Merge pull request #12451 from edx/mattdrayer/microste-jwt-auth

mattdrayer/microsite-jwt-auth: Access setting through theming/microsites
2016-05-12 15:59:40 -04:00
parent adb9200e0a 55cf0fb2c4
commit 4d08379bfc
5 changed files with 15 additions and 15 deletions
--- a/lms/djangoapps/commerce/tests/init.py
+++ b/lms/djangoapps/commerce/tests/init.py
@@ -45,7 +45,7 @@ class EdxRestApiClientTest(TestCase):

    @httpretty.activate
    @freeze_time('2015-7-2')
-    @override_settings(JWT_ISSUER='http://example.com/oauth', JWT_EXPIRATION=30)
+    @override_settings(JWT_AUTH={'JWT_ISSUER': 'http://example.com/oauth', 'JWT_EXPIRATION': 30})
    def test_tracking_context(self):
        """
        Ensure the tracking context is set up in the api client correctly and
@@ -71,8 +71,8 @@ class EdxRestApiClientTest(TestCase):
            'username': self.user.username,
            'full_name': self.user.profile.name,
            'email': self.user.email,
-            'iss': settings.JWT_ISSUER,
-            'exp': datetime.datetime.utcnow() + datetime.timedelta(seconds=settings.JWT_EXPIRATION),
+            'iss': settings.JWT_AUTH['JWT_ISSUER'],
+            'exp': datetime.datetime.utcnow() + datetime.timedelta(seconds=settings.JWT_AUTH['JWT_EXPIRATION']),
            'tracking_context': {
                'lms_user_id': self.user.id,  # pylint: disable=no-member
                'lms_client_id': self.TEST_CLIENT_ID,
--- a/lms/djangoapps/oauth_dispatch/views.py
+++ b/lms/djangoapps/oauth_dispatch/views.py
@@ -16,6 +16,8 @@ from django.views.generic import View
 from edx_oauth2_provider import views as dop_views  # django-oauth2-provider views
 from oauth2_provider import models as dot_models, views as dot_views  # django-oauth-toolkit

+from openedx.core.djangoapps.theming import helpers
+
 from . import adapters


@@ -121,10 +123,10 @@ class AccessTokenView(_DispatchingView):
    def _generate_jwt(self, user, scopes, expires_in):
        """ Returns a JWT access token. """
        now = int(time())
-
+        jwt_auth = helpers.get_value("JWT_AUTH", settings.JWT_AUTH)
        payload = {
-            'iss': settings.JWT_AUTH['JWT_ISSUER'],
-            'aud': settings.JWT_AUTH['JWT_AUDIENCE'],
+            'iss': jwt_auth['JWT_ISSUER'],
+            'aud': jwt_auth['JWT_AUDIENCE'],
            'exp': now + expires_in,
            'iat': now,
            'preferred_username': user.username,
@@ -136,8 +138,8 @@ class AccessTokenView(_DispatchingView):
            if handler:
                handler(payload, user)

-        secret = settings.JWT_AUTH['JWT_SECRET_KEY']
-        token = jwt.encode(payload, secret, algorithm=settings.JWT_AUTH['JWT_ALGORITHM'])
+        secret = jwt_auth['JWT_SECRET_KEY']
+        token = jwt.encode(payload, secret, algorithm=jwt_auth['JWT_ALGORITHM'])

        return token

--- a/lms/envs/aws.py
+++ b/lms/envs/aws.py
@@ -766,8 +766,6 @@ LTI_AGGREGATE_SCORE_PASSBACK_DELAY = ENV_TOKENS.get(
 CREDIT_HELP_LINK_URL = ENV_TOKENS.get('CREDIT_HELP_LINK_URL', CREDIT_HELP_LINK_URL)

 #### JWT configuration ####
-JWT_ISSUER = ENV_TOKENS.get('JWT_ISSUER', JWT_ISSUER)
-JWT_EXPIRATION = ENV_TOKENS.get('JWT_EXPIRATION', JWT_EXPIRATION)
 JWT_AUTH.update(ENV_TOKENS.get('JWT_AUTH', {}))
 PUBLIC_RSA_KEY = ENV_TOKENS.get('PUBLIC_RSA_KEY', PUBLIC_RSA_KEY)
 PRIVATE_RSA_KEY = ENV_TOKENS.get('PRIVATE_RSA_KEY', PRIVATE_RSA_KEY)
--- a/lms/envs/common.py
+++ b/lms/envs/common.py
@@ -2141,6 +2141,8 @@ JWT_AUTH = {
    'JWT_PAYLOAD_GET_USERNAME_HANDLER': lambda d: d.get('username'),
    'JWT_LEEWAY': 1,
    'JWT_DECODE_HANDLER': 'edx_rest_framework_extensions.utils.jwt_decode_handler',
+    # Number of seconds before JWT tokens expire
+    'JWT_EXPIRATION': 30,
 }

 # The footer URLs dictionary maps social footer names
@@ -2793,9 +2795,6 @@ LTI_USER_EMAIL_DOMAIN = 'lti.example.com'
 # The time value is in seconds.
 LTI_AGGREGATE_SCORE_PASSBACK_DELAY = 15 * 60

-# Number of seconds before JWT tokens expire
-JWT_EXPIRATION = 30
-JWT_ISSUER = None

 # For help generating a key pair import and run `openedx.core.lib.rsa_key_utils.generate_rsa_key_pair()`
 PUBLIC_RSA_KEY = None
--- a/openedx/core/djangoapps/commerce/utils.py
+++ b/openedx/core/djangoapps/commerce/utils.py
@@ -32,6 +32,7 @@ def is_commerce_service_configured():

 def ecommerce_api_client(user):
    """ Returns an E-Commerce API client setup with authentication for the specified user. """
+    jwt_auth = helpers.get_value("JWT_AUTH", settings.JWT_AUTH)
    return EdxRestApiClient(
        helpers.get_value("ECOMMERCE_API_URL", settings.ECOMMERCE_API_URL),
        helpers.get_value("ECOMMERCE_API_SIGNING_KEY", settings.ECOMMERCE_API_SIGNING_KEY),
@@ -39,6 +40,6 @@ def ecommerce_api_client(user):
        user.profile.name if hasattr(user, 'profile') else None,
        user.email,
        tracking_context=create_tracking_context(user),
-        issuer=settings.JWT_ISSUER,
-        expires_in=settings.JWT_EXPIRATION
+        issuer=jwt_auth['JWT_ISSUER'],
+        expires_in=jwt_auth['JWT_EXPIRATION']
    )