From 0462e8fc5d4343186407b92ccde5d73af15c7a42 Mon Sep 17 00:00:00 2001 From: Diana Huang Date: Thu, 20 Feb 2020 15:43:22 -0500 Subject: [PATCH] Use DOT for creating new sites instead of DOP. --- .../create_sites_and_configurations.py | 52 ++++++++++++------- .../test_create_sites_and_configurations.py | 41 ++++++--------- 2 files changed, 49 insertions(+), 44 deletions(-) diff --git a/openedx/core/djangoapps/theming/management/commands/create_sites_and_configurations.py b/openedx/core/djangoapps/theming/management/commands/create_sites_and_configurations.py index 255188c719..41e3ad59de 100644 --- a/openedx/core/djangoapps/theming/management/commands/create_sites_and_configurations.py +++ b/openedx/core/djangoapps/theming/management/commands/create_sites_and_configurations.py @@ -12,11 +12,10 @@ from textwrap import dedent from django.contrib.auth.models import User from django.contrib.sites.models import Site from django.core.management.base import BaseCommand -from edx_oauth2_provider.models import TrustedClient -from provider.constants import CONFIDENTIAL -from provider.oauth2.models import Client +from oauth2_provider.models import Application from lms.djangoapps.commerce.models import CommerceConfiguration +from openedx.core.djangoapps.oauth_dispatch.models import ApplicationAccess from openedx.core.djangoapps.site_configuration.models import SiteConfiguration from openedx.core.djangoapps.theming.models import SiteTheme from student.models import UserProfile @@ -36,10 +35,10 @@ class Command(BaseCommand): theme_path = None ecommerce_user = None ecommerce_base_url_fmt = None - ecommerce_oidc_url = None + ecommerce_oauth_complete_url = None discovery_user = None discovery_base_url_fmt = None - discovery_oidc_url = None + discovery_oauth_complete_url = None configuration_filename = None @@ -75,26 +74,31 @@ class Command(BaseCommand): service_name=service_name, site_name="" if site_name == "edx" else "-{}".format(site_name) ) - client, created = Client.objects.update_or_create( + app, _ = Application.objects.update_or_create( client_id=client_id, defaults={ "user": service_user, - "name": "{site_name}_{service_name}_client".format( + "name": "{service_name}-sso-{site_name}".format( site_name=site_name, service_name=service_name, ), - "url": url, "client_secret": "{service_name}-secret".format( service_name=service_name ), - "client_type": CONFIDENTIAL, - "redirect_uri": "{url}complete/edx-oidc/".format(url=url), - "logout_uri": "{url}logout/".format(url=url) + "client_type": Application.CLIENT_CONFIDENTIAL, + "authorization_grant_type": Application.GRANT_AUTHORIZATION_CODE, + "redirect_uris": "{url}complete/edx-oauth2/".format(url=url), + "skip_authorization": True, } ) - if created: - LOG.info(u"Adding {client} oauth2 client as trusted client".format(client=client.name)) - TrustedClient.objects.get_or_create(client=client) + + access = ApplicationAccess.objects.filter(application_id=app.id).first() + default_scopes = 'user_id' + if access: + access.scopes = default_scopes + access.save() + else: + ApplicationAccess.objects.create(application_id=app.id, scopes=default_scopes) def _create_sites(self, site_domain, theme_dir_name, site_configuration): """ @@ -143,14 +147,14 @@ class Command(BaseCommand): These two clients are being created by default without service users so we have to associate the service users to them. """ - ecommerce_queryset = Client.objects.filter(redirect_uri=self.ecommerce_oidc_url) + ecommerce_queryset = Application.objects.filter(redirect_uris=self.ecommerce_oauth_complete_url) if ecommerce_queryset: ecommerce_client = ecommerce_queryset[0] ecommerce_client.user = self.ecommerce_user ecommerce_client.save() - discovery_queryset = Client.objects.filter(redirect_uri=self.discovery_oidc_url) + discovery_queryset = Application.objects.filter(redirect_uris=self.discovery_oauth_complete_url) if discovery_queryset: discovery_client = discovery_queryset[0] discovery_client.user = self.discovery_user @@ -210,15 +214,23 @@ class Command(BaseCommand): if options['devstack']: configuration_prefix = "devstack" - self.discovery_oidc_url = "http://discovery-{}.e2e.devstack:18381/complete/edx-oidc/".format(self.dns_name) + self.discovery_oauth_complete_url = "http://discovery-{}.e2e.devstack:18381/complete/edx-oauth2/".format( + self.dns_name + ) self.discovery_base_url_fmt = "http://discovery-{site_domain}:18381/" - self.ecommerce_oidc_url = "http://ecommerce-{}.e2e.devstack:18130/complete/edx-oidc/".format(self.dns_name) + self.ecommerce_oauth_complete_url = "http://ecommerce-{}.e2e.devstack:18130/complete/edx-oauth2/".format( + self.dns_name + ) self.ecommerce_base_url_fmt = "http://ecommerce-{site_domain}:18130/" else: configuration_prefix = "sandbox" - self.discovery_oidc_url = "https://discovery-{}.sandbox.edx.org/complete/edx-oidc/".format(self.dns_name) + self.discovery_oauth_complete_url = "https://discovery-{}.sandbox.edx.org/complete/edx-oauth2/".format( + self.dns_name + ) self.discovery_base_url_fmt = "https://discovery-{site_domain}/" - self.ecommerce_oidc_url = "https://ecommerce-{}.sandbox.edx.org/complete/edx-oidc/".format(self.dns_name) + self.ecommerce_oauth_complete_url = "https://ecommerce-{}.sandbox.edx.org/complete/edx-oauth2/".format( + self.dns_name + ) self.ecommerce_base_url_fmt = "https://ecommerce-{site_domain}/" self.configuration_filename = '{}_configuration.json'.format(configuration_prefix) diff --git a/openedx/core/djangoapps/theming/management/commands/tests/test_create_sites_and_configurations.py b/openedx/core/djangoapps/theming/management/commands/tests/test_create_sites_and_configurations.py index 2b724652f1..81dbb138c0 100644 --- a/openedx/core/djangoapps/theming/management/commands/tests/test_create_sites_and_configurations.py +++ b/openedx/core/djangoapps/theming/management/commands/tests/test_create_sites_and_configurations.py @@ -8,9 +8,9 @@ from django.contrib.auth.models import User from django.contrib.sites.models import Site from django.core.management import CommandError, call_command from django.test import TestCase -from edx_oauth2_provider.models import TrustedClient -from provider.oauth2.models import Client +from oauth2_provider.models import Application +from openedx.core.djangoapps.oauth_dispatch.models import ApplicationAccess from openedx.core.djangoapps.theming.models import SiteTheme from student.models import UserProfile @@ -96,7 +96,8 @@ class TestCreateSiteAndConfiguration(TestCase): """ service_user = self._assert_service_user_is_valid("ecommerce_worker") - clients = Client.objects.filter(user=service_user) + clients = Application.objects.filter(user=service_user) + self.assertEqual(len(clients), len(SITES)) if devstack: @@ -106,27 +107,23 @@ class TestCreateSiteAndConfiguration(TestCase): for client in clients: self.assertEqual(client.user.username, service_user[0].username) - site_name = client.name[:6] + site_name = [name for name in SITES if name in client.name][0] ecommerce_url = ecommerce_url_fmt.format( site_name=site_name, dns_name=self.dns_name ) - self.assertEqual(client.url, ecommerce_url) self.assertEqual( - client.redirect_uri, - "{ecommerce_url}complete/edx-oidc/".format(ecommerce_url=ecommerce_url) + client.redirect_uris, + "{ecommerce_url}complete/edx-oauth2/".format(ecommerce_url=ecommerce_url) ) self.assertEqual( client.client_id, "ecommerce-key-{site_name}".format(site_name=site_name) ) + access = ApplicationAccess.objects.filter(application_id=client.id).first() self.assertEqual( - client.client_secret, - "ecommerce-secret" - ) - self.assertEqual( - len(TrustedClient.objects.filter(client=client)), - 1 + access.scopes, + ["user_id"] ) def _assert_discovery_clients_are_valid(self, devstack=False): @@ -135,7 +132,7 @@ class TestCreateSiteAndConfiguration(TestCase): """ service_user = self._assert_service_user_is_valid("lms_catalog_service_user") - clients = Client.objects.filter(user=service_user) + clients = Application.objects.filter(user=service_user) self.assertEqual(len(clients), len(SITES)) @@ -146,28 +143,24 @@ class TestCreateSiteAndConfiguration(TestCase): for client in clients: self.assertEqual(client.user.username, service_user[0].username) - site_name = client.name[:6] + site_name = [name for name in SITES if name in client.name][0] discovery_url = discovery_url_fmt.format( site_name=site_name, dns_name=self.dns_name ) - self.assertEqual(client.url, discovery_url) self.assertEqual( - client.redirect_uri, - "{discovery_url}complete/edx-oidc/".format(discovery_url=discovery_url) + client.redirect_uris, + "{discovery_url}complete/edx-oauth2/".format(discovery_url=discovery_url) ) self.assertEqual( client.client_id, "discovery-key-{site_name}".format(site_name=site_name) ) + access = ApplicationAccess.objects.filter(application_id=client.id).first() self.assertEqual( - client.client_secret, - "discovery-secret" - ) - self.assertEqual( - len(TrustedClient.objects.filter(client=client)), - 1 + access.scopes, + ["user_id"] ) def test_without_dns(self):