From b3d3dc2f7fb43a59bf457dfb8e52820994a5aef0 Mon Sep 17 00:00:00 2001 From: salman2013 Date: Wed, 31 Jan 2024 18:18:26 +0500 Subject: [PATCH 01/15] chore: update API endpoints to support default JWT auth --- cms/djangoapps/api/v1/views/course_runs.py | 2 -- common/djangoapps/entitlements/rest_api/v1/views.py | 1 - .../third_party_auth/api/tests/test_permissions.py | 2 -- .../third_party_auth/saml_configuration/views.py | 2 -- .../third_party_auth/samlproviderconfig/views.py | 2 -- .../third_party_auth/samlproviderdata/views.py | 2 -- lms/djangoapps/bulk_user_retirement/views.py | 2 -- lms/djangoapps/course_home_api/outline/views.py | 1 - lms/djangoapps/discussion/rest_api/views.py | 1 - lms/djangoapps/edxnotes/views.py | 1 - lms/djangoapps/instructor_task/rest_api/v1/views.py | 9 --------- lms/djangoapps/learner_dashboard/api/v0/views.py | 10 +--------- .../support/views/feature_based_enrollments.py | 4 ---- lms/djangoapps/support/views/program_enrollments.py | 7 ------- lms/djangoapps/user_tours/v1/views.py | 3 --- .../core/djangoapps/demographics/rest_api/v1/views.py | 2 -- openedx/core/djangoapps/enrollments/views.py | 4 ---- openedx/core/djangoapps/user_api/accounts/views.py | 8 -------- openedx/core/djangoapps/waffle_utils/views.py | 5 ----- 19 files changed, 1 insertion(+), 67 deletions(-) diff --git a/cms/djangoapps/api/v1/views/course_runs.py b/cms/djangoapps/api/v1/views/course_runs.py index a0415d4e06dc..4adcb3f1c22c 100644 --- a/cms/djangoapps/api/v1/views/course_runs.py +++ b/cms/djangoapps/api/v1/views/course_runs.py @@ -3,7 +3,6 @@ from django.conf import settings from django.http import Http404 -from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication from opaque_keys.edx.keys import CourseKey from rest_framework import parsers, permissions, status, viewsets from rest_framework.authentication import SessionAuthentication @@ -21,7 +20,6 @@ class CourseRunViewSet(viewsets.GenericViewSet): # lint-amnesty, pylint: disable=missing-class-docstring - authentication_classes = (JwtAuthentication, SessionAuthentication,) lookup_value_regex = settings.COURSE_KEY_REGEX permission_classes = (permissions.IsAdminUser,) serializer_class = CourseRunSerializer diff --git a/common/djangoapps/entitlements/rest_api/v1/views.py b/common/djangoapps/entitlements/rest_api/v1/views.py index 9442dae29ccd..e682a7d7e1d1 100644 --- a/common/djangoapps/entitlements/rest_api/v1/views.py +++ b/common/djangoapps/entitlements/rest_api/v1/views.py @@ -328,7 +328,6 @@ class EntitlementEnrollmentViewSet(viewsets.GenericViewSet): - Unenroll - Switch Enrollment """ - authentication_classes = (JwtAuthentication, SessionAuthentication,) # TODO: ARCH-91 # This view is excluded from Swagger doc generation because it # does not specify a serializer class. diff --git a/common/djangoapps/third_party_auth/api/tests/test_permissions.py b/common/djangoapps/third_party_auth/api/tests/test_permissions.py index 120abc17aa82..ae2e04070341 100644 --- a/common/djangoapps/third_party_auth/api/tests/test_permissions.py +++ b/common/djangoapps/third_party_auth/api/tests/test_permissions.py @@ -4,7 +4,6 @@ import ddt from django.test import RequestFactory, TestCase -from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication from edx_rest_framework_extensions.auth.jwt.tests.utils import generate_jwt from rest_framework.authentication import SessionAuthentication from rest_framework.response import Response @@ -25,7 +24,6 @@ class ThirdPartyAuthPermissionTest(TestCase): class SomeTpaClassView(APIView): """view used to test TPA_permissions""" - authentication_classes = (JwtAuthentication, SessionAuthentication) permission_classes = (TPA_PERMISSIONS,) required_scopes = ['tpa:read'] diff --git a/common/djangoapps/third_party_auth/saml_configuration/views.py b/common/djangoapps/third_party_auth/saml_configuration/views.py index aa051aac7f97..8befffa2a6b8 100644 --- a/common/djangoapps/third_party_auth/saml_configuration/views.py +++ b/common/djangoapps/third_party_auth/saml_configuration/views.py @@ -2,7 +2,6 @@ Viewset for auth/saml/v0/saml_configuration """ -from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication from rest_framework import permissions, viewsets from rest_framework.authentication import SessionAuthentication @@ -11,7 +10,6 @@ class SAMLConfigurationMixin: - authentication_classes = (JwtAuthentication, SessionAuthentication,) permission_classes = (permissions.IsAuthenticated,) serializer_class = SAMLConfigurationSerializer diff --git a/common/djangoapps/third_party_auth/samlproviderconfig/views.py b/common/djangoapps/third_party_auth/samlproviderconfig/views.py index 08732f095093..d50e95ac2ba9 100644 --- a/common/djangoapps/third_party_auth/samlproviderconfig/views.py +++ b/common/djangoapps/third_party_auth/samlproviderconfig/views.py @@ -5,7 +5,6 @@ from django.shortcuts import get_list_or_404 from django.db.utils import IntegrityError from edx_rbac.mixins import PermissionRequiredMixin -from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication from rest_framework import permissions, viewsets, status from rest_framework.response import Response from rest_framework.authentication import SessionAuthentication @@ -20,7 +19,6 @@ class SAMLProviderMixin: - authentication_classes = [JwtAuthentication, SessionAuthentication] permission_classes = [permissions.IsAuthenticated] serializer_class = SAMLProviderConfigSerializer diff --git a/common/djangoapps/third_party_auth/samlproviderdata/views.py b/common/djangoapps/third_party_auth/samlproviderdata/views.py index f61b237c1212..e8ef9b66bb7b 100644 --- a/common/djangoapps/third_party_auth/samlproviderdata/views.py +++ b/common/djangoapps/third_party_auth/samlproviderdata/views.py @@ -8,7 +8,6 @@ from django.http import Http404 from django.shortcuts import get_object_or_404 from edx_rbac.mixins import PermissionRequiredMixin -from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication from enterprise.models import EnterpriseCustomerIdentityProvider from rest_framework import permissions, status, viewsets from rest_framework.authentication import SessionAuthentication @@ -31,7 +30,6 @@ class SAMLProviderDataMixin: - authentication_classes = [JwtAuthentication, SessionAuthentication] permission_classes = [permissions.IsAuthenticated] serializer_class = SAMLProviderDataSerializer diff --git a/lms/djangoapps/bulk_user_retirement/views.py b/lms/djangoapps/bulk_user_retirement/views.py index 14775ac32267..8207314aec45 100644 --- a/lms/djangoapps/bulk_user_retirement/views.py +++ b/lms/djangoapps/bulk_user_retirement/views.py @@ -3,7 +3,6 @@ """ import logging -from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication from django.contrib.auth import get_user_model from django.db import transaction from rest_framework import permissions, status @@ -34,7 +33,6 @@ class BulkUsersRetirementView(APIView): * usernames: Comma separated strings of usernames that should be retired. """ - authentication_classes = (JwtAuthentication, ) permission_classes = (permissions.IsAuthenticated, CanRetireUser) def post(self, request, **kwargs): # pylint: disable=unused-argument diff --git a/lms/djangoapps/course_home_api/outline/views.py b/lms/djangoapps/course_home_api/outline/views.py index 813bde793f88..91c8a6d7f15b 100644 --- a/lms/djangoapps/course_home_api/outline/views.py +++ b/lms/djangoapps/course_home_api/outline/views.py @@ -376,7 +376,6 @@ def finalize_response(self, request, response, *args, **kwargs): @api_view(['POST']) -@authentication_classes((JwtAuthentication,)) @permission_classes((IsAuthenticated,)) def dismiss_welcome_message(request): # pylint: disable=missing-function-docstring course_id = request.data.get('course_id', None) diff --git a/lms/djangoapps/discussion/rest_api/views.py b/lms/djangoapps/discussion/rest_api/views.py index bcfc9c902dd6..2fa124ffd3ed 100644 --- a/lms/djangoapps/discussion/rest_api/views.py +++ b/lms/djangoapps/discussion/rest_api/views.py @@ -1099,7 +1099,6 @@ class RetireUserView(APIView): Empty string """ - authentication_classes = (JwtAuthentication,) permission_classes = (permissions.IsAuthenticated, CanRetireUser) def post(self, request): diff --git a/lms/djangoapps/edxnotes/views.py b/lms/djangoapps/edxnotes/views.py index 54b1fa65f42d..0038eb734c4b 100644 --- a/lms/djangoapps/edxnotes/views.py +++ b/lms/djangoapps/edxnotes/views.py @@ -244,7 +244,6 @@ class RetireUserView(APIView): - EdxNotesServiceUnavailable is thrown: the edx-notes-api IDA is not available. """ - authentication_classes = (JwtAuthentication,) permission_classes = (permissions.IsAuthenticated, CanRetireUser) def post(self, request): diff --git a/lms/djangoapps/instructor_task/rest_api/v1/views.py b/lms/djangoapps/instructor_task/rest_api/v1/views.py index 3fcd226c9c0e..0993876aff4c 100644 --- a/lms/djangoapps/instructor_task/rest_api/v1/views.py +++ b/lms/djangoapps/instructor_task/rest_api/v1/views.py @@ -9,7 +9,6 @@ import dateutil from celery.states import REVOKED from django.db import transaction -from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication from rest_framework.authentication import SessionAuthentication from rest_framework.response import Response from rest_framework import generics, status @@ -35,10 +34,6 @@ class ListScheduledBulkEmailInstructorTasks(generics.ListAPIView): data also includes information about the and course email instance associated with each task. * 403: User does not have the required role to view this data. """ - authentication_classes = ( - JwtAuthentication, - SessionAuthentication, - ) permission_classes = ( CanViewOrModifyScheduledBulkCourseEmailTasks, ) @@ -74,10 +69,6 @@ class ModifyScheduledBulkEmailInstructorTask(generics.DestroyAPIView, generics.U * 403: User does not have permission to modify the object specified. * 404: Requested schedule object could not be found and thus could not be modified or removed. """ - authentication_classes = ( - JwtAuthentication, - SessionAuthentication, - ) permission_classes = ( CanViewOrModifyScheduledBulkCourseEmailTasks, ) diff --git a/lms/djangoapps/learner_dashboard/api/v0/views.py b/lms/djangoapps/learner_dashboard/api/v0/views.py index 92dac75806bf..a56fcec6e739 100644 --- a/lms/djangoapps/learner_dashboard/api/v0/views.py +++ b/lms/djangoapps/learner_dashboard/api/v0/views.py @@ -1,7 +1,6 @@ """ API v0 views. """ import logging -from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication from enterprise.models import EnterpriseCourseEnrollment from rest_framework.authentication import SessionAuthentication from rest_framework.permissions import IsAuthenticated @@ -81,8 +80,6 @@ class Programs(APIView): ] """ - authentication_classes = (JwtAuthentication, SessionAuthentication,) - permission_classes = (IsAuthenticated,) def get(self, request, enterprise_uuid): @@ -298,12 +295,7 @@ class ProgramProgressDetailView(APIView): } """ - authentication_classes = ( - JwtAuthentication, - SessionAuthentication, - ) - - permission_classes = (IsAuthenticated,) + permission_classes = (IsAuthenticated,) def get(self, request, program_uuid): """ diff --git a/lms/djangoapps/support/views/feature_based_enrollments.py b/lms/djangoapps/support/views/feature_based_enrollments.py index 929c2a30eadc..b2830e6c6a47 100644 --- a/lms/djangoapps/support/views/feature_based_enrollments.py +++ b/lms/djangoapps/support/views/feature_based_enrollments.py @@ -2,7 +2,6 @@ Support tool for viewing course duration information """ -from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication from django.utils.decorators import method_decorator from django.views.generic import View from rest_framework.authentication import SessionAuthentication @@ -43,9 +42,6 @@ class FeatureBasedEnrollmentSupportAPIView(GenericAPIView): Support-only API View for getting feature based enrollment configuration details for a course. """ - authentication_classes = ( - JwtAuthentication, SessionAuthentication - ) permission_classes = (IsAuthenticated,) @method_decorator(require_support_permission) diff --git a/lms/djangoapps/support/views/program_enrollments.py b/lms/djangoapps/support/views/program_enrollments.py index c91242319702..0c3530792d54 100644 --- a/lms/djangoapps/support/views/program_enrollments.py +++ b/lms/djangoapps/support/views/program_enrollments.py @@ -6,7 +6,6 @@ from django.db.models import Q from django.utils.decorators import method_decorator from django.views.generic import View -from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication from rest_framework.views import APIView from rest_framework.authentication import SessionAuthentication from rest_framework.response import Response @@ -77,9 +76,6 @@ class LinkProgramEnrollmentSupportAPIView(APIView): """ Support-only API View for linking learner enrollments by support staff. """ - authentication_classes = ( - JwtAuthentication, SessionAuthentication - ) permission_classes = ( IsAuthenticated, ) @@ -312,9 +308,6 @@ class ProgramEnrollmentsInspectorAPIView(ProgramEnrollmentInspector, APIView): information of a learner. """ - authentication_classes = ( - JwtAuthentication, SessionAuthentication - ) permission_classes = ( IsAuthenticated, ) diff --git a/lms/djangoapps/user_tours/v1/views.py b/lms/djangoapps/user_tours/v1/views.py index dca1964b64db..4495a08cef89 100644 --- a/lms/djangoapps/user_tours/v1/views.py +++ b/lms/djangoapps/user_tours/v1/views.py @@ -2,7 +2,6 @@ from django.conf import settings from django.db import transaction, IntegrityError from django.shortcuts import get_object_or_404 -from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication from rest_framework.authentication import SessionAuthentication from rest_framework.generics import RetrieveUpdateAPIView from rest_framework.permissions import IsAuthenticated @@ -24,7 +23,6 @@ class UserTourView(RetrieveUpdateAPIView): GET /api/user_tours/v1/{username} PATCH /api/user_tours/v1/{username} """ - authentication_classes = (JwtAuthentication,) permission_classes = (IsAuthenticated,) serializer_class = UserTourSerializer @@ -104,7 +102,6 @@ class UserDiscussionsToursView(APIView): ] """ - authentication_classes = (JwtAuthentication, SessionAuthentication) permission_classes = (IsAuthenticated,) def get(self, request, tour_id=None): diff --git a/openedx/core/djangoapps/demographics/rest_api/v1/views.py b/openedx/core/djangoapps/demographics/rest_api/v1/views.py index ab114c41f4cd..e54892dbd863 100644 --- a/openedx/core/djangoapps/demographics/rest_api/v1/views.py +++ b/openedx/core/djangoapps/demographics/rest_api/v1/views.py @@ -1,5 +1,4 @@ # lint-amnesty, pylint: disable=missing-module-docstring -from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication from rest_framework import permissions, status from rest_framework.authentication import SessionAuthentication from rest_framework.response import Response @@ -18,7 +17,6 @@ class DemographicsStatusView(APIView): The API will return whether or not to display the Demographics UI based on the User's status in the Platform """ - authentication_classes = (JwtAuthentication, SessionAuthentication) permission_classes = (permissions.IsAuthenticated, ) def _response_context(self, user, user_demographics=None): diff --git a/openedx/core/djangoapps/enrollments/views.py b/openedx/core/djangoapps/enrollments/views.py index f413cb761e14..52ec4e3b3133 100644 --- a/openedx/core/djangoapps/enrollments/views.py +++ b/openedx/core/djangoapps/enrollments/views.py @@ -421,7 +421,6 @@ class UnenrollmentView(APIView): If the request is successful, an HTTP 200 "OK" response is returned along with a list of all courses from which the user was unenrolled. """ - authentication_classes = (JwtAuthentication,) permission_classes = (permissions.IsAuthenticated, CanRetireUser,) def post(self, request): @@ -1023,9 +1022,6 @@ class EnrollmentAllowedView(APIView): """ A view that allows the retrieval and creation of enrollment allowed for a given user email and course id. """ - authentication_classes = ( - JwtAuthentication, - ) permission_classes = (permissions.IsAdminUser,) throttle_classes = (EnrollmentUserThrottle,) serializer_class = CourseEnrollmentAllowedSerializer diff --git a/openedx/core/djangoapps/user_api/accounts/views.py b/openedx/core/djangoapps/user_api/accounts/views.py index 0f0a2a6019bb..cfe9872a95f8 100644 --- a/openedx/core/djangoapps/user_api/accounts/views.py +++ b/openedx/core/djangoapps/user_api/accounts/views.py @@ -456,7 +456,6 @@ class NameChangeView(ViewSet): """ Viewset to manage profile name change requests. """ - authentication_classes = (JwtAuthentication, SessionAuthentication,) permission_classes = (permissions.IsAuthenticated,) def create(self, request): @@ -514,7 +513,6 @@ class AccountDeactivationView(APIView): Account deactivation viewset. Currently only supports POST requests. Only admins can deactivate accounts. """ - authentication_classes = (JwtAuthentication,) permission_classes = (permissions.IsAuthenticated, CanDeactivateUser) def post(self, request, username): @@ -693,7 +691,6 @@ class AccountRetirementPartnerReportView(ViewSet): ORIGINAL_NAME_KEY = 'original_name' STUDENT_ID_KEY = 'student_id' - authentication_classes = (JwtAuthentication,) permission_classes = (permissions.IsAuthenticated, CanRetireUser,) parser_classes = (JSONParser,) serializer_class = UserRetirementStatusSerializer @@ -831,7 +828,6 @@ class CancelAccountRetirementStatusView(ViewSet): """ Provides API endpoints for canceling retirement process for a user's account. """ - authentication_classes = (JwtAuthentication, SessionAuthentication) permission_classes = (permissions.IsAuthenticated, CanCancelUserRetirement,) def cancel_retirement(self, request): @@ -873,7 +869,6 @@ class AccountRetirementStatusView(ViewSet): """ Provides API endpoints for managing the user retirement process. """ - authentication_classes = (JwtAuthentication,) permission_classes = (permissions.IsAuthenticated, CanRetireUser,) parser_classes = (JSONParser,) serializer_class = UserRetirementStatusSerializer @@ -1080,7 +1075,6 @@ class LMSAccountRetirementView(ViewSet): """ Provides an API endpoint for retiring a user in the LMS. """ - authentication_classes = (JwtAuthentication,) permission_classes = (permissions.IsAuthenticated, CanRetireUser,) parser_classes = (JSONParser,) @@ -1136,7 +1130,6 @@ class AccountRetirementView(ViewSet): """ Provides API endpoint for retiring a user. """ - authentication_classes = (JwtAuthentication,) permission_classes = (permissions.IsAuthenticated, CanRetireUser,) parser_classes = (JSONParser,) @@ -1276,7 +1269,6 @@ class UsernameReplacementView(APIView): This API will be called first, before calling the APIs in other services as this one handles the checks on the usernames provided. """ - authentication_classes = (JwtAuthentication,) permission_classes = (permissions.IsAuthenticated, CanReplaceUsername) def post(self, request): diff --git a/openedx/core/djangoapps/waffle_utils/views.py b/openedx/core/djangoapps/waffle_utils/views.py index 2a26430d183a..63c0eb4db655 100644 --- a/openedx/core/djangoapps/waffle_utils/views.py +++ b/openedx/core/djangoapps/waffle_utils/views.py @@ -4,7 +4,6 @@ from collections import OrderedDict from enum import Enum -from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication from edx_rest_framework_extensions.permissions import IsStaff from edx_toggles.toggles.state import ToggleStateReport, get_or_create_toggle_response from rest_framework import views @@ -59,10 +58,6 @@ class ToggleStateView(views.APIView): An endpoint for displaying the state of toggles in edx-platform. """ - authentication_classes = ( - JwtAuthentication, - SessionAuthentication, - ) permission_classes = (IsStaff,) def get(self, request): From 139c83ff0682786d6abfe1b088236ef58386f46f Mon Sep 17 00:00:00 2001 From: salman2013 Date: Wed, 31 Jan 2024 18:18:35 +0500 Subject: [PATCH 02/15] chore: update API endpoints to support default JWT auth --- lms/djangoapps/commerce/api/v1/views.py | 1 - 1 file changed, 1 deletion(-) diff --git a/lms/djangoapps/commerce/api/v1/views.py b/lms/djangoapps/commerce/api/v1/views.py index 0e634ee36207..591f266b48a2 100644 --- a/lms/djangoapps/commerce/api/v1/views.py +++ b/lms/djangoapps/commerce/api/v1/views.py @@ -72,7 +72,6 @@ def pre_save(self, obj): class OrderView(APIView): """ Retrieve order details. """ - authentication_classes = (JwtAuthentication, SessionAuthentication,) permission_classes = (IsAuthenticatedOrActivationOverridden,) def get(self, request, number): From a73a82e12f6f44e6e2f09d05fb3e1be2549d7c81 Mon Sep 17 00:00:00 2001 From: salman2013 Date: Wed, 31 Jan 2024 18:24:45 +0500 Subject: [PATCH 03/15] chore: fix lint test case --- lms/djangoapps/learner_dashboard/api/v0/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lms/djangoapps/learner_dashboard/api/v0/views.py b/lms/djangoapps/learner_dashboard/api/v0/views.py index a56fcec6e739..6542324b0369 100644 --- a/lms/djangoapps/learner_dashboard/api/v0/views.py +++ b/lms/djangoapps/learner_dashboard/api/v0/views.py @@ -295,7 +295,7 @@ class ProgramProgressDetailView(APIView): } """ - permission_classes = (IsAuthenticated,) + permission_classes = (IsAuthenticated,) def get(self, request, program_uuid): """ From cfe675a29e232d6cf893c54d56ec1ff94a7481fa Mon Sep 17 00:00:00 2001 From: salman2013 Date: Wed, 31 Jan 2024 18:35:33 +0500 Subject: [PATCH 04/15] chore: fix pylint checks --- cms/djangoapps/api/v1/views/course_runs.py | 1 - common/djangoapps/entitlements/rest_api/v1/views.py | 1 - common/djangoapps/third_party_auth/api/tests/test_permissions.py | 1 - common/djangoapps/third_party_auth/saml_configuration/views.py | 1 - common/djangoapps/third_party_auth/samlproviderconfig/views.py | 1 - common/djangoapps/third_party_auth/samlproviderdata/views.py | 1 - 6 files changed, 6 deletions(-) diff --git a/cms/djangoapps/api/v1/views/course_runs.py b/cms/djangoapps/api/v1/views/course_runs.py index 4adcb3f1c22c..d7d62172759f 100644 --- a/cms/djangoapps/api/v1/views/course_runs.py +++ b/cms/djangoapps/api/v1/views/course_runs.py @@ -5,7 +5,6 @@ from django.http import Http404 from opaque_keys.edx.keys import CourseKey from rest_framework import parsers, permissions, status, viewsets -from rest_framework.authentication import SessionAuthentication from rest_framework.decorators import action from rest_framework.response import Response diff --git a/common/djangoapps/entitlements/rest_api/v1/views.py b/common/djangoapps/entitlements/rest_api/v1/views.py index e682a7d7e1d1..3306604d5d13 100644 --- a/common/djangoapps/entitlements/rest_api/v1/views.py +++ b/common/djangoapps/entitlements/rest_api/v1/views.py @@ -14,7 +14,6 @@ from opaque_keys import InvalidKeyError from opaque_keys.edx.keys import CourseKey from rest_framework import permissions, status, viewsets -from rest_framework.authentication import SessionAuthentication from rest_framework.response import Response from rest_framework.views import APIView diff --git a/common/djangoapps/third_party_auth/api/tests/test_permissions.py b/common/djangoapps/third_party_auth/api/tests/test_permissions.py index ae2e04070341..1cb9450c49a2 100644 --- a/common/djangoapps/third_party_auth/api/tests/test_permissions.py +++ b/common/djangoapps/third_party_auth/api/tests/test_permissions.py @@ -5,7 +5,6 @@ import ddt from django.test import RequestFactory, TestCase from edx_rest_framework_extensions.auth.jwt.tests.utils import generate_jwt -from rest_framework.authentication import SessionAuthentication from rest_framework.response import Response from rest_framework.views import APIView diff --git a/common/djangoapps/third_party_auth/saml_configuration/views.py b/common/djangoapps/third_party_auth/saml_configuration/views.py index 8befffa2a6b8..b6e6c39ffe2a 100644 --- a/common/djangoapps/third_party_auth/saml_configuration/views.py +++ b/common/djangoapps/third_party_auth/saml_configuration/views.py @@ -3,7 +3,6 @@ """ from rest_framework import permissions, viewsets -from rest_framework.authentication import SessionAuthentication from ..models import SAMLConfiguration from .serializers import SAMLConfigurationSerializer diff --git a/common/djangoapps/third_party_auth/samlproviderconfig/views.py b/common/djangoapps/third_party_auth/samlproviderconfig/views.py index d50e95ac2ba9..7286402df5bd 100644 --- a/common/djangoapps/third_party_auth/samlproviderconfig/views.py +++ b/common/djangoapps/third_party_auth/samlproviderconfig/views.py @@ -7,7 +7,6 @@ from edx_rbac.mixins import PermissionRequiredMixin from rest_framework import permissions, viewsets, status from rest_framework.response import Response -from rest_framework.authentication import SessionAuthentication from rest_framework.exceptions import ParseError, ValidationError from enterprise.models import EnterpriseCustomerIdentityProvider, EnterpriseCustomer diff --git a/common/djangoapps/third_party_auth/samlproviderdata/views.py b/common/djangoapps/third_party_auth/samlproviderdata/views.py index e8ef9b66bb7b..b5d044bd0498 100644 --- a/common/djangoapps/third_party_auth/samlproviderdata/views.py +++ b/common/djangoapps/third_party_auth/samlproviderdata/views.py @@ -10,7 +10,6 @@ from edx_rbac.mixins import PermissionRequiredMixin from enterprise.models import EnterpriseCustomerIdentityProvider from rest_framework import permissions, status, viewsets -from rest_framework.authentication import SessionAuthentication from rest_framework.decorators import action from rest_framework.exceptions import ParseError from rest_framework.response import Response From 4232527a1687dcd0ae4d13784a8c945fee8e9ffc Mon Sep 17 00:00:00 2001 From: salman2013 Date: Thu, 1 Feb 2024 11:16:21 +0500 Subject: [PATCH 05/15] chore: fix pylint tests --- lms/djangoapps/user_tours/v1/views.py | 1 - openedx/core/djangoapps/demographics/rest_api/v1/views.py | 1 - openedx/core/djangoapps/waffle_utils/views.py | 1 - 3 files changed, 3 deletions(-) diff --git a/lms/djangoapps/user_tours/v1/views.py b/lms/djangoapps/user_tours/v1/views.py index 4495a08cef89..b1b409dbcfc7 100644 --- a/lms/djangoapps/user_tours/v1/views.py +++ b/lms/djangoapps/user_tours/v1/views.py @@ -2,7 +2,6 @@ from django.conf import settings from django.db import transaction, IntegrityError from django.shortcuts import get_object_or_404 -from rest_framework.authentication import SessionAuthentication from rest_framework.generics import RetrieveUpdateAPIView from rest_framework.permissions import IsAuthenticated from rest_framework.response import Response diff --git a/openedx/core/djangoapps/demographics/rest_api/v1/views.py b/openedx/core/djangoapps/demographics/rest_api/v1/views.py index e54892dbd863..35aacc61bd24 100644 --- a/openedx/core/djangoapps/demographics/rest_api/v1/views.py +++ b/openedx/core/djangoapps/demographics/rest_api/v1/views.py @@ -1,6 +1,5 @@ # lint-amnesty, pylint: disable=missing-module-docstring from rest_framework import permissions, status -from rest_framework.authentication import SessionAuthentication from rest_framework.response import Response from rest_framework.views import APIView diff --git a/openedx/core/djangoapps/waffle_utils/views.py b/openedx/core/djangoapps/waffle_utils/views.py index 63c0eb4db655..a630976210f9 100644 --- a/openedx/core/djangoapps/waffle_utils/views.py +++ b/openedx/core/djangoapps/waffle_utils/views.py @@ -7,7 +7,6 @@ from edx_rest_framework_extensions.permissions import IsStaff from edx_toggles.toggles.state import ToggleStateReport, get_or_create_toggle_response from rest_framework import views -from rest_framework.authentication import SessionAuthentication from rest_framework.response import Response from .models import WaffleFlagCourseOverrideModel, WaffleFlagOrgOverrideModel From 26d024d6eede97999896a35ec06c416249907064 Mon Sep 17 00:00:00 2001 From: salman2013 Date: Thu, 1 Feb 2024 12:41:33 +0500 Subject: [PATCH 06/15] chore: fix pylint tests --- lms/djangoapps/support/views/program_enrollments.py | 1 - 1 file changed, 1 deletion(-) diff --git a/lms/djangoapps/support/views/program_enrollments.py b/lms/djangoapps/support/views/program_enrollments.py index 0c3530792d54..d5b264069b68 100644 --- a/lms/djangoapps/support/views/program_enrollments.py +++ b/lms/djangoapps/support/views/program_enrollments.py @@ -7,7 +7,6 @@ from django.utils.decorators import method_decorator from django.views.generic import View from rest_framework.views import APIView -from rest_framework.authentication import SessionAuthentication from rest_framework.response import Response from rest_framework.permissions import IsAuthenticated from social_django.models import UserSocialAuth From 6d819fb31496bbdf2fb6c94150886d6200f5624c Mon Sep 17 00:00:00 2001 From: salman2013 Date: Thu, 1 Feb 2024 13:00:55 +0500 Subject: [PATCH 07/15] chore: fix pylint tests --- lms/djangoapps/support/views/feature_based_enrollments.py | 1 - 1 file changed, 1 deletion(-) diff --git a/lms/djangoapps/support/views/feature_based_enrollments.py b/lms/djangoapps/support/views/feature_based_enrollments.py index b2830e6c6a47..af5861ac5e27 100644 --- a/lms/djangoapps/support/views/feature_based_enrollments.py +++ b/lms/djangoapps/support/views/feature_based_enrollments.py @@ -4,7 +4,6 @@ from django.utils.decorators import method_decorator from django.views.generic import View -from rest_framework.authentication import SessionAuthentication from rest_framework.permissions import IsAuthenticated from rest_framework.generics import GenericAPIView From 479dbe46e3d86842b6e67976cecfc536c8ad9a29 Mon Sep 17 00:00:00 2001 From: salman2013 Date: Thu, 1 Feb 2024 15:14:34 +0500 Subject: [PATCH 08/15] chore: fix pylint tests --- lms/djangoapps/learner_dashboard/api/v0/views.py | 1 - 1 file changed, 1 deletion(-) diff --git a/lms/djangoapps/learner_dashboard/api/v0/views.py b/lms/djangoapps/learner_dashboard/api/v0/views.py index 6542324b0369..1579fdd26a69 100644 --- a/lms/djangoapps/learner_dashboard/api/v0/views.py +++ b/lms/djangoapps/learner_dashboard/api/v0/views.py @@ -2,7 +2,6 @@ import logging from enterprise.models import EnterpriseCourseEnrollment -from rest_framework.authentication import SessionAuthentication from rest_framework.permissions import IsAuthenticated from rest_framework.response import Response from rest_framework.views import APIView From a7c1db9846a4c1eeca4361fb407fb4e1d6ca7377 Mon Sep 17 00:00:00 2001 From: salman2013 Date: Thu, 1 Feb 2024 15:30:27 +0500 Subject: [PATCH 09/15] chore: fix pylint tests --- lms/djangoapps/instructor_task/rest_api/v1/views.py | 1 - 1 file changed, 1 deletion(-) diff --git a/lms/djangoapps/instructor_task/rest_api/v1/views.py b/lms/djangoapps/instructor_task/rest_api/v1/views.py index 0993876aff4c..812b88e11da3 100644 --- a/lms/djangoapps/instructor_task/rest_api/v1/views.py +++ b/lms/djangoapps/instructor_task/rest_api/v1/views.py @@ -9,7 +9,6 @@ import dateutil from celery.states import REVOKED from django.db import transaction -from rest_framework.authentication import SessionAuthentication from rest_framework.response import Response from rest_framework import generics, status From 9f8cd254e524afe6badd8ee169f0ae6bdb11aec5 Mon Sep 17 00:00:00 2001 From: salman2013 Date: Thu, 1 Feb 2024 15:55:26 +0500 Subject: [PATCH 10/15] chore: fix pylint tests --- lms/djangoapps/edxnotes/views.py | 1 - 1 file changed, 1 deletion(-) diff --git a/lms/djangoapps/edxnotes/views.py b/lms/djangoapps/edxnotes/views.py index 0038eb734c4b..3e23ebe9ab47 100644 --- a/lms/djangoapps/edxnotes/views.py +++ b/lms/djangoapps/edxnotes/views.py @@ -11,7 +11,6 @@ from django.http import Http404, HttpResponse from django.urls import reverse from django.views.decorators.http import require_GET -from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication from opaque_keys.edx.keys import CourseKey from rest_framework import permissions, status from rest_framework.response import Response From fc7ecfa84aeffa68452277ef66f967145b1a1c5f Mon Sep 17 00:00:00 2001 From: salman2013 Date: Wed, 7 Feb 2024 20:36:50 +0500 Subject: [PATCH 11/15] chore: update API endpoints to support default JWT auth --- lms/djangoapps/discussion/rest_api/views.py | 1 - openedx/core/djangoapps/agreements/views.py | 2 -- 2 files changed, 3 deletions(-) diff --git a/lms/djangoapps/discussion/rest_api/views.py b/lms/djangoapps/discussion/rest_api/views.py index 2fa124ffd3ed..b62356a45dba 100644 --- a/lms/djangoapps/discussion/rest_api/views.py +++ b/lms/djangoapps/discussion/rest_api/views.py @@ -1146,7 +1146,6 @@ class ReplaceUsernamesView(APIView): """ - authentication_classes = (JwtAuthentication,) permission_classes = (permissions.IsAuthenticated, CanReplaceUsername) def post(self, request): diff --git a/openedx/core/djangoapps/agreements/views.py b/openedx/core/djangoapps/agreements/views.py index 82de8caabf00..4c9cf3ddca30 100644 --- a/openedx/core/djangoapps/agreements/views.py +++ b/openedx/core/djangoapps/agreements/views.py @@ -7,7 +7,6 @@ from rest_framework import status from rest_framework.views import APIView from rest_framework.response import Response -from rest_framework.authentication import SessionAuthentication from rest_framework.permissions import IsAuthenticated from opaque_keys.edx.keys import CourseKey @@ -34,7 +33,6 @@ class AuthenticatedAPIView(APIView): """ Authenticated API View. """ - authentication_classes = (SessionAuthentication, JwtAuthentication) permission_classes = (IsAuthenticated,) From b9622e35c5699fd8c830e0b03bca1d269b8fc76c Mon Sep 17 00:00:00 2001 From: salman2013 Date: Wed, 7 Feb 2024 20:51:03 +0500 Subject: [PATCH 12/15] chore: fix pylint test --- openedx/core/djangoapps/agreements/views.py | 1 - 1 file changed, 1 deletion(-) diff --git a/openedx/core/djangoapps/agreements/views.py b/openedx/core/djangoapps/agreements/views.py index 4c9cf3ddca30..cc928669ffdd 100644 --- a/openedx/core/djangoapps/agreements/views.py +++ b/openedx/core/djangoapps/agreements/views.py @@ -3,7 +3,6 @@ """ from django.conf import settings -from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication from rest_framework import status from rest_framework.views import APIView from rest_framework.response import Response From ec4a2b2864b5dbbd6338d29cf591171f0c572395 Mon Sep 17 00:00:00 2001 From: salman2013 Date: Wed, 7 Feb 2024 21:22:39 +0500 Subject: [PATCH 13/15] chore: fix test --- lms/djangoapps/discussion/rest_api/views.py | 1 + 1 file changed, 1 insertion(+) diff --git a/lms/djangoapps/discussion/rest_api/views.py b/lms/djangoapps/discussion/rest_api/views.py index b62356a45dba..2fa124ffd3ed 100644 --- a/lms/djangoapps/discussion/rest_api/views.py +++ b/lms/djangoapps/discussion/rest_api/views.py @@ -1146,6 +1146,7 @@ class ReplaceUsernamesView(APIView): """ + authentication_classes = (JwtAuthentication,) permission_classes = (permissions.IsAuthenticated, CanReplaceUsername) def post(self, request): From 8b01f0ec67241c430db8b7c847298b46854e9719 Mon Sep 17 00:00:00 2001 From: salman2013 Date: Tue, 13 Feb 2024 19:13:34 +0500 Subject: [PATCH 14/15] chore: remove JWT auth override --- lms/djangoapps/discussion/rest_api/views.py | 1 - 1 file changed, 1 deletion(-) diff --git a/lms/djangoapps/discussion/rest_api/views.py b/lms/djangoapps/discussion/rest_api/views.py index 2fa124ffd3ed..b62356a45dba 100644 --- a/lms/djangoapps/discussion/rest_api/views.py +++ b/lms/djangoapps/discussion/rest_api/views.py @@ -1146,7 +1146,6 @@ class ReplaceUsernamesView(APIView): """ - authentication_classes = (JwtAuthentication,) permission_classes = (permissions.IsAuthenticated, CanReplaceUsername) def post(self, request): From 44cc9b78731ed83e022376899db3e57aa10ff1f6 Mon Sep 17 00:00:00 2001 From: salman2013 Date: Tue, 13 Feb 2024 19:56:20 +0500 Subject: [PATCH 15/15] chore: fix unit test case --- lms/djangoapps/discussion/rest_api/tests/test_views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lms/djangoapps/discussion/rest_api/tests/test_views.py b/lms/djangoapps/discussion/rest_api/tests/test_views.py index 1782a574b05a..1ebed6380de4 100644 --- a/lms/djangoapps/discussion/rest_api/tests/test_views.py +++ b/lms/djangoapps/discussion/rest_api/tests/test_views.py @@ -675,7 +675,7 @@ def test_auth(self): # Test unauthenticated response = self.client.post(self.url, data) - assert response.status_code == 401 + assert response.status_code == 403 # Test non-service worker random_user = UserFactory()