnrollmentFactory(user=cls.user, course_id=cls.course.id)  # pylint: disable=no-member
 
@@ -1073,7 +1072,7 @@ def setUp(self):
         self.url = reverse('dashboard')
 
         self.create_programs_config()
-        self.client.login(username=self.user.username, password=self.password)
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
         course_run = CourseRunFactory(key=str(self.course.id))  # pylint: disable=no-member
         course = CatalogCourseFactory(course_runs=[course_run])
diff --git a/common/djangoapps/third_party_auth/tests/specs/base.py b/common/djangoapps/third_party_auth/tests/specs/base.py
index 9a51049d86b4..0acae6605422 100644
--- a/common/djangoapps/third_party_auth/tests/specs/base.py
+++ b/common/djangoapps/third_party_auth/tests/specs/base.py
@@ -481,7 +481,7 @@ def _test_login(self):
         # The AJAX on the page will log them in:
         ajax_login_response = self.client.post(
             reverse('user_api_login_session', kwargs={'api_version': 'v1'}),
-            {'email': self.user.email, 'password': 'test'}
+            {'email': self.user.email, 'password': 'Password1234'}
         )
         assert ajax_login_response.status_code == 200
         # Then the AJAX will finish the third party auth:
diff --git a/common/djangoapps/third_party_auth/tests/test_admin.py b/common/djangoapps/third_party_auth/tests/test_admin.py
index c5481a3a09b4..0acfb3492a6f 100644
--- a/common/djangoapps/third_party_auth/tests/test_admin.py
+++ b/common/djangoapps/third_party_auth/tests/test_admin.py
@@ -14,6 +14,9 @@
 from common.djangoapps.third_party_auth.tests.utils import skip_unless_thirdpartyauth
 
 
+TEST_PASSWORD = 'Password1234'
+
+
 # This is necessary because cms does not implement third party auth
 @skip_unless_thirdpartyauth()
 class Oauth2ProviderConfigAdminTest(testutil.TestCase):
@@ -36,9 +39,9 @@ def test_oauth2_provider_edit_icon_image(self):
         prepopulated correctly, and that we can clear and update the image.
         """
         # Login as a super user
-        user = UserFactory.create(is_staff=True, is_superuser=True)
+        user = UserFactory.create(is_staff=True, is_superuser=True, password=TEST_PASSWORD)
         user.save()
-        self.client.login(username=user.username, password='test')
+        self.client.login(username=user.username, password=TEST_PASSWORD)
 
         # Get baseline provider count
         providers = OAuth2ProviderConfig.objects.all()
diff --git a/lms/djangoapps/badges/api/tests.py b/lms/djangoapps/badges/api/tests.py
index e0031c29dee4..cadb30d11a9a 100644
--- a/lms/djangoapps/badges/api/tests.py
+++ b/lms/djangoapps/badges/api/tests.py
@@ -29,7 +29,7 @@ def setUp(self):
         self.course = CourseFactory.create()
         self.user = UserFactory.create()
         # Password defined by factory.
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
     def url(self):
         """
diff --git a/lms/djangoapps/branding/__init__.py b/lms/djangoapps/branding/__init__.py
index 0847f631cb64..954e5da9b1be 100644
--- a/lms/djangoapps/branding/__init__.py
+++ b/lms/djangoapps/branding/__init__.py
@@ -14,7 +14,7 @@
 from openedx.core.djangoapps.site_configuration import helpers as configuration_helpers
 
 
-def get_visible_courses(org=None, filter_=None, active_only=False):
+def get_visible_courses(org=None, filter_=None, active_only=False, course_keys=None):
     """
     Yield the CourseOverviews that should be visible in this branded
     instance.
@@ -25,6 +25,8 @@ def get_visible_courses(org=None, filter_=None, active_only=False):
         filter_ (dict): Optional parameter that allows custom filtering by
             fields on the course.
         active_only (bool): Optional parameter that enables fetching active courses only.
+        course_keys (list[str]): Optional parameter that allows for selecting which
+            courses to fetch the `CourseOverviews` for
     """
     # Import is placed here to avoid model import at project startup.
     from openedx.core.djangoapps.content.course_overviews.models import CourseOverview
@@ -36,12 +38,16 @@ def get_visible_courses(org=None, filter_=None, active_only=False):
     if org:
         # Check the current site's orgs to make sure the org's courses should be displayed
         if not current_site_orgs or org in current_site_orgs:
-            courses = CourseOverview.get_all_courses(orgs=[org], filter_=filter_, active_only=active_only)
+            courses = CourseOverview.get_all_courses(
+                orgs=[org], filter_=filter_, active_only=active_only, course_keys=course_keys
+            )
     elif current_site_orgs:
         # Only display courses that should be displayed on this site
-        courses = CourseOverview.get_all_courses(orgs=current_site_orgs, filter_=filter_, active_only=active_only)
+        courses = CourseOverview.get_all_courses(
+            orgs=current_site_orgs, filter_=filter_, active_only=active_only, course_keys=course_keys
+        )
     else:
-        courses = CourseOverview.get_all_courses(filter_=filter_, active_only=active_only)
+        courses = CourseOverview.get_all_courses(filter_=filter_, active_only=active_only, course_keys=course_keys)
 
     courses = courses.order_by('id')
 
diff --git a/lms/djangoapps/bulk_email/tests/test_course_optout.py b/lms/djangoapps/bulk_email/tests/test_course_optout.py
index a618545bcd68..fe0f70fbdc3b 100644
--- a/lms/djangoapps/bulk_email/tests/test_course_optout.py
+++ b/lms/djangoapps/bulk_email/tests/test_course_optout.py
@@ -40,7 +40,7 @@ def setUp(self):
         # load initial content (since we don't run migrations as part of tests):
         call_command("loaddata", "course_email_template.json")
 
-        self.client.login(username=self.student.username, password="test")
+        self.client.login(username=self.student.username, password=self.TEST_PASSWORD)
 
         self.send_mail_url = reverse('send_email', kwargs={'course_id': str(self.course.id)})
         self.success_content = {
@@ -70,7 +70,7 @@ def test_optout_course(self):
 
         self.client.logout()
 
-        self.client.login(username=self.instructor.username, password="test")
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
         self.navigate_to_email_view()
 
         test_email = {
@@ -92,7 +92,7 @@ def test_optout_using_unsubscribe_link_in_email(self):
         """
         self.client.logout()
 
-        self.client.login(username=self.instructor.username, password="test")
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
 
         unsubscribe_link = get_unsubscribed_link(self.student.username, str(self.course.id))
         response = self.client.post(unsubscribe_link, {'unsubscribe': True})
@@ -122,7 +122,7 @@ def test_optin_course(self):
 
         assert CourseEnrollment.is_enrolled(self.student, self.course.id)
 
-        self.client.login(username=self.instructor.username, password="test")
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
         self.navigate_to_email_view()
 
         test_email = {
@@ -155,7 +155,7 @@ def setUp(self):
         self.student = UserFactory.create()
         CourseEnrollmentFactory.create(user=self.student, course_id=self.course.id)
 
-        self.client.login(username=self.student.username, password="test")
+        self.client.login(username=self.student.username, password=self.TEST_PASSWORD)
 
         self._set_email_optout(False)
         self.policy = CourseEmailOptout()
diff --git a/lms/djangoapps/bulk_email/tests/test_email.py b/lms/djangoapps/bulk_email/tests/test_email.py
index b67864381bfa..ba95bd26ddda 100644
--- a/lms/djangoapps/bulk_email/tests/test_email.py
+++ b/lms/djangoapps/bulk_email/tests/test_email.py
@@ -87,7 +87,7 @@ def login_as_user(self, user):
         """
         Log in self.client as user.
         """
-        self.client.login(username=user.username, password="test")
+        self.client.login(username=user.username, password=self.TEST_PASSWORD)
 
     def goto_instructor_dash_email_view(self):
         """
diff --git a/lms/djangoapps/bulk_email/tests/test_err_handling.py b/lms/djangoapps/bulk_email/tests/test_err_handling.py
index 3f3ffe9b6977..06e9a1dce40f 100644
--- a/lms/djangoapps/bulk_email/tests/test_err_handling.py
+++ b/lms/djangoapps/bulk_email/tests/test_err_handling.py
@@ -53,7 +53,7 @@ def setUp(self):
         course_title = "ẗëṡẗ title ｲ乇丂ｲ ﾶ乇丂丂ﾑg乇 ｷo尺 ﾑﾚﾚ тэѕт мэѕѕаБэ"
         self.course = CourseFactory.create(display_name=course_title)
         self.instructor = AdminFactory.create()
-        self.client.login(username=self.instructor.username, password="test")
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
 
         # load initial content (since we don't run migrations as part of tests):
         call_command("loaddata", "course_email_template.json")
diff --git a/lms/djangoapps/bulk_email/tests/test_signals.py b/lms/djangoapps/bulk_email/tests/test_signals.py
index ea369fa80524..1a3715284b12 100644
--- a/lms/djangoapps/bulk_email/tests/test_signals.py
+++ b/lms/djangoapps/bulk_email/tests/test_signals.py
@@ -33,7 +33,7 @@ def setUp(self):
         # load initial content (since we don't run migrations as part of tests):
         call_command("loaddata", "course_email_template.json")
 
-        self.client.login(username=self.student.username, password="test")
+        self.client.login(username=self.student.username, password=self.TEST_PASSWORD)
 
         self.send_mail_url = reverse('send_email', kwargs={'course_id': str(self.course.id)})
         self.success_content = {
@@ -78,7 +78,7 @@ def test_optout_course(self):
         force_optout_all(sender=self.__class__, user=self.student)
 
         # Try to send a bulk course email
-        self.client.login(username=self.instructor.username, password="test")
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
         self.send_test_email()
 
         # Assert that self.student.email not in mail.to, outbox should only contain "myself" target
diff --git a/lms/djangoapps/ccx/api/v0/tests/test_views.py b/lms/djangoapps/ccx/api/v0/tests/test_views.py
index 489a776e6ef4..94af11f732de 100644
--- a/lms/djangoapps/ccx/api/v0/tests/test_views.py
+++ b/lms/djangoapps/ccx/api/v0/tests/test_views.py
@@ -33,7 +33,7 @@
 from lms.djangoapps.instructor.enrollment import enroll_email, get_email_params
 from openedx.core.lib.courses import get_course_by_id
 
-USER_PASSWORD = 'test'
+USER_PASSWORD = 'Password1234'
 
 
 class CcxRestApiTest(CcxTestCase, APITestCase):
@@ -760,7 +760,7 @@ def test_authorization_no_oauth_staff(self):
         """
         # create a staff user
         staff_user = UserFactory.create(
-            username='test_staff_user', email='test_staff_user@openedx.org', password='test',
+            username='test_staff_user', email='test_staff_user@openedx.org', password=USER_PASSWORD,
         )
         # add staff role to the staff user
         CourseStaffRole(self.master_course_key).add_users(staff_user)
@@ -779,7 +779,7 @@ def test_authorization_no_oauth_instructor(self):
         """
         # create an instructor user
         instructor_user = UserFactory.create(
-            username='test_instructor_user', email='test_instructor_user@openedx.org', password='test',
+            username='test_instructor_user', email='test_instructor_user@openedx.org', password=USER_PASSWORD,
         )
         # add instructor role to the instructor user
         CourseInstructorRole(self.master_course_key).add_users(instructor_user)
@@ -798,7 +798,7 @@ def test_authorization_no_oauth_other_coach(self):
         """
         # create an coach user
         coach_user = UserFactory.create(
-            username='test_coach_user', email='test_coach_user@openedx.org', password='test',
+            username='test_coach_user', email='test_coach_user@openedx.org', password=USER_PASSWORD,
         )
         # add coach role to the coach user
         CourseCcxCoachRole(self.master_course_key).add_users(coach_user)
diff --git a/lms/djangoapps/ccx/tests/test_views.py b/lms/djangoapps/ccx/tests/test_views.py
index b18ed5c2aae1..e993d5dc0b7b 100644
--- a/lms/djangoapps/ccx/tests/test_views.py
+++ b/lms/djangoapps/ccx/tests/test_views.py
@@ -129,13 +129,14 @@ def setUp(self):
         ccx = self.make_ccx()
         ccx_key = CCXLocator.from_course_locator(self.course.id, ccx.id)
         self.url = reverse('ccx_coach_dashboard', kwargs={'course_id': ccx_key})
+        self.TEST_PASSWORD = 'Password1234'
 
     def test_staff_access_coach_dashboard(self):
         """
         User is staff, should access coach dashboard.
         """
         staff = self.make_staff()
-        self.client.login(username=staff.username, password="test")
+        self.client.login(username=staff.username, password=self.TEST_PASSWORD)
 
         response = self.client.get(self.url)
         assert response.status_code == 200
@@ -145,7 +146,7 @@ def test_instructor_access_coach_dashboard(self):
         User is instructor, should access coach dashboard.
         """
         instructor = self.make_instructor()
-        self.client.login(username=instructor.username, password="test")
+        self.client.login(username=instructor.username, password=self.TEST_PASSWORD)
 
         # Now access URL
         response = self.client.get(self.url)
@@ -155,8 +156,8 @@ def test_forbidden_user_access_coach_dashboard(self):
         """
         Assert user with no access must not see dashboard.
         """
-        user = UserFactory.create(password="test")
-        self.client.login(username=user.username, password="test")
+        user = UserFactory.create(password=self.TEST_PASSWORD)
+        self.client.login(username=user.username, password=self.TEST_PASSWORD)
         response = self.client.get(self.url)
         assert response.status_code == 403
 
@@ -211,12 +212,12 @@ def assert_progress_summary(self, ccx_course_key, due):
         """
         assert signal and schedule update.
         """
-        student = UserFactory.create(is_staff=False, password="test")
+        student = UserFactory.create(is_staff=False, password=self.TEST_PASSWORD)
         CourseEnrollment.enroll(student, ccx_course_key)
         assert CourseEnrollment.objects.filter(course_id=ccx_course_key, user=student).exists()
 
         # login as student
-        self.client.login(username=student.username, password="test")
+        self.client.login(username=student.username, password=self.TEST_PASSWORD)
         progress_page_response = self.client.get(
             reverse('progress', kwargs={'course_id': ccx_course_key})
         )
@@ -236,7 +237,7 @@ def test_edit_schedule(self):
         self.make_coach()
         ccx = self.make_ccx()
         ccx_course_key = CCXLocator.from_course_locator(self.course.id, str(ccx.id))
-        self.client.login(username=self.coach.username, password="test")
+        self.client.login(username=self.coach.username, password=self.TEST_PASSWORD)
 
         url = reverse('ccx_coach_dashboard', kwargs={'course_id': ccx_course_key})
         response = self.client.get(url)
@@ -295,7 +296,7 @@ def setUp(self):
         """
         super().setUp()
         # Login with the instructor account
-        self.client.login(username=self.coach.username, password="test")
+        self.client.login(username=self.coach.username, password=self.TEST_PASSWORD)
 
         # adding staff to master course.
         staff = UserFactory()
@@ -315,8 +316,8 @@ def test_not_a_coach(self):
         ccx = self.make_ccx()
 
         # create session of non-coach user
-        user = UserFactory.create(password="test")
-        self.client.login(username=user.username, password="test")
+        user = UserFactory.create(password=self.TEST_PASSWORD)
+        self.client.login(username=user.username, password=self.TEST_PASSWORD)
         url = reverse(
             'ccx_coach_dashboard',
             kwargs={'course_id': CCXLocator.from_course_locator(self.course.id, ccx.id)})
@@ -841,7 +842,7 @@ def setUp(self):
         self.mstore = modulestore()
 
         # Login with the instructor account
-        self.client.login(username=self.coach.username, password="test")
+        self.client.login(username=self.coach.username, password=self.TEST_PASSWORD)
 
         # adding staff to master course.
         staff = UserFactory()
@@ -981,7 +982,7 @@ def setUp(self):
 
         # Create instructor account
         self.coach = coach = AdminFactory.create()
-        self.client.login(username=coach.username, password="test")
+        self.client.login(username=coach.username, password=self.TEST_PASSWORD)
 
         # Create CCX
         role = CourseCcxCoachRole(self._course.id)
@@ -1009,7 +1010,7 @@ def setUp(self):
         self.course = get_course_by_id(self.ccx_key, depth=None)
         CourseOverview.load_from_module_store(self.course.id)
         setup_students_and_grades(self)
-        self.client.login(username=coach.username, password="test")
+        self.client.login(username=coach.username, password=self.TEST_PASSWORD)
         self.addCleanup(RequestCache.clear_all_namespaces)
         from xmodule.modulestore.django import SignalHandler
 
@@ -1068,7 +1069,7 @@ def test_student_progress(self):
         get_course.return_value = self.course
         self.addCleanup(patch_context.stop)
 
-        self.client.login(username=self.student.username, password="test")  # lint-amnesty, pylint: disable=no-member
+        self.client.login(username=self.student.username, password=self.TEST_PASSWORD)  # lint-amnesty, pylint: disable=no-member
         url = reverse(
             'progress',
             kwargs={'course_id': self.ccx_key}
@@ -1194,7 +1195,7 @@ def setUp(self):
 
         # Create a Split Mongo course and enroll a student user in it.
         self.student_password = "foobar"
-        self.student = UserFactory.create(username="test", password=self.student_password, is_staff=False)
+        self.student = UserFactory.create(username=self.TEST_PASSWORD, password=self.student_password, is_staff=False)
         self.split_course = SampleCourseFactory.create(default_store=ModuleStoreEnum.Type.split)
         CourseEnrollment.enroll(self.student, self.split_course.id)
 
diff --git a/lms/djangoapps/ccx/tests/utils.py b/lms/djangoapps/ccx/tests/utils.py
index 4d36353b9a75..4f8c34e14c2d 100644
--- a/lms/djangoapps/ccx/tests/utils.py
+++ b/lms/djangoapps/ccx/tests/utils.py
@@ -68,7 +68,7 @@ def setUp(self):
         """
         super().setUp()
         # Create instructor account
-        self.coach = UserFactory.create(password="test")
+        self.coach = UserFactory.create()
         # create an instance of modulestore
         self.mstore = modulestore()
 
@@ -76,7 +76,7 @@ def make_staff(self):
         """
         create staff user.
         """
-        staff = UserFactory.create(password="test")
+        staff = UserFactory.create()
         role = CourseStaffRole(self.course.id)
         role.add_users(staff)
 
@@ -86,7 +86,7 @@ def make_instructor(self):
         """
         create instructor user.
         """
-        instructor = UserFactory.create(password="test")
+        instructor = UserFactory.create()
         role = CourseInstructorRole(self.course.id)
         role.add_users(instructor)
 
diff --git a/lms/djangoapps/commerce/api/v1/tests/test_views.py b/lms/djangoapps/commerce/api/v1/tests/test_views.py
index 47de5d8ff598..0d9557c31a54 100644
--- a/lms/djangoapps/commerce/api/v1/tests/test_views.py
+++ b/lms/djangoapps/commerce/api/v1/tests/test_views.py
@@ -23,7 +23,7 @@
 from ....tests.mocks import mock_order_endpoint
 from ....tests.test_views import UserMixin
 
-PASSWORD = 'test'
+PASSWORD = 'Password1234'
 JSON_CONTENT_TYPE = 'application/json'
 
 
diff --git a/lms/djangoapps/commerce/tests/test_views.py b/lms/djangoapps/commerce/tests/test_views.py
index 9af2ee7d9701..410d2520cc35 100644
--- a/lms/djangoapps/commerce/tests/test_views.py
+++ b/lms/djangoapps/commerce/tests/test_views.py
@@ -3,6 +3,9 @@
 from common.djangoapps.student.tests.factories import UserFactory
 
 
+TEST_PASSWORD = "Password1234"
+
+
 class UserMixin:
     """ Mixin for tests involving users. """
 
@@ -12,4 +15,4 @@ def setUp(self):
 
     def _login(self):
         """ Log into LMS. """
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=TEST_PASSWORD)
diff --git a/lms/djangoapps/course_api/api.py b/lms/djangoapps/course_api/api.py
index 721c213992a1..01b5e5bfee0d 100644
--- a/lms/djangoapps/course_api/api.py
+++ b/lms/djangoapps/course_api/api.py
@@ -116,7 +116,8 @@ def list_courses(request,
                  filter_=None,
                  search_term=None,
                  permissions=None,
-                 active_only=False):
+                 active_only=False,
+                 course_keys=None):
     """
     Yield all available courses.
 
@@ -146,12 +147,17 @@ def list_courses(request,
             If specified, it filters visible `CourseOverview` objects by
             checking if each permission specified is granted for the username.
         active_only (bool): Optional parameter that enables fetching active courses only.
+        course_keys (list[str]):
+            If specified, it filters visible `CourseOverview` objects by
+            the course keys (ids) provided
 
     Return value:
         Yield `CourseOverview` objects representing the collection of courses.
     """
     user = get_effective_user(request.user, username)
-    course_qs = get_courses(user, org=org, filter_=filter_, permissions=permissions, active_only=active_only)
+    course_qs = get_courses(
+        user, org=org, filter_=filter_, permissions=permissions, active_only=active_only, course_keys=course_keys
+    )
     course_qs = _filter_by_search(course_qs, search_term)
     return course_qs
 
diff --git a/lms/djangoapps/course_api/blocks/tests/test_views.py b/lms/djangoapps/course_api/blocks/tests/test_views.py
index 72e5e430f6d8..9898e72c8f25 100644
--- a/lms/djangoapps/course_api/blocks/tests/test_views.py
+++ b/lms/djangoapps/course_api/blocks/tests/test_views.py
@@ -5,7 +5,7 @@
 
 from datetime import datetime
 from unittest import mock
-from unittest.mock import Mock
+from unittest.mock import MagicMock, Mock
 from urllib.parse import urlencode, urlunparse
 
 from completion.test_utils import CompletionWaffleTestMixin, submit_completions_for_testing
@@ -60,7 +60,7 @@ def setUp(self):
         self.admin_user = AdminFactory.create()
         self.data_researcher = UserFactory.create()
         CourseDataResearcherRole(self.course_key).add_users(self.data_researcher)
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         CourseEnrollmentFactory.create(user=self.user, course_id=self.course_key)
 
         # default values for url and query_params
@@ -207,8 +207,9 @@ def test_not_authenticated_public_course_with_all_blocks(self):
         self.query_params['all_blocks'] = True
         self.verify_response(403)
 
+    @mock.patch('lms.djangoapps.courseware.courses.get_course_assignments', return_value=[])
     @mock.patch("lms.djangoapps.course_api.blocks.forms.permissions.is_course_public", Mock(return_value=True))
-    def test_not_authenticated_public_course_with_blank_username(self):
+    def test_not_authenticated_public_course_with_blank_username(self, get_course_assignment_mock: MagicMock) -> None:
         """
         Verify behaviour when accessing course blocks of a public course for anonymous user anonymously.
         """
@@ -248,7 +249,7 @@ def test_public_course_all_blocks_and_empty_username(self):
         self.client.logout()
         self.verify_response(403, cacheable=False)
         # Verify response for a staff user.
-        self.client.login(username=self.admin_user.username, password='test')
+        self.client.login(username=self.admin_user.username, password=self.TEST_PASSWORD)
         self.verify_response(cacheable=False)
 
     def test_non_existent_course(self):
@@ -269,7 +270,7 @@ def test_no_user_staff_not_all_blocks(self):
         self.verify_response(400)
 
     def test_no_user_staff_all_blocks(self):
-        self.client.login(username=self.admin_user.username, password='test')
+        self.client.login(username=self.admin_user.username, password=self.TEST_PASSWORD)
         self.query_params.pop('username')
         self.query_params['all_blocks'] = True
         self.verify_response()
@@ -319,7 +320,7 @@ def test_extra_field_when_requested(self):
             - other_course_settings
             - course_visibility
         """
-        self.client.login(username=self.admin_user.username, password='test')
+        self.client.login(username=self.admin_user.username, password=self.TEST_PASSWORD)
         response = self.verify_response(params={
             'all_blocks': True,
             'requested_fields': ['other_course_settings', 'course_visibility'],
@@ -351,7 +352,7 @@ def test_extra_field_when_not_requested(self):
             - other_course_settings
             - course_visibility
         """
-        self.client.login(username=self.admin_user.username, password='test')
+        self.client.login(username=self.admin_user.username, password=self.TEST_PASSWORD)
         response = self.verify_response(params={
             'all_blocks': True,
             'requested_fields': ['course_visibility'],
@@ -366,11 +367,12 @@ def test_extra_field_when_not_requested(self):
                 block_data['type'] == 'course'
             )
 
-    def test_data_researcher_access(self):
+    @mock.patch('lms.djangoapps.courseware.courses.get_course_assignments', return_value=[])
+    def test_data_researcher_access(self, get_course_assignment_mock: MagicMock) -> None:
         """
         Test if data researcher has access to the api endpoint
         """
-        self.client.login(username=self.data_researcher.username, password='test')
+        self.client.login(username=self.data_researcher.username, password=self.TEST_PASSWORD)
 
         self.verify_response(params={
             'all_blocks': True,
@@ -556,7 +558,7 @@ def setUpClass(cls):
     def setUp(self):
         super().setUp()
         self.admin_user = AdminFactory.create()
-        self.client.login(username=self.admin_user.username, password='test')
+        self.client.login(username=self.admin_user.username, password=self.TEST_PASSWORD)
         self.usage_key = list(self.non_orphaned_block_usage_keys)[0]
         self.url = reverse(
             'blocks_metadata',
diff --git a/lms/djangoapps/course_api/forms.py b/lms/djangoapps/course_api/forms.py
index 055692da712e..ff6cee84aea6 100644
--- a/lms/djangoapps/course_api/forms.py
+++ b/lms/djangoapps/course_api/forms.py
@@ -64,6 +64,7 @@ class CourseListGetForm(UsernameValidatorMixin, Form):
     mobile = ExtendedNullBooleanField(required=False)
     active_only = ExtendedNullBooleanField(required=False)
     permissions = MultiValueField(required=False)
+    course_keys = MultiValueField(required=False)
 
     def clean(self):
         """
@@ -80,6 +81,20 @@ def clean(self):
 
         return cleaned_data
 
+    def clean_course_keys(self):
+        """
+        Ensure valid course_keys were provided.
+        """
+        course_keys = self.cleaned_data['course_keys']
+        if course_keys:
+            for course_key in course_keys:
+                try:
+                    CourseKey.from_string(course_key)
+                except InvalidKeyError:
+                    raise ValidationError(f"'{str(course_key)}' is not a valid course key.")  # lint-amnesty, pylint: disable=raise-missing-from
+
+        return course_keys
+
 
 class CourseIdListGetForm(UsernameValidatorMixin, Form):
     """
diff --git a/lms/djangoapps/course_api/tests/mixins.py b/lms/djangoapps/course_api/tests/mixins.py
index 2940826c68c4..46671867b72c 100644
--- a/lms/djangoapps/course_api/tests/mixins.py
+++ b/lms/djangoapps/course_api/tests/mixins.py
@@ -8,7 +8,7 @@
 from common.djangoapps.student.tests.factories import UserFactory, CourseEnrollmentFactory, CourseAccessRoleFactory
 from xmodule.modulestore.tests.factories import ToyCourseFactory  # lint-amnesty, pylint: disable=wrong-import-order
 
-TEST_PASSWORD = 'edx'
+TEST_PASSWORD = 'Password1234'
 
 
 class CourseApiFactoryMixin:
diff --git a/lms/djangoapps/course_api/tests/test_api.py b/lms/djangoapps/course_api/tests/test_api.py
index 8d91b1ee97ed..8e4d1253f8f7 100644
--- a/lms/djangoapps/course_api/tests/test_api.py
+++ b/lms/djangoapps/course_api/tests/test_api.py
@@ -107,7 +107,8 @@ def _make_api_call(self,
                        specified_user,
                        org=None,
                        filter_=None,
-                       permissions=None):
+                       permissions=None,
+                       course_keys=None):
         """
         Call the list_courses api endpoint to get information about
         `specified_user` on behalf of `requesting_user`.
@@ -121,6 +122,7 @@ def _make_api_call(self,
                 org=org,
                 filter_=filter_,
                 permissions=permissions,
+                course_keys=course_keys,
             )
 
     def verify_courses(self, courses):
@@ -244,6 +246,39 @@ def test_permissions(self):
 
         self.assertEqual({c.id for c in filtered_courses}, {self.course.id})
 
+    def test_filter_by_keys(self):
+        """
+        Verify that courses are filtered by the provided course keys.
+        """
+
+        # Create alternative courses to be included in the `course_keys` filter.
+        alternative_course_1 = self.create_course(course='alternative-course-1')
+        alternative_course_2 = self.create_course(course='alternative-course-2')
+
+        # No filtering.
+        unfiltered_expected_courses = [
+            self.course,
+            alternative_course_1,
+            alternative_course_2,
+        ]
+        unfiltered_courses = self._make_api_call(self.honor_user, self.honor_user)
+        assert {course.id for course in unfiltered_courses} == {course.id for course in unfiltered_expected_courses}
+
+        # With filtering.
+        filtered_expected_courses = [
+            alternative_course_1,
+            alternative_course_2,
+        ]
+        filtered_courses = self._make_api_call(
+            self.honor_user,
+            self.honor_user,
+            course_keys={
+                alternative_course_1.id,
+                alternative_course_2.id
+            }
+        )
+        assert {course.id for course in filtered_courses} == {course.id for course in filtered_expected_courses}
+
 
 class TestGetCourseListExtras(CourseListTestMixin, ModuleStoreTestCase):
     """
diff --git a/lms/djangoapps/course_api/tests/test_forms.py b/lms/djangoapps/course_api/tests/test_forms.py
index 9d14e5a99890..3b5744402e79 100644
--- a/lms/djangoapps/course_api/tests/test_forms.py
+++ b/lms/djangoapps/course_api/tests/test_forms.py
@@ -71,6 +71,7 @@ def set_up_data(self, user):
             'filter_': None,
             'permissions': set(),
             'active_only': None,
+            'course_keys': set(),
         }
 
     def test_basic(self):
@@ -100,6 +101,14 @@ def test_filter(self, param_field_name, param_field_value):
 
         self.assert_valid(self.cleaned_data)
 
+    def test_invalid_course_keys(self):
+        """
+        Verify form checks for validity of course keys provided
+        """
+
+        self.form_data['course_keys'] = 'course-v1:edX+DemoX+Demo_Course,invalid_course_key'
+        self.assert_error('course_keys', "'invalid_course_key' is not a valid course key.")
+
 
 class TestCourseIdListGetForm(FormTestMixin, UsernameTestMixin, SharedModuleStoreTestCase):  # lint-amnesty, pylint: disable=missing-class-docstring
     FORM_CLASS = CourseIdListGetForm
diff --git a/lms/djangoapps/course_api/views.py b/lms/djangoapps/course_api/views.py
index fbb8517cf00d..98b01232a1be 100644
--- a/lms/djangoapps/course_api/views.py
+++ b/lms/djangoapps/course_api/views.py
@@ -286,6 +286,10 @@ class CourseListView(DeveloperErrorViewMixin, ListAPIView):
             date are returned. This is different from search_term because this filtering is done on
             CourseOverview and not ElasticSearch.
 
+        course_keys (optional):
+            If specified, it fetches the `CourseOverview` objects for the
+            the specified course keys
+
     **Returns**
 
         * 200 on success, with a list of course discovery objects as returned
@@ -343,7 +347,8 @@ def get_queryset(self):
             filter_=form.cleaned_data['filter_'],
             search_term=form.cleaned_data['search_term'],
             permissions=form.cleaned_data['permissions'],
-            active_only=form.cleaned_data.get('active_only', False)
+            active_only=form.cleaned_data.get('active_only', False),
+            course_keys=form.cleaned_data['course_keys'],
         )
 
 
diff --git a/lms/djangoapps/course_blocks/transformers/tests/helpers.py b/lms/djangoapps/course_blocks/transformers/tests/helpers.py
index 27e7a686abcd..fb78946280fd 100644
--- a/lms/djangoapps/course_blocks/transformers/tests/helpers.py
+++ b/lms/djangoapps/course_blocks/transformers/tests/helpers.py
@@ -50,7 +50,7 @@ def setUp(self):
         """
         super().setUp()
         # Set up users.
-        self.password = 'test'
+        self.password = self.TEST_PASSWORD
         self.user = UserFactory.create(password=self.password)
         self.staff = UserFactory.create(password=self.password, is_staff=True)
 
@@ -253,7 +253,7 @@ def setUp(self):
                     parent_block.children.append(self.xblock_keys[i])
                     update_block(parent_block)
 
-        self.password = 'test'
+        self.password = self.TEST_PASSWORD
         self.student = UserFactory.create(is_staff=False, username='test_student', password=self.password)
         self.staff = UserFactory.create(is_staff=True, username='test_staff', password=self.password)
         CourseEnrollmentFactory.create(
diff --git a/lms/djangoapps/course_wiki/tests/tests.py b/lms/djangoapps/course_wiki/tests/tests.py
index 8cdd93115d6b..7fc86947d4fa 100644
--- a/lms/djangoapps/course_wiki/tests/tests.py
+++ b/lms/djangoapps/course_wiki/tests/tests.py
@@ -24,7 +24,7 @@ def setUp(self):
         # Create two accounts
         self.student = 'view@test.com'
         self.instructor = 'view2@test.com'
-        self.password = 'foo'
+        self.password = self.TEST_PASSWORD
         for username, email in [('u1', self.student), ('u2', self.instructor)]:
             self.create_account(username, email, self.password)
             self.activate_user(email)
diff --git a/lms/djangoapps/courseware/courses.py b/lms/djangoapps/courseware/courses.py
index 676a42bd70e6..d0a73821098f 100644
--- a/lms/djangoapps/courseware/courses.py
+++ b/lms/djangoapps/courseware/courses.py
@@ -12,6 +12,7 @@
 from crum import get_current_request
 from dateutil.parser import parse as parse_date
 from django.conf import settings
+from django.core.cache import cache
 from django.http import Http404, QueryDict
 from django.urls import reverse
 from django.utils.translation import gettext as _
@@ -35,6 +36,7 @@
 )
 from lms.djangoapps.courseware.access_utils import check_authentication, check_data_sharing_consent, check_enrollment, \
     check_correct_active_enterprise_customer, is_priority_access_error
+from lms.djangoapps.courseware.context_processor import get_user_timezone_or_last_seen_timezone_or_utc
 from lms.djangoapps.courseware.courseware_access_exception import CoursewareAccessException
 from lms.djangoapps.courseware.date_summary import (
     CertificateAvailableDate,
@@ -50,7 +52,9 @@
 from lms.djangoapps.courseware.masquerade import check_content_start_date_for_masquerade_user
 from lms.djangoapps.courseware.model_data import FieldDataCache
 from lms.djangoapps.courseware.block_render import get_block
+from lms.djangoapps.grades.api import CourseGradeFactory
 from lms.djangoapps.survey.utils import SurveyRequiredAccessError, check_survey_required_and_unanswered
+from openedx.core.djangoapps.content.block_structure.api import get_block_structure_manager
 from openedx.core.djangoapps.content.course_overviews.models import CourseOverview
 from openedx.core.djangoapps.enrollments.api import get_course_enrollment_details
 from openedx.core.djangoapps.site_configuration import helpers as configuration_helpers
@@ -587,7 +591,7 @@ def get_course_blocks_completion_summary(course_key, user):
 
 
 @request_cached()
-def get_course_assignments(course_key, user, include_access=False):  # lint-amnesty, pylint: disable=too-many-statements
+def get_course_assignments(course_key, user, include_access=False, include_without_due=False,):  # lint-amnesty, pylint: disable=too-many-statements
     """
     Returns a list of assignment (at the subsection/sequential level) due dates for the given course.
 
@@ -607,7 +611,8 @@ def get_course_assignments(course_key, user, include_access=False):  # lint-amne
         for subsection_key in block_data.get_children(section_key):
             due = block_data.get_xblock_field(subsection_key, 'due')
             graded = block_data.get_xblock_field(subsection_key, 'graded', False)
-            if due and graded:
+
+            if (due or include_without_due) and graded:
                 first_component_block_id = get_first_component_of_block(subsection_key, block_data)
                 contains_gated_content = include_access and block_data.get_xblock_field(
                     subsection_key, 'contains_gated_content', False)
@@ -624,7 +629,11 @@ def get_course_assignments(course_key, user, include_access=False):  # lint-amne
                 else:
                     complete = False
 
-                past_due = not complete and due < now
+                if due:
+                    past_due = not complete and due < now
+                else:
+                    past_due = False
+                    due = None
                 assignments.append(_Assignment(
                     subsection_key, title, url, due, contains_gated_content,
                     complete, past_due, assignment_type, None, first_component_block_id
@@ -701,6 +710,39 @@ def get_course_assignments(course_key, user, include_access=False):  # lint-amne
     return assignments
 
 
+def get_assignments_grades(user, course_id, cache_timeout):
+    """
+    Calculate the progress of the assignment for the user in the course.
+
+    Arguments:
+        user (User): Django User object.
+        course_id (CourseLocator): The course key.
+        cache_timeout (int): Cache timeout in seconds
+    Returns:
+        list (ReadSubsectionGrade, ZeroSubsectionGrade): The list with assignments grades.
+    """
+    is_staff = bool(has_access(user, 'staff', course_id))
+
+    try:
+        course = get_course_with_access(user, 'load', course_id)
+        cache_key = f'course_block_structure_{str(course_id)}_{str(course.course_version)}_{user.id}'
+        collected_block_structure = cache.get(cache_key)
+        if not collected_block_structure:
+            collected_block_structure = get_block_structure_manager(course_id).get_collected()
+            cache.set(cache_key, collected_block_structure, cache_timeout)
+
+        course_grade = CourseGradeFactory().read(user, collected_block_structure=collected_block_structure)
+
+        # recalculate course grade from visible grades (stored grade was calculated over all grades, visible or not)
+        course_grade.update(visible_grades_only=True, has_staff_access=is_staff)
+        subsection_grades = list(course_grade.subsection_grades.values())
+    except Exception as err:  # pylint: disable=broad-except
+        log.warning(f'Could not get grades for the course: {course_id}, error: {err}')
+        return []
+
+    return subsection_grades
+
+
 def get_first_component_of_block(block_key, block_data):
     """
     This function returns the first leaf block of a section(block_key)
@@ -753,7 +795,7 @@ def get_course_syllabus_section(course, section_key):
 
 
 @function_trace('get_courses')
-def get_courses(user, org=None, filter_=None, permissions=None, active_only=False):
+def get_courses(user, org=None, filter_=None, permissions=None, active_only=False, course_keys=None):
     """
     Return a LazySequence of courses available, optionally filtered by org code
     (case-insensitive) or a set of permissions to be satisfied for the specified
@@ -763,7 +805,8 @@ def get_courses(user, org=None, filter_=None, permissions=None, active_only=Fals
     courses = branding.get_visible_courses(
         org=org,
         filter_=filter_,
-        active_only=active_only
+        active_only=active_only,
+        course_keys=course_keys
     ).prefetch_related(
         'modes',
     ).select_related(
@@ -955,3 +998,64 @@ def get_course_chapter_ids(course_key):
         log.exception('Failed to retrieve course from modulestore.')
         return []
     return [str(chapter_key) for chapter_key in chapter_keys if chapter_key.block_type == 'chapter']
+
+
+def get_past_and_future_course_assignments(request, user, course):
+    """
+    Returns the future assignment data and past assignments data for given user and course.
+
+    Arguments:
+        request (Request): The HTTP GET request.
+        user (User): The user for whom the assignments are received.
+        course (Course): Course object for whom the assignments are received.
+    Returns:
+        tuple (list, list): Tuple of `past_assignments` list and `next_assignments` list.
+                            `next_assignments` list contains only uncompleted assignments.
+    """
+    assignments = get_course_assignment_date_blocks(course, user, request, include_past_dates=True)
+    past_assignments = []
+    future_assignments = []
+
+    timezone = get_user_timezone_or_last_seen_timezone_or_utc(user)
+    for assignment in sorted(assignments, key=lambda x: x.date):
+        if assignment.date < datetime.now(timezone):
+            past_assignments.append(assignment)
+        else:
+            if not assignment.complete:
+                future_assignments.append(assignment)
+
+    if future_assignments:
+        future_assignment_date = future_assignments[0].date.date()
+        next_assignments = [
+            assignment for assignment in future_assignments if assignment.date.date() == future_assignment_date
+        ]
+    else:
+        next_assignments = []
+
+    return next_assignments, past_assignments
+
+
+def get_assignments_completions(course_key, user):
+    """
+    Calculate the progress of the user in the course by assignments.
+
+    Arguments:
+        course_key (CourseLocator): The Course for which course progress is requested.
+        user (User): The user for whom course progress is requested.
+    Returns:
+        dict (dict): Dictionary contains information about total assignments count
+                     in the given course and how many assignments the user has completed.
+    """
+    course_assignments = get_course_assignments(course_key, user, include_without_due=True)
+
+    total_assignments_count = 0
+    assignments_completed = 0
+
+    if course_assignments:
+        total_assignments_count = len(course_assignments)
+        assignments_completed = len([assignment for assignment in course_assignments if assignment.complete])
+
+    return {
+        'total_assignments_count': total_assignments_count,
+        'assignments_completed': assignments_completed,
+    }
diff --git a/lms/djangoapps/courseware/tests/helpers.py b/lms/djangoapps/courseware/tests/helpers.py
index 6a3869109860..6f3509864a49 100644
--- a/lms/djangoapps/courseware/tests/helpers.py
+++ b/lms/djangoapps/courseware/tests/helpers.py
@@ -127,7 +127,7 @@ def setup_course(self):  # lint-amnesty, pylint: disable=missing-function-docstr
         self.clients = {user.username: Client() for user in self.users}
         self.login_statuses = [
             self.clients[user.username].login(
-                username=user.username, password='test')
+                username=user.username, password=self.TEST_PASSWORD)
             for user in self.users
         ]
 
@@ -171,7 +171,7 @@ def setup_user(self):
         Create a user account, activate, and log in.
         """
         self.email = 'foo@test.com'  # lint-amnesty, pylint: disable=attribute-defined-outside-init
-        self.password = 'bar'  # lint-amnesty, pylint: disable=attribute-defined-outside-init
+        self.password = 'Password1234'  # lint-amnesty, pylint: disable=attribute-defined-outside-init
         self.username = 'test'  # lint-amnesty, pylint: disable=attribute-defined-outside-init
         self.user = self.create_account(
             self.username,
diff --git a/lms/djangoapps/courseware/tests/test_about.py b/lms/djangoapps/courseware/tests/test_about.py
index f1f915fd02f4..d53d620d3e34 100644
--- a/lms/djangoapps/courseware/tests/test_about.py
+++ b/lms/djangoapps/courseware/tests/test_about.py
@@ -284,7 +284,7 @@ def test_enrollment_cap(self):
         # pylint: disable=attribute-defined-outside-init
         # create a new account since the first account is already enrolled in the course
         self.email = 'foo_second@test.com'
-        self.password = 'bar'
+        self.password = 'Password1234'
         self.username = 'test_second'
         self.create_account(self.username, self.email, self.password)
         self.activate_user(self.email)
diff --git a/lms/djangoapps/courseware/tests/test_access.py b/lms/djangoapps/courseware/tests/test_access.py
index b472234d41f8..45d36ad0a7f8 100644
--- a/lms/djangoapps/courseware/tests/test_access.py
+++ b/lms/djangoapps/courseware/tests/test_access.py
@@ -82,8 +82,8 @@ def setUp(self):
         super().setUp()
 
         # Create ccx coach account
-        self.coach = AdminFactory.create(password="test")
-        self.client.login(username=self.coach.username, password="test")
+        self.coach = AdminFactory.create(password=self.TEST_PASSWORD)
+        self.client.login(username=self.coach.username, password=self.TEST_PASSWORD)
 
         # assign role to coach
         role = CourseCcxCoachRole(self.course.id)
@@ -152,7 +152,7 @@ def test_access_student_progress_ccx(self):
         assert resp.status_code == 200
 
         # Assert access of a student
-        self.client.login(username=student.username, password='test')
+        self.client.login(username=student.username, password=self.TEST_PASSWORD)
         resp = self.client.get(reverse('student_progress', args=[str(ccx_locator), self.coach.id]))
         assert resp.status_code == 404
 
diff --git a/lms/djangoapps/courseware/tests/test_block_render.py b/lms/djangoapps/courseware/tests/test_block_render.py
index b0c14e3dbf0d..ed0f41f44f01 100644
--- a/lms/djangoapps/courseware/tests/test_block_render.py
+++ b/lms/djangoapps/courseware/tests/test_block_render.py
@@ -354,7 +354,7 @@ def test_anonymous_post_xblock_callback(self):
 
     def test_session_authentication(self):
         """ Test that the xblock endpoint supports session authentication."""
-        self.client.login(username=self.mock_user.username, password="test")
+        self.client.login(username=self.mock_user.username, password=self.TEST_PASSWORD)
         dispatch_url = self._get_dispatch_url()
         response = self.client.post(dispatch_url)
         assert 200 == response.status_code
@@ -399,7 +399,7 @@ def test_missing_position_handler(self):
         """
         Test that sending POST request without or invalid position argument don't raise server error
         """
-        self.client.login(username=self.mock_user.username, password="test")
+        self.client.login(username=self.mock_user.username, password=self.TEST_PASSWORD)
         dispatch_url = self._get_dispatch_url()
         response = self.client.post(dispatch_url)
         assert 200 == response.status_code
diff --git a/lms/djangoapps/courseware/tests/test_course_survey.py b/lms/djangoapps/courseware/tests/test_course_survey.py
index d729add1b6c8..98b5842cd2b5 100644
--- a/lms/djangoapps/courseware/tests/test_course_survey.py
+++ b/lms/djangoapps/courseware/tests/test_course_survey.py
@@ -22,7 +22,7 @@ class SurveyViewsTests(LoginEnrollmentTestCase, SharedModuleStoreTestCase, XssTe
     """
     All tests for the views.py file
     """
-    STUDENT_INFO = [('view@test.com', 'foo')]
+    STUDENT_INFO = [('view@test.com', 'Password1234')]
 
     @classmethod
     def setUpClass(cls):
diff --git a/lms/djangoapps/courseware/tests/test_discussion_xblock.py b/lms/djangoapps/courseware/tests/test_discussion_xblock.py
index 4ea3d12b4e63..39ce8d765ac8 100644
--- a/lms/djangoapps/courseware/tests/test_discussion_xblock.py
+++ b/lms/djangoapps/courseware/tests/test_discussion_xblock.py
@@ -363,7 +363,7 @@ def test_discussion_student_view_data(self):
         """
         Tests that course block api returns student_view_data for discussion xblock
         """
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         url = reverse('blocks_in_block_tree', kwargs={'usage_key_string': str(self.course_usage_key)})
         query_params = {
             'depth': 'all',
diff --git a/lms/djangoapps/courseware/tests/test_entrance_exam.py b/lms/djangoapps/courseware/tests/test_entrance_exam.py
index 7024ea5c3c3b..3811bd9ab021 100644
--- a/lms/djangoapps/courseware/tests/test_entrance_exam.py
+++ b/lms/djangoapps/courseware/tests/test_entrance_exam.py
@@ -136,7 +136,7 @@ def setUp(self):
         self.request = get_mock_request(UserFactory())
         self.course = self.update_course(self.course, self.request.user.id)
 
-        self.client.login(username=self.request.user.username, password="test")
+        self.client.login(username=self.request.user.username, password=self.TEST_PASSWORD)
         CourseEnrollment.enroll(self.request.user, self.course.id)
 
         self.expected_locked_toc = (
@@ -257,7 +257,7 @@ def test_skip_entrance_exam_gating(self):
 
         # hit skip entrance exam api in instructor app
         instructor = InstructorFactory(course_key=self.course.id)
-        self.client.login(username=instructor.username, password='test')
+        self.client.login(username=instructor.username, password=self.TEST_PASSWORD)
         url = reverse('mark_student_can_skip_entrance_exam', kwargs={'course_id': str(self.course.id)})
         response = self.client.post(url, {
             'unique_student_identifier': self.request.user.email,
@@ -277,7 +277,7 @@ def test_entrance_exam_gating_for_staff(self):
         self.client.logout()
         staff_user = StaffFactory(course_key=self.course.id)
         staff_user.is_staff = True
-        self.client.login(username=staff_user.username, password='test')
+        self.client.login(username=staff_user.username, password=self.TEST_PASSWORD)
 
         # assert staff has access to all toc
         self.request.user = staff_user
diff --git a/lms/djangoapps/courseware/tests/test_masquerade.py b/lms/djangoapps/courseware/tests/test_masquerade.py
index 43041b1437e1..9d211b05ea21 100644
--- a/lms/djangoapps/courseware/tests/test_masquerade.py
+++ b/lms/djangoapps/courseware/tests/test_masquerade.py
@@ -88,7 +88,7 @@ def setUp(self):
         super().setUp()
 
         self.test_user = self.create_user()
-        self.login(self.test_user.email, 'test')
+        self.login(self.test_user.email, self.TEST_PASSWORD)
         self.enroll(self.course, True)
 
     def get_courseware_page(self):
@@ -298,12 +298,12 @@ def setUp(self):
     def login_staff(self):
         """ Login as a staff user """
         self.logout()
-        self.login(self.test_user.email, 'test')
+        self.login(self.test_user.email, self.TEST_PASSWORD)
 
     def login_student(self):
         """ Login as a student """
         self.logout()
-        self.login(self.student_user.email, 'test')
+        self.login(self.student_user.email, self.TEST_PASSWORD)
 
     def submit_answer(self, response1, response2):
         """
@@ -351,7 +351,7 @@ def test_masquerade_as_specific_student(self, username):
         student = UserFactory.create(username=username)
         CourseEnrollment.enroll(student, self.course.id)
         self.logout()
-        self.login(student.email, 'test')
+        self.login(student.email, self.TEST_PASSWORD)
         # Answer correctly as the student, and check progress.
         self.submit_answer('Correct', 'Correct')
         assert self.get_progress_detail() == '2/2'
@@ -378,7 +378,7 @@ def test_masquerade_as_specific_student(self, username):
 
         # Verify the student state did not change.
         self.logout()
-        self.login(student.email, 'test')
+        self.login(student.email, self.TEST_PASSWORD)
         assert self.get_progress_detail() == '2/2'
 
     def test_masquerading_with_language_preference(self):
diff --git a/lms/djangoapps/courseware/tests/test_split_module.py b/lms/djangoapps/courseware/tests/test_split_module.py
index 7e6b88718eac..5026f05ca221 100644
--- a/lms/djangoapps/courseware/tests/test_split_module.py
+++ b/lms/djangoapps/courseware/tests/test_split_module.py
@@ -59,7 +59,7 @@ def setUp(self):
 
         self.student = UserFactory.create()
         CourseEnrollmentFactory.create(user=self.student, course_id=self.course.id)
-        self.client.login(username=self.student.username, password='test')
+        self.client.login(username=self.student.username, password=self.TEST_PASSWORD)
 
         self.included_usage_keys = None
         self.excluded_usage_keys = None
@@ -309,7 +309,7 @@ def setUp(self):
 
         self.student = UserFactory.create()
         CourseEnrollmentFactory.create(user=self.student, course_id=self.course.id)
-        self.client.login(username=self.student.username, password='test')
+        self.client.login(username=self.student.username, password=self.TEST_PASSWORD)
 
     def test_changing_position_works(self):
         # Make a mock FieldDataCache for this course, so we can get the course block
diff --git a/lms/djangoapps/courseware/tests/test_submitting_problems.py b/lms/djangoapps/courseware/tests/test_submitting_problems.py
index 8ffcea0298bf..4d55645d7a5f 100644
--- a/lms/djangoapps/courseware/tests/test_submitting_problems.py
+++ b/lms/djangoapps/courseware/tests/test_submitting_problems.py
@@ -154,7 +154,7 @@ def setUp(self):
         # create a test student
         self.course = CourseFactory.create(display_name=self.COURSE_NAME, number=self.COURSE_SLUG)
         self.student = 'view@test.com'
-        self.password = 'foo'
+        self.password = self.TEST_PASSWORD
         self.create_account('u1', self.student, self.password)
         self.activate_user(self.student)
         self.enroll(self.course)
diff --git a/lms/djangoapps/courseware/tests/test_tabs.py b/lms/djangoapps/courseware/tests/test_tabs.py
index db59fa373bc5..6ad7ef73de01 100644
--- a/lms/djangoapps/courseware/tests/test_tabs.py
+++ b/lms/djangoapps/courseware/tests/test_tabs.py
@@ -404,7 +404,7 @@ def test_get_course_tabs_list_skipped_entrance_exam(self):
         # login as instructor hit skip entrance exam api in instructor app
         instructor = InstructorFactory(course_key=self.course.id)
         self.client.logout()
-        self.client.login(username=instructor.username, password='test')
+        self.client.login(username=instructor.username, password=self.TEST_PASSWORD)
 
         url = reverse('mark_student_can_skip_entrance_exam', kwargs={'course_id': str(self.course.id)})
         response = self.client.post(url, {
@@ -426,7 +426,7 @@ def test_course_tabs_list_for_staff_members(self):
         # Login as member of staff
         self.client.logout()
         staff_user = StaffFactory(course_key=self.course.id)
-        self.client.login(username=staff_user.username, password='test')
+        self.client.login(username=staff_user.username, password=self.TEST_PASSWORD)
         course_tab_list = get_course_tab_list(staff_user, self.course)
         assert len(course_tab_list) == 4
 
@@ -685,7 +685,7 @@ def test_course_tabs_staff_only(self):
         # Login as member of staff
         self.client.logout()
         staff_user = StaffFactory(course_key=self.course.id)
-        self.client.login(username=staff_user.username, password='test')
+        self.client.login(username=staff_user.username, password=self.TEST_PASSWORD)
         course_tab_list_staff = get_course_tab_list(staff_user, self.course)
         name_list_staff = [x.name for x in course_tab_list_staff]
         assert 'Static Tab Free' in name_list_staff
diff --git a/lms/djangoapps/courseware/tests/test_view_authentication.py b/lms/djangoapps/courseware/tests/test_view_authentication.py
index 42f2275e0fd2..67ada18e850e 100644
--- a/lms/djangoapps/courseware/tests/test_view_authentication.py
+++ b/lms/djangoapps/courseware/tests/test_view_authentication.py
@@ -29,7 +29,7 @@ class TestViewAuth(EnterpriseTestConsentRequired, ModuleStoreTestCase, LoginEnro
     Check that view authentication works properly.
     """
 
-    ACCOUNT_INFO = [('view@test.com', 'foo'), ('view2@test.com', 'foo')]
+    ACCOUNT_INFO = [('view@test.com', 'Password1234'), ('view2@test.com', 'Password1234')]
     ENABLED_SIGNALS = ['course_published']
 
     @staticmethod
@@ -111,7 +111,7 @@ def _check_staff(self, course):
         self.assert_request_status_code(302, url)
 
     def login(self, user):  # lint-amnesty, pylint: disable=arguments-differ
-        return super().login(user.email, 'test')
+        return super().login(user.email, self.TEST_PASSWORD)
 
     def setUp(self):
         super().setUp()
diff --git a/lms/djangoapps/courseware/tests/test_views.py b/lms/djangoapps/courseware/tests/test_views.py
index 45c969b7b1d5..c87fba07005b 100644
--- a/lms/djangoapps/courseware/tests/test_views.py
+++ b/lms/djangoapps/courseware/tests/test_views.py
@@ -712,7 +712,7 @@ def test_submission_history_accepts_valid_ids(self):
         # log into a staff account
         admin = AdminFactory()
 
-        assert self.client.login(username=admin.username, password='test')
+        assert self.client.login(username=admin.username, password=TEST_PASSWORD)
 
         url = reverse('submission_history', kwargs={
             'course_id': str(self.course_key),
@@ -727,7 +727,7 @@ def test_submission_history_xss(self):
         # log into a staff account
         admin = AdminFactory()
 
-        assert self.client.login(username=admin.username, password='test')
+        assert self.client.login(username=admin.username, password=TEST_PASSWORD)
 
         # try it with an existing user and a malicious location
         url = reverse('submission_history', kwargs={
@@ -751,7 +751,7 @@ def test_submission_history_contents(self):
         # log into a staff account
         admin = AdminFactory.create()
 
-        assert self.client.login(username=admin.username, password='test')
+        assert self.client.login(username=admin.username, password=TEST_PASSWORD)
 
         usage_key = self.course_key.make_usage_key('problem', 'test-history')
         state_client = DjangoXBlockUserStateClient(admin)
@@ -814,7 +814,7 @@ def test_submission_history_timezone(self, timezone, hour_diff):
                 course_key = course.id
                 client = Client()
                 admin = AdminFactory.create()
-                assert client.login(username=admin.username, password='test')
+                assert client.login(username=admin.username, password=TEST_PASSWORD)
                 state_client = DjangoXBlockUserStateClient(admin)
                 usage_key = course_key.make_usage_key('problem', 'test-history')
                 state_client.set(
@@ -1253,7 +1253,7 @@ class ProgressPageBaseTests(ModuleStoreTestCase):
     def setUp(self):
         super().setUp()
         self.user = UserFactory.create()
-        assert self.client.login(username=self.user.username, password='test')
+        assert self.client.login(username=self.user.username, password=TEST_PASSWORD)
 
         self.setup_course()
 
@@ -1352,7 +1352,7 @@ def test_unenrolled_student_progress_for_credit_course(self):
         # Create a new course, a user which will not be enrolled in course, admin user for staff access
         course = CourseFactory.create(default_store=ModuleStoreEnum.Type.split)
         admin = AdminFactory.create()
-        assert self.client.login(username=admin.username, password='test')
+        assert self.client.login(username=admin.username, password=TEST_PASSWORD)
 
         # Create and enable Credit course
         CreditCourse.objects.create(course_key=course.id, enabled=True)
@@ -1646,7 +1646,7 @@ def test_progress_with_course_duration_limits(self, course_mode):
         """
         CourseDurationLimitConfig.objects.create(enabled=True, enabled_as_of=datetime(2018, 1, 1))
         user = UserFactory.create()
-        assert self.client.login(username=user.username, password='test')
+        assert self.client.login(username=user.username, password=TEST_PASSWORD)
         add_course_mode(self.course, mode_slug=CourseMode.AUDIT)
         add_course_mode(self.course)
         CourseEnrollmentFactory(user=user, course_id=self.course.id, mode=course_mode)
@@ -1679,7 +1679,7 @@ def test_progress_without_course_duration_limits(self, course_mode):
         """
         CourseDurationLimitConfig.objects.create(enabled=False)
         user = UserFactory.create()
-        assert self.client.login(username=user.username, password='test')
+        assert self.client.login(username=user.username, password=TEST_PASSWORD)
         CourseModeFactory.create(
             course_id=self.course.id,
             mode_slug=course_mode
@@ -1698,7 +1698,7 @@ def test_message_for_ineligible_mode(self, course_mode):
          in an ineligible mode.
         """
         user = UserFactory.create()
-        assert self.client.login(username=user.username, password='test')
+        assert self.client.login(username=user.username, password=TEST_PASSWORD)
         CourseEnrollmentFactory(user=user, course_id=self.course.id, mode=course_mode)
 
         with patch('lms.djangoapps.grades.course_grade_factory.CourseGradeFactory.read') as mock_create:
@@ -2081,7 +2081,7 @@ def test_progress_page_hide_scores_from_learner(self, show_correctness, due_date
         self.setup_course(show_correctness=show_correctness, due_date=due_date, graded=graded)
         self.add_problem()
 
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=TEST_PASSWORD)
         resp = self._get_progress_page()
 
         # Ensure that expected text is present
@@ -2133,7 +2133,7 @@ def test_progress_page_hide_scores_from_staff(self, show_correctness, due_date_n
         self.add_problem()
 
         # Login as a course staff user to view the student progress page.
-        self.client.login(username=self.staff_user.username, password='test')
+        self.client.login(username=self.staff_user.username, password=TEST_PASSWORD)
 
         resp = self._get_student_progress_page()
 
@@ -3198,7 +3198,7 @@ class EnterpriseConsentTestCase(EnterpriseTestConsentRequired, ModuleStoreTestCa
     def setUp(self):
         super().setUp()
         self.user = UserFactory.create()
-        assert self.client.login(username=self.user.username, password='test')
+        assert self.client.login(username=self.user.username, password=TEST_PASSWORD)
         self.course = CourseFactory.create()
         CourseOverview.load_from_module_store(self.course.id)
         CourseEnrollmentFactory(user=self.user, course_id=self.course.id)
@@ -3298,7 +3298,7 @@ def test_preview_no_redirect(self):
             # Previews will not redirect to the mfe
             course_staff = UserFactory.create(is_staff=False)
             CourseStaffRole(self.course_key).add_users(course_staff)
-            self.client.login(username=course_staff.username, password='test')
+            self.client.login(username=course_staff.username, password=TEST_PASSWORD)
             assert self.client.get(preview_url).status_code == 200
 
 
@@ -3435,7 +3435,7 @@ def test_course_wide_resources(self, url_name, param, is_instructor, is_rendered
         CourseEnrollmentFactory(user=user, course_id=course.id)
         if is_instructor:
             allow_access(course, user, 'instructor')
-        assert self.client.login(username=user.username, password='test')
+        assert self.client.login(username=user.username, password=TEST_PASSWORD)
 
         kwargs = None
         if param == 'course_id':
diff --git a/lms/djangoapps/courseware/testutils.py b/lms/djangoapps/courseware/testutils.py
index d55495f4aa3f..6227a74a1ebe 100644
--- a/lms/djangoapps/courseware/testutils.py
+++ b/lms/djangoapps/courseware/testutils.py
@@ -82,7 +82,7 @@ def login(self):
         """
         Logs in the test user.
         """
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password='Password1234')
 
     def course_options(self):
         """
diff --git a/lms/djangoapps/discussion/django_comment_client/base/tests.py b/lms/djangoapps/discussion/django_comment_client/base/tests.py
index bf346405ebf6..f6cc07385653 100644
--- a/lms/djangoapps/discussion/django_comment_client/base/tests.py
+++ b/lms/djangoapps/discussion/django_comment_client/base/tests.py
@@ -241,7 +241,7 @@ def set_up_course(self, block_count=0):
         with patch('common.djangoapps.student.models.user.cc.User.save'):
             uname = 'student'
             email = 'student@edx.org'
-            self.password = 'test'
+            self.password = 'Password1234'
 
             # Create the user and make them active so we can log them in.
             self.student = UserFactory.create(username=uname, email=email, password=self.password)
@@ -464,7 +464,7 @@ def setUp(self):
         with patch('common.djangoapps.student.models.user.cc.User.save'):
             uname = 'student'
             email = 'student@edx.org'
-            self.password = 'test'
+            self.password = 'Password1234'
 
             # Create the user and make them active so we can log them in.
             self.student = UserFactory.create(username=uname, email=email, password=self.password)
diff --git a/lms/djangoapps/discussion/rest_api/tests/test_views.py b/lms/djangoapps/discussion/rest_api/tests/test_views.py
index 559b4ff8f6c0..d01f5e1b7e5d 100644
--- a/lms/djangoapps/discussion/rest_api/tests/test_views.py
+++ b/lms/djangoapps/discussion/rest_api/tests/test_views.py
@@ -87,7 +87,7 @@ def setUp(self):
             start=datetime.now(UTC),
             discussion_topics={"Test Topic": {"id": "test_topic"}}
         )
-        self.password = "password"
+        self.password = "Password1234"
         self.user = UserFactory.create(password=self.password)
         # Ensure that parental controls don't apply to this user
         self.user.profile.year_of_birth = 1970
@@ -168,7 +168,7 @@ def setUp(self):
                 content_type="image/jpeg",
             ),
         }
-        self.user = UserFactory.create(password="password")
+        self.user = UserFactory.create(password=self.TEST_PASSWORD)
         self.course = CourseFactory.create(org='a', course='b', run='c', start=datetime.now(UTC))
         self.url = reverse("upload_file", kwargs={"course_id": str(self.course.id)})
 
@@ -176,7 +176,7 @@ def user_login(self):
         """
         Authenticates the test client with the example user.
         """
-        self.client.login(username=self.user.username, password="password")
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
     def enroll_user_in_course(self):
         """
@@ -320,10 +320,10 @@ def setUp(self):
         self.addCleanup(httpretty.reset)
         self.addCleanup(httpretty.disable)
 
-        self.user = UserFactory.create(password="password")
+        self.user = UserFactory.create(password=self.TEST_PASSWORD)
         self.register_get_user_response(self.user)
 
-        self.other_user = UserFactory.create(password="password")
+        self.other_user = UserFactory.create(password=self.TEST_PASSWORD)
         self.register_get_user_response(self.other_user)
 
         self.course = CourseFactory.create(org="a", course="b", run="c", start=datetime.now(UTC))
@@ -405,7 +405,7 @@ def test_request_by_unauthorized_user(self):
         they're not either enrolled or staff members.
         """
         self.register_mock_endpoints()
-        self.client.login(username=self.other_user.username, password="password")
+        self.client.login(username=self.other_user.username, password=self.TEST_PASSWORD)
         response = self.client.get(self.url)
         assert response.status_code == status.HTTP_404_NOT_FOUND
         assert json.loads(response.content)["developer_message"] == "Course not found."
@@ -416,7 +416,7 @@ def test_request_by_enrolled_user(self):
         comments in that course.
         """
         self.register_mock_endpoints()
-        self.client.login(username=self.other_user.username, password="password")
+        self.client.login(username=self.other_user.username, password=self.TEST_PASSWORD)
         CourseEnrollmentFactory.create(user=self.other_user, course_id=self.course.id)
         self.assert_successful_response(self.client.get(self.url))
 
@@ -425,7 +425,7 @@ def test_request_by_global_staff(self):
         Staff users are allowed to get any user's comments.
         """
         self.register_mock_endpoints()
-        self.client.login(username=self.other_user.username, password="password")
+        self.client.login(username=self.other_user.username, password=self.TEST_PASSWORD)
         GlobalStaff().add_users(self.other_user)
         self.assert_successful_response(self.client.get(self.url))
 
@@ -436,7 +436,7 @@ def test_request_by_course_staff(self, role):
         course.
         """
         self.register_mock_endpoints()
-        self.client.login(username=self.other_user.username, password="password")
+        self.client.login(username=self.other_user.username, password=self.TEST_PASSWORD)
         role(course_key=self.course.id).add_users(self.other_user)
         self.assert_successful_response(self.client.get(self.url))
 
@@ -445,7 +445,7 @@ def test_request_with_non_existent_user(self):
         Requests for users that don't exist result in a 404 response.
         """
         self.register_mock_endpoints()
-        self.client.login(username=self.other_user.username, password="password")
+        self.client.login(username=self.other_user.username, password=self.TEST_PASSWORD)
         GlobalStaff().add_users(self.other_user)
         url = self.build_url("non_existent", self.course.id)
         response = self.client.get(url)
@@ -456,7 +456,7 @@ def test_request_with_non_existent_course(self):
         Requests for courses that don't exist result in a 404 response.
         """
         self.register_mock_endpoints()
-        self.client.login(username=self.other_user.username, password="password")
+        self.client.login(username=self.other_user.username, password=self.TEST_PASSWORD)
         GlobalStaff().add_users(self.other_user)
         url = self.build_url(self.user.username, "course-v1:x+y+z")
         response = self.client.get(url)
@@ -467,7 +467,7 @@ def test_request_with_invalid_course_id(self):
         Requests with invalid course ID should fail form validation.
         """
         self.register_mock_endpoints()
-        self.client.login(username=self.other_user.username, password="password")
+        self.client.login(username=self.other_user.username, password=self.TEST_PASSWORD)
         GlobalStaff().add_users(self.other_user)
         url = self.build_url(self.user.username, "an invalid course")
         response = self.client.get(url)
@@ -484,7 +484,7 @@ def test_request_with_empty_results_page(self):
         self.register_get_threads_response(threads=[], page=1, num_pages=1)
         self.register_get_comments_response(comments=[], page=1, num_pages=1)
 
-        self.client.login(username=self.other_user.username, password="password")
+        self.client.login(username=self.other_user.username, password=self.TEST_PASSWORD)
         GlobalStaff().add_users(self.other_user)
         url = self.build_url(self.user.username, self.course.id, page=2)
         response = self.client.get(url)
@@ -928,7 +928,7 @@ class CourseTopicsViewV3Test(DiscussionAPIViewTestMixin, CommentsServiceMockMixi
     """
     def setUp(self) -> None:
         super().setUp()
-        self.password = "password"
+        self.password = self.TEST_PASSWORD
         self.user = UserFactory.create(password=self.password)
         self.client.login(username=self.user.username, password=self.password)
         self.staff = AdminFactory.create()
@@ -2751,7 +2751,7 @@ def setUp(self):
             discussion_topics={"Test Topic": {"id": "test_topic"}}
         )
         self.path = reverse('discussion_course_settings', kwargs={'course_id': str(self.course.id)})
-        self.password = 'edx'
+        self.password = self.TEST_PASSWORD
         self.user = UserFactory(username='staff', password=self.password, is_staff=True)
 
     def _get_oauth_headers(self, user):
@@ -3049,7 +3049,7 @@ def setUp(self):
             run="z",
             start=datetime.now(UTC),
         )
-        self.password = 'edx'
+        self.password = self.TEST_PASSWORD
         self.user = UserFactory(username='staff', password=self.password, is_staff=True)
         course_key = CourseKey.from_string('course-v1:x+y+z')
         seed_permissions_roles(course_key)
@@ -3257,7 +3257,7 @@ def setUp(self) -> None:
             user = UserFactory.create(
                 username=stat['username'],
                 email=f"{stat['username']}@example.com",
-                password='12345'
+                password=self.TEST_PASSWORD
             )
             CourseEnrollment.enroll(user, self.course.id, mode='audit')
 
@@ -3271,7 +3271,7 @@ def test_regular_user(self):
         """
         Tests that for a regular user stats are returned without flag counts
         """
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         response = self.client.get(self.url)
         data = response.json()
         assert data["results"] == self.stats_without_flags
@@ -3281,7 +3281,7 @@ def test_moderator_user(self):
         """
         Tests that for a moderator user stats are returned with flag counts
         """
-        self.client.login(username=self.moderator.username, password='test')
+        self.client.login(username=self.moderator.username, password=self.TEST_PASSWORD)
         response = self.client.get(self.url)
         data = response.json()
         assert data["results"] == self.stats
@@ -3301,7 +3301,7 @@ def test_sorting(self, username, ordering_requested, ordering_performed):
         """
         Test valid sorting options and defaults
         """
-        self.client.login(username=username, password='test')
+        self.client.login(username=username, password=self.TEST_PASSWORD)
         params = {}
         if ordering_requested:
             params = {"order_by": ordering_requested}
@@ -3319,7 +3319,7 @@ def test_sorting_error_regular_user(self, order_by):
         """
         Test for invalid sorting options for regular users.
         """
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         response = self.client.get(self.url, {"order_by": order_by})
         assert "order_by" in response.json()["field_errors"]
 
@@ -3334,7 +3334,7 @@ def test_with_username_param(self, username_search_string, comma_separated_usern
         Test for endpoint with username param.
         """
         params = {'username': username_search_string}
-        self.client.login(username=self.moderator.username, password='test')
+        self.client.login(username=self.moderator.username, password=self.TEST_PASSWORD)
         self.client.get(self.url, params)
         assert urlparse(
             httpretty.last_request().path  # lint-amnesty, pylint: disable=no-member
@@ -3349,7 +3349,7 @@ def test_with_username_param_with_no_matches(self):
         Test for endpoint with username param with no matches.
         """
         params = {'username': 'unknown'}
-        self.client.login(username=self.moderator.username, password='test')
+        self.client.login(username=self.moderator.username, password=self.TEST_PASSWORD)
         response = self.client.get(self.url, params)
         data = response.json()
         self.assertFalse(data['results'])
diff --git a/lms/djangoapps/discussion/tests/test_views.py b/lms/djangoapps/discussion/tests/test_views.py
index 6b7f2de3ee5f..09aebf8b81da 100644
--- a/lms/djangoapps/discussion/tests/test_views.py
+++ b/lms/djangoapps/discussion/tests/test_views.py
@@ -463,7 +463,7 @@ def test_private_team_thread_html(self, mock_request):
         CourseTeamFactory.create(discussion_topic_id=discussion_topic_id)
         user_not_in_team = UserFactory.create()
         CourseEnrollmentFactory.create(user=user_not_in_team, course_id=self.course.id)
-        self.client.login(username=user_not_in_team.username, password='test')
+        self.client.login(username=user_not_in_team.username, password=self.TEST_PASSWORD)
 
         mock_request.side_effect = make_mock_request_impl(
             course=self.course,
@@ -624,7 +624,7 @@ def test_ajax(self, mock_request):
     def test_html(self, mock_request):
         _mock_text, mock_thread_id = self._create_mock_cohorted_thread(mock_request)
 
-        self.client.login(username=self.student.username, password='test')
+        self.client.login(username=self.student.username, password=self.TEST_PASSWORD)
         response = self.client.get(
             reverse('single_thread', kwargs={
                 'course_id': str(self.course.id),
@@ -758,7 +758,7 @@ def call_view(self, mock_request, commentable_id, user, group_id, pass_group_id=
         if is_ajax:
             headers['HTTP_X_REQUESTED_WITH'] = "XMLHttpRequest"
 
-        self.client.login(username=user.username, password='test')
+        self.client.login(username=user.username, password=self.TEST_PASSWORD)
 
         return self.client.get(
             reverse('single_thread', args=[str(self.course.id), commentable_id, "dummy_thread_id"]),
@@ -824,7 +824,7 @@ def call_view(self, mock_request, user):  # lint-amnesty, pylint: disable=missin
             text="dummy content",
             thread_list=self.thread_list
         )
-        self.client.login(username=user.username, password='test')
+        self.client.login(username=user.username, password=self.TEST_PASSWORD)
         return self.client.get(
             reverse("forum_form_discussion", args=[str(self.course.id)]),
             HTTP_X_REQUESTED_WITH="XMLHttpRequest"
@@ -889,7 +889,7 @@ def assert_can_access(self, user, discussion_id, thread_id, should_have_access):
         verify that the user does not have access to that thread.
         """
         def call_single_thread():
-            self.client.login(username=user.username, password='test')
+            self.client.login(username=user.username, password=self.TEST_PASSWORD)
             return self.client.get(
                 reverse('single_thread', args=[str(self.course.id), discussion_id, thread_id])
             )
@@ -1113,7 +1113,7 @@ def call_view(self, mock_request, commentable_id, user, group_id, pass_group_id=
         if is_ajax:
             headers['HTTP_X_REQUESTED_WITH'] = "XMLHttpRequest"
 
-        self.client.login(username=user.username, password='test')
+        self.client.login(username=user.username, password=self.TEST_PASSWORD)
         return self.client.get(
             reverse("forum_form_discussion", args=[str(self.course.id)]),
             data=request_data,
@@ -1165,7 +1165,7 @@ def call_view_for_profiled_user(
         if is_ajax:
             headers['HTTP_X_REQUESTED_WITH'] = "XMLHttpRequest"
 
-        self.client.login(username=requesting_user.username, password='test')
+        self.client.login(username=requesting_user.username, password=self.TEST_PASSWORD)
         return self.client.get(
             reverse('user_profile', args=[str(self.course.id), profiled_user.id]),
             data=request_data,
@@ -1414,7 +1414,7 @@ def get_response(self, mock_request, params, **headers):  # lint-amnesty, pylint
         mock_request.side_effect = make_mock_request_impl(
             course=self.course, text=self.TEST_THREAD_TEXT, thread_id=self.TEST_THREAD_ID
         )
-        self.client.login(username=self.student.username, password='test')
+        self.client.login(username=self.student.username, password=self.TEST_PASSWORD)
 
         response = self.client.get(
             reverse('user_profile', kwargs={
@@ -2295,7 +2295,7 @@ def test_redirect_from_legacy_base_url_to_new_experience(self):
         """
 
         with override_waffle_flag(ENABLE_DISCUSSIONS_MFE, True):
-            self.client.login(username=self.user.username, password='test')
+            self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
             url = reverse("forum_form_discussion", args=[self.course.id])
             response = self.client.get(url)
             assert response.status_code == 302
@@ -2310,7 +2310,7 @@ def test_redirect_from_legacy_profile_url_to_new_experience(self):
         """
 
         with override_waffle_flag(ENABLE_DISCUSSIONS_MFE, True):
-            self.client.login(username=self.user.username, password='test')
+            self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
             url = reverse("user_profile", args=[self.course.id, self.user.id])
             response = self.client.get(url)
             assert response.status_code == 302
@@ -2325,7 +2325,7 @@ def test_redirect_from_legacy_single_thread_to_new_experience(self):
         """
 
         with override_waffle_flag(ENABLE_DISCUSSIONS_MFE, True):
-            self.client.login(username=self.user.username, password='test')
+            self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
             url = reverse("single_thread", args=[self.course.id, "test_discussion", "test_thread"])
             response = self.client.get(url)
             assert response.status_code == 302
diff --git a/lms/djangoapps/grades/rest_api/v1/tests/mixins.py b/lms/djangoapps/grades/rest_api/v1/tests/mixins.py
index e5e7f269e3a2..1d3a6a0b4551 100644
--- a/lms/djangoapps/grades/rest_api/v1/tests/mixins.py
+++ b/lms/djangoapps/grades/rest_api/v1/tests/mixins.py
@@ -97,7 +97,7 @@ def _create_user_program_enrollments(self, *users, **kwargs):  # lint-amnesty, p
 
     def setUp(self):
         super().setUp()
-        self.password = 'test'
+        self.password = self.TEST_PASSWORD
         self.global_staff = GlobalStaffFactory.create()
         self.student = UserFactory(password=self.password, username='student', email='student@example.com')
         self.other_student = UserFactory(
diff --git a/lms/djangoapps/grades/rest_api/v1/tests/test_views.py b/lms/djangoapps/grades/rest_api/v1/tests/test_views.py
index 1fbfb6070dd3..cd2107ec7c29 100644
--- a/lms/djangoapps/grades/rest_api/v1/tests/test_views.py
+++ b/lms/djangoapps/grades/rest_api/v1/tests/test_views.py
@@ -548,7 +548,7 @@ class CourseSubmissionHistoryWithDataTest(TestSubmittingProblems):
     def setUp(self):
         super().setUp()
         self.namespaced_url = 'grades_api:v1:submission_history'
-        self.password = 'test'
+        self.password = self.TEST_PASSWORD
         self.basic_setup()
         self.global_staff = GlobalStaffFactory.create()
 
diff --git a/lms/djangoapps/grades/tests/integration/test_access.py b/lms/djangoapps/grades/tests/integration/test_access.py
index 380962b19e99..6545094a3ce5 100644
--- a/lms/djangoapps/grades/tests/integration/test_access.py
+++ b/lms/djangoapps/grades/tests/integration/test_access.py
@@ -73,9 +73,9 @@ def setUp(self):
         self.addCleanup(set_current_request, None)
         self.request = get_mock_request(UserFactory())
         self.student = self.request.user
-        self.client.login(username=self.student.username, password="test")
+        self.client.login(username=self.student.username, password=self.TEST_PASSWORD)
         CourseEnrollment.enroll(self.student, self.course.id)
-        self.instructor = UserFactory.create(is_staff=True, username='test_instructor', password='test')
+        self.instructor = UserFactory.create(is_staff=True, username='test_instructor', password=self.TEST_PASSWORD)
         self.refresh_course()
 
     def test_subsection_access_changed(self):
diff --git a/lms/djangoapps/grades/tests/integration/test_events.py b/lms/djangoapps/grades/tests/integration/test_events.py
index 868b55eeae67..881ad049b3d8 100644
--- a/lms/djangoapps/grades/tests/integration/test_events.py
+++ b/lms/djangoapps/grades/tests/integration/test_events.py
@@ -70,9 +70,9 @@ def setUp(self):
         self.addCleanup(set_current_request, None)
         self.request = get_mock_request(UserFactory())
         self.student = self.request.user
-        self.client.login(username=self.student.username, password="test")
+        self.client.login(username=self.student.username, password=self.TEST_PASSWORD)
         CourseEnrollment.enroll(self.student, self.course.id)
-        self.instructor = UserFactory.create(is_staff=True, username='test_instructor', password='test')
+        self.instructor = UserFactory.create(is_staff=True, username='test_instructor', password=self.TEST_PASSWORD)
         self.refresh_course()
 
     @patch('lms.djangoapps.grades.events.tracker')
diff --git a/lms/djangoapps/grades/tests/integration/test_problems.py b/lms/djangoapps/grades/tests/integration/test_problems.py
index 36c54bec86e9..b4a2d06c9f45 100644
--- a/lms/djangoapps/grades/tests/integration/test_problems.py
+++ b/lms/djangoapps/grades/tests/integration/test_problems.py
@@ -43,9 +43,8 @@ def setUpClass(cls):
 
     def setUp(self):
         super().setUp()
-        password = 'test'
-        self.student = UserFactory.create(is_staff=False, username='test_student', password=password)
-        self.client.login(username=self.student.username, password=password)
+        self.student = UserFactory.create(is_staff=False, username='test_student', password=self.TEST_PASSWORD)
+        self.client.login(username=self.student.username, password=self.TEST_PASSWORD)
         self.addCleanup(set_current_request, None)
         self.request = get_mock_request(self.student)
         self.course_structure = get_course_blocks(self.student, self.course.location)
@@ -58,8 +57,7 @@ def load_scoreable_course(cls):
         For details on the contents and structure of the file, see
         `common/test/data/scoreable/README`.
         """
-        password = 'test'
-        user = UserFactory.create(is_staff=False, username='test_student', password=password)
+        user = UserFactory.create(is_staff=False, username='test_student', password=cls.TEST_PASSWORD)
 
         course_items = import_course_from_xml(
             cls.store,
@@ -144,7 +142,7 @@ def setUp(self):
         '''
         self.addCleanup(set_current_request, None)
         self.request = get_mock_request(UserFactory())
-        self.client.login(username=self.request.user.username, password="test")
+        self.client.login(username=self.request.user.username, password=self.TEST_PASSWORD)
         CourseEnrollment.enroll(self.request.user, self.course.id)
 
     def _get_altered_metadata(self, alterations):
diff --git a/lms/djangoapps/instructor/tests/test_api.py b/lms/djangoapps/instructor/tests/test_api.py
index 54adcb3e3638..1bcf42967f3b 100644
--- a/lms/djangoapps/instructor/tests/test_api.py
+++ b/lms/djangoapps/instructor/tests/test_api.py
@@ -325,7 +325,7 @@ def setUp(self):
         """
         super().setUp()
         global_user = GlobalStaffFactory()
-        self.client.login(username=global_user.username, password='test')
+        self.client.login(username=global_user.username, password=self.TEST_PASSWORD)
 
     @ddt.data(*INSTRUCTOR_POST_ENDPOINTS)
     def test_endpoints_reject_get(self, data):
@@ -478,7 +478,7 @@ def test_student_level(self):
         """
         Ensure that an enrolled student can't access staff or instructor endpoints.
         """
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
         for endpoint, args in self.staff_level_endpoints:
             self._access_endpoint(
@@ -518,7 +518,7 @@ def test_staff_level(self):
         CourseEnrollment.enroll(staff_member, self.course.id)
         CourseFinanceAdminRole(self.course.id).add_users(staff_member)
         CourseDataResearcherRole(self.course.id).add_users(staff_member)
-        self.client.login(username=staff_member.username, password='test')
+        self.client.login(username=staff_member.username, password=self.TEST_PASSWORD)
         # Try to promote to forums admin - not working
         # update_forum_role(self.course.id, staff_member, FORUM_ROLE_ADMINISTRATOR, 'allow')
 
@@ -558,7 +558,7 @@ def test_instructor_level(self):
 
         CourseFinanceAdminRole(self.course.id).add_users(inst)
         CourseDataResearcherRole(self.course.id).add_users(inst)
-        self.client.login(username=inst.username, password='test')
+        self.client.login(username=inst.username, password=self.TEST_PASSWORD)
 
         for endpoint, args in self.staff_level_endpoints:
             expected_status = 200
@@ -631,7 +631,7 @@ def setUp(self):
         self.audit_course_instructor = InstructorFactory(course_key=self.audit_course.id)
         self.white_label_course_instructor = InstructorFactory(course_key=self.white_label_course.id)
 
-        self.client.login(username=self.instructor.username, password='test')
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
 
         self.not_enrolled_student = UserFactory(
             username='NotEnrolledStudent',
@@ -961,7 +961,7 @@ def test_audit_enrollment_mode(self):
         Test that enrollment mode for audit courses (paid courses) is 'audit'.
         """
         # Login Audit Course instructor
-        self.client.login(username=self.audit_course_instructor.username, password='test')
+        self.client.login(username=self.audit_course_instructor.username, password=self.TEST_PASSWORD)
 
         csv_content = b"test_student_wl@example.com,test_student_wl,Test Student,USA"
         uploaded_file = SimpleUploadedFile("temp.csv", csv_content)
@@ -992,7 +992,7 @@ def test_honor_enrollment_mode(self):
         self.white_label_course_mode.save()
 
         # Login Audit Course instructor
-        self.client.login(username=self.white_label_course_instructor.username, password='test')
+        self.client.login(username=self.white_label_course_instructor.username, password=self.TEST_PASSWORD)
 
         csv_content = b"test_student_wl@example.com,test_student_wl,Test Student,USA"
         uploaded_file = SimpleUploadedFile("temp.csv", csv_content)
@@ -1040,7 +1040,7 @@ def setUp(self):
 
         self.request = RequestFactory().request()
         self.instructor = InstructorFactory(course_key=self.course.id)
-        self.client.login(username=self.instructor.username, password='test')
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
 
         self.enrolled_student = UserFactory(username='EnrolledStudent', first_name='Enrolled', last_name='Student')
         CourseEnrollment.enroll(
@@ -1889,7 +1889,7 @@ def setUp(self):
         super().setUp()
 
         self.instructor = InstructorFactory(course_key=self.course.id)
-        self.client.login(username=self.instructor.username, password='test')
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
 
         self.beta_tester = BetaTesterFactory(course_key=self.course.id)
         CourseEnrollment.enroll(
@@ -2234,7 +2234,7 @@ def setUp(self):
         super().setUp()
 
         self.instructor = InstructorFactory(course_key=self.course.id)
-        self.client.login(username=self.instructor.username, password='test')
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
 
         self.other_instructor = InstructorFactory(course_key=self.course.id)
         self.other_staff = StaffFactory(course_key=self.course.id)
@@ -2474,7 +2474,7 @@ def setUp(self):
         self.course_mode.save()
         self.instructor = InstructorFactory(course_key=self.course.id)
         CourseDataResearcherRole(self.course.id).add_users(self.instructor)
-        self.client.login(username=self.instructor.username, password='test')
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
 
         self.students = [UserFactory() for _ in range(6)]
         for student in self.students:
@@ -2616,7 +2616,7 @@ def test_get_students_features_teams(self, has_teams):
             }))
             course_instructor = InstructorFactory(course_key=self.course.id)
             CourseDataResearcherRole(self.course.id).add_users(course_instructor)
-            self.client.login(username=course_instructor.username, password='test')
+            self.client.login(username=course_instructor.username, password=self.TEST_PASSWORD)
 
         url = reverse('get_students_features', kwargs={'course_id': str(self.course.id)})
 
@@ -2988,7 +2988,7 @@ def setUpClass(cls):
     def setUp(self):
         super().setUp()
         self.instructor = InstructorFactory(course_key=self.course.id)
-        self.client.login(username=self.instructor.username, password='test')
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
 
         self.student = UserFactory()
         CourseEnrollment.enroll(self.student, self.course.id)
@@ -3174,7 +3174,7 @@ def setUp(self):
         self.instructor = InstructorFactory(course_key=self.course.id)
         # Add instructor to invalid ee course
         CourseInstructorRole(self.course_with_invalid_ee.id).add_users(self.instructor)
-        self.client.login(username=self.instructor.username, password='test')
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
 
         self.student = UserFactory()
         CourseEnrollment.enroll(self.student, self.course.id)
@@ -3277,7 +3277,7 @@ def test_entrance_exam_delete_state_with_staff(self):
         """ Test entrance exam delete state failure with staff access. """
         self.client.logout()
         staff_user = StaffFactory(course_key=self.course.id)
-        self.client.login(username=staff_user.username, password='test')
+        self.client.login(username=staff_user.username, password=self.TEST_PASSWORD)
         url = reverse('reset_student_attempts_for_entrance_exam',
                       kwargs={'course_id': str(self.course.id)})
         response = self.client.post(url, {
@@ -3430,7 +3430,7 @@ def setUp(self):
         }
 
         self.instructor = InstructorFactory(course_key=self.course.id)
-        self.client.login(username=self.instructor.username, password='test')
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
 
     def tearDown(self):
         super().tearDown()
@@ -3450,7 +3450,7 @@ def test_send_email_but_not_logged_in(self):
     def test_send_email_but_not_staff(self):
         self.client.logout()
         student = UserFactory()
-        self.client.login(username=student.username, password='test')
+        self.client.login(username=student.username, password=self.TEST_PASSWORD)
         url = reverse('send_email', kwargs={'course_id': str(self.course.id)})
         response = self.client.post(url, self.full_test_message)
         assert response.status_code == 403
@@ -3647,7 +3647,7 @@ def setUpClass(cls):
     def setUp(self):
         super().setUp()
         self.instructor = InstructorFactory(course_key=self.course.id)
-        self.client.login(username=self.instructor.username, password='test')
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
 
         self.student = UserFactory()
         CourseEnrollment.enroll(self.student, self.course.id)
@@ -3784,7 +3784,7 @@ def setUp(self):
         super().setUp()
 
         self.instructor = InstructorFactory(course_key=self.course.id)
-        self.client.login(username=self.instructor.username, password='test')
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
         self.tasks = {}
         self.emails = {}
         self.emails_info = {}
@@ -4046,7 +4046,7 @@ def setUp(self):
         CourseEnrollmentFactory.create(user=self.user1, course_id=self.course.id)
         CourseEnrollmentFactory.create(user=self.user2, course_id=self.course.id)
         self.instructor = InstructorFactory(course_key=self.course.id)
-        self.client.login(username=self.instructor.username, password='test')
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
         extract_dates(None, self.course.id)
 
     def test_change_due_date(self):
@@ -4222,7 +4222,7 @@ def setUp(self):
         CourseEnrollmentFactory.create(user=self.user1, course_id=self.course.id)
         CourseEnrollmentFactory.create(user=self.user2, course_id=self.course.id)
         self.instructor = InstructorFactory(course_key=self.course.id)
-        self.client.login(username=self.instructor.username, password='test')
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
         extract_dates(None, self.course.id)
 
     @override_waffle_flag(RELATIVE_DATES_FLAG, active=True)
@@ -4267,7 +4267,7 @@ def setUpClass(cls):
     def setUp(self):
         super().setUp()
         self.instructor = InstructorFactory(course_key=self.course.id)
-        self.client.login(username=self.instructor.username, password='test')
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
 
     def generate_certificate(self, course_id, mode, status):
         """
@@ -4395,7 +4395,7 @@ def expect_error_on_file_content(self, file_content, error, file_suffix='.csv'):
         """
         Verify that we get the error we expect for a given file input.
         """
-        self.client.login(username=self.staff_user.username, password='test')
+        self.client.login(username=self.staff_user.username, password=self.TEST_PASSWORD)
         response = self.call_add_users_to_cohorts(file_content, suffix=file_suffix)
         assert response.status_code == 400
         result = json.loads(response.content.decode('utf-8'))
@@ -4408,7 +4408,7 @@ def verify_success_on_file_content(self, file_content, mock_store_upload, mock_c
         background task.
         """
         mock_store_upload.return_value = (None, 'fake_file_name.csv')
-        self.client.login(username=self.staff_user.username, password='test')
+        self.client.login(username=self.staff_user.username, password=self.TEST_PASSWORD)
         response = self.call_add_users_to_cohorts(file_content)
         assert response.status_code == 204
         assert mock_store_upload.called
@@ -4454,7 +4454,7 @@ def test_non_staff_no_access(self):
         """
         Verify that we can't access the view when we aren't a staff user.
         """
-        self.client.login(username=self.non_staff_user.username, password='test')
+        self.client.login(username=self.non_staff_user.username, password=self.TEST_PASSWORD)
         response = self.call_add_users_to_cohorts('')
         assert response.status_code == 403
 
diff --git a/lms/djangoapps/instructor/tests/test_api_email_localization.py b/lms/djangoapps/instructor/tests/test_api_email_localization.py
index e0cef6a7af0b..a23b94ece021 100644
--- a/lms/djangoapps/instructor/tests/test_api_email_localization.py
+++ b/lms/djangoapps/instructor/tests/test_api_email_localization.py
@@ -35,7 +35,7 @@ def setUp(self):
         # Esperanto.
         self.instructor = InstructorFactory(course_key=self.course.id)
         set_user_preference(self.instructor, LANGUAGE_KEY, 'zh-cn')
-        self.client.login(username=self.instructor.username, password='test')
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
 
         self.student = UserFactory.create()
         set_user_preference(self.student, LANGUAGE_KEY, 'eo')
diff --git a/lms/djangoapps/instructor/tests/test_certificates.py b/lms/djangoapps/instructor/tests/test_certificates.py
index 5350d1d07f71..11fd82bfb302 100644
--- a/lms/djangoapps/instructor/tests/test_certificates.py
+++ b/lms/djangoapps/instructor/tests/test_certificates.py
@@ -64,11 +64,11 @@ def setUp(self):
 
     def test_visible_only_to_global_staff(self):
         # Instructors don't see the certificates section
-        self.client.login(username=self.instructor.username, password="test")
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
         self._assert_certificates_visible(False)
 
         # Global staff can see the certificates section
-        self.client.login(username=self.global_staff.username, password="test")
+        self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD)
         self._assert_certificates_visible(True)
 
     def test_visible_only_when_feature_flag_enabled(self):
@@ -77,17 +77,17 @@ def test_visible_only_when_feature_flag_enabled(self):
         cache.clear()
 
         # Now even global staff can't see the certificates section
-        self.client.login(username=self.global_staff.username, password="test")
+        self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD)
         self._assert_certificates_visible(False)
 
     @ddt.data("started", "error", "success")
     def test_show_certificate_status(self, status):
-        self.client.login(username=self.global_staff.username, password="test")
+        self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD)
         with self._certificate_status("honor", status):
             self._assert_certificate_status("honor", status)
 
     def test_show_enabled_button(self):
-        self.client.login(username=self.global_staff.username, password="test")
+        self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD)
 
         # Initially, no example certs are generated, so
         # the enable button should be disabled
@@ -104,7 +104,7 @@ def test_show_enabled_button(self):
             self._assert_enable_certs_button(False)
 
     def test_can_disable_even_after_failure(self):
-        self.client.login(username=self.global_staff.username, password="test")
+        self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD)
 
         with self._certificate_status("honor", "error"):
             # When certs are disabled for a course, then don't allow them
@@ -127,7 +127,7 @@ def test_show_enabled_button_for_html_certs(self):
         self.course.cert_html_view_enabled = True
         self.course.save()
         self.store.update_item(self.course, self.global_staff.id)
-        self.client.login(username=self.global_staff.username, password="test")
+        self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD)
         response = self.client.get(self.url)
         self.assertContains(response, 'Enable Student-Generated Certificates')
         self.assertContains(response, 'enable-certificates-submit')
@@ -143,7 +143,7 @@ def test_buttons_for_html_certs_in_self_paced_course(self):
         self.course.cert_html_view_enabled = True
         self.course.save()
         self.store.update_item(self.course, self.global_staff.id)
-        self.client.login(username=self.global_staff.username, password="test")
+        self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD)
         response = self.client.get(self.url)
         self.assertContains(response, 'Enable Student-Generated Certificates')
         self.assertContains(response, 'enable-certificates-submit')
@@ -233,18 +233,18 @@ def test_allow_only_global_staff(self, url_name):
         url = reverse(url_name, kwargs={'course_id': self.course.id})
 
         # Instructors do not have access
-        self.client.login(username=self.instructor.username, password='test')
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
         response = self.client.post(url)
         assert response.status_code == 403
 
         # Global staff have access
-        self.client.login(username=self.global_staff.username, password='test')
+        self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD)
         response = self.client.post(url)
         assert response.status_code == 302
 
     @ddt.data(True, False)
     def test_enable_certificate_generation(self, is_enabled):
-        self.client.login(username=self.global_staff.username, password='test')
+        self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD)
         url = reverse(
             'enable_certificate_generation',
             kwargs={'course_id': str(self.course.id)}
@@ -274,7 +274,7 @@ def test_certificate_generation_api_without_global_staff(self):
         user who made the request is not member of global staff.
         """
         user = UserFactory.create()
-        self.client.login(username=user.username, password='test')
+        self.client.login(username=user.username, password=self.TEST_PASSWORD)
         url = reverse(
             'start_certificate_generation',
             kwargs={'course_id': str(self.course.id)}
@@ -283,7 +283,7 @@ def test_certificate_generation_api_without_global_staff(self):
         response = self.client.post(url)
         assert response.status_code == 403
 
-        self.client.login(username=self.instructor.username, password='test')
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
         response = self.client.post(url)
         assert response.status_code == 403
 
@@ -292,7 +292,7 @@ def test_certificate_generation_api_with_global_staff(self):
         Test certificates generation api endpoint returns success status when called with
         valid course key
         """
-        self.client.login(username=self.global_staff.username, password='test')
+        self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD)
         url = reverse(
             'start_certificate_generation',
             kwargs={'course_id': str(self.course.id)}
@@ -319,7 +319,7 @@ def test_certificate_regeneration_success(self):
         )
 
         # Login the client and access the url with 'certificate_statuses'
-        self.client.login(username=self.global_staff.username, password='test')
+        self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD)
         url = reverse('start_certificate_regeneration', kwargs={'course_id': str(self.course.id)})
         response = self.client.post(url, data={'certificate_statuses': [CertificateStatuses.downloadable]})
 
@@ -352,7 +352,7 @@ def test_certificate_regeneration_error(self):
         )
 
         # Login the client and access the url without 'certificate_statuses'
-        self.client.login(username=self.global_staff.username, password='test')
+        self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD)
         url = reverse('start_certificate_regeneration', kwargs={'course_id': str(self.course.id)})
         response = self.client.post(url)
 
@@ -419,7 +419,7 @@ def setUp(self):
         # Enable certificate generation
         cache.clear()
         CertificateGenerationConfiguration.objects.create(enabled=True)
-        self.client.login(username=self.global_staff.username, password='test')
+        self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD)
 
     def test_certificate_exception_added_successfully(self):
         """
@@ -712,7 +712,7 @@ def setUp(self):
         # Enable certificate generation
         cache.clear()
         CertificateGenerationConfiguration.objects.create(enabled=True)
-        self.client.login(username=self.global_staff.username, password='test')
+        self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD)
 
     def test_generate_certificate_exceptions_all_students(self):
         """
@@ -830,7 +830,7 @@ def setUp(self):
         CourseEnrollment.enroll(self.enrolled_user_2, self.course.id)
 
         # Global staff can see the certificates section
-        self.client.login(username=self.global_staff.username, password="test")
+        self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD)
 
     def test_create_allowlist_exception_record(self):
         """
@@ -1026,7 +1026,7 @@ def setUp(self):
         )
 
         # Global staff can see the certificates section
-        self.client.login(username=self.global_staff.username, password="test")
+        self.client.login(username=self.global_staff.username, password=self.TEST_PASSWORD)
 
     def test_invalidate_certificate(self):
         """
diff --git a/lms/djangoapps/instructor/tests/test_email.py b/lms/djangoapps/instructor/tests/test_email.py
index a84c728c30e9..322c734fa613 100644
--- a/lms/djangoapps/instructor/tests/test_email.py
+++ b/lms/djangoapps/instructor/tests/test_email.py
@@ -40,7 +40,7 @@ def setUp(self):
 
         # Create instructor account
         instructor = AdminFactory.create()
-        self.client.login(username=instructor.username, password="test")
+        self.client.login(username=instructor.username, password=self.TEST_PASSWORD)
 
     def tearDown(self):
         super().tearDown()
@@ -148,7 +148,7 @@ def setUp(self):
 
         # Create instructor account
         instructor = AdminFactory.create()
-        self.client.login(username=instructor.username, password="test")
+        self.client.login(username=instructor.username, password=self.TEST_PASSWORD)
 
         # URL for instructor dash
         self.url = reverse('instructor_dashboard', kwargs={'course_id': str(self.course_key)})
diff --git a/lms/djangoapps/instructor/tests/test_proctoring.py b/lms/djangoapps/instructor/tests/test_proctoring.py
index 42fdb13a7f45..cd6be1517328 100644
--- a/lms/djangoapps/instructor/tests/test_proctoring.py
+++ b/lms/djangoapps/instructor/tests/test_proctoring.py
@@ -36,7 +36,7 @@ def setUp(self):
 
         # Create instructor account
         self.instructor = AdminFactory.create()
-        self.client.login(username=self.instructor.username, password="test")
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
 
     def setup_course_url(self, course):
         """
diff --git a/lms/djangoapps/instructor/tests/test_spoc_gradebook.py b/lms/djangoapps/instructor/tests/test_spoc_gradebook.py
index bf574e8f506f..221ed3603e27 100644
--- a/lms/djangoapps/instructor/tests/test_spoc_gradebook.py
+++ b/lms/djangoapps/instructor/tests/test_spoc_gradebook.py
@@ -56,7 +56,7 @@ def setUp(self):
         super().setUp()
 
         instructor = AdminFactory.create()
-        self.client.login(username=instructor.username, password='test')
+        self.client.login(username=instructor.username, password=self.TEST_PASSWORD)
         self.users = [UserFactory.create() for _ in range(USER_COUNT)]
         for user in self.users:
             CourseEnrollmentFactory.create(user=user, course_id=self.course.id)
diff --git a/lms/djangoapps/instructor/tests/views/test_instructor_dashboard.py b/lms/djangoapps/instructor/tests/views/test_instructor_dashboard.py
index bca16977a98c..db455f02587d 100644
--- a/lms/djangoapps/instructor/tests/views/test_instructor_dashboard.py
+++ b/lms/djangoapps/instructor/tests/views/test_instructor_dashboard.py
@@ -85,7 +85,7 @@ def setUp(self):
         self.course_mode.save()
         # Create instructor account
         self.instructor = AdminFactory.create()
-        self.client.login(username=self.instructor.username, password="test")
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
 
         # URL for instructor dash
         self.url = reverse('instructor_dashboard', kwargs={'course_id': str(self.course.id)})
@@ -169,7 +169,7 @@ def test_discussion_tab_for_course_staff_role(self, access_role, is_pages_and_re
                     org=self.course.id.org
                 )
                 set_course_cohorted(self.course.id, True)
-                self.client.login(username=self.user.username, password='test')
+                self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
                 response = self.client.get(self.url).content.decode('utf-8')
                 self.assertEqual(discussion_section in response, is_discussion_tab_available)
 
@@ -192,7 +192,7 @@ def test_discussion_tab_for_global_user(self, is_pages_and_resources_enabled,
             with override_waffle_flag(OVERRIDE_DISCUSSION_LEGACY_SETTINGS_FLAG, is_legacy_discussion_setting_enabled):
                 user = UserFactory.create(is_staff=True)
                 set_course_cohorted(self.course.id, True)
-                self.client.login(username=user.username, password='test')
+                self.client.login(username=user.username, password=self.TEST_PASSWORD)
                 response = self.client.get(self.url).content.decode('utf-8')
                 self.assertEqual(discussion_section in response, is_discussion_tab_available)
 
@@ -224,7 +224,7 @@ def test_data_download(self, access_role, can_access, waffle_status):
                 role=access_role,
                 org=self.course.id.org
             )
-            self.client.login(username=user.username, password="test")
+            self.client.login(username=user.username, password=self.TEST_PASSWORD)
             response = self.client.get(self.url)
             if can_access:
                 self.assertContains(response, download_section)
@@ -244,7 +244,7 @@ def test_data_download_only(self):
             role='data_researcher',
             org=self.course.id.org
         )
-        self.client.login(username=user.username, password="test")
+        self.client.login(username=user.username, password=self.TEST_PASSWORD)
         response = self.client.get(self.url)
         matches = re.findall(
             rb'<li class="nav-item"><button type="button" class="btn-link .*" data-section=".*">.*',
@@ -320,7 +320,7 @@ def test_student_admin_staff_instructor(self):
 
         # But staff user can only see specific grades
         staff = StaffFactory(course_key=self.course.id)
-        self.client.login(username=staff.username, password="test")
+        self.client.login(username=staff.username, password=self.TEST_PASSWORD)
         response = self.client.get(self.url)
         self.assertNotContains(response, '<h4 class="hd hd-4">Adjust all enrolled learners')
         self.assertContains(response, '<h4 class="hd hd-4">View a specific learner&#39;s grades and progress')
@@ -620,7 +620,7 @@ def setUp(self):
         self.course_mode.save()
         # Create instructor account
         self.instructor = AdminFactory.create()
-        self.client.login(username=self.instructor.username, password="test")
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
 
     def test_spoc_gradebook_mongo_calls(self):
         """
diff --git a/lms/djangoapps/instructor_task/rest_api/v1/tests/test_views.py b/lms/djangoapps/instructor_task/rest_api/v1/tests/test_views.py
index fb7f2a1ad2dc..bb338f0bf480 100644
--- a/lms/djangoapps/instructor_task/rest_api/v1/tests/test_views.py
+++ b/lms/djangoapps/instructor_task/rest_api/v1/tests/test_views.py
@@ -128,7 +128,7 @@ def test_list_tasks_basic_permissions(self, username, expected_status):
         Test case that verifies the permissions of the ListScheduledBulkEmailInstructorTasks view. A user without staff,
         instructor, or GlobalStaff access should not be able to retrieve the bulk email schedules for a course.
         """
-        self.client.login(username=username, password="test")
+        self.client.login(username=username, password=self.TEST_PASSWORD)
         response = self.client.get(self._build_api_url(self.course1.id))
         assert response.status_code == expected_status
 
@@ -143,7 +143,7 @@ def test_list_tasks(self):
         # add a "In Progress" task which shouldn't be returned in our results
         self._create_scheduled_course_emails_for_course(self.course1.id, self.instructor_course1, PROGRESS, 1)
 
-        self.client.login(username=self.instructor_course1.username, password="test")
+        self.client.login(username=self.instructor_course1.username, password=self.TEST_PASSWORD)
         response = self.client.get(self._build_api_url(self.course1.id))
         results = response.data.get("results")
 
@@ -169,7 +169,7 @@ def test_delete_schedules(self):
         expected_task_output_msg = "Task revoked before running"
 
         self._create_scheduled_course_emails_for_course(self.course1.id, self.instructor_course1, SCHEDULED, 3)
-        self.client.login(username=self.instructor_course1.username, password="test")
+        self.client.login(username=self.instructor_course1.username, password=self.TEST_PASSWORD)
         response = self.client.get(self._build_api_url(self.course1.id))
         results = response.data.get("results")
 
@@ -199,7 +199,7 @@ def test_delete_schedules_schedule_does_not_exist(self):
 
         This test verifies the response received when we try to delete a task schedule that does not exist.
         """
-        self.client.login(username=self.instructor_course1.username, password="test")
+        self.client.login(username=self.instructor_course1.username, password=self.TEST_PASSWORD)
         response = self.client.delete(f"{self._build_api_url(self.course1.id)}123456789")
         assert response.status_code == 404
 
@@ -214,7 +214,7 @@ def test_delete_schedule_task_already_processed(self):
         task = InstructorTask.objects.get(course_id=self.course1.id)
         schedule = InstructorTaskSchedule.objects.get(task=task)
 
-        self.client.login(username=self.instructor_course1.username, password="test")
+        self.client.login(username=self.instructor_course1.username, password=self.TEST_PASSWORD)
         response = self.client.delete(f"{self._build_api_url(self.course1.id)}{schedule.id}")
         assert response.status_code == 400
 
@@ -232,7 +232,7 @@ def test_update_schedule_new_date(self):
             "schedule": schedule_datetime.strftime('%Y-%m-%dT%H:%M:%SZ'),
             "browser_timezone": "UTC"
         }
-        self.client.login(username=self.instructor_course1.username, password="test")
+        self.client.login(username=self.instructor_course1.username, password=self.TEST_PASSWORD)
         response = self.client.patch(
             f"{self._build_api_url(self.course1.id)}{task_schedule.id}",
             data=json.dumps(data),
@@ -262,7 +262,7 @@ def test_update_schedule_edit_email(self):
             }
         }
 
-        self.client.login(username=self.instructor_course1.username, password="test")
+        self.client.login(username=self.instructor_course1.username, password=self.TEST_PASSWORD)
         response = self.client.patch(
             f"{self._build_api_url(self.course1.id)}{task_schedule.id}",
             data=json.dumps(data),
@@ -296,7 +296,7 @@ def test_update_schedule_bad_date(self):
             f"Cannot update instructor task schedule '{task_schedule.id}', the updated schedule occurs in the past"
         )
 
-        self.client.login(username=self.instructor_course1.username, password="test")
+        self.client.login(username=self.instructor_course1.username, password=self.TEST_PASSWORD)
         response = self.client.patch(
             f"{self._build_api_url(self.course1.id)}{task_schedule.id}",
             data=json.dumps(data),
@@ -328,7 +328,7 @@ def test_update_schedule_bad_email_target_data(self):
             f"Subject{email_id}'"
         )
 
-        self.client.login(username=self.instructor_course1.username, password="test")
+        self.client.login(username=self.instructor_course1.username, password=self.TEST_PASSWORD)
         response = self.client.patch(
             f"{self._build_api_url(self.course1.id)}{task_schedule.id}",
             data=json.dumps(data),
@@ -359,7 +359,7 @@ def test_update_schedule_mismatched_email_id(self):
             "specified in the request does not match the email id associated with the task"
         )
 
-        self.client.login(username=self.instructor_course1.username, password="test")
+        self.client.login(username=self.instructor_course1.username, password=self.TEST_PASSWORD)
         response = self.client.patch(
             f"{self._build_api_url(self.course1.id)}{task_schedule.id}",
             data=json.dumps(data),
@@ -379,7 +379,7 @@ def test_update_schedule_dne(self):
             "browser_timezone": "UTC"
         }
 
-        self.client.login(username=self.instructor_course1.username, password="test")
+        self.client.login(username=self.instructor_course1.username, password=self.TEST_PASSWORD)
         response = self.client.patch(
             f"{self._build_api_url(self.course1.id)}8675309",
             data=json.dumps(data),
diff --git a/lms/djangoapps/instructor_task/tests/test_base.py b/lms/djangoapps/instructor_task/tests/test_base.py
index 2f1fcfdc5eb8..a11403f5a60c 100644
--- a/lms/djangoapps/instructor_task/tests/test_base.py
+++ b/lms/djangoapps/instructor_task/tests/test_base.py
@@ -161,7 +161,7 @@ def login_username(self, username):
         if self.current_user != username:
             self.logout()
             user_email = User.objects.get(username=username).email
-            self.login(user_email, "test")
+            self.login(user_email, self.TEST_PASSWORD)
             self.current_user = username
 
     def _create_user(self, username, email=None, is_staff=False, mode='honor', enrollment_active=True):
diff --git a/lms/djangoapps/learner_dashboard/api/v0/tests/test_views.py b/lms/djangoapps/learner_dashboard/api/v0/tests/test_views.py
index aaaafb89a2d8..7a51f4680d35 100644
--- a/lms/djangoapps/learner_dashboard/api/v0/tests/test_views.py
+++ b/lms/djangoapps/learner_dashboard/api/v0/tests/test_views.py
@@ -54,7 +54,6 @@
 class TestProgramProgressDetailView(ProgramsApiConfigMixin, SharedModuleStoreTestCase):
     """Unit tests for the program progress detail page."""
     program_uuid = str(uuid4())
-    password = 'test'
     url = reverse_lazy('learner_dashboard:v0:program_progress_detail', kwargs={'program_uuid': program_uuid})
 
     @classmethod
@@ -75,7 +74,7 @@ def setUp(self):
         super().setUp()
 
         self.user = UserFactory()
-        self.client.login(username=self.user.username, password=self.password)
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
     def assert_program_data_present(self, response):
         """Verify that program data is present."""
@@ -148,7 +147,6 @@ class TestProgramsView(SharedModuleStoreTestCase, ProgramCacheMixin):
 
     enterprise_uuid = str(uuid4())
     program_uuid = str(uuid4())
-    password = 'test'
     url = reverse_lazy('learner_dashboard:v0:program_list', kwargs={'enterprise_uuid': enterprise_uuid})
 
     @classmethod
@@ -188,7 +186,7 @@ def setUpClass(cls):
 
     def setUp(self):
         super().setUp()
-        self.client.login(username=self.user.username, password=self.password)
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         self.set_program_in_catalog_cache(self.program_uuid, self.program)
         ProgramEnrollmentFactory.create(
             user=self.user,
diff --git a/lms/djangoapps/learner_dashboard/tests/test_programs.py b/lms/djangoapps/learner_dashboard/tests/test_programs.py
index 6b2b1604515d..c1b699c44afa 100644
--- a/lms/djangoapps/learner_dashboard/tests/test_programs.py
+++ b/lms/djangoapps/learner_dashboard/tests/test_programs.py
@@ -55,7 +55,6 @@ def load_serialized_data(response, key):
 class TestProgramListing(ProgramsApiConfigMixin, SharedModuleStoreTestCase):
     """Unit tests for the program listing page."""
     maxDiff = None
-    password = 'test'
     url = reverse_lazy('program_listing_view')
 
     @classmethod
@@ -75,7 +74,7 @@ def setUp(self):
         super().setUp()
 
         self.user = UserFactory()
-        self.client.login(username=self.user.username, password=self.password)
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
     @classmethod
     def program_sort_key(cls, program):
@@ -112,7 +111,7 @@ def test_login_required(self, mock_get_programs):
             '{}?next={}'.format(reverse('signin_user'), self.url)
         )
 
-        self.client.login(username=self.user.username, password=self.password)
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
         response = self.client.get(self.url)
         assert response.status_code == 200
@@ -224,7 +223,7 @@ def setUp(self):
         super().setUp()
 
         self.user = UserFactory()
-        self.client.login(username=self.user.username, password=self.password)
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
     def assert_program_data_present(self, response):
         """Verify that program data is present."""
@@ -277,7 +276,7 @@ def test_login_required(self, mock_get_programs, mock_get_pathways):
             '{}?next={}'.format(reverse('signin_user'), self.url)
         )
 
-        self.client.login(username=self.user.username, password=self.password)
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
         with mock.patch('lms.djangoapps.learner_dashboard.programs.get_certificates') as certs:
             certs.return_value = [{'type': 'program', 'url': '/'}]
@@ -324,7 +323,7 @@ def setUpClass(cls):
     def setUp(self):
         super().setUp()
         self.user = UserFactory()
-        self.client.login(username=self.user.username, password=self.password)
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         self.set_program_in_catalog_cache(self.program_uuid, self.program)
         self.create_programs_config()
 
diff --git a/lms/djangoapps/learner_dashboard/tests/test_views.py b/lms/djangoapps/learner_dashboard/tests/test_views.py
index d38b2876f514..03f7da1d8c6d 100644
--- a/lms/djangoapps/learner_dashboard/tests/test_views.py
+++ b/lms/djangoapps/learner_dashboard/tests/test_views.py
@@ -26,7 +26,6 @@
 class TestProgramDiscussionIframeView(SharedModuleStoreTestCase, ProgramCacheMixin):
     """Unit tests for the program details page."""
     program_uuid = str(uuid4())
-    password = 'test'
     url = reverse_lazy('program_discussion', kwargs={'program_uuid': program_uuid})
 
     @classmethod
@@ -41,7 +40,7 @@ def setUpClass(cls):
     def setUp(self):
         super().setUp()
         self.user = UserFactory()
-        self.client.login(username=self.user.username, password=self.password)
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         self.set_program_in_catalog_cache(self.program_uuid, self.program)
         ProgramEnrollmentFactory.create(
             user=self.user,
@@ -103,7 +102,7 @@ def test_api_returns_discussions_iframe(self, staff):
         """
         if staff:
             self.user = UserFactory(is_staff=True)
-            self.client.login(username=self.user.username, password=self.password)
+            self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         discussion_config = ProgramDiscussionsConfiguration.objects.create(
             program_uuid=self.program_uuid,
             enabled=True,
@@ -126,7 +125,7 @@ def test_program_without_enrollment(self):
         Test if API returns default response in case a non staff user has no enrollment in the program
         """
         self.user = UserFactory()
-        self.client.login(username=self.user.username, password=self.password)
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         response = self.client.get(self.url)
         default_response = {
             'tab_view_enabled': False,
diff --git a/lms/djangoapps/learner_recommendations/tests/test_views.py b/lms/djangoapps/learner_recommendations/tests/test_views.py
index d582eaf334a8..a41666f6baec 100644
--- a/lms/djangoapps/learner_recommendations/tests/test_views.py
+++ b/lms/djangoapps/learner_recommendations/tests/test_views.py
@@ -23,8 +23,9 @@ class TestRecommendationsBase(APITestCase):
 
     def setUp(self):
         super().setUp()
-        self.user = UserFactory()
-        self.client.login(username=self.user.username, password="test")
+        self.TEST_PASSWORD = 'Password1234'
+        self.user = UserFactory(password=self.TEST_PASSWORD)
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         self.recommended_courses = [
             "MITx+6.00.1x",
             "IBM+PY0101EN",
diff --git a/lms/djangoapps/mobile_api/course_info/constants.py b/lms/djangoapps/mobile_api/course_info/constants.py
new file mode 100644
index 000000000000..d62cb463951a
--- /dev/null
+++ b/lms/djangoapps/mobile_api/course_info/constants.py
@@ -0,0 +1,5 @@
+"""
+Common constants for the `course_info` API.
+"""
+
+BLOCK_STRUCTURE_CACHE_TIMEOUT = 60 * 60  # 1 hour
diff --git a/lms/djangoapps/mobile_api/course_info/serializers.py b/lms/djangoapps/mobile_api/course_info/serializers.py
new file mode 100644
index 000000000000..69bed47b03fc
--- /dev/null
+++ b/lms/djangoapps/mobile_api/course_info/serializers.py
@@ -0,0 +1,138 @@
+"""
+Course Info serializers
+"""
+from rest_framework import serializers
+from typing import Dict, Union
+
+from common.djangoapps.course_modes.models import CourseMode
+from common.djangoapps.student.models import CourseEnrollment
+from common.djangoapps.util.course import get_encoded_course_sharing_utm_params, get_link_for_about_page
+from common.djangoapps.util.milestones_helpers import (
+    get_pre_requisite_courses_not_completed,
+)
+from lms.djangoapps.courseware.access import has_access
+from lms.djangoapps.courseware.access import administrative_accesses_to_course_for_user
+from lms.djangoapps.courseware.access_utils import check_course_open_for_learner
+from lms.djangoapps.courseware.courses import get_assignments_completions
+from lms.djangoapps.mobile_api.users.serializers import ModeSerializer
+from openedx.core.djangoapps.content.course_overviews.models import CourseOverview
+from openedx.features.course_duration_limits.access import get_user_course_expiration_date
+
+
+class CourseInfoOverviewSerializer(serializers.ModelSerializer):
+    """
+    Serializer for additional course fields that should be returned in BlocksInfoInCourseView.
+    """
+
+    name = serializers.CharField(source='display_name')
+    number = serializers.CharField(source='display_number_with_default')
+    org = serializers.CharField(source='display_org_with_default')
+    is_self_paced = serializers.BooleanField(source='self_paced')
+    media = serializers.SerializerMethodField()
+    course_sharing_utm_parameters = serializers.SerializerMethodField()
+    course_about = serializers.SerializerMethodField('get_course_about_url')
+    course_modes = serializers.SerializerMethodField()
+    course_progress = serializers.SerializerMethodField()
+
+    class Meta:
+        model = CourseOverview
+        fields = (
+            'name',
+            'number',
+            'org',
+            'start',
+            'start_display',
+            'start_type',
+            'end',
+            'is_self_paced',
+            'media',
+            'course_sharing_utm_parameters',
+            'course_about',
+            'course_modes',
+            'course_progress',
+        )
+
+    @staticmethod
+    def get_media(obj):
+        """
+        Return course images in the correct format.
+        """
+        return {'image': obj.image_urls}
+
+    def get_course_sharing_utm_parameters(self, obj):
+        return get_encoded_course_sharing_utm_params()
+
+    def get_course_about_url(self, course_overview):
+        return get_link_for_about_page(course_overview)
+
+    def get_course_modes(self, course_overview):
+        """
+        Retrieve course modes associated with the course.
+        """
+        course_modes = CourseMode.modes_for_course(
+            course_overview.id,
+            only_selectable=False
+        )
+        return [
+            ModeSerializer(mode).data
+            for mode in course_modes
+        ]
+
+    def get_course_progress(self, obj: CourseOverview) -> Dict[str, int]:
+        """
+        Gets course progress calculated by course completed assignments.
+        """
+        return get_assignments_completions(obj.id, self.context.get('user'))
+
+
+class MobileCourseEnrollmentSerializer(serializers.ModelSerializer):
+    """
+    Serializer for the CourseEnrollment object used in the BlocksInfoInCourseView.
+    """
+
+    class Meta:
+        fields = ('created', 'mode', 'is_active', 'upgrade_deadline')
+        model = CourseEnrollment
+        lookup_field = 'username'
+
+
+class CourseAccessSerializer(serializers.Serializer):
+    """
+    Get info whether a user should be able to view course material.
+    """
+
+    has_unmet_prerequisites = serializers.SerializerMethodField(method_name='get_has_unmet_prerequisites')
+    is_too_early = serializers.SerializerMethodField(method_name='get_is_too_early')
+    is_staff = serializers.SerializerMethodField(method_name='get_is_staff')
+    audit_access_expires = serializers.SerializerMethodField()
+    courseware_access = serializers.SerializerMethodField()
+
+    def get_has_unmet_prerequisites(self, data: dict) -> bool:
+        """
+        Check whether or not a course has unmet prerequisites.
+        """
+        return any(get_pre_requisite_courses_not_completed(data.get('user'), [data.get('course_id')]))
+
+    def get_is_too_early(self, data: dict) -> bool:
+        """
+        Determine if the course is open to a learner (course has started or user has early beta access).
+        """
+        return not check_course_open_for_learner(data.get('user'), data.get('course'))
+
+    def get_is_staff(self, data: dict) -> bool:
+        """
+        Determine whether a user has staff access to this course.
+        """
+        return any(administrative_accesses_to_course_for_user(data.get('user'), data.get('course_id')))
+
+    def get_audit_access_expires(self, data: dict) -> Union[str, None]:
+        """
+        Returns expiration date for a course audit expiration, if any or null
+        """
+        return get_user_course_expiration_date(data.get('user'), data.get('course'))
+
+    def get_courseware_access(self, data: dict) -> dict:
+        """
+        Determine if the learner has access to the course, otherwise show error message.
+        """
+        return has_access(data.get('user'), 'load_mobile', data.get('course')).to_json()
diff --git a/lms/djangoapps/mobile_api/course_info/urls.py b/lms/djangoapps/mobile_api/course_info/urls.py
index 5314b43bc5be..e369930e2550 100644
--- a/lms/djangoapps/mobile_api/course_info/urls.py
+++ b/lms/djangoapps/mobile_api/course_info/urls.py
@@ -6,7 +6,7 @@
 from django.conf import settings
 from django.urls import path, re_path
 
-from .views import CourseHandoutsList, CourseUpdatesList, CourseGoalsRecordUserActivity
+from .views import CourseHandoutsList, CourseUpdatesList, CourseGoalsRecordUserActivity, BlocksInfoInCourseView
 
 urlpatterns = [
     re_path(
@@ -20,4 +20,5 @@
         name='course-updates-list'
     ),
     path('record_user_activity', CourseGoalsRecordUserActivity.as_view(), name='record_user_activity'),
+    path('blocks/', BlocksInfoInCourseView.as_view(), name="blocks_info_in_course"),
 ]
diff --git a/lms/djangoapps/mobile_api/course_info/views.py b/lms/djangoapps/mobile_api/course_info/views.py
index cb474a5fd754..0279c59cf55c 100644
--- a/lms/djangoapps/mobile_api/course_info/views.py
+++ b/lms/djangoapps/mobile_api/course_info/views.py
@@ -3,17 +3,31 @@
 """
 
 import logging
+from typing import Dict, Optional, Union
 
+import django
 from django.contrib.auth import get_user_model
 from opaque_keys import InvalidKeyError
 from opaque_keys.edx.keys import CourseKey
 from rest_framework import generics, status
 from rest_framework.response import Response
+from rest_framework.reverse import reverse
 from rest_framework.views import APIView
 
+from common.djangoapps.student.models import CourseEnrollment, User as StudentUser
 from common.djangoapps.static_replace import make_static_urls_absolute
-from lms.djangoapps.courseware.courses import get_course_info_section_block
+from lms.djangoapps.certificates.api import certificate_downloadable_status
+from lms.djangoapps.courseware.courses import get_assignments_grades, get_course_info_section_block
 from lms.djangoapps.course_goals.models import UserActivity
+from lms.djangoapps.course_api.blocks.views import BlocksInCourseView
+from lms.djangoapps.mobile_api.course_info.constants import BLOCK_STRUCTURE_CACHE_TIMEOUT
+from lms.djangoapps.mobile_api.course_info.serializers import (
+    CourseInfoOverviewSerializer,
+    CourseAccessSerializer,
+    MobileCourseEnrollmentSerializer
+)
+from openedx.core.djangoapps.content.course_overviews.models import CourseOverview
+from openedx.core.lib.api.view_utils import view_auth_classes
 from openedx.core.lib.xblock_utils import get_course_update_items
 from openedx.features.course_experience import ENABLE_COURSE_GOALS
 from ..decorators import mobile_course_access, mobile_view
@@ -21,6 +35,8 @@
 User = get_user_model()
 log = logging.getLogger(__name__)
 
+UserType = Union[django.contrib.auth.models.User, django.contrib.auth.models.AnonymousUser, StudentUser]
+
 
 @mobile_view()
 class CourseUpdatesList(generics.ListAPIView):
@@ -132,6 +148,7 @@ def post(self, request, *args, **kwargs):
         course_key = request.data.get('course_key')
 
         if not user_id or not course_key:
+            log.error('User id and course key are required. %s %s', user_id, course_key)
             return Response(
                 'User id and course key are required',
                 status=status.HTTP_400_BAD_REQUEST,
@@ -141,6 +158,7 @@ def post(self, request, *args, **kwargs):
             user_id = int(user_id)
             user = User.objects.get(id=user_id)
         except User.DoesNotExist:
+            log.error('Provided user id does not correspond to an existing user %s', user_id)
             return Response(
                 'Provided user id does not correspond to an existing user',
                 status=status.HTTP_400_BAD_REQUEST,
@@ -149,6 +167,7 @@ def post(self, request, *args, **kwargs):
         try:
             course_key = CourseKey.from_string(course_key)
         except InvalidKeyError:
+            log.error('Provided course key is not valid %s', course_key)
             return Response(
                 'Provided course key is not valid',
                 status=status.HTTP_400_BAD_REQUEST,
@@ -163,3 +182,246 @@ def post(self, request, *args, **kwargs):
         # Populate user activity for tracking progress towards a user's course goals
         UserActivity.record_user_activity(user, course_key)
         return Response(status=(200))
+
+
+@view_auth_classes(is_authenticated=False)
+class BlocksInfoInCourseView(BlocksInCourseView):
+    """
+    **Use Case**
+
+        This API endpoint is specifically optimized for the course homepage on Mobile Apps.
+        The endpoint returns the blocks in the course according to the requesting user's access level.
+        Additionally, response encompasses info fields with information about the course,
+        including certificate URL, media dictionary with course image URLs, start and end dates for the course.
+
+    **Example requests**:
+
+        This api works with all versions {api_version}, you can use: v0.5, v1, v2 or v3
+
+        GET /api/mobile/{api_version}/course_info/blocks/?course_id=<course_id>
+        GET /api/mobile/{api_version}/course_info/blocks/?course_id=<course_id>
+            &username=anjali
+            &depth=all
+            &requested_fields=graded,format,student_view_multi_device,lti_url
+            &block_counts=video
+            &student_view_data=video
+            &block_types_filter=problem,html
+
+    **Parameters:**
+
+            username (str): The username of the specified user for whom the course data
+                is being accessed.
+            depth (integer, str, None): Optional number of blocks you receive in response
+                course nesting depth, you can get only sections, sections and subsections,
+                or provide string 'all' to receive all blocks of the course.
+            requested_field (list): Optional list of names of additional fields to return for each block.
+                Supported fields can be found in transformers.SUPPORTED_FIELDS.
+            block_counts (list): Optional list of names of block types for which an aggregated count
+                of blocks is returned.
+            student_view_data (list): Optional list of names of block types for
+                which student_view_data is returned.
+            block_types_filter (list): Filter by block types:
+                'video', 'discussion', 'html', 'chapter', 'sequential', 'vertical'.
+            return_type (list, dict): Optional list or dictionary of block's fields based on 'return_type'.
+
+    **Response example**
+
+        Body consists of the following fields, you received this response if you use
+        'return_type=dict' in query params:
+
+        root: (str) The ID of the root node of the requested course block structure.\
+        blocks: (dict) A dictionary or list, based on the value of the
+            "return_type" parameter. Maps block usage IDs to a collection of
+            information about each block. Each block contains the following
+            fields.
+
+        id: (str) The Course's id (Course Run key)
+        name: (str) The course's name
+        number: (str) The course's number
+        org: (str) The course's organisation
+        start: (str) Date the course begins, in ISO 8601 notation
+        start_display: (str) Readably formatted start of the course
+        start_type: (str) Hint describing how `start_display` is set. One of:
+            * `"string"`: manually set by the course author
+            * `"timestamp"`: generated from the `start` timestamp
+            * `"empty"`: no start date is specified
+        end: (str) Date the course ends, in ISO 8601 notation
+        media: (dict) An object that contains named media items. Included here:
+            * course_image: An image to show for the course.  Represented
+              as an object with the following fields:
+                * uri: The location of the image
+        certificate: (dict) Information about the user's earned certificate in the course.
+            Included here:
+                * uri: The location of the user's certificate
+        is_self_paced: (bool) Indicates if the course is self paced
+
+        Body consists of the following fields, you received this response if you use
+        'return_type=list' in query params:
+
+        id: (str) The Course's id (Course Run key)
+        block_id: (str) The unique identifier for the block_id
+        lms_web_url: (str) The URL to the navigational container of the xBlock on the web.
+        legacy_web_url: (str) Like `lms_web_url`, but always directs to
+            the "Legacy" frontend experience.
+        student_view_url: (str) The URL to retrieve the HTML rendering
+            of this block's student view
+        type: (str): The type of block. Possible values the names of any
+            XBlock type in the system, including custom blocks. Examples are
+            course, chapter, sequential, vertical, html, problem, video, and
+            discussion.
+        display_name: (str) The display name of the block.
+        course_progress: (dict) Contains information about how many assignments are in the course
+            and how many assignments the student has completed.
+            Included here:
+                * total_assignments_count: (int) Total course's assignments count.
+                * assignments_completed: (int) Assignments witch the student has completed.
+
+    **Returns**
+
+        * 200 on success with above fields.
+        * 400 if an invalid parameter was sent or the username was not provided
+        * 401 unauthorized, the provided access token has expired and is no longer valid
+          for an authenticated request.
+        * 403 if a user who does not have permission to masquerade as
+          another user specifies a username other than their own.
+        * 404 if the course is not available or cannot be seen.
+    """
+
+    def get_requested_user(self, user: UserType, username: Optional[str] = None) -> Union[UserType, None]:
+        """
+        Return a user for whom the course blocks are fetched.
+
+        Arguments:
+            user: current user from request.
+            username: string with username.
+        Returns: A user object or None.
+        """
+        if user.is_anonymous:
+            return None
+
+        if not username or (username and user.username == username):
+            return user
+        if username and (user.is_staff or user.is_superuser):
+            try:
+                return User.objects.get(username=username)
+            except User.DoesNotExist:
+                log.warning('Provided username does not correspond to an existing user %s', username)
+        return None
+
+    def get_certificate(self, request, user, course_id):
+        """
+        Return the information about the user's certificate in the course.
+
+        Arguments:
+            request (Request): The request object.
+            user (User): The user object.
+            course_id (str): The identifier of the course.
+        Returns:
+            (dict): A dict containing information about location of the user's certificate
+            or an empty dictionary, if there is no certificate.
+        """
+        certificate_info = certificate_downloadable_status(user, course_id)
+        if certificate_info['is_downloadable']:
+            return {
+                'url': request.build_absolute_uri(
+                    certificate_info['download_url']
+                ),
+            }
+        return {}
+
+    def list(self, request, **kwargs):  # pylint: disable=W0221
+        """
+        REST API endpoint for listing all the blocks information in the course and
+        information about the course considering user access and roles.
+
+        Arguments:
+            request - Django request object
+        """
+
+        response = super().list(request, kwargs)
+
+        if request.GET.get('return_type', 'dict') == 'dict':
+            api_version = self.kwargs.get('api_version')
+            course_id = request.query_params.get('course_id', None)
+            course_key = CourseKey.from_string(course_id)
+            course_overview = CourseOverview.get_from_id(course_key)
+            requested_username = request.query_params.get('username', None)
+
+            course_data = {
+                'id': course_id,
+                'course_updates': reverse(
+                    'course-updates-list',
+                    kwargs={'api_version': api_version, 'course_id': course_id},
+                    request=request,
+                ),
+                'course_handouts': reverse(
+                    'course-handouts-list',
+                    kwargs={'api_version': api_version, 'course_id': course_id},
+                    request=request,
+                ),
+            }
+
+            course_info_context = {}
+            if requested_user := self.get_requested_user(request.user, requested_username):
+                self._extend_sequential_info_with_assignment_progress(
+                    requested_user,
+                    course_key,
+                    response.data['blocks'],
+                )
+
+                course_info_context = {
+                    'user': requested_user,
+                }
+                user_enrollment = CourseEnrollment.get_enrollment(user=requested_user, course_key=course_key)
+                course_data.update({
+                    'discussion_url': reverse(
+                        'discussion_course',
+                        kwargs={'course_id': course_id},
+                        request=request,
+                    ) if course_overview.is_discussion_tab_enabled(requested_user) else None,
+                    'course_access_details': CourseAccessSerializer({
+                        'user': requested_user,
+                        'course': course_overview,
+                        'course_id': course_key
+                    }).data,
+                    'certificate': self.get_certificate(request, requested_user, course_key),
+                    'enrollment_details': MobileCourseEnrollmentSerializer(user_enrollment).data,
+                })
+
+            course_data.update(CourseInfoOverviewSerializer(course_overview, context=course_info_context).data)
+
+            response.data.update(course_data)
+        return response
+
+    @staticmethod
+    def _extend_sequential_info_with_assignment_progress(
+        requested_user: User,
+        course_id: CourseKey,
+        blocks_info_data: Dict[str, Dict],
+    ) -> None:
+        """
+        Extends sequential xblock info with assignment's name and progress.
+        """
+        subsection_grades = get_assignments_grades(requested_user, course_id, BLOCK_STRUCTURE_CACHE_TIMEOUT)
+        grades_with_locations = {str(grade.location): grade for grade in subsection_grades}
+
+        for block_id, block_info in blocks_info_data.items():
+            if block_info['type'] == 'sequential':
+                grade = grades_with_locations.get(block_id)
+                if grade:
+                    graded_total = grade.graded_total if grade.graded else None
+                    points_earned = graded_total.earned if graded_total else 0
+                    points_possible = graded_total.possible if graded_total else 0
+                    assignment_type = grade.format
+                else:
+                    points_earned, points_possible, assignment_type = 0, 0, None
+
+                block_info.update(
+                    {
+                        'assignment_progress': {
+                            'assignment_type': assignment_type,
+                            'num_points_earned': points_earned,
+                            'num_points_possible': points_possible,
+                        }
+                    }
+                )
diff --git a/lms/djangoapps/mobile_api/decorators.py b/lms/djangoapps/mobile_api/decorators.py
index c91d88fdb635..ea309ce23f15 100644
--- a/lms/djangoapps/mobile_api/decorators.py
+++ b/lms/djangoapps/mobile_api/decorators.py
@@ -29,7 +29,7 @@ def _decorator(func):
         def _wrapper(self, request, *args, **kwargs):
             """
             Expects kwargs to contain 'course_id'.
-            Passes the course descriptor to the given decorated function.
+            Passes the course block to the given decorated function.
             Raises 404 if access to course is disallowed.
             """
             course_id = CourseKey.from_string(kwargs.pop('course_id'))
diff --git a/lms/djangoapps/mobile_api/middleware.py b/lms/djangoapps/mobile_api/middleware.py
index d4a2d0adb253..5fbfb23f4c80 100644
--- a/lms/djangoapps/mobile_api/middleware.py
+++ b/lms/djangoapps/mobile_api/middleware.py
@@ -99,7 +99,7 @@ def _get_version_info(self, request):
                 request_cache_dict[self.USER_APP_VERSION] = platform.version
                 last_supported_date_cache_key = self._get_cache_key_name(
                     self.LAST_SUPPORTED_DATE_HEADER,
-                    platform.version
+                    platform.NAME + platform.version
                 )
                 latest_version_cache_key = self._get_cache_key_name(self.LATEST_VERSION_HEADER, platform.NAME)
                 cached_data = cache.get_many([last_supported_date_cache_key, latest_version_cache_key])
diff --git a/lms/djangoapps/mobile_api/migrations/0005_alter_mobileconfig_value.py b/lms/djangoapps/mobile_api/migrations/0005_alter_mobileconfig_value.py
new file mode 100644
index 000000000000..21390296d630
--- /dev/null
+++ b/lms/djangoapps/mobile_api/migrations/0005_alter_mobileconfig_value.py
@@ -0,0 +1,18 @@
+# Generated by Django 4.2.10 on 2024-02-23 06:14
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('mobile_api', '0004_mobileconfig'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='mobileconfig',
+            name='value',
+            field=models.CharField(max_length=1000),
+        ),
+    ]
diff --git a/lms/djangoapps/mobile_api/models.py b/lms/djangoapps/mobile_api/models.py
index f2a912e78c61..c80126996ace 100644
--- a/lms/djangoapps/mobile_api/models.py
+++ b/lms/djangoapps/mobile_api/models.py
@@ -93,7 +93,7 @@ class IgnoreMobileAvailableFlagConfig(ConfigurationModel):
     Configuration for the mobile_available flag. Default is false.
 
     Enabling this configuration will cause the mobile_available flag check in
-    access.py._is_descriptor_mobile_available to ignore the mobile_available
+    access.py._is_block_mobile_available to ignore the mobile_available
     flag.
 
     .. no_pii:
@@ -110,7 +110,7 @@ class MobileConfig(TimeStampedModel):
     .. no_pii:
     """
     name = models.CharField(max_length=255)
-    value = models.CharField(max_length=255)
+    value = models.CharField(max_length=1000)
 
     class Meta:
         app_label = "mobile_api"
diff --git a/lms/djangoapps/mobile_api/tests/test_course_info_serializers.py b/lms/djangoapps/mobile_api/tests/test_course_info_serializers.py
new file mode 100644
index 000000000000..d94fe3c11262
--- /dev/null
+++ b/lms/djangoapps/mobile_api/tests/test_course_info_serializers.py
@@ -0,0 +1,209 @@
+"""
+Tests for serializers for the Mobile Course Info
+"""
+
+import ddt
+from django.test import TestCase
+from mock import MagicMock, Mock, patch
+from typing import Dict, List, Tuple, Union
+
+from common.djangoapps.student.tests.factories import UserFactory
+from lms.djangoapps.mobile_api.course_info.serializers import (
+    CourseAccessSerializer,
+    CourseInfoOverviewSerializer,
+)
+from openedx.core.djangoapps.content.course_overviews.tests.factories import CourseOverviewFactory
+
+
+@ddt.ddt
+class TestCourseAccessSerializer(TestCase):
+    """
+    Tests for the CourseAccessSerializer.
+    """
+
+    def setUp(self):
+        super().setUp()
+        self.user = UserFactory()
+        self.course = CourseOverviewFactory()
+
+    @ddt.data(
+        ([{'course_id': {}}], True),
+        ([], False),
+    )
+    @ddt.unpack
+    @patch('lms.djangoapps.mobile_api.course_info.serializers.get_pre_requisite_courses_not_completed')
+    def test_has_unmet_prerequisites(
+        self,
+        mock_return_value: List[Dict],
+        has_unmet_prerequisites: bool,
+        mock_get_prerequisites: MagicMock,
+    ) -> None:
+        mock_get_prerequisites.return_value = mock_return_value
+
+        output_data = CourseAccessSerializer({
+            'user': self.user,
+            'course': self.course,
+            'course_id': self.course.id,
+        }).data
+
+        self.assertEqual(output_data['has_unmet_prerequisites'], has_unmet_prerequisites)
+        mock_get_prerequisites.assert_called_once_with(self.user, [self.course.id])
+
+    @ddt.data(
+        (True, False),
+        (False, True),
+    )
+    @ddt.unpack
+    @patch('lms.djangoapps.mobile_api.course_info.serializers.check_course_open_for_learner')
+    def test_is_too_early(
+        self,
+        mock_return_value: bool,
+        is_too_early: bool,
+        mock_check_course_open: MagicMock,
+    ) -> None:
+        mock_check_course_open.return_value = mock_return_value
+
+        output_data = CourseAccessSerializer({
+            'user': self.user,
+            'course': self.course,
+            'course_id': self.course.id
+        }).data
+
+        self.assertEqual(output_data['is_too_early'], is_too_early)
+        mock_check_course_open.assert_called_once_with(self.user, self.course)
+
+    @ddt.data(
+        ((False, False, False), False),
+        ((True, True, True), True),
+        ((True, False, False), True),
+    )
+    @ddt.unpack
+    @patch('lms.djangoapps.mobile_api.course_info.serializers.administrative_accesses_to_course_for_user')
+    def test_is_staff(
+        self,
+        mock_return_value: Tuple[bool],
+        is_staff: bool,
+        mock_administrative_access: MagicMock,
+    ) -> None:
+        mock_administrative_access.return_value = mock_return_value
+
+        output_data = CourseAccessSerializer({
+            'user': self.user,
+            'course': self.course,
+            'course_id': self.course.id
+        }).data
+
+        self.assertEqual(output_data['is_staff'], is_staff)
+        mock_administrative_access.assert_called_once_with(self.user, self.course.id)
+
+    @ddt.data(None, 'mocked_user_course_expiration_date')
+    @patch('lms.djangoapps.mobile_api.course_info.serializers.get_user_course_expiration_date')
+    def test_get_audit_access_expires(
+        self,
+        mock_return_value: Union[str, None],
+        mock_get_user_course_expiration_date: MagicMock,
+    ) -> None:
+        mock_get_user_course_expiration_date.return_value = mock_return_value
+
+        output_data = CourseAccessSerializer({
+            'user': self.user,
+            'course': self.course,
+            'course_id': self.course.id
+        }).data
+
+        self.assertEqual(output_data['audit_access_expires'], mock_return_value)
+        mock_get_user_course_expiration_date.assert_called_once_with(self.user, self.course)
+
+    @patch('lms.djangoapps.mobile_api.course_info.serializers.has_access')
+    def test_get_courseware_access(self, mock_has_access: MagicMock) -> None:
+        mocked_access = {
+            'has_access': True,
+            'error_code': None,
+            'developer_message': None,
+            'user_message': None,
+            'additional_context_user_message': None,
+            'user_fragment': None
+        }
+        mock_has_access.return_value = Mock(to_json=Mock(return_value=mocked_access))
+
+        output_data = CourseAccessSerializer({
+            'user': self.user,
+            'course': self.course,
+            'course_id': self.course.id
+        }).data
+
+        self.assertDictEqual(output_data['courseware_access'], mocked_access)
+        mock_has_access.assert_called_once_with(self.user, 'load_mobile', self.course)
+        mock_has_access.return_value.to_json.assert_called_once_with()
+
+
+class TestCourseInfoOverviewSerializer(TestCase):
+    """
+    Tests for the CourseInfoOverviewSerializer.
+    """
+
+    def setUp(self):
+        super().setUp()
+        self.user = UserFactory()
+        self.course_overview = CourseOverviewFactory()
+
+    @patch('lms.djangoapps.mobile_api.course_info.serializers.get_assignments_completions')
+    def test_get_media(self, get_assignments_completions_mock: MagicMock) -> None:
+        output_data = CourseInfoOverviewSerializer(self.course_overview, context={'user': self.user}).data
+
+        self.assertIn('media', output_data)
+        self.assertIn('image', output_data['media'])
+        self.assertIn('raw', output_data['media']['image'])
+        self.assertIn('small', output_data['media']['image'])
+        self.assertIn('large', output_data['media']['image'])
+
+    @patch('lms.djangoapps.mobile_api.course_info.serializers.get_assignments_completions')
+    @patch(
+        'lms.djangoapps.mobile_api.course_info.serializers.get_link_for_about_page',
+        return_value='mock_about_link'
+    )
+    def test_get_course_sharing_utm_parameters(
+        self,
+        mock_get_link_for_about_page: MagicMock,
+        get_assignments_completions_mock: MagicMock,
+    ) -> None:
+        output_data = CourseInfoOverviewSerializer(self.course_overview, context={'user': self.user}).data
+
+        self.assertEqual(output_data['course_about'], mock_get_link_for_about_page.return_value)
+        mock_get_link_for_about_page.assert_called_once_with(self.course_overview)
+
+    @patch('lms.djangoapps.mobile_api.course_info.serializers.get_assignments_completions')
+    def test_get_course_modes(self, get_assignments_completions_mock: MagicMock) -> None:
+        expected_course_modes = [{'slug': 'audit', 'sku': None, 'android_sku': None, 'ios_sku': None, 'min_price': 0}]
+
+        output_data = CourseInfoOverviewSerializer(self.course_overview, context={'user': self.user}).data
+
+        self.assertListEqual(output_data['course_modes'], expected_course_modes)
+
+    @patch('lms.djangoapps.courseware.courses.get_course_assignments')
+    def test_get_course_progress_no_assignments(self, get_course_assignment_mock: MagicMock) -> None:
+        expected_course_progress = {'total_assignments_count': 0, 'assignments_completed': 0}
+
+        output_data = CourseInfoOverviewSerializer(self.course_overview, context={'user': self.user}).data
+
+        self.assertIn('course_progress', output_data)
+        self.assertDictEqual(output_data['course_progress'], expected_course_progress)
+        get_course_assignment_mock.assert_called_once_with(
+            self.course_overview.id, self.user, include_without_due=True
+        )
+
+    @patch('lms.djangoapps.courseware.courses.get_course_assignments')
+    def test_get_course_progress_with_assignments(self, get_course_assignment_mock: MagicMock) -> None:
+        assignments_mock = [
+            Mock(complete=False), Mock(complete=False), Mock(complete=True), Mock(complete=True), Mock(complete=True)
+        ]
+        get_course_assignment_mock.return_value = assignments_mock
+        expected_course_progress = {'total_assignments_count': 5, 'assignments_completed': 3}
+
+        output_data = CourseInfoOverviewSerializer(self.course_overview, context={'user': self.user}).data
+
+        self.assertIn('course_progress', output_data)
+        self.assertDictEqual(output_data['course_progress'], expected_course_progress)
+        get_course_assignment_mock.assert_called_once_with(
+            self.course_overview.id, self.user, include_without_due=True
+        )
diff --git a/lms/djangoapps/mobile_api/course_info/tests.py b/lms/djangoapps/mobile_api/tests/test_course_info_views.py
similarity index 54%
rename from lms/djangoapps/mobile_api/course_info/tests.py
rename to lms/djangoapps/mobile_api/tests/test_course_info_views.py
index 086359cafb8f..a5175626a29e 100644
--- a/lms/djangoapps/mobile_api/course_info/tests.py
+++ b/lms/djangoapps/mobile_api/tests/test_course_info_views.py
@@ -5,25 +5,33 @@
 
 import ddt
 from django.conf import settings
+from django.contrib.auth import get_user_model
+from django.contrib.auth.models import AnonymousUser
+from django.test import RequestFactory
 from django.urls import reverse
 from edx_toggles.toggles.testutils import override_waffle_flag
 from milestones.tests.utils import MilestonesTestCaseMixin
 from mock import patch
-from rest_framework.test import APIClient  # pylint: disable=unused-import
+from rest_framework import status
 
-from common.djangoapps.student.models import CourseEnrollment  # pylint: disable=unused-import
 from common.djangoapps.student.tests.factories import UserFactory  # pylint: disable=unused-import
+from common.djangoapps.util.course import get_link_for_about_page
 from lms.djangoapps.mobile_api.testutils import MobileAPITestCase, MobileAuthTestMixin, MobileCourseAccessTestMixin
 from lms.djangoapps.mobile_api.utils import API_V1, API_V05
+from lms.djangoapps.mobile_api.course_info.views import BlocksInfoInCourseView
+from lms.djangoapps.course_api.blocks.tests.test_views import TestBlocksInCourseView
+from openedx.core.djangoapps.content.course_overviews.models import CourseOverview
 from openedx.features.course_experience import ENABLE_COURSE_GOALS
 from xmodule.html_block import CourseInfoBlock  # lint-amnesty, pylint: disable=wrong-import-order
 from xmodule.modulestore import ModuleStoreEnum  # lint-amnesty, pylint: disable=wrong-import-order
 from xmodule.modulestore.django import modulestore  # lint-amnesty, pylint: disable=wrong-import-order
 from xmodule.modulestore.tests.django_utils import SharedModuleStoreTestCase  # lint-amnesty, pylint: disable=wrong-import-order
-from xmodule.modulestore.tests.factories import CourseFactory  # lint-amnesty, pylint: disable=unused-import, wrong-import-order
 from xmodule.modulestore.xml_importer import import_course_from_xml  # lint-amnesty, pylint: disable=wrong-import-order
 
 
+User = get_user_model()
+
+
 @ddt.ddt
 class TestUpdates(MobileAPITestCase, MobileAuthTestMixin, MobileCourseAccessTestMixin, MilestonesTestCaseMixin):
     """
@@ -255,3 +263,190 @@ def test_flag_disabled(self, mock_logger):
             'For this mobile request, user activity is not enabled for this user {} and course {}'.format(
                 str(self.user.id), str(self.course.id))
         )
+
+
+@ddt.ddt
+class TestBlocksInfoInCourseView(TestBlocksInCourseView, MilestonesTestCaseMixin):  # lint-amnesty, pylint: disable=test-inherits-tests
+    """
+    Test class for BlocksInfoInCourseView
+    """
+
+    def setUp(self):
+        super().setUp()
+        self.url = reverse('blocks_info_in_course', kwargs={
+            'api_version': 'v3',
+        })
+        self.request = RequestFactory().get(self.url)
+        self.student_user = UserFactory.create(username="student_user")
+
+    @ddt.data(
+        ('anonymous', None, None),
+        ('staff', 'student_user', 'student_user'),
+        ('student', 'student_user', 'student_user'),
+        ('student', None, 'student_user'),
+        ('student', 'other_student', None),
+    )
+    @ddt.unpack
+    @patch('lms.djangoapps.mobile_api.course_info.views.User.objects.get')
+    def test_get_requested_user(self, user_role, username, expected_username, mock_get):
+        """
+        Test get_requested_user utility from the BlocksInfoInCourseView.
+
+        Parameters:
+        user_role: type of the user that making a request.
+        username: username query parameter from the request.
+        expected_username: username of the returned user.
+        """
+        if user_role == 'anonymous':
+            request_user = AnonymousUser()
+        elif user_role == 'staff':
+            request_user = self.admin_user
+        elif user_role == 'student':
+            request_user = self.student_user
+
+        self.request.user = request_user
+
+        if expected_username == 'student_user':
+            mock_user = self.student_user
+            mock_get.return_value = mock_user
+
+        result_user = BlocksInfoInCourseView().get_requested_user(self.request.user, username)
+        if expected_username:
+            self.assertEqual(result_user.username, expected_username)
+            if username and request_user.username != username:
+                mock_get.assert_called_with(username=username)
+        else:
+            self.assertIsNone(result_user)
+
+    @ddt.data(
+        ({'is_downloadable': True, 'download_url': 'https://test_certificate_url'},
+         {'url': 'https://test_certificate_url'}),
+        ({'is_downloadable': False}, {}),
+    )
+    @ddt.unpack
+    @patch('lms.djangoapps.mobile_api.course_info.views.certificate_downloadable_status')
+    def test_get_certificate(self, certificate_status_return, expected_output, mock_certificate_status):
+        """
+        Test get_certificate utility from the BlocksInfoInCourseView.
+
+        Parameters:
+        certificate_status_return: returned value of the mocked certificate_downloadable_status function.
+        expected_output: return_value of the get_certificate function with specified mock return_value.
+        """
+        mock_certificate_status.return_value = certificate_status_return
+        self.request.user = self.user
+
+        certificate_info = BlocksInfoInCourseView().get_certificate(
+            self.request, self.user, 'course-v1:Test+T101+2021_T1'
+        )
+        self.assertEqual(certificate_info, expected_output)
+
+    @patch('lms.djangoapps.mobile_api.course_info.views.certificate_downloadable_status')
+    def test_additional_info_response(self, mock_certificate_downloadable_status):
+        certificate_url = 'https://test_certificate_url'
+        mock_certificate_downloadable_status.return_value = {
+            'is_downloadable': True,
+            'download_url': certificate_url,
+        }
+
+        expected_image_urls = {
+            'image':
+                {
+                    'large': '/asset-v1:edX+toy+2012_Fall+type@asset+block@just_a_test.jpg',
+                    'raw': '/asset-v1:edX+toy+2012_Fall+type@asset+block@just_a_test.jpg',
+                    'small': '/asset-v1:edX+toy+2012_Fall+type@asset+block@just_a_test.jpg'
+                }
+        }
+
+        response = self.verify_response(url=self.url)
+
+        assert response.status_code == 200
+        assert response.data['id'] == str(self.course.id)
+        assert response.data['name'] == self.course.display_name
+        assert response.data['number'] == self.course.display_number_with_default
+        assert response.data['org'] == self.course.display_org_with_default
+        assert response.data['start'] == self.course.start.strftime('%Y-%m-%dT%H:%M:%SZ')
+        assert response.data['start_display'] == 'July 17, 2015'
+        assert response.data['start_type'] == 'timestamp'
+        assert response.data['end'] == self.course.end
+        assert response.data['media'] == expected_image_urls
+        assert response.data['certificate'] == {'url': certificate_url}
+        assert response.data['is_self_paced'] is False
+        mock_certificate_downloadable_status.assert_called_once()
+
+    def test_course_access_details(self):
+        response = self.verify_response(url=self.url)
+
+        expected_course_access_details = {
+            'has_unmet_prerequisites': False,
+            'is_too_early': False,
+            'is_staff': False,
+            'audit_access_expires': None,
+            'courseware_access': {
+                'has_access': True,
+                'error_code': None,
+                'developer_message': None,
+                'user_message': None,
+                'additional_context_user_message': None,
+                'user_fragment': None
+            }
+        }
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertDictEqual(response.data['course_access_details'], expected_course_access_details)
+
+    def test_course_sharing_utm_parameters(self):
+        response = self.verify_response(url=self.url)
+
+        expected_course_sharing_utm_parameters = {
+            'facebook': 'utm_medium=social&utm_campaign=social-sharing-db&utm_source=facebook',
+            'twitter': 'utm_medium=social&utm_campaign=social-sharing-db&utm_source=twitter'
+        }
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertDictEqual(response.data['course_sharing_utm_parameters'], expected_course_sharing_utm_parameters)
+
+    def test_course_about_url(self):
+        response = self.verify_response(url=self.url)
+
+        course_overview = CourseOverview.objects.get(id=self.course.course_id)
+        expected_course_about_link = get_link_for_about_page(course_overview)
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data['course_about'], expected_course_about_link)
+
+    def test_course_modes(self):
+        response = self.verify_response(url=self.url)
+
+        expected_course_modes = [{'slug': 'audit', 'sku': None, 'android_sku': None, 'ios_sku': None, 'min_price': 0}]
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertListEqual(response.data['course_modes'], expected_course_modes)
+
+    def test_extend_sequential_info_with_assignment_progress_get_only_sequential(self) -> None:
+        response = self.verify_response(url=self.url, params={'block_types_filter': 'sequential'})
+
+        expected_results = (
+            {
+                'assignment_type': 'Lecture Sequence',
+                'num_points_earned': 0.0,
+                'num_points_possible': 0.0
+            },
+            {
+                'assignment_type': None,
+                'num_points_earned': 0.0,
+                'num_points_possible': 0.0
+            },
+        )
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        for sequential_info, assignment_progress in zip(response.data['blocks'].values(), expected_results):
+            self.assertDictEqual(sequential_info['assignment_progress'], assignment_progress)
+
+    @ddt.data('chapter', 'vertical', 'problem', 'video', 'html')
+    def test_extend_sequential_info_with_assignment_progress_for_other_types(self, block_type: 'str') -> None:
+        response = self.verify_response(url=self.url, params={'block_types_filter': block_type})
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        for block_info in response.data['blocks'].values():
+            self.assertNotEqual('assignment_progress', block_info)
diff --git a/lms/djangoapps/mobile_api/testutils.py b/lms/djangoapps/mobile_api/testutils.py
index fe2804782a06..f74d4b45a5fd 100644
--- a/lms/djangoapps/mobile_api/testutils.py
+++ b/lms/djangoapps/mobile_api/testutils.py
@@ -50,7 +50,7 @@ def setUp(self):
             certificate_available_date=datetime.datetime.now(pytz.UTC)
         )
         self.user = UserFactory.create()
-        self.password = 'test'
+        self.password = self.TEST_PASSWORD
         self.username = self.user.username
         self.api_version = API_V1
         IgnoreMobileAvailableFlagConfig(enabled=False).save()
diff --git a/lms/djangoapps/mobile_api/users/enums.py b/lms/djangoapps/mobile_api/users/enums.py
new file mode 100644
index 000000000000..2a072b082fff
--- /dev/null
+++ b/lms/djangoapps/mobile_api/users/enums.py
@@ -0,0 +1,22 @@
+"""
+Enums for mobile_api users app.
+"""
+from enum import Enum
+
+
+class EnrollmentStatuses(Enum):
+    """
+    Enum for enrollment statuses.
+    """
+
+    ALL = 'all'
+    IN_PROGRESS = 'in_progress'
+    COMPLETED = 'completed'
+    EXPIRED = 'expired'
+
+    @classmethod
+    def values(cls):
+        """
+        Returns string representation of all enum values.
+        """
+        return [e.value for e in cls]
diff --git a/lms/djangoapps/mobile_api/users/serializers.py b/lms/djangoapps/mobile_api/users/serializers.py
index 446bfc3dc213..3b4140d50b22 100644
--- a/lms/djangoapps/mobile_api/users/serializers.py
+++ b/lms/djangoapps/mobile_api/users/serializers.py
@@ -2,7 +2,11 @@
 Serializer for user API
 """
 
+from typing import Dict, List, Optional
 
+from completion.exceptions import UnavailableCompletionData
+from completion.utilities import get_key_to_last_completed_block
+from opaque_keys.edx.keys import UsageKey
 from rest_framework import serializers
 from rest_framework.reverse import reverse
 
@@ -11,7 +15,13 @@
 from common.djangoapps.util.course import get_encoded_course_sharing_utm_params, get_link_for_about_page
 from lms.djangoapps.certificates.api import certificate_downloadable_status
 from lms.djangoapps.courseware.access import has_access
+from lms.djangoapps.courseware.courses import get_assignments_completions, get_past_and_future_course_assignments
+from lms.djangoapps.course_home_api.dates.serializers import DateSummarySerializer
+from lms.djangoapps.mobile_api.utils import API_V4
 from openedx.features.course_duration_limits.access import get_user_course_expiration_date
+from xmodule.modulestore.django import modulestore
+from xmodule.modulestore.exceptions import ItemNotFoundError, NoPathToItem
+from xmodule.modulestore.search import path_to_location
 
 
 class CourseOverviewField(serializers.RelatedField):  # lint-amnesty, pylint: disable=abstract-method
@@ -98,7 +108,7 @@ def get_audit_access_expires(self, model):
         """
         Returns expiration date for a course audit expiration, if any or null
         """
-        return get_user_course_expiration_date(model.user, model.course)
+        return get_user_course_expiration_date(model.user, model.course, model)
 
     def get_certificate(self, model):
         """Returns the information about the user's certificate in the course."""
@@ -125,6 +135,17 @@ def get_course_modes(self, obj):
             for mode in course_modes
         ]
 
+    def to_representation(self, instance: CourseEnrollment) -> 'OrderedDict':  # lint-amnesty, pylint: disable=unused-variable, line-too-long
+        """
+        Override the to_representation method to add the course_status field to the serialized data.
+        """
+        data = super().to_representation(instance)
+
+        if 'course_progress' in self.context.get('requested_fields', []) and self.context.get('api_version') == API_V4:
+            data['course_progress'] = get_assignments_completions(instance.course_id, instance.user)
+
+        return data
+
     class Meta:
         model = CourseEnrollment
         fields = ('audit_access_expires', 'created', 'mode', 'is_active', 'course', 'certificate', 'course_modes')
@@ -142,6 +163,76 @@ class Meta:
         lookup_field = 'username'
 
 
+class CourseEnrollmentSerializerModifiedForPrimary(CourseEnrollmentSerializer):
+    """
+    Serializes CourseEnrollment models for API v4.
+
+    Adds `course_status` field into serializer data.
+    """
+
+    course_status = serializers.SerializerMethodField()
+    course_progress = serializers.SerializerMethodField()
+    course_assignments = serializers.SerializerMethodField()
+
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.course = modulestore().get_course(self.instance.course.id)
+
+    def get_course_status(self, model: CourseEnrollment) -> Optional[Dict[str, List[str]]]:
+        """
+        Gets course status for the given user's enrollments.
+        """
+        try:
+            block_key = get_key_to_last_completed_block(model.user, model.course.id)
+            path = path_to_location(modulestore(), block_key, self.context['request'], full_path=True)
+        except (ItemNotFoundError, NoPathToItem, UnavailableCompletionData):
+            return None
+
+        path_ids = [str(block) for block in path]
+        unit = modulestore().get_item(UsageKey.from_string(path_ids[3]), depth=0)
+
+        return {
+            'last_visited_module_id': path_ids[2],
+            'last_visited_module_path': path_ids[:3],
+            'last_visited_block_id': path_ids[-1],
+            'last_visited_unit_display_name': unit.display_name,
+        }
+
+    def get_course_progress(self, model: CourseEnrollment) -> Dict[str, int]:
+        """
+        Returns the progress of the user in the course.
+        """
+        return get_assignments_completions(model.course_id, model.user)
+
+    def get_course_assignments(self, model: CourseEnrollment) -> Dict[str, Optional[List[Dict[str, str]]]]:
+        """
+        Returns the future assignment data and past assignments data for the user in the course.
+        """
+        next_assignments, past_assignments = get_past_and_future_course_assignments(
+            self.context.get('request'), model.user, self.course
+        )
+        return {
+            'future_assignments': DateSummarySerializer(next_assignments, many=True).data,
+            'past_assignments': DateSummarySerializer(past_assignments, many=True).data,
+        }
+
+    class Meta:
+        model = CourseEnrollment
+        fields = (
+            'audit_access_expires',
+            'created',
+            'mode',
+            'is_active',
+            'course',
+            'certificate',
+            'course_modes',
+            'course_status',
+            'course_progress',
+            'course_assignments',
+        )
+        lookup_field = 'username'
+
+
 class UserSerializer(serializers.ModelSerializer):
     """
     Serializes User models
@@ -180,3 +271,4 @@ class ModeSerializer(serializers.Serializer):  # pylint: disable=abstract-method
     sku = serializers.CharField()
     android_sku = serializers.CharField()
     ios_sku = serializers.CharField()
+    min_price = serializers.IntegerField()
diff --git a/lms/djangoapps/mobile_api/users/tests.py b/lms/djangoapps/mobile_api/users/tests.py
index 9d4752ea7c22..62a0bb741f24 100644
--- a/lms/djangoapps/mobile_api/users/tests.py
+++ b/lms/djangoapps/mobile_api/users/tests.py
@@ -4,7 +4,7 @@
 
 
 import datetime
-from unittest.mock import patch
+from unittest.mock import MagicMock, Mock, patch
 from urllib.parse import parse_qs
 
 import ddt
@@ -18,6 +18,7 @@
 from django.utils.timezone import now
 from milestones.tests.utils import MilestonesTestCaseMixin
 from opaque_keys.edx.keys import CourseKey
+from rest_framework import status
 
 from common.djangoapps.course_modes.models import CourseMode
 from common.djangoapps.student.models import CourseEnrollment
@@ -27,6 +28,7 @@
 from lms.djangoapps.certificates.data import CertificateStatuses
 from lms.djangoapps.certificates.tests.factories import GeneratedCertificateFactory
 from lms.djangoapps.courseware.access_response import MilestoneAccessError, StartDateError, VisibilityError
+from lms.djangoapps.courseware.models import StudentModule
 from lms.djangoapps.mobile_api.models import MobileConfig
 from lms.djangoapps.mobile_api.testutils import (
     MobileAPITestCase,
@@ -34,7 +36,8 @@
     MobileAuthUserTestMixin,
     MobileCourseAccessTestMixin
 )
-from lms.djangoapps.mobile_api.utils import API_V1, API_V05, API_V2
+from lms.djangoapps.mobile_api.users.enums import EnrollmentStatuses
+from lms.djangoapps.mobile_api.utils import API_V1, API_V05, API_V2, API_V3, API_V4
 from openedx.core.lib.courses import course_image_url
 from openedx.features.course_duration_limits.models import CourseDurationLimitConfig
 from openedx.features.course_experience.tests.views.helpers import add_course_mode
@@ -318,6 +321,12 @@ def _assert_enrollment_results(self, api_version, courses, num_courses_returned,
                 assert 'audit_access_expires' not in courses[0]
         else:
             assert 'audit_access_expires' in courses[0]
+
+            for course_mode in courses[0]['course_modes']:
+                assert 'android_sku' in course_mode
+                assert 'ios_sku' in course_mode
+                assert 'min_price' in course_mode
+
             if gating_enabled:
                 assert courses[0].get('audit_access_expires') is not None
 
@@ -376,6 +385,639 @@ def test_enrollment_with_configs(self):
         self.assertDictEqual(response.data['configs'], expected_result)
         assert 'enrollments' in response.data
 
+    def test_pagination_enrollment(self):
+        """
+        Test pagination for UserCourseEnrollmentsList view v3
+        for 3rd version of this view we use DefaultPagination
+
+        Test for /api/mobile/{api_version}/users/<user_name>/course_enrollments/
+        api_version = v3
+        """
+        self.login()
+        # Create and enroll to 15 courses
+        courses = [CourseFactory.create(org="my_org", mobile_available=True) for _ in range(15)]
+        for course in courses:
+            self.enroll(course.id)
+
+        response = self.api_response(api_version=API_V3)
+        assert response.status_code == 200
+        assert response.data["enrollments"]["count"] == 15
+        assert response.data["enrollments"]["num_pages"] == 2
+        assert response.data["enrollments"]["current_page"] == 1
+        assert len(response.data["enrollments"]["results"]) == 10
+        assert "next" in response.data["enrollments"]
+        assert "previous" in response.data["enrollments"]
+
+    def test_student_dont_have_enrollments(self):
+        """
+        Testing modified `UserCourseEnrollmentsList` view with api_version == v4.
+        """
+        self.login()
+        expected_result = {
+            'configs': {
+                'iap_configs': {}
+            },
+            'user_timezone': 'UTC',
+            'enrollments': {
+                'next': None,
+                'previous': None,
+                'count': 0,
+                'num_pages': 1,
+                'current_page': 1,
+                'start': 0,
+                'results': []
+            }
+        }
+
+        response = self.api_response(api_version=API_V4)
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertDictEqual(expected_result, response.data)
+        self.assertNotIn('primary', response.data)
+
+    def test_student_have_one_enrollment(self):
+        """
+        Testing modified `UserCourseEnrollmentsList` view with api_version == v4.
+        """
+        self.login()
+        course = CourseFactory.create(org="edx", mobile_available=True)
+        self.enroll(course.id)
+        expected_enrollments = {
+            'next': None,
+            'previous': None,
+            'count': 0,
+            'num_pages': 1,
+            'current_page': 1,
+            'start': 0,
+            'results': []
+        }
+
+        response = self.api_response(api_version=API_V4)
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertDictEqual(expected_enrollments, response.data['enrollments'])
+        self.assertIn('primary', response.data)
+        self.assertEqual(str(course.id), response.data['primary']['course']['id'])
+
+    def test_student_have_two_enrollments(self):
+        """
+        Testing modified `UserCourseEnrollmentsList` view with api_version == v4.
+        """
+        self.login()
+        course_first = CourseFactory.create(org="edx", mobile_available=True)
+        course_second = CourseFactory.create(org="edx", mobile_available=True)
+        self.enroll(course_first.id)
+        self.enroll(course_second.id)
+
+        response = self.api_response(api_version=API_V4)
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(len(response.data['enrollments']['results']), 1)
+        self.assertEqual(response.data['enrollments']['count'], 1)
+        self.assertEqual(response.data['enrollments']['results'][0]['course']['id'], str(course_first.id))
+        self.assertIn('primary', response.data)
+        self.assertEqual(response.data['primary']['course']['id'], str(course_second.id))
+
+    def test_student_have_more_then_ten_enrollments(self):
+        """
+        Testing modified `UserCourseEnrollmentsList` view with api_version == v4.
+        """
+        self.login()
+        courses = [CourseFactory.create(org="edx", mobile_available=True) for _ in range(15)]
+        for course in courses:
+            self.enroll(course.id)
+        latest_enrolment = CourseFactory.create(org="edx", mobile_available=True)
+        self.enroll(latest_enrolment.id)
+
+        response = self.api_response(api_version=API_V4)
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data['enrollments']['count'], 15)
+        self.assertEqual(response.data['enrollments']['num_pages'], 3)
+        self.assertEqual(len(response.data['enrollments']['results']), 5)
+        self.assertIn('primary', response.data)
+        self.assertEqual(response.data['primary']['course']['id'], str(latest_enrolment.id))
+
+    def test_student_have_progress_in_old_course_and_enroll_newest_course(self):
+        """
+        Testing modified `UserCourseEnrollmentsList` view with api_version == v4.
+        """
+        self.login()
+        old_course = CourseFactory.create(org="edx", mobile_available=True)
+        self.enroll(old_course.id)
+        courses = [CourseFactory.create(org="edx", mobile_available=True) for _ in range(5)]
+        for course in courses:
+            self.enroll(course.id)
+        new_course = CourseFactory.create(org="edx", mobile_available=True)
+        self.enroll(new_course.id)
+
+        response = self.api_response(api_version=API_V4)
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data['enrollments']['count'], 6)
+        self.assertEqual(len(response.data['enrollments']['results']), 5)
+        # check that we have the new_course in primary section
+        self.assertIn('primary', response.data)
+        self.assertEqual(response.data['primary']['course']['id'], str(new_course.id))
+
+        # doing progress in the old_course
+        StudentModule.objects.create(
+            student=self.user,
+            course_id=old_course.id,
+            module_state_key=old_course.location,
+        )
+        response = self.api_response(api_version=API_V4)
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data['enrollments']['count'], 6)
+        self.assertEqual(len(response.data['enrollments']['results']), 5)
+        # check that now we have the old_course in primary section
+        self.assertIn('primary', response.data)
+        self.assertEqual(response.data['primary']['course']['id'], str(old_course.id))
+
+        # enroll to the newest course
+        newest_course = CourseFactory.create(org="edx", mobile_available=True)
+        self.enroll(newest_course.id)
+
+        response = self.api_response(api_version=API_V4)
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data['enrollments']['count'], 7)
+        self.assertEqual(len(response.data['enrollments']['results']), 5)
+        # check that now we have the newest_course in primary section
+        self.assertIn('primary', response.data)
+        self.assertEqual(response.data['primary']['course']['id'], str(newest_course.id))
+
+    def test_student_enrolled_only_not_mobile_available_courses(self):
+        """
+        Testing modified `UserCourseEnrollmentsList` view with api_version == v4.
+        """
+        self.login()
+        courses = [CourseFactory.create(org="edx", mobile_available=False) for _ in range(3)]
+        for course in courses:
+            self.enroll(course.id)
+        expected_result = {
+            "configs": {
+                "iap_configs": {}
+            },
+            "user_timezone": "UTC",
+            "enrollments": {
+                "next": None,
+                "previous": None,
+                "count": 0,
+                "num_pages": 1,
+                "current_page": 1,
+                "start": 0,
+                "results": []
+            }
+        }
+
+        response = self.api_response(api_version=API_V4)
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertDictEqual(expected_result, response.data)
+        self.assertNotIn('primary', response.data)
+
+    def test_do_progress_in_not_mobile_available_course(self):
+        """
+        Testing modified `UserCourseEnrollmentsList` view with api_version == v4.
+        """
+        self.login()
+        not_mobile_available = CourseFactory.create(org="edx", mobile_available=False)
+        self.enroll(not_mobile_available.id)
+        courses = [CourseFactory.create(org="edx", mobile_available=True) for _ in range(5)]
+        for course in courses:
+            self.enroll(course.id)
+        new_course = CourseFactory.create(org="edx", mobile_available=True)
+        self.enroll(new_course.id)
+
+        response = self.api_response(api_version=API_V4)
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data['enrollments']['count'], 5)
+        self.assertEqual(len(response.data['enrollments']['results']), 5)
+        # check that we have the new_course in primary section
+        self.assertIn('primary', response.data)
+        self.assertEqual(response.data['primary']['course']['id'], str(new_course.id))
+
+        # doing progress in the not_mobile_available course
+        StudentModule.objects.create(
+            student=self.user,
+            course_id=not_mobile_available.id,
+            module_state_key=not_mobile_available.location,
+        )
+        response = self.api_response(api_version=API_V4)
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data['enrollments']['count'], 5)
+        self.assertEqual(len(response.data['enrollments']['results']), 5)
+        # check that we have the new_course in primary section in the same way
+        self.assertIn('primary', response.data)
+        self.assertEqual(response.data['primary']['course']['id'], str(new_course.id))
+
+    def test_pagination_for_user_enrollments_api_v4(self):
+        """
+        Tests `UserCourseEnrollmentsV4Pagination`, api_version == v4.
+        """
+        self.login()
+        courses = [CourseFactory.create(org="my_org", mobile_available=True) for _ in range(15)]
+        for course in courses:
+            self.enroll(course.id)
+
+        response = self.api_response(api_version=API_V4)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data['enrollments']['count'], 14)
+        self.assertEqual(response.data['enrollments']['num_pages'], 3)
+        self.assertEqual(response.data['enrollments']['current_page'], 1)
+        self.assertEqual(len(response.data['enrollments']['results']), 5)
+        self.assertIn('next', response.data['enrollments'])
+        self.assertIn('previous', response.data['enrollments'])
+        self.assertIn('primary', response.data)
+
+    def test_course_status_in_primary_obj_when_student_doesnt_have_progress(self):
+        """
+        Testing modified `UserCourseEnrollmentsList` view with api_version == v4.
+        """
+        self.login()
+        course = CourseFactory.create(org="edx", mobile_available=True)
+        self.enroll(course.id)
+
+        response = self.api_response(api_version=API_V4)
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data['primary']['course_status'], None)
+
+    @patch('lms.djangoapps.mobile_api.users.serializers.get_key_to_last_completed_block')
+    def test_course_status_in_primary_obj_when_student_have_progress(
+        self,
+        get_last_completed_block_mock: MagicMock,
+    ):
+        """
+        Testing modified `UserCourseEnrollmentsList` view with api_version == v4.
+        """
+        self.login()
+        # create test course structure
+        course = CourseFactory.create(org="edx", mobile_available=True)
+        section = BlockFactory.create(
+            parent=course,
+            category="chapter",
+            display_name="section",
+        )
+        subsection = BlockFactory.create(
+            parent=section,
+            category="sequential",
+            display_name="subsection",
+        )
+        vertical = BlockFactory.create(
+            parent=subsection,
+            category="vertical",
+            display_name="test unit",
+        )
+        problem = BlockFactory.create(
+            parent=vertical,
+            category="problem",
+            display_name="problem",
+        )
+        self.enroll(course.id)
+        get_last_completed_block_mock.return_value = problem.location
+        expected_course_status = {
+            'last_visited_module_id': str(subsection.location),
+            'last_visited_module_path': [
+                str(course.location),
+                str(section.location),
+                str(subsection.location),
+            ],
+            'last_visited_block_id': str(problem.location),
+            'last_visited_unit_display_name': vertical.display_name,
+        }
+
+        response = self.api_response(api_version=API_V4)
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data['primary']['course_status'], expected_course_status)
+        get_last_completed_block_mock.assert_called_once_with(self.user, course.id)
+
+    def test_user_enrollment_api_v4_in_progress_status(self):
+        """
+        Testing
+        """
+        self.login()
+        old_course = CourseFactory.create(
+            org="edx",
+            mobile_available=True,
+            start=self.THREE_YEARS_AGO,
+            end=self.LAST_WEEK
+        )
+        actual_course = CourseFactory.create(
+            org="edx",
+            mobile_available=True,
+            start=self.LAST_WEEK,
+            end=self.NEXT_WEEK
+        )
+        infinite_course = CourseFactory.create(
+            org="edx",
+            mobile_available=True,
+            start=self.LAST_WEEK,
+            end=None
+        )
+
+        self.enroll(old_course.id)
+        self.enroll(actual_course.id)
+        self.enroll(infinite_course.id)
+
+        response = self.api_response(api_version=API_V4, data={'status': EnrollmentStatuses.IN_PROGRESS.value})
+        enrollments = response.data['enrollments']
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(enrollments['count'], 2)
+        self.assertEqual(enrollments['results'][1]['course']['id'], str(actual_course.id))
+        self.assertEqual(enrollments['results'][0]['course']['id'], str(infinite_course.id))
+        self.assertNotIn('primary', response.data)
+
+    def test_user_enrollment_api_v4_completed_status(self):
+        """
+        Testing
+        """
+        self.login()
+        old_course = CourseFactory.create(
+            org="edx",
+            mobile_available=True,
+            start=self.THREE_YEARS_AGO,
+            end=self.LAST_WEEK
+        )
+        actual_course = CourseFactory.create(
+            org="edx",
+            mobile_available=True,
+            start=self.LAST_WEEK,
+            end=self.NEXT_WEEK
+        )
+        infinite_course = CourseFactory.create(
+            org="edx",
+            mobile_available=True,
+            start=self.LAST_WEEK,
+            end=None
+        )
+        GeneratedCertificateFactory.create(
+            user=self.user,
+            course_id=infinite_course.id,
+            status=CertificateStatuses.downloadable,
+            mode='verified',
+        )
+
+        self.enroll(old_course.id)
+        self.enroll(actual_course.id)
+        self.enroll(infinite_course.id)
+
+        response = self.api_response(api_version=API_V4, data={'status': EnrollmentStatuses.COMPLETED.value})
+        enrollments = response.data['enrollments']
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(enrollments['count'], 1)
+        self.assertEqual(enrollments['results'][0]['course']['id'], str(infinite_course.id))
+        self.assertNotIn('primary', response.data)
+
+    def test_user_enrollment_api_v4_expired_status(self):
+        """
+        Testing
+        """
+        self.login()
+        old_course = CourseFactory.create(
+            org="edx",
+            mobile_available=True,
+            start=self.THREE_YEARS_AGO,
+            end=self.LAST_WEEK
+        )
+        actual_course = CourseFactory.create(
+            org="edx",
+            mobile_available=True,
+            start=self.LAST_WEEK,
+            end=self.NEXT_WEEK
+        )
+        infinite_course = CourseFactory.create(
+            org="edx",
+            mobile_available=True,
+            start=self.LAST_WEEK,
+            end=None
+        )
+        self.enroll(old_course.id)
+        self.enroll(actual_course.id)
+        self.enroll(infinite_course.id)
+
+        response = self.api_response(api_version=API_V4, data={'status': EnrollmentStatuses.EXPIRED.value})
+        enrollments = response.data['enrollments']
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(enrollments['count'], 1)
+        self.assertEqual(enrollments['results'][0]['course']['id'], str(old_course.id))
+        self.assertNotIn('primary', response.data)
+
+    def test_user_enrollment_api_v4_expired_course_with_certificate(self):
+        """
+        Testing that the API returns a course with
+        an expiration date in the past if the user has a certificate for this course.
+        """
+        self.login()
+        expired_course = CourseFactory.create(
+            org="edx",
+            mobile_available=True,
+            start=self.THREE_YEARS_AGO,
+            end=self.LAST_WEEK
+        )
+        expired_course_with_cert = CourseFactory.create(
+            org="edx",
+            mobile_available=True,
+            start=self.THREE_YEARS_AGO,
+            end=self.LAST_WEEK
+        )
+        GeneratedCertificateFactory.create(
+            user=self.user,
+            course_id=expired_course_with_cert.id,
+            status=CertificateStatuses.downloadable,
+            mode='verified',
+        )
+
+        self.enroll(expired_course_with_cert.id)
+        self.enroll(expired_course.id)
+
+        response = self.api_response(api_version=API_V4, data={'status': EnrollmentStatuses.COMPLETED.value})
+        enrollments = response.data['enrollments']
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(enrollments['count'], 1)
+        self.assertEqual(enrollments['results'][0]['course']['id'], str(expired_course_with_cert.id))
+        self.assertNotIn('primary', response.data)
+
+    def test_user_enrollment_api_v4_status_all(self):
+        """
+        Testing
+        """
+        self.login()
+        old_course = CourseFactory.create(
+            org="edx",
+            mobile_available=True,
+            start=self.THREE_YEARS_AGO,
+            end=self.LAST_WEEK
+        )
+        actual_course = CourseFactory.create(
+            org="edx",
+            mobile_available=True,
+            start=self.LAST_WEEK,
+            end=self.NEXT_WEEK
+        )
+        infinite_course = CourseFactory.create(
+            org="edx",
+            mobile_available=True,
+            start=self.LAST_WEEK,
+            end=None
+        )
+        GeneratedCertificateFactory.create(
+            user=self.user,
+            course_id=infinite_course.id,
+            status=CertificateStatuses.downloadable,
+            mode='verified',
+        )
+
+        self.enroll(old_course.id)
+        self.enroll(actual_course.id)
+        self.enroll(infinite_course.id)
+
+        response = self.api_response(api_version=API_V4, data={'status': EnrollmentStatuses.ALL.value})
+        enrollments = response.data['enrollments']
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(enrollments['count'], 3)
+        self.assertEqual(enrollments['results'][0]['course']['id'], str(infinite_course.id))
+        self.assertEqual(enrollments['results'][1]['course']['id'], str(actual_course.id))
+        self.assertEqual(enrollments['results'][2]['course']['id'], str(old_course.id))
+        self.assertNotIn('primary', response.data)
+
+    def test_response_contains_primary_enrollment_assignments_info(self):
+        self.login()
+        course = CourseFactory.create(org='edx', mobile_available=True)
+        self.enroll(course.id)
+
+        response = self.api_response(api_version=API_V4)
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertIn('course_assignments', response.data['primary'])
+        self.assertIn('past_assignments', response.data['primary']['course_assignments'])
+        self.assertIn('future_assignments', response.data['primary']['course_assignments'])
+        self.assertListEqual(response.data['primary']['course_assignments']['past_assignments'], [])
+        self.assertListEqual(response.data['primary']['course_assignments']['future_assignments'], [])
+
+    @patch('lms.djangoapps.courseware.courses.get_course_assignments', return_value=[])
+    def test_course_progress_in_primary_enrollment_with_no_assignments(
+        self,
+        get_course_assignment_mock: MagicMock,
+    ) -> None:
+        self.login()
+        course = CourseFactory.create(org='edx', mobile_available=True)
+        self.enroll(course.id)
+        expected_course_progress = {'total_assignments_count': 0, 'assignments_completed': 0}
+
+        response = self.api_response(api_version=API_V4)
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertIn('course_progress', response.data['primary'])
+        self.assertDictEqual(response.data['primary']['course_progress'], expected_course_progress)
+
+    @patch(
+        'lms.djangoapps.mobile_api.users.serializers.CourseEnrollmentSerializerModifiedForPrimary'
+        '.get_course_assignments'
+    )
+    @patch('lms.djangoapps.courseware.courses.get_course_assignments')
+    def test_course_progress_in_primary_enrollment_with_assignments(
+        self,
+        get_course_assignment_mock: MagicMock,
+        assignments_mock: MagicMock,
+    ) -> None:
+        self.login()
+        course = CourseFactory.create(org='edx', mobile_available=True)
+        self.enroll(course.id)
+        course_assignments_mock = [
+            Mock(complete=False), Mock(complete=False), Mock(complete=True), Mock(complete=True), Mock(complete=True)
+        ]
+        get_course_assignment_mock.return_value = course_assignments_mock
+        student_assignments_mock = {
+            'future_assignments': [],
+            'past_assignments': [],
+        }
+        assignments_mock.return_value = student_assignments_mock
+        expected_course_progress = {'total_assignments_count': 5, 'assignments_completed': 3}
+
+        response = self.api_response(api_version=API_V4)
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertIn('course_progress', response.data['primary'])
+        self.assertDictEqual(response.data['primary']['course_progress'], expected_course_progress)
+
+    @patch('lms.djangoapps.courseware.courses.get_course_assignments')
+    def test_course_progress_for_secondary_enrollments_no_query_param(
+        self,
+        get_course_assignment_mock: MagicMock,
+    ) -> None:
+        self.login()
+        courses = [CourseFactory.create(org='edx', mobile_available=True) for _ in range(5)]
+        for course in courses:
+            self.enroll(course.id)
+
+        response = self.api_response(api_version=API_V4)
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        for enrollment in response.data['enrollments']['results']:
+            self.assertNotIn('course_progress', enrollment)
+
+    @patch('lms.djangoapps.courseware.courses.get_course_assignments')
+    def test_course_progress_for_secondary_enrollments_with_query_param(
+        self,
+        get_course_assignment_mock: MagicMock,
+    ) -> None:
+        self.login()
+        courses = [CourseFactory.create(org='edx', mobile_available=True) for _ in range(5)]
+        for course in courses:
+            self.enroll(course.id)
+        expected_course_progress = {'total_assignments_count': 0, 'assignments_completed': 0}
+
+        response = self.api_response(api_version=API_V4, data={'requested_fields': 'course_progress'})
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        for enrollment in response.data['enrollments']['results']:
+            self.assertIn('course_progress', enrollment)
+            self.assertDictEqual(enrollment['course_progress'], expected_course_progress)
+
+    @patch(
+        'lms.djangoapps.mobile_api.users.serializers.CourseEnrollmentSerializerModifiedForPrimary'
+        '.get_course_assignments'
+    )
+    @patch('lms.djangoapps.courseware.courses.get_course_assignments')
+    def test_course_progress_for_secondary_enrollments_with_query_param_and_assignments(
+        self,
+        get_course_assignment_mock: MagicMock,
+        assignments_mock: MagicMock,
+    ) -> None:
+        self.login()
+        courses = [CourseFactory.create(org='edx', mobile_available=True) for _ in range(2)]
+        for course in courses:
+            self.enroll(course.id)
+        course_assignments_mock = [
+            Mock(complete=False), Mock(complete=False), Mock(complete=True), Mock(complete=True), Mock(complete=True)
+        ]
+        get_course_assignment_mock.return_value = course_assignments_mock
+        student_assignments_mock = {
+            'future_assignments': [],
+            'past_assignments': [],
+        }
+        assignments_mock.return_value = student_assignments_mock
+        expected_course_progress = {'total_assignments_count': 5, 'assignments_completed': 3}
+
+        response = self.api_response(api_version=API_V4, data={'requested_fields': 'course_progress'})
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertIn('course_progress', response.data['primary'])
+        self.assertDictEqual(response.data['primary']['course_progress'], expected_course_progress)
+        self.assertIn('course_progress', response.data['enrollments']['results'][0])
+        self.assertDictEqual(response.data['enrollments']['results'][0]['course_progress'], expected_course_progress)
+
 
 @override_settings(MKTG_URLS={'ROOT': 'dummy-root'})
 class TestUserEnrollmentCertificates(UrlResetMixin, MobileAPITestCase, MilestonesTestCaseMixin):
diff --git a/lms/djangoapps/mobile_api/users/views.py b/lms/djangoapps/mobile_api/users/views.py
index 0e2cb61d3114..d959e188b4ee 100644
--- a/lms/djangoapps/mobile_api/users/views.py
+++ b/lms/djangoapps/mobile_api/users/views.py
@@ -3,12 +3,16 @@
 """
 
 
+import logging
+from functools import cached_property
+from typing import Optional
+
 from completion.exceptions import UnavailableCompletionData
 from completion.utilities import get_key_to_last_completed_block
 from django.contrib.auth.models import User  # lint-amnesty, pylint: disable=imported-auth-user
 from django.contrib.auth.signals import user_logged_in
 from django.db import transaction
-from django.shortcuts import redirect
+from django.shortcuts import get_object_or_404, redirect
 from django.utils import dateparse
 from django.utils.decorators import method_decorator
 from opaque_keys import InvalidKeyError
@@ -19,23 +23,34 @@
 from rest_framework.response import Response
 from xblock.fields import Scope
 from xblock.runtime import KeyValueStore
+from edx_rest_framework_extensions.paginators import DefaultPagination
 
 from common.djangoapps.student.models import CourseEnrollment, User  # lint-amnesty, pylint: disable=reimported
 from lms.djangoapps.courseware.access import is_mobile_available_for_user
 from lms.djangoapps.courseware.access_utils import ACCESS_GRANTED
+from lms.djangoapps.courseware.context_processor import get_user_timezone_or_last_seen_timezone_or_utc
 from lms.djangoapps.courseware.courses import get_current_child
 from lms.djangoapps.courseware.model_data import FieldDataCache
 from lms.djangoapps.courseware.block_render import get_block_for_descriptor
+from lms.djangoapps.courseware.models import StudentModule
 from lms.djangoapps.courseware.views.index import save_positions_recursively_up
 from lms.djangoapps.mobile_api.models import MobileConfig
-from lms.djangoapps.mobile_api.utils import API_V1, API_V05, API_V2
+from lms.djangoapps.mobile_api.utils import API_V1, API_V05, API_V2, API_V3, API_V4
 from openedx.features.course_duration_limits.access import check_course_expired
 from xmodule.modulestore.django import modulestore  # lint-amnesty, pylint: disable=wrong-import-order
 from xmodule.modulestore.exceptions import ItemNotFoundError  # lint-amnesty, pylint: disable=wrong-import-order
 
 from .. import errors
 from ..decorators import mobile_course_access, mobile_view
-from .serializers import CourseEnrollmentSerializer, CourseEnrollmentSerializerv05, UserSerializer
+from .enums import EnrollmentStatuses
+from .serializers import (
+    CourseEnrollmentSerializer,
+    CourseEnrollmentSerializerModifiedForPrimary,
+    CourseEnrollmentSerializerv05,
+    UserSerializer,
+)
+
+log = logging.getLogger(__name__)
 
 
 @mobile_view(is_user=True)
@@ -140,7 +155,7 @@ def _last_visited_block_path(self, request, course):
         the course block. If there is no such visit, the first item deep enough down the course
         tree is used.
         """
-        field_data_cache = FieldDataCache.cache_for_descriptor_descendents(
+        field_data_cache = FieldDataCache.cache_for_block_descendents(
             course.id, request.user, course, depth=2)
 
         course_block = get_block_for_descriptor(
@@ -173,14 +188,15 @@ def _update_last_visited_module_id(self, request, course, module_key, modificati
         """
         Saves the module id if the found modification_date is less recent than the passed modification date
         """
-        field_data_cache = FieldDataCache.cache_for_descriptor_descendents(
+        field_data_cache = FieldDataCache.cache_for_block_descendents(
             course.id, request.user, course, depth=2)
         try:
-            block_descriptor = modulestore().get_item(module_key)
+            descriptor = modulestore().get_item(module_key)
         except ItemNotFoundError:
+            log.error(f"{errors.ERROR_INVALID_MODULE_ID} %s", module_key)
             return Response(errors.ERROR_INVALID_MODULE_ID, status=400)
         block = get_block_for_descriptor(
-            request.user, request, block_descriptor, field_data_cache, course.id, course=course
+            request.user, request, descriptor, field_data_cache, course.id, course=course
         )
 
         if modification_date:
@@ -228,12 +244,14 @@ def patch(self, request, course, *args, **kwargs):  # lint-amnesty, pylint: disa
         if modification_date_string:
             modification_date = dateparse.parse_datetime(modification_date_string)
             if not modification_date or not modification_date.tzinfo:
+                log.error(f"{errors.ERROR_INVALID_MODIFICATION_DATE} %s", modification_date_string)
                 return Response(errors.ERROR_INVALID_MODIFICATION_DATE, status=400)
 
         if module_id:
             try:
                 module_key = UsageKey.from_string(module_id)
             except InvalidKeyError:
+                log.error(f"{errors.ERROR_INVALID_MODULE_ID} %s", module_id)
                 return Response(errors.ERROR_INVALID_MODULE_ID, status=400)
 
             return self._update_last_visited_module_id(request, course, module_key, modification_date)
@@ -255,6 +273,10 @@ class UserCourseEnrollmentsList(generics.ListAPIView):
         An additional attribute "expiration" has been added to the response, which lists the date
         when access to the course will expire or null if it doesn't expire.
 
+        In v4 we added to the response primary object. Primary object contains the latest user's enrollment
+        or course where user has the latest progress. Primary object has been cut from user's
+        enrolments array and inserted into separated section with key `primary`.
+
     **Example Request**
 
         GET /api/mobile/v1/users/{username}/course_enrollments/
@@ -304,8 +326,12 @@ class UserCourseEnrollmentsList(generics.ListAPIView):
         * mode: The type of certificate registration for this course (honor or
           certified).
         * url: URL to the downloadable version of the certificate, if exists.
+        * course_progress: Contains information about how many assignments are in the course
+          and how many assignments the student has completed.
+        * total_assignments_count: Total course's assignments count.
+        * assignments_completed: Assignments witch the student has completed.
     """
-    queryset = CourseEnrollment.objects.all()
+
     lookup_field = 'username'
 
     # In Django Rest Framework v3, there is a default pagination
@@ -324,7 +350,10 @@ def is_org(self, check_org, course_org):
 
     def get_serializer_context(self):
         context = super().get_serializer_context()
+        requested_fields = self.request.GET.get('requested_fields', '')
+
         context['api_version'] = self.kwargs.get('api_version')
+        context['requested_fields'] = requested_fields.split(',')
         return context
 
     def get_serializer_class(self):
@@ -333,47 +362,161 @@ def get_serializer_class(self):
             return CourseEnrollmentSerializerv05
         return CourseEnrollmentSerializer
 
-    def get_queryset(self):
+    @cached_property
+    def queryset_for_user(self):
+        """
+        Find and return the list of course enrollments for the user.
+
+        In v4 added filtering by statuses.
+        """
         api_version = self.kwargs.get('api_version')
-        enrollments = self.queryset.filter(
-            user__username=self.kwargs['username'],
+        status = self.request.GET.get('status')
+        username = self.kwargs['username']
+
+        queryset = CourseEnrollment.objects.all().select_related('course', 'user').filter(
+            user__username=username,
             is_active=True
-        ).order_by('created').reverse()
-        org = self.request.query_params.get('org', None)
+        ).order_by('-created')
+
+        if api_version == API_V4 and status in EnrollmentStatuses.values():
+            if status == EnrollmentStatuses.IN_PROGRESS.value:
+                queryset = queryset.in_progress(username=username, time_zone=self.user_timezone)
+            elif status == EnrollmentStatuses.COMPLETED.value:
+                queryset = queryset.completed(username=username)
+            elif status == EnrollmentStatuses.EXPIRED.value:
+                queryset = queryset.expired(username=username, time_zone=self.user_timezone)
+
+        return queryset
+
+    def get_queryset(self):
+        api_version = self.kwargs.get('api_version')
+        status = self.request.GET.get('status')
+        mobile_available = self.get_same_org_mobile_available_enrollments()
 
-        same_org = (
-            enrollment for enrollment in enrollments
-            if enrollment.course_overview and self.is_org(org, enrollment.course_overview.org)
-        )
-        mobile_available = (
-            enrollment for enrollment in same_org
-            if is_mobile_available_for_user(self.request.user, enrollment.course_overview)
-        )
         not_duration_limited = (
             enrollment for enrollment in mobile_available
             if check_course_expired(self.request.user, enrollment.course) == ACCESS_GRANTED
         )
 
+        if api_version == API_V4 and status not in EnrollmentStatuses.values():
+            primary_enrollment_obj = self.get_primary_enrollment_by_latest_enrollment_or_progress()
+            if primary_enrollment_obj:
+                mobile_available.remove(primary_enrollment_obj)
+
         if api_version == API_V05:
             # for v0.5 don't return expired courses
             return list(not_duration_limited)
         else:
             # return all courses, with associated expiration
-            return list(mobile_available)
+            return mobile_available
+
+    def get_same_org_mobile_available_enrollments(self) -> list[CourseEnrollment]:
+        """
+        Gets list with `CourseEnrollment` for mobile available courses.
+        """
+        org = self.request.query_params.get('org', None)
+
+        same_org = (
+            enrollment for enrollment in self.queryset_for_user
+            if enrollment.course_overview and self.is_org(org, enrollment.course_overview.org)
+        )
+        mobile_available = (
+            enrollment for enrollment in same_org
+            if is_mobile_available_for_user(self.request.user, enrollment.course_overview)
+        )
+        return list(mobile_available)
 
     def list(self, request, *args, **kwargs):
         response = super().list(request, *args, **kwargs)
         api_version = self.kwargs.get('api_version')
+        status = self.request.GET.get('status')
 
-        if api_version == API_V2:
+        if api_version in (API_V2, API_V3, API_V4):
             enrollment_data = {
                 'configs': MobileConfig.get_structured_configs(),
+                'user_timezone': str(self.user_timezone),
                 'enrollments': response.data
             }
+            if api_version == API_V4 and status not in EnrollmentStatuses.values():
+                primary_enrollment_obj = self.get_primary_enrollment_by_latest_enrollment_or_progress()
+                if primary_enrollment_obj:
+                    serializer = CourseEnrollmentSerializerModifiedForPrimary(
+                        primary_enrollment_obj,
+                        context=self.get_serializer_context(),
+                    )
+                    enrollment_data.update({'primary': serializer.data})
+
             return Response(enrollment_data)
 
         return response
 
+    @cached_property
+    def user_timezone(self):
+        """
+        Get the user's timezone.
+        """
+        return get_user_timezone_or_last_seen_timezone_or_utc(self.get_user())
+
+    def get_user(self) -> User:
+        """
+        Get user object by username.
+        """
+        return get_object_or_404(User, username=self.kwargs['username'])
+
+    def get_primary_enrollment_by_latest_enrollment_or_progress(self) -> Optional[CourseEnrollment]:
+        """
+        Gets primary enrollment obj by latest enrollment or latest progress on the course.
+        """
+        mobile_available = self.get_same_org_mobile_available_enrollments()
+        if not mobile_available:
+            return None
+
+        mobile_available_course_ids = [enrollment.course_id for enrollment in mobile_available]
+
+        latest_enrollment = self.queryset_for_user.filter(
+            course__id__in=mobile_available_course_ids
+        ).order_by('-created').first()
+
+        if not latest_enrollment:
+            return None
+
+        latest_progress = StudentModule.objects.filter(
+            student__username=self.kwargs['username'],
+            course_id__in=mobile_available_course_ids,
+        ).order_by('-modified').first()
+
+        if not latest_progress:
+            return latest_enrollment
+
+        enrollment_with_latest_progress = self.queryset_for_user.filter(
+            course_id=latest_progress.course_id,
+            user__username=self.kwargs['username'],
+        ).first()
+
+        if latest_enrollment.created > latest_progress.modified:
+            return latest_enrollment
+        else:
+            return enrollment_with_latest_progress
+
+    # pylint: disable=attribute-defined-outside-init
+    @property
+    def paginator(self):
+        """
+        Override API View paginator property to dynamically determine pagination class
+
+        Implements solutions from the discussion at
+        https://www.github.com/encode/django-rest-framework/issues/6397.
+        """
+        super().paginator  # pylint: disable=expression-not-assigned
+        api_version = self.kwargs.get('api_version')
+
+        if self._paginator is None and api_version == API_V3:
+            self._paginator = DefaultPagination()
+        if self._paginator is None and api_version == API_V4:
+            self._paginator = UserCourseEnrollmentsV4Pagination()
+
+        return self._paginator
+
 
 @api_view(["GET"])
 @mobile_view()
@@ -385,3 +528,11 @@ def my_user_info(request, api_version):
     # updating it from the oauth2 related code is too complex
     user_logged_in.send(sender=User, user=request.user, request=request)
     return redirect("user-detail", api_version=api_version, username=request.user.username)
+
+
+class UserCourseEnrollmentsV4Pagination(DefaultPagination):
+    """
+    Pagination for `UserCourseEnrollments` API v4.
+    """
+    page_size = 5
+    max_page_size = 50
diff --git a/lms/djangoapps/mobile_api/utils.py b/lms/djangoapps/mobile_api/utils.py
index 5dcdf9e04c62..9204b27ab49b 100644
--- a/lms/djangoapps/mobile_api/utils.py
+++ b/lms/djangoapps/mobile_api/utils.py
@@ -5,6 +5,8 @@
 API_V05 = 'v0.5'
 API_V1 = 'v1'
 API_V2 = 'v2'
+API_V3 = 'v3'
+API_V4 = 'v4'
 
 
 def parsed_version(version):
diff --git a/lms/djangoapps/staticbook/tests.py b/lms/djangoapps/staticbook/tests.py
index 81c67523f248..919ee16c4fef 100644
--- a/lms/djangoapps/staticbook/tests.py
+++ b/lms/djangoapps/staticbook/tests.py
@@ -60,7 +60,7 @@ def make_course(self, **kwargs):
         self.course = CourseFactory.create(**kwargs)
         user = UserFactory.create()
         CourseEnrollmentFactory.create(user=user, course_id=self.course.id)
-        self.client.login(username=user.username, password='test')
+        self.client.login(username=user.username, password=self.TEST_PASSWORD)
 
     def make_url(self, url_name, **kwargs):
         """
diff --git a/lms/djangoapps/survey/tests/test_models.py b/lms/djangoapps/survey/tests/test_models.py
index 0fb2b5fe7476..e8c6619da647 100644
--- a/lms/djangoapps/survey/tests/test_models.py
+++ b/lms/djangoapps/survey/tests/test_models.py
@@ -30,7 +30,7 @@ def setUp(self):
         self.client = Client()
 
         # Create two accounts
-        self.password = 'abc'
+        self.password = 'Password1234'
         self.student = UserFactory.create(
             username='student', email='student@test.com', password=self.password,
         )
diff --git a/lms/djangoapps/survey/tests/test_utils.py b/lms/djangoapps/survey/tests/test_utils.py
index 2764380b5620..4f5e86dae703 100644
--- a/lms/djangoapps/survey/tests/test_utils.py
+++ b/lms/djangoapps/survey/tests/test_utils.py
@@ -28,7 +28,7 @@ def setUp(self):
         self.client = Client()
 
         # Create two accounts
-        self.password = 'abc'
+        self.password = self.TEST_PASSWORD
         self.student = UserFactory.create(
             username='student', email='student@test.com', password=self.password,
         )
diff --git a/lms/djangoapps/survey/tests/test_views.py b/lms/djangoapps/survey/tests/test_views.py
index 1e2ff04ba9a2..07ddd34e0576 100644
--- a/lms/djangoapps/survey/tests/test_views.py
+++ b/lms/djangoapps/survey/tests/test_views.py
@@ -29,7 +29,7 @@ def setUp(self):
         self.client = Client()
 
         # Create two accounts
-        self.password = 'abc'
+        self.password = self.TEST_PASSWORD
         self.student = UserFactory.create(username='student', email='student@test.com', password=self.password)
 
         self.test_survey_name = 'TestSurvey'
diff --git a/lms/djangoapps/verify_student/tests/test_views.py b/lms/djangoapps/verify_student/tests/test_views.py
index ea2ccb891988..77ee515d3757 100644
--- a/lms/djangoapps/verify_student/tests/test_views.py
+++ b/lms/djangoapps/verify_student/tests/test_views.py
@@ -93,6 +93,8 @@ def mock_render_to_response(*args, **kwargs):
 3W+sdGFUK3GH1NAX71VxbAlFVLUetcMwai1+wXmGkRw6A7YezVFnhw==
 -----END RSA PRIVATE KEY-----"""
 
+TEST_PASSWORD = 'Password1234'
+
 
 def _mock_payment_processors():
     """
@@ -122,8 +124,8 @@ def test_start_new_verification(self):
         Test the case where the user has no pending `PhotoVerificationAttempts`,
         but is just starting their first.
         """
-        UserFactory.create(username="rusty", password="test")
-        self.client.login(username="rusty", password="test")
+        UserFactory.create(username="rusty", password=TEST_PASSWORD)
+        self.client.login(username="rusty", password=TEST_PASSWORD)
 
     def must_be_logged_in(self):
         self.assertHttpForbidden(self.client.get(self.start_url()))  # lint-amnesty, pylint: disable=no-member
@@ -1055,11 +1057,11 @@ def setUp(self):
         """ Create a user and course. """
         super().setUp()
 
-        self.user = UserFactory.create(username="test", password="test")
+        self.user = UserFactory.create(username="test", password=TEST_PASSWORD)
         self.course = CourseFactory.create()
         for mode, min_price in (('audit', 0), ('honor', 0), ('verified', 100)):
             CourseModeFactory.create(mode_slug=mode, course_id=self.course.id, min_price=min_price, sku=self.make_sku())
-        self.client.login(username="test", password="test")
+        self.client.login(username="test", password=TEST_PASSWORD)
 
     def _assert_checked_out(
         self,
@@ -1868,7 +1870,7 @@ def setUp(self):
         super().setUp()
 
         self.user = AdminFactory()
-        login_success = self.client.login(username=self.user.username, password='test')
+        login_success = self.client.login(username=self.user.username, password=TEST_PASSWORD)
         assert login_success
         self.attempt = SoftwareSecurePhotoVerification(
             status="submitted",
@@ -1895,7 +1897,7 @@ def test_photo_url_view_returns_404_if_invalid_receipt_id(self):
 
     def test_403_for_non_staff(self):
         self.user = UserFactory()
-        login_success = self.client.login(username=self.user.username, password='test')
+        login_success = self.client.login(username=self.user.username, password=TEST_PASSWORD)
         assert login_success
         url = reverse('verification_photo_urls', kwargs={'receipt_id': str(self.receipt_id)})
         response = self.client.get(url)
@@ -1934,7 +1936,7 @@ class TestDecodeImageViews(MockS3Boto3Mixin, TestVerificationBase):
     def setUp(self):
         super().setUp()
         self.user = AdminFactory()
-        login_success = self.client.login(username=self.user.username, password='test')
+        login_success = self.client.login(username=self.user.username, password=TEST_PASSWORD)
         assert login_success
 
     def _mock_submit_images(self):
@@ -1995,7 +1997,7 @@ def test_download_image_response(self, img_type, _mock_get_storage):
     @ddt.data("face", "photo_id")
     def test_403_for_non_staff(self, img_type):
         self.user = UserFactory()
-        login_success = self.client.login(username=self.user.username, password='test')
+        login_success = self.client.login(username=self.user.username, password=TEST_PASSWORD)
         assert login_success
 
         self._mock_submit_images()
diff --git a/lms/urls.py b/lms/urls.py
index 26f05a400071..78fa5c52b38c 100644
--- a/lms/urls.py
+++ b/lms/urls.py
@@ -222,7 +222,7 @@
 
 if settings.FEATURES.get('ENABLE_MOBILE_REST_API'):
     urlpatterns += [
-        re_path(r'^api/mobile/(?P<api_version>v(2|1|0.5))/', include('lms.djangoapps.mobile_api.urls')),
+        re_path(r'^api/mobile/(?P<api_version>v(4|3|2|1|0.5))/', include('lms.djangoapps.mobile_api.urls')),
     ]
 
 if settings.FEATURES.get('ENABLE_OPENBADGES'):
diff --git a/openedx/core/djangoapps/content/course_overviews/models.py b/openedx/core/djangoapps/content/course_overviews/models.py
index 55d2b8d2bb07..149159826ccf 100644
--- a/openedx/core/djangoapps/content/course_overviews/models.py
+++ b/openedx/core/djangoapps/content/course_overviews/models.py
@@ -657,7 +657,7 @@ def update_select_courses(cls, course_keys, force_update=False):
         log.info('Finished generating course overviews.')
 
     @classmethod
-    def get_all_courses(cls, orgs=None, filter_=None, active_only=False):
+    def get_all_courses(cls, orgs=None, filter_=None, active_only=False, course_keys=None):
         """
         Return a queryset containing all CourseOverview objects in the database.
 
@@ -666,12 +666,17 @@ def get_all_courses(cls, orgs=None, filter_=None, active_only=False):
                 filtering by organization.
             filter_ (dict): Optional parameter that allows custom filtering.
             active_only (bool): If provided, only the courses that have not ended will be returned.
+            course_keys (list[string]): Optional parameter that allows case-insensitive
+                filter by course ids
         """
         # Note: If a newly created course is not returned in this QueryList,
         # make sure the "publish" signal was emitted when the course was
         # created. For tests using CourseFactory, use emit_signals=True.
         course_overviews = CourseOverview.objects.all()
 
+        if course_keys:
+            course_overviews = course_overviews.filter(id__in=course_keys)
+
         if orgs:
             # In rare cases, courses belonging to the same org may be accidentally assigned
             # an org code with a different casing (e.g., Harvardx as opposed to HarvardX).
diff --git a/openedx/core/djangoapps/contentserver/test/test_contentserver.py b/openedx/core/djangoapps/contentserver/test/test_contentserver.py
index 700eff642778..e9ee1f7ee5b2 100644
--- a/openedx/core/djangoapps/contentserver/test/test_contentserver.py
+++ b/openedx/core/djangoapps/contentserver/test/test_contentserver.py
@@ -156,7 +156,7 @@ def test_locked_versioned_asset(self):
         CourseEnrollment.enroll(self.non_staff_usr, self.course_key)
         assert CourseEnrollment.is_enrolled(self.non_staff_usr, self.course_key)
 
-        self.client.login(username=self.non_staff_usr, password='test')
+        self.client.login(username=self.non_staff_usr, password=self.TEST_PASSWORD)
         resp = self.client.get(self.url_locked_versioned)
         assert resp.status_code == 200
 
@@ -167,7 +167,7 @@ def test_locked_versioned_old_styleasset(self):
         CourseEnrollment.enroll(self.non_staff_usr, self.course_key)
         assert CourseEnrollment.is_enrolled(self.non_staff_usr, self.course_key)
 
-        self.client.login(username=self.non_staff_usr, password='test')
+        self.client.login(username=self.non_staff_usr, password=self.TEST_PASSWORD)
         resp = self.client.get(self.url_locked_versioned_old_style, follow=True)
         assert resp.status_code == 200
 
@@ -185,7 +185,7 @@ def test_locked_asset_not_registered(self):
         Test that locked assets behave appropriately in case user is logged in
         in but not registered for the course.
         """
-        self.client.login(username=self.non_staff_usr, password='test')
+        self.client.login(username=self.non_staff_usr, password=self.TEST_PASSWORD)
         resp = self.client.get(self.url_locked)
         assert resp.status_code == 403
 
@@ -197,7 +197,7 @@ def test_locked_asset_registered(self):
         CourseEnrollment.enroll(self.non_staff_usr, self.course_key)
         assert CourseEnrollment.is_enrolled(self.non_staff_usr, self.course_key)
 
-        self.client.login(username=self.non_staff_usr, password='test')
+        self.client.login(username=self.non_staff_usr, password=self.TEST_PASSWORD)
         resp = self.client.get(self.url_locked)
         assert resp.status_code == 200
 
@@ -205,7 +205,7 @@ def test_locked_asset_staff(self):
         """
         Test that locked assets behave appropriately in case user is staff.
         """
-        self.client.login(username=self.staff_usr, password='test')
+        self.client.login(username=self.staff_usr, password=self.TEST_PASSWORD)
         resp = self.client.get(self.url_locked)
         assert resp.status_code == 200
 
@@ -320,7 +320,7 @@ def test_cache_headers_with_ttl_locked(self, mock_get_cache_ttl):
         CourseEnrollment.enroll(self.non_staff_usr, self.course_key)
         assert CourseEnrollment.is_enrolled(self.non_staff_usr, self.course_key)
 
-        self.client.login(username=self.non_staff_usr, password='test')
+        self.client.login(username=self.non_staff_usr, password=self.TEST_PASSWORD)
         resp = self.client.get(self.url_locked)
         assert resp.status_code == 200
         assert 'Expires' not in resp
@@ -350,7 +350,7 @@ def test_cache_headers_without_ttl_locked(self, mock_get_cache_ttl):
         CourseEnrollment.enroll(self.non_staff_usr, self.course_key)
         assert CourseEnrollment.is_enrolled(self.non_staff_usr, self.course_key)
 
-        self.client.login(username=self.non_staff_usr, password='test')
+        self.client.login(username=self.non_staff_usr, password=self.TEST_PASSWORD)
         resp = self.client.get(self.url_locked)
         assert resp.status_code == 200
         assert 'Expires' not in resp
diff --git a/openedx/core/djangoapps/course_apps/rest_api/tests/test_views.py b/openedx/core/djangoapps/course_apps/rest_api/tests/test_views.py
index 2c1e615229b6..768643a7a204 100644
--- a/openedx/core/djangoapps/course_apps/rest_api/tests/test_views.py
+++ b/openedx/core/djangoapps/course_apps/rest_api/tests/test_views.py
@@ -32,7 +32,7 @@ def setUp(self):
         self.instructor = UserFactory()
         self.user = UserFactory()
         self.client = Client()
-        self.client.login(username=self.instructor.username, password="test")
+        self.client.login(username=self.instructor.username, password=self.TEST_PASSWORD)
         self.url = reverse("course_apps_api:v1:course_apps", kwargs=dict(course_id=self.course.id))
         CourseStaffRole(self.course.id).add_users(self.instructor)
 
diff --git a/openedx/core/djangoapps/oauth_dispatch/tests/test_dot_overrides.py b/openedx/core/djangoapps/oauth_dispatch/tests/test_dot_overrides.py
index 37bc12ceaa27..dc38b18c6eef 100644
--- a/openedx/core/djangoapps/oauth_dispatch/tests/test_dot_overrides.py
+++ b/openedx/core/djangoapps/oauth_dispatch/tests/test_dot_overrides.py
@@ -31,19 +31,20 @@ class AuthenticateTestCase(TestCase):
 
     def setUp(self):
         super().setUp()
+        self.TEST_PASSWORD = 'Password1234'
         self.user = UserFactory.create(
             username='darkhelmet',
-            password='12345',
+            password=self.TEST_PASSWORD,
             email='darkhelmet@spaceball_one.org',
         )
         self.validator = EdxOAuth2Validator()
 
     def test_authenticate_with_username(self):
-        user = self.validator._authenticate(username='darkhelmet', password='12345')
+        user = self.validator._authenticate(username='darkhelmet', password=self.TEST_PASSWORD)
         assert self.user == user
 
     def test_authenticate_with_email(self):
-        user = self.validator._authenticate(username='darkhelmet@spaceball_one.org', password='12345')
+        user = self.validator._authenticate(username='darkhelmet@spaceball_one.org', password=self.TEST_PASSWORD)
         assert self.user == user
 
 
@@ -56,9 +57,10 @@ class CustomValidationTestCase(TestCase):
     """
     def setUp(self):
         super().setUp()
+        self.TEST_PASSWORD = 'Password1234'
         self.user = UserFactory.create(
             username='darkhelmet',
-            password='12345',
+            password=self.TEST_PASSWORD,
             email='darkhelmet@spaceball_one.org',
         )
         self.validator = EdxOAuth2Validator()
@@ -67,13 +69,13 @@ def setUp(self):
     def test_active_user_validates(self):
         assert self.user.is_active
         request = self.request_factory.get('/')
-        assert self.validator.validate_user('darkhelmet', '12345', client=None, request=request)
+        assert self.validator.validate_user('darkhelmet', self.TEST_PASSWORD, client=None, request=request)
 
     def test_inactive_user_validates(self):
         self.user.is_active = False
         self.user.save()
         request = self.request_factory.get('/')
-        assert self.validator.validate_user('darkhelmet', '12345', client=None, request=request)
+        assert self.validator.validate_user('darkhelmet', self.TEST_PASSWORD, client=None, request=request)
 
 
 @skip_unless_lms
@@ -87,9 +89,10 @@ class CustomAuthorizationViewTestCase(TestCase):
     """
     def setUp(self):
         super().setUp()
+        self.TEST_PASSWORD = 'Password1234'
         self.dot_adapter = adapters.DOTAdapter()
-        self.user = UserFactory()
-        self.client.login(username=self.user.username, password='test')
+        self.user = UserFactory(password=self.TEST_PASSWORD)
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
         self.restricted_dot_app = self._create_restricted_app()
         self._create_expired_token(self.restricted_dot_app)
diff --git a/openedx/core/djangoapps/oauth_dispatch/tests/test_views.py b/openedx/core/djangoapps/oauth_dispatch/tests/test_views.py
index d6ed9ca30cbf..3ed4c2aca52b 100644
--- a/openedx/core/djangoapps/oauth_dispatch/tests/test_views.py
+++ b/openedx/core/djangoapps/oauth_dispatch/tests/test_views.py
@@ -86,8 +86,9 @@ class _DispatchingViewTestCase(TestCase):
     """
     def setUp(self):
         super().setUp()
+        self.TEST_PASSWORD = 'Password1234'
         self.dot_adapter = adapters.DOTAdapter()
-        self.user = UserFactory()
+        self.user = UserFactory(password=self.TEST_PASSWORD)
         self.dot_app = self.dot_adapter.create_public_client(
             name='test dot application',
             user=self.user,
@@ -148,7 +149,7 @@ def _post_body(self, user, client, token_type=None, scope=None, asymmetric_jwt=N
 
         if grant_type == dot_models.Application.GRANT_PASSWORD:
             body['username'] = user.username
-            body['password'] = 'test'
+            body['password'] = self.TEST_PASSWORD
         elif grant_type == dot_models.Application.GRANT_CLIENT_CREDENTIALS:
             body['client_secret'] = client.client_secret
 
@@ -598,7 +599,7 @@ def setUp(self):
     @ddt.unpack
     def test_post_authorization_view(self, client_type, allow_field):
         oauth_application = getattr(self, f'{client_type}_app')
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         response = self.client.post(
             '/oauth2/authorize/',
             {
@@ -620,7 +621,7 @@ def test_check_dot_authorization_page_get(self):
         Make sure we get the overridden Authorization page - not
         the default django-oauth-toolkit when we perform a page load
         """
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         response = self.client.get(
             '/oauth2/authorize/',
             {
@@ -787,7 +788,7 @@ def access_token_post_body_with_password(self):
             'client_id': self.dot_app.client_id,
             'grant_type': 'password',
             'username': self.user.username,
-            'password': 'test',
+            'password': self.TEST_PASSWORD,
         }
 
     def access_token_post_body_with_refresh_token(self, refresh_token):
diff --git a/openedx/core/djangoapps/safe_sessions/tests/test_middleware.py b/openedx/core/djangoapps/safe_sessions/tests/test_middleware.py
index babc3160f81e..166bdc6edaf3 100644
--- a/openedx/core/djangoapps/safe_sessions/tests/test_middleware.py
+++ b/openedx/core/djangoapps/safe_sessions/tests/test_middleware.py
@@ -36,6 +36,7 @@ def setUp(self):
         self.user = UserFactory.create()
         self.addCleanup(set_current_request, None)
         self.request = get_mock_request()
+        self.TEST_PASSWORD = 'Password1234'
 
     def assert_response(self, safe_cookie_data=None, success=True):
         """
@@ -79,7 +80,7 @@ def assert_user_in_session(self):
     @patch("openedx.core.djangoapps.safe_sessions.middleware.LOG_REQUEST_USER_CHANGES", False)
     @patch("openedx.core.djangoapps.safe_sessions.middleware.track_request_user_changes")
     def test_success(self, mock_log_request_user_changes):
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         session_id = self.client.session.session_key
         safe_cookie_data = SafeCookieData.create(session_id, self.user.id)
 
@@ -106,7 +107,7 @@ def test_success(self, mock_log_request_user_changes):
     @patch("openedx.core.djangoapps.safe_sessions.middleware.LOG_REQUEST_USER_CHANGES", True)
     @patch("openedx.core.djangoapps.safe_sessions.middleware.track_request_user_changes")
     def test_log_request_user_on(self, mock_log_request_user_changes):
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         session_id = self.client.session.session_key
         safe_cookie_data = SafeCookieData.create(session_id, self.user.id)
 
@@ -134,7 +135,7 @@ def test_parse_error_at_step_1(self):
         self.assert_no_session()
 
     def test_invalid_user_at_step_4(self):
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         safe_cookie_data = SafeCookieData.create(self.client.session.session_key, 'no_such_user')
         self.request.META['HTTP_ACCEPT'] = 'text/html'
         with self.assert_incorrect_user_logged():
@@ -258,7 +259,8 @@ class TestSafeSessionMiddleware(TestSafeSessionsLogMixin, CacheIsolationTestCase
 
     def setUp(self):
         super().setUp()
-        self.user = UserFactory.create()
+        self.TEST_PASSWORD = 'Password1234'
+        self.user = UserFactory.create(password=self.TEST_PASSWORD)
         self.addCleanup(set_current_request, None)
         self.request = get_mock_request()
         self.client.response = HttpResponse()
@@ -278,7 +280,7 @@ def set_up_for_success(self):
         """
         Set up request for success path -- everything up until process_response().
         """
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
         session_id = self.client.session.session_key
         safe_cookie_data = SafeCookieData.create(session_id, self.user.id)
diff --git a/openedx/core/djangoapps/theming/tests/test_theme_style_overrides.py b/openedx/core/djangoapps/theming/tests/test_theme_style_overrides.py
index 21b9ba952a3e..d7578f25eb87 100644
--- a/openedx/core/djangoapps/theming/tests/test_theme_style_overrides.py
+++ b/openedx/core/djangoapps/theming/tests/test_theme_style_overrides.py
@@ -24,14 +24,15 @@ def setUp(self):
         Clear static file finders cache and register cleanup methods.
         """
         super().setUp()
-        self.user = UserFactory()
+        self.TEST_PASSWORD = 'Password1234'
+        self.user = UserFactory(password=self.TEST_PASSWORD)
 
         # Clear the internal staticfiles caches, to get test isolation.
         staticfiles.finders.get_finder.cache_clear()
 
     def _login(self):
         """ Log into LMS. """
-        self.client.login(username=self.user.username, password='test')
+        self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
 
     @with_comprehensive_theme("test-theme")
     def test_footer(self):
diff --git a/openedx/core/djangoapps/theming/tests/test_views.py b/openedx/core/djangoapps/theming/tests/test_views.py
index 3eefd7bed890..5b5503702cd8 100644
--- a/openedx/core/djangoapps/theming/tests/test_views.py
+++ b/openedx/core/djangoapps/theming/tests/test_views.py
@@ -13,7 +13,7 @@
 
 THEMING_ADMIN_URL = '/theming/admin'
 TEST_THEME_NAME = 'test-theme'
-TEST_PASSWORD = 'test'
+TEST_PASSWORD = 'Password1234'
 
 
 class TestThemingViews(TestCase):
diff --git a/openedx/core/djangoapps/user_api/accounts/tests/test_api.py b/openedx/core/djangoapps/user_api/accounts/tests/test_api.py
index fb4686d13934..b856f3fc845b 100644
--- a/openedx/core/djangoapps/user_api/accounts/tests/test_api.py
+++ b/openedx/core/djangoapps/user_api/accounts/tests/test_api.py
@@ -88,7 +88,7 @@ class TestAccountApi(UserSettingsEventTestMixin, EmailTemplateTagMixin, CreateAc
     This includes the specific types of error raised, and default behavior when optional arguments
     are not specified.
     """
-    password = "test"
+    password = 'Password1234'
 
     def setUp(self):
         super().setUp()
diff --git a/openedx/core/djangoapps/user_api/tests/test_views.py b/openedx/core/djangoapps/user_api/tests/test_views.py
index aaf2daf96f76..28b4c57505fc 100644
--- a/openedx/core/djangoapps/user_api/tests/test_views.py
+++ b/openedx/core/djangoapps/user_api/tests/test_views.py
@@ -33,6 +33,7 @@ class UserAPITestCase(ApiTestCase):
     Parent test case for User API workflow coverage
     """
     LIST_URI = USER_LIST_URI
+    TEST_PASSWORD = 'Password1234'
 
     def get_uri_for_user(self, target_user):
         """Given a user object, get the URI for the corresponding resource"""
diff --git a/openedx/core/djangoapps/user_api/verification_api/tests/test_views.py b/openedx/core/djangoapps/user_api/verification_api/tests/test_views.py
index 1a5d4fe46bdc..c585936e21ad 100644
--- a/openedx/core/djangoapps/user_api/verification_api/tests/test_views.py
+++ b/openedx/core/djangoapps/user_api/verification_api/tests/test_views.py
@@ -23,7 +23,7 @@ class VerificationViewTestsMixinBase:
     """ Base class for the tests on verification views """
     VIEW_NAME = None
     CREATED_AT = datetime.datetime.strptime(FROZEN_TIME, '%Y-%m-%d')
-    PASSWORD = 'test'
+    PASSWORD = 'Password1234'
 
     def setUp(self):
         freezer = freezegun.freeze_time(FROZEN_TIME)
diff --git a/openedx/core/djangoapps/user_authn/api/tests/test_views.py b/openedx/core/djangoapps/user_authn/api/tests/test_views.py
index d8ab2c37c1a1..3d5927115022 100644
--- a/openedx/core/djangoapps/user_authn/api/tests/test_views.py
+++ b/openedx/core/djangoapps/user_authn/api/tests/test_views.py
@@ -390,9 +390,9 @@ def setUp(self):
         Create a user, then log in.
         """
         super().setUp()
-        self.user = UserFactory()
+        self.user = UserFactory(password=self.TEST_PASSWORD)
         Registration().register(self.user)
-        result = self.client.login(username=self.user.username, password="test")
+        result = self.client.login(username=self.user.username, password=self.TEST_PASSWORD)
         assert result, 'Could not log in'
         self.path = reverse('send_account_activation_email')
 
diff --git a/openedx/core/djangoapps/user_authn/tests/utils.py b/openedx/core/djangoapps/user_authn/tests/utils.py
index 4b002eef310a..09ca85145f35 100644
--- a/openedx/core/djangoapps/user_authn/tests/utils.py
+++ b/openedx/core/djangoapps/user_authn/tests/utils.py
@@ -58,7 +58,7 @@ class AuthAndScopesTestMixin:
             self.student.
     """
     default_scopes = None
-    user_password = 'test'
+    user_password = 'Password1234'
 
     def setUp(self):
         super().setUp()
diff --git a/openedx/core/djangoapps/user_authn/views/tests/test_password.py b/openedx/core/djangoapps/user_authn/views/tests/test_password.py
index 764a2178af36..a403298a6e78 100644
--- a/openedx/core/djangoapps/user_authn/views/tests/test_password.py
+++ b/openedx/core/djangoapps/user_authn/views/tests/test_password.py
@@ -99,8 +99,8 @@ class TestPasswordChange(CreateAccountMixin, CacheIsolationTestCase):
 
     USERNAME = "heisenberg"
     ALTERNATE_USERNAME = "walt"
-    OLD_PASSWORD = "ḅḷüëṡḳÿ"
-    NEW_PASSWORD = "B🄸🄶B🄻🅄🄴"
+    OLD_PASSWORD = "ḅḷüëṡḳÿ1"
+    NEW_PASSWORD = "B🄸🄶B🄻🅄🄴1"
     OLD_EMAIL = "walter@graymattertech.com"
     NEW_EMAIL = "walt@savewalterwhite.com"
 
@@ -192,11 +192,11 @@ def test_password_change_from_support_tools(self, is_superuser, is_staff, reset_
         UserFactory.create(
             username='edx',
             email='edx@example.com',
-            password='edx',
+            password='Password1234',
             is_superuser=is_superuser,
             is_staff=is_staff,
         )
-        self.client.login(username='edx', password='edx')
+        self.client.login(username='edx', password='Password1234')
 
         response = self._change_password_from_support(email_from_support_tools=self.OLD_EMAIL)
         assert response.status_code == 200
diff --git a/openedx/features/course_duration_limits/access.py b/openedx/features/course_duration_limits/access.py
index ff817a315054..8f73ae2266ea 100644
--- a/openedx/features/course_duration_limits/access.py
+++ b/openedx/features/course_duration_limits/access.py
@@ -68,7 +68,7 @@ def get_user_course_duration(user, course):
     return get_expected_duration(course.id)
 
 
-def get_user_course_expiration_date(user, course):
+def get_user_course_expiration_date(user, course, enrollment=None):
     """
     Return expiration date for given user course pair.
     Return None if the course does not expire.
@@ -81,7 +81,7 @@ def get_user_course_expiration_date(user, course):
     if access_duration is None:
         return None
 
-    enrollment = CourseEnrollment.get_enrollment(user, course.id)
+    enrollment = enrollment or CourseEnrollment.get_enrollment(user, course.id)
     if enrollment is None or enrollment.mode != CourseMode.AUDIT:
         return None
 
diff --git a/openedx/features/course_duration_limits/tests/test_course_expiration.py b/openedx/features/course_duration_limits/tests/test_course_expiration.py
index 32a352d66e6e..b794ef3076c4 100644
--- a/openedx/features/course_duration_limits/tests/test_course_expiration.py
+++ b/openedx/features/course_duration_limits/tests/test_course_expiration.py
@@ -249,7 +249,7 @@ def test_masquerade(self, masquerade_config, show_expiration_banner, mock_get_co
             mode='audit'
         )
         CourseInstructorRole(self.course.id).add_users(instructor)
-        self.client.login(username=instructor.username, password='test')
+        self.client.login(username=instructor.username, password=self.TEST_PASSWORD)
 
         self.update_masquerade(**masquerade_config)
 
@@ -285,7 +285,7 @@ def test_masquerade_in_holdback(self, mock_get_course_run_details):
             mode='audit'
         )
         CourseInstructorRole(self.course.id).add_users(instructor)
-        self.client.login(username=instructor.username, password='test')
+        self.client.login(username=instructor.username, password=self.TEST_PASSWORD)
 
         self.update_masquerade(username='audit')
 
@@ -320,7 +320,7 @@ def test_masquerade_expired(self, mock_get_course_run_details):
             mode='audit'
         )
         CourseInstructorRole(self.course.id).add_users(instructor)
-        self.client.login(username=instructor.username, password='test')
+        self.client.login(username=instructor.username, password=self.TEST_PASSWORD)
 
         self.update_masquerade(username='audit')
 
@@ -370,7 +370,7 @@ def test_no_banner_when_masquerading_as_staff(self, role_factory, mock_get_cours
             mode='audit'
         )
 
-        self.client.login(username=staff_user.username, password='test')
+        self.client.login(username=staff_user.username, password=self.TEST_PASSWORD)
 
         self.update_masquerade(username=expired_staff.username)
 
@@ -418,7 +418,7 @@ def test_no_banner_when_masquerading_as_forum_staff(self, role_name, mock_get_co
             mode='audit'
         )
 
-        self.client.login(username=staff_user.username, password='test')
+        self.client.login(username=staff_user.username, password=self.TEST_PASSWORD)
 
         self.update_masquerade(username=expired_staff.username)
 
diff --git a/openedx/features/course_experience/tests/views/test_course_sock.py b/openedx/features/course_experience/tests/views/test_course_sock.py
index cdc80168ab1c..5c612e3ca85f 100644
--- a/openedx/features/course_experience/tests/views/test_course_sock.py
+++ b/openedx/features/course_experience/tests/views/test_course_sock.py
@@ -20,7 +20,7 @@
 
 from .helpers import add_course_mode
 
-TEST_PASSWORD = 'test'
+TEST_PASSWORD = 'Password1234'
 TEST_VERIFICATION_SOCK_LOCATOR = '<div class="verification-sock"'
 
 
diff --git a/openedx/features/course_experience/tests/views/test_masquerade.py b/openedx/features/course_experience/tests/views/test_masquerade.py
index 0e9660c0158d..0f555e27f7e2 100644
--- a/openedx/features/course_experience/tests/views/test_masquerade.py
+++ b/openedx/features/course_experience/tests/views/test_masquerade.py
@@ -17,7 +17,7 @@
 from .helpers import add_course_mode
 from .test_course_sock import TEST_VERIFICATION_SOCK_LOCATOR
 
-TEST_PASSWORD = 'test'
+TEST_PASSWORD = 'Password1234'
 
 
 class MasqueradeTestBase(SharedModuleStoreTestCase, MasqueradeMixin):
diff --git a/openedx/tests/xblock_integration/test_crowdsource_hinter.py b/openedx/tests/xblock_integration/test_crowdsource_hinter.py
index a2fffdc6e90c..61f1097481c7 100644
--- a/openedx/tests/xblock_integration/test_crowdsource_hinter.py
+++ b/openedx/tests/xblock_integration/test_crowdsource_hinter.py
@@ -21,8 +21,8 @@ class TestCrowdsourceHinter(SharedModuleStoreTestCase, LoginEnrollmentTestCase):
     Create the test environment with the crowdsourcehinter xblock.
     """
     STUDENTS = [
-        {'email': 'view@test.com', 'password': 'foo'},
-        {'email': 'view2@test.com', 'password': 'foo'}
+        {'email': 'view@test.com', 'password': SharedModuleStoreTestCase.TEST_PASSWORD},
+        {'email': 'view2@test.com', 'password': SharedModuleStoreTestCase.TEST_PASSWORD}
     ]
     XBLOCK_NAMES = ['crowdsourcehinter']
 
diff --git a/openedx/tests/xblock_integration/test_recommender.py b/openedx/tests/xblock_integration/test_recommender.py
index a494fc9c13c2..ae06b09db162 100644
--- a/openedx/tests/xblock_integration/test_recommender.py
+++ b/openedx/tests/xblock_integration/test_recommender.py
@@ -27,8 +27,8 @@ class TestRecommender(SharedModuleStoreTestCase, LoginEnrollmentTestCase):
     Check that Recommender state is saved properly
     """
     STUDENTS = [
-        {'email': 'view@test.com', 'password': 'foo'},
-        {'email': 'view2@test.com', 'password': 'foo'}
+        {'email': 'view@test.com', 'password': 'Password1234'},
+        {'email': 'view2@test.com', 'password': 'Password1234'}
     ]
     XBLOCK_NAMES = ['recommender', 'recommender_second']
 
@@ -141,7 +141,7 @@ def enroll_staff(self, staff):
         Staff login and enroll for the course
         """
         email = staff.email
-        password = 'test'
+        password = self.TEST_PASSWORD
         self.login(email, password)
         self.enroll(self.course, verify=True)
 
diff --git a/openedx/tests/xblock_integration/xblock_testcase.py b/openedx/tests/xblock_integration/xblock_testcase.py
index e75ca9a63d41..e9488b3f21f2 100644
--- a/openedx/tests/xblock_integration/xblock_testcase.py
+++ b/openedx/tests/xblock_integration/xblock_testcase.py
@@ -282,9 +282,9 @@ class XBlockStudentTestCaseMixin:
     Creates a default set of students for XBlock tests
     '''
     student_list = [
-        {'email': 'alice@test.edx.org', 'password': 'foo'},
-        {'email': 'bob@test.edx.org', 'password': 'foo'},
-        {'email': 'eve@test.edx.org', 'password': 'foo'},
+        {'email': 'alice@test.edx.org', 'password': 'Password1234'},
+        {'email': 'bob@test.edx.org', 'password': 'Password1234'},
+        {'email': 'eve@test.edx.org', 'password': 'Password1234'},
     ]
 
     def setUp(self):
diff --git a/xmodule/modulestore/tests/django_utils.py b/xmodule/modulestore/tests/django_utils.py
index fcc01763fdc7..952a88800f7c 100644
--- a/xmodule/modulestore/tests/django_utils.py
+++ b/xmodule/modulestore/tests/django_utils.py
@@ -369,7 +369,7 @@ class ModuleStoreTestUsersMixin():
     """
     A mixin to help manage test users.
     """
-    TEST_PASSWORD = 'test'
+    TEST_PASSWORD = 'Password1234'
 
     def create_user_for_course(self, course, user_type=CourseUserType.ENROLLED):
         """