Skip to content

Commit 57b480b

Browse files
authored
Update all edx-platform REST endpoints to support JWT Auth (openedx#34152)
* chore: update API endpoints to support default JWT auth The default DRF Auth classes were recently updated to allow for both JWT and Session auth by default. Any endpoint that overrides the AUTHENTICATION_CLASSES but has just session, just JWT or just both of those should be updated to remove the override. Details in openedx#33662
1 parent 45547ca commit 57b480b

File tree

22 files changed

+1
-86
lines changed

22 files changed

+1
-86
lines changed

cms/djangoapps/api/v1/views/course_runs.py

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,10 +3,8 @@
33

44
from django.conf import settings
55
from django.http import Http404
6-
from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication
76
from opaque_keys.edx.keys import CourseKey
87
from rest_framework import parsers, permissions, status, viewsets
9-
from rest_framework.authentication import SessionAuthentication
108
from rest_framework.decorators import action
119
from rest_framework.response import Response
1210

@@ -21,7 +19,6 @@
2119

2220

2321
class CourseRunViewSet(viewsets.GenericViewSet): # lint-amnesty, pylint: disable=missing-class-docstring
24-
authentication_classes = (JwtAuthentication, SessionAuthentication,)
2522
lookup_value_regex = settings.COURSE_KEY_REGEX
2623
permission_classes = (permissions.IsAdminUser,)
2724
serializer_class = CourseRunSerializer

common/djangoapps/entitlements/rest_api/v1/views.py

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,6 @@
1414
from opaque_keys import InvalidKeyError
1515
from opaque_keys.edx.keys import CourseKey
1616
from rest_framework import permissions, status, viewsets
17-
from rest_framework.authentication import SessionAuthentication
1817
from rest_framework.response import Response
1918
from rest_framework.views import APIView
2019

@@ -328,7 +327,6 @@ class EntitlementEnrollmentViewSet(viewsets.GenericViewSet):
328327
- Unenroll
329328
- Switch Enrollment
330329
"""
331-
authentication_classes = (JwtAuthentication, SessionAuthentication,)
332330
# TODO: ARCH-91
333331
# This view is excluded from Swagger doc generation because it
334332
# does not specify a serializer class.

common/djangoapps/third_party_auth/api/tests/test_permissions.py

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,9 +4,7 @@
44

55
import ddt
66
from django.test import RequestFactory, TestCase
7-
from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication
87
from edx_rest_framework_extensions.auth.jwt.tests.utils import generate_jwt
9-
from rest_framework.authentication import SessionAuthentication
108
from rest_framework.response import Response
119
from rest_framework.views import APIView
1210

@@ -25,7 +23,6 @@ class ThirdPartyAuthPermissionTest(TestCase):
2523

2624
class SomeTpaClassView(APIView):
2725
"""view used to test TPA_permissions"""
28-
authentication_classes = (JwtAuthentication, SessionAuthentication)
2926
permission_classes = (TPA_PERMISSIONS,)
3027
required_scopes = ['tpa:read']
3128

common/djangoapps/third_party_auth/saml_configuration/views.py

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,16 +2,13 @@
22
Viewset for auth/saml/v0/saml_configuration
33
"""
44

5-
from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication
65
from rest_framework import permissions, viewsets
7-
from rest_framework.authentication import SessionAuthentication
86

97
from ..models import SAMLConfiguration
108
from .serializers import SAMLConfigurationSerializer
119

1210

1311
class SAMLConfigurationMixin:
14-
authentication_classes = (JwtAuthentication, SessionAuthentication,)
1512
permission_classes = (permissions.IsAuthenticated,)
1613
serializer_class = SAMLConfigurationSerializer
1714

common/djangoapps/third_party_auth/samlproviderconfig/views.py

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,10 +5,8 @@
55
from django.shortcuts import get_list_or_404
66
from django.db.utils import IntegrityError
77
from edx_rbac.mixins import PermissionRequiredMixin
8-
from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication
98
from rest_framework import permissions, viewsets, status
109
from rest_framework.response import Response
11-
from rest_framework.authentication import SessionAuthentication
1210
from rest_framework.exceptions import ParseError, ValidationError
1311

1412
from enterprise.models import EnterpriseCustomerIdentityProvider, EnterpriseCustomer
@@ -20,7 +18,6 @@
2018

2119

2220
class SAMLProviderMixin:
23-
authentication_classes = [JwtAuthentication, SessionAuthentication]
2421
permission_classes = [permissions.IsAuthenticated]
2522
serializer_class = SAMLProviderConfigSerializer
2623

common/djangoapps/third_party_auth/samlproviderdata/views.py

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -8,10 +8,8 @@
88
from django.http import Http404
99
from django.shortcuts import get_object_or_404
1010
from edx_rbac.mixins import PermissionRequiredMixin
11-
from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication
1211
from enterprise.models import EnterpriseCustomerIdentityProvider
1312
from rest_framework import permissions, status, viewsets
14-
from rest_framework.authentication import SessionAuthentication
1513
from rest_framework.decorators import action
1614
from rest_framework.exceptions import ParseError
1715
from rest_framework.response import Response
@@ -31,7 +29,6 @@
3129

3230

3331
class SAMLProviderDataMixin:
34-
authentication_classes = [JwtAuthentication, SessionAuthentication]
3532
permission_classes = [permissions.IsAuthenticated]
3633
serializer_class = SAMLProviderDataSerializer
3734

lms/djangoapps/bulk_user_retirement/views.py

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,6 @@
33
"""
44
import logging
55

6-
from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication
76
from django.contrib.auth import get_user_model
87
from django.db import transaction
98
from rest_framework import permissions, status
@@ -34,7 +33,6 @@ class BulkUsersRetirementView(APIView):
3433
3534
* usernames: Comma separated strings of usernames that should be retired.
3635
"""
37-
authentication_classes = (JwtAuthentication, )
3836
permission_classes = (permissions.IsAuthenticated, CanRetireUser)
3937

4038
def post(self, request, **kwargs): # pylint: disable=unused-argument

lms/djangoapps/commerce/api/v1/views.py

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -72,7 +72,6 @@ def pre_save(self, obj):
7272
class OrderView(APIView):
7373
""" Retrieve order details. """
7474

75-
authentication_classes = (JwtAuthentication, SessionAuthentication,)
7675
permission_classes = (IsAuthenticatedOrActivationOverridden,)
7776

7877
def get(self, request, number):

lms/djangoapps/course_home_api/outline/views.py

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -376,7 +376,6 @@ def finalize_response(self, request, response, *args, **kwargs):
376376

377377

378378
@api_view(['POST'])
379-
@authentication_classes((JwtAuthentication,))
380379
@permission_classes((IsAuthenticated,))
381380
def dismiss_welcome_message(request): # pylint: disable=missing-function-docstring
382381
course_id = request.data.get('course_id', None)

lms/djangoapps/discussion/rest_api/tests/test_views.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -675,7 +675,7 @@ def test_auth(self):
675675

676676
# Test unauthenticated
677677
response = self.client.post(self.url, data)
678-
assert response.status_code == 401
678+
assert response.status_code == 403
679679

680680
# Test non-service worker
681681
random_user = UserFactory()

0 commit comments

Comments
 (0)