From dcb6bbc2620e6e5caca3ac36cf5386643c5f16b0 Mon Sep 17 00:00:00 2001
From: Carla Duarte <cduarte@edx.org>
Date: Tue, 16 Feb 2021 12:19:49 -0500
Subject: [PATCH] AA-664: add JwtAuthentication to course home api

---
 .../course_home_api/course_metadata/v1/views.py        | 10 ++++++++++
 lms/djangoapps/course_home_api/outline/v1/views.py     |  7 +++++++
 2 files changed, 17 insertions(+)

diff --git a/lms/djangoapps/course_home_api/course_metadata/v1/views.py b/lms/djangoapps/course_home_api/course_metadata/v1/views.py
index 5398b9561c..c158071ffd 100644
--- a/lms/djangoapps/course_home_api/course_metadata/v1/views.py
+++ b/lms/djangoapps/course_home_api/course_metadata/v1/views.py
@@ -7,6 +7,10 @@ from rest_framework.response import Response
 
 from opaque_keys.edx.keys import CourseKey
 
+from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication
+from edx_rest_framework_extensions.auth.session.authentication import SessionAuthenticationAllowInactiveUser
+from openedx.core.lib.api.authentication import BearerAuthenticationAllowInactiveUser
+
 from common.djangoapps.student.models import CourseEnrollment
 from lms.djangoapps.courseware.access import has_access
 from lms.djangoapps.courseware.masquerade import setup_masquerade
@@ -50,6 +54,12 @@ class CourseHomeMetadataView(RetrieveAPIView):
         * 404 if the course is not available or cannot be seen.
     """
 
+    authentication_classes = (
+        JwtAuthentication,
+        BearerAuthenticationAllowInactiveUser,
+        SessionAuthenticationAllowInactiveUser,
+    )
+
     serializer_class = CourseHomeMetadataSerializer
 
     def get(self, request, *args, **kwargs):
diff --git a/lms/djangoapps/course_home_api/outline/v1/views.py b/lms/djangoapps/course_home_api/outline/v1/views.py
index ff749e4c3e..7fdb64407c 100644
--- a/lms/djangoapps/course_home_api/outline/v1/views.py
+++ b/lms/djangoapps/course_home_api/outline/v1/views.py
@@ -30,6 +30,7 @@ from lms.djangoapps.courseware.courses import get_course_date_blocks, get_course
 from lms.djangoapps.courseware.date_summary import TodaysDate
 from lms.djangoapps.courseware.masquerade import setup_masquerade
 from openedx.core.djangoapps.content.course_overviews.models import CourseOverview
+from openedx.core.lib.api.authentication import BearerAuthenticationAllowInactiveUser
 from openedx.features.course_duration_limits.access import get_access_expiration_data
 from openedx.features.course_experience import COURSE_ENABLE_UNENROLLED_ACCESS_FLAG
 from openedx.features.course_experience.course_tools import CourseToolsPluginManager
@@ -138,6 +139,12 @@ class OutlineTabView(RetrieveAPIView):
 
     """
 
+    authentication_classes = (
+        JwtAuthentication,
+        BearerAuthenticationAllowInactiveUser,
+        SessionAuthenticationAllowInactiveUser,
+    )
+
     serializer_class = OutlineTabSerializer
 
     def get(self, request, *args, **kwargs):