Skip to content

Commit

Permalink
fix: Removed JWT constants from CMS and added comments on how to gene…
Browse files Browse the repository at this point in the history 
…rate them
  • Loading branch information
@rijuma
rijuma committed Jan 23, 2025
1 parent 5d494fe commit 747289b
Show file tree
Hide file tree
Showing 8 changed files with 12 additions and 50 deletions.
9 changes: 0 additions & 9 deletions cms/envs/common.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2530,15 +2530,6 @@
EXAMS_SERVICE_URL = 'http://localhost:18740/api/v1'
EXAMS_SERVICE_USERNAME = 'edx_exams_worker'

############## Settings for JWT token handling ##############
TOKEN_SIGNING = {
'JWT_ISSUER': 'http://127.0.0.1:8740',
'JWT_SIGNING_ALGORITHM': 'RS512',
'JWT_SUPPORTED_VERSION': '1.2.0',
'JWT_PRIVATE_SIGNING_JWK': None,
'JWT_PUBLIC_SIGNING_JWK_SET': None,
}

FINANCIAL_REPORTS = {
'STORAGE_TYPE': 'localfs',
'BUCKET': None,
Expand Down
31 changes: 0 additions & 31 deletions cms/envs/test.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -343,34 +343,3 @@
}
}
}

############## Settings for JWT token handling ##############
TOKEN_SIGNING = {
'JWT_ISSUER': 'token-test-issuer',
'JWT_SIGNING_ALGORITHM': 'RS512',
'JWT_SUPPORTED_VERSION': '1.2.0',
'JWT_PRIVATE_SIGNING_JWK': '''{
"e": "AQAB",
"d": "HIiV7KNjcdhVbpn3KT-I9n3JPf5YbGXsCIedmPqDH1d4QhBofuAqZ9zebQuxkRUpmqtYMv0Zi6ECSUqH387GYQF_XvFUFcjQRPycISd8TH0DAKaDpGr-AYNshnKiEtQpINhcP44I1AYNPCwyoxXA1fGTtmkKChsuWea7o8kytwU5xSejvh5-jiqu2SF4GEl0BEXIAPZsgbzoPIWNxgO4_RzNnWs6nJZeszcaDD0CyezVSuH9QcI6g5QFzAC_YuykSsaaFJhZ05DocBsLczShJ9Omf6PnK9xlm26I84xrEh_7x4fVmNBg3xWTLh8qOnHqGko93A1diLRCrKHOvnpvgQ",
"n": "o5cn3ljSRi6FaDEKTn0PS-oL9EFyv1pI7dRgffQLD1qf5D6sprmYfWWokSsrWig8u2y0HChSygR6Jn5KXBqQn6FpM0dDJLnWQDRXHLl3Ey1iPYgDSmOIsIGrV9ZyNCQwk03wAgWbfdBTig3QSDYD-sTNOs3pc4UD_PqAvU2nz_1SS2ZiOwOn5F6gulE1L0iE3KEUEvOIagfHNVhz0oxa_VRZILkzV-zr6R_TW1m97h4H8jXl_VJyQGyhMGGypuDrQ9_vaY_RLEulLCyY0INglHWQ7pckxBtI5q55-Vio2wgewe2_qYcGsnBGaDNbySAsvYcWRrqDiFyzrJYivodqTQ",
"q": "3T3DEtBUka7hLGdIsDlC96Uadx_q_E4Vb1cxx_4Ss_wGp1Loz3N3ZngGyInsKlmbBgLo1Ykd6T9TRvRNEWEtFSOcm2INIBoVoXk7W5RuPa8Cgq2tjQj9ziGQ08JMejrPlj3Q1wmALJr5VTfvSYBu0WkljhKNCy1KB6fCby0C9WE",
"p": "vUqzWPZnDG4IXyo-k5F0bHV0BNL_pVhQoLW7eyFHnw74IOEfSbdsMspNcPSFIrtgPsn7981qv3lN_staZ6JflKfHayjB_lvltHyZxfl0dvruShZOx1N6ykEo7YrAskC_qxUyrIvqmJ64zPW3jkuOYrFs7Ykj3zFx3Zq1H5568G0",
"kid": "token-test-sign", "kty": "RSA"
}''',
'JWT_PUBLIC_SIGNING_JWK_SET': '''{
"keys": [
{
"kid":"token-test-wrong-key",
"e": "AQAB",
"kty": "RSA",
"n": "o5cn3ljSRi6FaDEKTn0PS-oL9EFyv1pI7dffgRQLD1qf5D6sprmYfWVokSsrWig8u2y0HChSygR6Jn5KXBqQn6FpM0dDJLnWQDRXHLl3Ey1iPYgDSmOIsIGrV9ZyNCQwk03wAgWbfdBTig3QSDYD-sTNOs3pc4UD_PqAvU2nz_1SS2ZiOwOn5F6gulE1L0iE3KEUEvOIagfHNVhz0oxa_VRZILkzV-zr6R_TW1m97h4H8jXl_VJyQGyhMGGypuDrQ9_vaY_RLEulLCyY0INglHWQ7pckxBtI5q55-Vio2wgewe2_qYcGsnBGaDNbySAsvYcWRrqDiFyzrJYivodqTQ"
},
{
"kid":"token-test-sign",
"e": "AQAB",
"kty": "RSA",
"n": "o5cn3ljSRi6FaDEKTn0PS-oL9EFyv1pI7dRgffQLD1qf5D6sprmYfWWokSsrWig8u2y0HChSygR6Jn5KXBqQn6FpM0dDJLnWQDRXHLl3Ey1iPYgDSmOIsIGrV9ZyNCQwk03wAgWbfdBTig3QSDYD-sTNOs3pc4UD_PqAvU2nz_1SS2ZiOwOn5F6gulE1L0iE3KEUEvOIagfHNVhz0oxa_VRZILkzV-zr6R_TW1m97h4H8jXl_VJyQGyhMGGypuDrQ9_vaY_RLEulLCyY0INglHWQ7pckxBtI5q55-Vio2wgewe2_qYcGsnBGaDNbySAsvYcWRrqDiFyzrJYivodqTQ"
}
]
}''',
}
6 changes: 6 additions & 0 deletions lms/envs/common.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4320,6 +4320,12 @@ def _make_locale_paths(settings): # pylint: disable=missing-function-docstring
'JWT_PUBLIC_SIGNING_JWK_SET': None,
}

# NOTE: In order to create both JWT_PRIVATE_SIGNING_JWK and JWT_PUBLIC_SIGNING_JWK_SET,
# start devstack on an lms shell and then run the command:
# > python manage.py lms generate_jwt_signing_key
# This will output asymmetric JWTs to use here. Read more on this on:
# https://github.com/openedx/edx-platform/blob/master/openedx/core/djangoapps/oauth_dispatch/docs/decisions/0008-use-asymmetric-jwts.rst

COURSE_CATALOG_URL_ROOT = 'http://localhost:8008'
COURSE_CATALOG_API_URL = f'{COURSE_CATALOG_URL_ROOT}/api/v1'

Expand Down
3 changes: 3 additions & 0 deletions openedx/core/lib/tests/test_jwt.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
from jwkest import BadSignature, Expired, Invalid, MissingKey, jwk
from jwkest.jws import JWS

from openedx.core.djangolib.testing.utils import skip_unless_lms
from openedx.core.lib.jwt import _encode_and_sign, create_jwt, unpack_jwt


Expand All @@ -24,6 +25,7 @@
}


@skip_unless_lms
class TestSign(unittest.TestCase):
"""
Tests for JWT creation and signing.
Expand Down Expand Up @@ -66,6 +68,7 @@ def _verify_jwt(jwt_token):
return decoded


@skip_unless_lms
class TestUnpack(unittest.TestCase):
"""
Tests for JWT unpacking.
Expand Down
5 changes: 3 additions & 2 deletions requirements/edx/base.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,9 @@ boto3==1.36.3
# ora2
botocore==1.36.3
# via
# -r requirements/edx/kernel.in
# boto3
# s3transfer
bridgekeeper==0.9
# via -r requirements/edx/kernel.in
cachecontrol==0.14.2
Expand Down Expand Up @@ -534,8 +537,6 @@ edx-toggles==5.2.0
# edxval
# event-tracking
# ora2
edx-token-utils==0.2.1
# via -r requirements/edx/kernel.in
edx-when==2.5.1
# via
# -r requirements/edx/kernel.in
Expand Down
4 changes: 0 additions & 4 deletions requirements/edx/development.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -844,10 +844,6 @@ edx-toggles==5.2.0
# edxval
# event-tracking
# ora2
edx-token-utils==0.2.1
# via
# -r requirements/edx/doc.txt
# -r requirements/edx/testing.txt
edx-when==2.5.1
# via
# -r requirements/edx/doc.txt
Expand Down
2 changes: 0 additions & 2 deletions requirements/edx/doc.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -628,8 +628,6 @@ edx-toggles==5.2.0
# edxval
# event-tracking
# ora2
edx-token-utils==0.2.1
# via -r requirements/edx/base.txt
edx-when==2.5.1
# via
# -r requirements/edx/base.txt
Expand Down
2 changes: 0 additions & 2 deletions requirements/edx/testing.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -651,8 +651,6 @@ edx-toggles==5.2.0
# edxval
# event-tracking
# ora2
edx-token-utils==0.2.1
# via -r requirements/edx/base.txt
edx-when==2.5.1
# via
# -r requirements/edx/base.txt
Expand Down

0 comments on commit 747289b

Please sign in to comment.