From 4a640fec8b373385fa2b979c7def5205a1e92df2 Mon Sep 17 00:00:00 2001 From: salman2013 Date: Thu, 12 Oct 2023 11:27:45 +0500 Subject: [PATCH 1/3] chore: update drf endpoints to use default authentication --- lms/djangoapps/commerce/api/v0/views.py | 1 - lms/djangoapps/support/views/feature_based_enrollments.py | 3 --- openedx/core/djangoapps/user_api/views.py | 4 ---- 3 files changed, 8 deletions(-) diff --git a/lms/djangoapps/commerce/api/v0/views.py b/lms/djangoapps/commerce/api/v0/views.py index b0fa4fcc6e..629935e67b 100644 --- a/lms/djangoapps/commerce/api/v0/views.py +++ b/lms/djangoapps/commerce/api/v0/views.py @@ -164,7 +164,6 @@ class BasketOrderView(APIView): Retrieve the order associated with a basket. """ - authentication_classes = (SessionAuthentication,) permission_classes = (IsAuthenticated,) def get(self, request, *_args, **kwargs): diff --git a/lms/djangoapps/support/views/feature_based_enrollments.py b/lms/djangoapps/support/views/feature_based_enrollments.py index 929c2a30ea..018bd59cc0 100644 --- a/lms/djangoapps/support/views/feature_based_enrollments.py +++ b/lms/djangoapps/support/views/feature_based_enrollments.py @@ -43,9 +43,6 @@ class FeatureBasedEnrollmentSupportAPIView(GenericAPIView): Support-only API View for getting feature based enrollment configuration details for a course. """ - authentication_classes = ( - JwtAuthentication, SessionAuthentication - ) permission_classes = (IsAuthenticated,) @method_decorator(require_support_permission) diff --git a/openedx/core/djangoapps/user_api/views.py b/openedx/core/djangoapps/user_api/views.py index 421a23adf6..f80a8ffdc7 100644 --- a/openedx/core/djangoapps/user_api/views.py +++ b/openedx/core/djangoapps/user_api/views.py @@ -31,7 +31,6 @@ class UserViewSet(viewsets.ReadOnlyModelViewSet): """ DRF class for interacting with the User ORM object """ - authentication_classes = (authentication.SessionAuthentication,) permission_classes = (ApiKeyHeaderPermission,) queryset = User.objects.all().prefetch_related("preferences").select_related("profile") serializer_class = UserSerializer @@ -43,7 +42,6 @@ class ForumRoleUsersListView(generics.ListAPIView): """ Forum roles are represented by a list of user dicts """ - authentication_classes = (authentication.SessionAuthentication,) permission_classes = (ApiKeyHeaderPermission,) serializer_class = UserSerializer paginate_by = 10 @@ -67,7 +65,6 @@ class UserPreferenceViewSet(viewsets.ReadOnlyModelViewSet): """ DRF class for interacting with the UserPreference ORM """ - authentication_classes = (authentication.SessionAuthentication,) permission_classes = (ApiKeyHeaderPermission,) queryset = UserPreference.objects.all() filter_backends = (DjangoFilterBackend,) @@ -81,7 +78,6 @@ class PreferenceUsersListView(generics.ListAPIView): """ DRF class for listing a user's preferences """ - authentication_classes = (authentication.SessionAuthentication,) permission_classes = (ApiKeyHeaderPermission,) serializer_class = UserSerializer paginate_by = 10 From 5bbc17fd053cfbeaefed686590b828888a60b8e3 Mon Sep 17 00:00:00 2001 From: salman2013 Date: Thu, 12 Oct 2023 11:48:00 +0500 Subject: [PATCH 2/3] chore: fix test case --- lms/djangoapps/commerce/api/v0/views.py | 1 - 1 file changed, 1 deletion(-) diff --git a/lms/djangoapps/commerce/api/v0/views.py b/lms/djangoapps/commerce/api/v0/views.py index 629935e67b..1022173503 100644 --- a/lms/djangoapps/commerce/api/v0/views.py +++ b/lms/djangoapps/commerce/api/v0/views.py @@ -9,7 +9,6 @@ from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthenticat from opaque_keys import InvalidKeyError from opaque_keys.edx.keys import CourseKey from requests.exceptions import HTTPError -from rest_framework.authentication import SessionAuthentication from rest_framework.permissions import IsAuthenticated from rest_framework.status import HTTP_406_NOT_ACCEPTABLE, HTTP_409_CONFLICT from rest_framework.views import APIView From f2bf2890217e657d7b59d5555233e63c6cb03131 Mon Sep 17 00:00:00 2001 From: salman2013 Date: Thu, 12 Oct 2023 15:01:14 +0500 Subject: [PATCH 3/3] chore: test cases --- lms/djangoapps/support/views/feature_based_enrollments.py | 3 +++ openedx/core/djangoapps/user_api/views.py | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/lms/djangoapps/support/views/feature_based_enrollments.py b/lms/djangoapps/support/views/feature_based_enrollments.py index 018bd59cc0..929c2a30ea 100644 --- a/lms/djangoapps/support/views/feature_based_enrollments.py +++ b/lms/djangoapps/support/views/feature_based_enrollments.py @@ -43,6 +43,9 @@ class FeatureBasedEnrollmentSupportAPIView(GenericAPIView): Support-only API View for getting feature based enrollment configuration details for a course. """ + authentication_classes = ( + JwtAuthentication, SessionAuthentication + ) permission_classes = (IsAuthenticated,) @method_decorator(require_support_permission) diff --git a/openedx/core/djangoapps/user_api/views.py b/openedx/core/djangoapps/user_api/views.py index f80a8ffdc7..b4fcc68db6 100644 --- a/openedx/core/djangoapps/user_api/views.py +++ b/openedx/core/djangoapps/user_api/views.py @@ -10,7 +10,7 @@ from edx_rest_framework_extensions.auth.session.authentication import SessionAut from opaque_keys import InvalidKeyError from opaque_keys.edx import locator from opaque_keys.edx.keys import CourseKey -from rest_framework import authentication, generics, status, viewsets +from rest_framework import generics, status, viewsets from rest_framework.exceptions import ParseError from rest_framework.permissions import IsAuthenticated from rest_framework.views import APIView