Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #18012 from edx/roux/oauth2-retire

Browse Source 
EDUCATOR-2703: adds user retirement to OAuth2 tables
This commit is contained in:
Alessandro Roux
2018-05-03 09:18:56 -04:00
committed by GitHub
parent 2809649082 0094443b19
commit 197f1fb17a
2 changed files with 141 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
openedx/core/djangolib/oauth2_retirement_utils.py Normal file
View File

@@ -0,0 +1,52 @@
"""
Removes user PII from OAuth2 models.
"""
from oauth2_provider.models import (
AccessToken as DOTAccessToken,
Application as DOTApplication,
Grant as DOTGrant,
RefreshToken as DOTRefreshToken,
)
from provider.oauth2.models import (
AccessToken as DOPAccessToken,
RefreshToken as DOPRefreshToken,
Grant as DOPGrant,
)
class ModelRetirer(object):
"""
Given a list of model names, provides methods for deleting instances of
those models.
"""
def __init__(self, models_to_retire):
self._models_to_retire = models_to_retire
def retire_user_by_id(self, user_id):
for model in self._models_to_retire:
self._delete_user_id_from(model=model, user_id=user_id)
@staticmethod
def _delete_user_id_from(model, user_id):
"""
Deletes a user from a model by their user id.
"""
user_query_results = model.objects.filter(user_id=user_id)
if not user_query_results.exists():
return False
user_query_results.delete()
return True
def retire_dot_oauth2_models(user):
dot_models = [DOTAccessToken, DOTApplication, DOTGrant, DOTRefreshToken]
ModelRetirer(dot_models).retire_user_by_id(user.id)
def retire_dop_oauth2_models(user):
dop_models = [DOPAccessToken, DOPGrant, DOPRefreshToken]
ModelRetirer(dop_models).retire_user_by_id(user.id)

89
openedx/core/djangolib/tests/test_oauth2_retirement_utils.py Normal file
View File

@@ -0,0 +1,89 @@
"""
Contains tests for OAuth2 model-retirement methods.
"""
import datetime
from django.test import TestCase
from openedx.core.djangoapps.oauth_dispatch.tests import factories
from student.tests.factories import UserFactory
from oauth2_provider.models import (
AccessToken as DOTAccessToken,
Application as DOTApplication,
RefreshToken as DOTRefreshToken,
Grant as DOTGrant,
)
from provider.oauth2.models import (
AccessToken as DOPAccessToken,
RefreshToken as DOPRefreshToken,
Grant as DOPGrant,
Client as DOPClient,
)
from ..oauth2_retirement_utils import (
retire_dop_oauth2_models,
retire_dot_oauth2_models,
)
class RetireDOTModelsTest(TestCase):
def test_delete_dot_models(self):
user = UserFactory.create()
app = factories.ApplicationFactory(user=user)
access_token = factories.AccessTokenFactory(
user=user,
application=app
)
factories.RefreshTokenFactory(
user=user,
application=app,
access_token=access_token,
)
DOTGrant.objects.create(
user=user,
application=app,
expires=datetime.datetime(2018, 1, 1),
)
retire_dot_oauth2_models(user)
applications = DOTApplication.objects.filter(user_id=user.id)
access_tokens = DOTAccessToken.objects.filter(user_id=user.id)
refresh_tokens = DOTRefreshToken.objects.filter(user_id=user.id)
grants = DOTGrant.objects.filter(user=user)
query_sets = [applications, access_tokens, refresh_tokens, grants]
for query_set in query_sets:
self.assertFalse(query_set.exists())
class RetireDOPModelsTest(TestCase):
def test_delete_dop_models(self):
user = UserFactory.create()
client = DOPClient.objects.create(
user=user,
client_type=1,
)
access_token = DOPAccessToken.objects.create(
user=user,
client=client,
)
DOPRefreshToken.objects.create(
user=user,
client=client,
access_token=access_token,
)
retire_dop_oauth2_models(user)
access_tokens = DOPAccessToken.objects.filter(user=user)
refresh_tokens = DOPRefreshToken.objects.filter(user=user)
grants = DOPGrant.objects.filter(user_id=user.id)
query_sets = [access_tokens, refresh_tokens, grants]
for query_set in query_sets:
self.assertFalse(query_set.exists())