Remove JWT_COOKIES_FLAG.
The JWT_COOKIES_FLAG was a temporary flag used for rollout of the new JWT cookies. These are live in Production, so we are removing the flag. Without this flag, we set JWT cookies during login. However, this requires an oAuth Client that isn't always available during unit tests. We introduced a feature flag that is only used for unit tests to disable setting the JWT cookies. The code explains a bit more why this solution was selected over adding the oauth client to the database. ARCH-247
This commit is contained in:
Robert Raposa
@@ -518,6 +518,7 @@ OAUTH_OIDC_ISSUER = ENV_TOKENS['OAUTH_OIDC_ISSUER']
|
||||
|
||||
#### JWT configuration ####
|
||||
JWT_AUTH.update(ENV_TOKENS.get('JWT_AUTH', {}))
|
||||
JWT_AUTH.update(AUTH_TOKENS.get('JWT_AUTH', {}))
|
||||
|
||||
######################## CUSTOM COURSES for EDX CONNECTOR ######################
|
||||
if FEATURES.get('CUSTOM_COURSES_EDX'):
|
||||
|
||||
@@ -47,6 +47,11 @@
|
||||
],
|
||||
"port": 27017
|
||||
},
|
||||
"JWT_AUTH": {
|
||||
"JWT_SECRET_KEY": "super-secret-key",
|
||||
"JWT_PUBLIC_SIGNING_JWK_SET": "{\"keys\": [{\"kid\": \"BTZ9HA6K\", \"e\": \"AQAB\", \"kty\": \"RSA\", \"n\": \"o5cn3ljSRi6FaDEKTn0PS-oL9EFyv1pI7dRgffQLD1qf5D6sprmYfWWokSsrWig8u2y0HChSygR6Jn5KXBqQn6FpM0dDJLnWQDRXHLl3Ey1iPYgDSmOIsIGrV9ZyNCQwk03wAgWbfdBTig3QSDYD-sTNOs3pc4UD_PqAvU2nz_1SS2ZiOwOn5F6gulE1L0iE3KEUEvOIagfHNVhz0oxa_VRZILkzV-zr6R_TW1m97h4H8jXl_VJyQGyhMGGypuDrQ9_vaY_RLEulLCyY0INglHWQ7pckxBtI5q55-Vio2wgewe2_qYcGsnBGaDNbySAsvYcWRrqDiFyzrJYivodqTQ\"}]}",
|
||||
"JWT_PRIVATE_SIGNING_JWK": "{\"e\": \"AQAB\", \"d\": \"HIiV7KNjcdhVbpn3KT-I9n3JPf5YbGXsCIedmPqDH1d4QhBofuAqZ9zebQuxkRUpmqtYMv0Zi6ECSUqH387GYQF_XvFUFcjQRPycISd8TH0DAKaDpGr-AYNshnKiEtQpINhcP44I1AYNPCwyoxXA1fGTtmkKChsuWea7o8kytwU5xSejvh5-jiqu2SF4GEl0BEXIAPZsgbzoPIWNxgO4_RzNnWs6nJZeszcaDD0CyezVSuH9QcI6g5QFzAC_YuykSsaaFJhZ05DocBsLczShJ9Omf6PnK9xlm26I84xrEh_7x4fVmNBg3xWTLh8qOnHqGko93A1diLRCrKHOvnpvgQ\", \"n\": \"o5cn3ljSRi6FaDEKTn0PS-oL9EFyv1pI7dRgffQLD1qf5D6sprmYfWWokSsrWig8u2y0HChSygR6Jn5KXBqQn6FpM0dDJLnWQDRXHLl3Ey1iPYgDSmOIsIGrV9ZyNCQwk03wAgWbfdBTig3QSDYD-sTNOs3pc4UD_PqAvU2nz_1SS2ZiOwOn5F6gulE1L0iE3KEUEvOIagfHNVhz0oxa_VRZILkzV-zr6R_TW1m97h4H8jXl_VJyQGyhMGGypuDrQ9_vaY_RLEulLCyY0INglHWQ7pckxBtI5q55-Vio2wgewe2_qYcGsnBGaDNbySAsvYcWRrqDiFyzrJYivodqTQ\", \"q\": \"3T3DEtBUka7hLGdIsDlC96Uadx_q_E4Vb1cxx_4Ss_wGp1Loz3N3ZngGyInsKlmbBgLo1Ykd6T9TRvRNEWEtFSOcm2INIBoVoXk7W5RuPa8Cgq2tjQj9ziGQ08JMejrPlj3Q1wmALJr5VTfvSYBu0WkljhKNCy1KB6fCby0C9WE\", \"p\": \"vUqzWPZnDG4IXyo-k5F0bHV0BNL_pVhQoLW7eyFHnw74IOEfSbdsMspNcPSFIrtgPsn7981qv3lN_staZ6JflKfHayjB_lvltHyZxfl0dvruShZOx1N6ykEo7YrAskC_qxUyrIvqmJ64zPW3jkuOYrFs7Ykj3zFx3Zq1H5568G0\", \"kid\": \"BTZ9HA6K\", \"kty\": \"RSA\"}"
|
||||
},
|
||||
"MODULESTORE": {
|
||||
"default": {
|
||||
"ENGINE": "xmodule.modulestore.mixed.MixedModuleStore",
|
||||
|
||||
@@ -79,9 +79,6 @@
|
||||
},
|
||||
"FEEDBACK_SUBMISSION_EMAIL": "",
|
||||
"GITHUB_REPO_ROOT": "** OVERRIDDEN **",
|
||||
"JWT_AUTH": {
|
||||
"JWT_SECRET_KEY": "super-secret-key"
|
||||
},
|
||||
"GRADES_DOWNLOAD": {
|
||||
"BUCKET": "edx-grades",
|
||||
"ROOT_PATH": "/tmp/edx-s3/grades",
|
||||
|
||||
@@ -47,6 +47,11 @@
|
||||
],
|
||||
"port": 27017
|
||||
},
|
||||
"JWT_AUTH": {
|
||||
"JWT_SECRET_KEY": "super-secret-key",
|
||||
"JWT_PUBLIC_SIGNING_JWK_SET": "{\"keys\": [{\"kid\": \"BTZ9HA6K\", \"e\": \"AQAB\", \"kty\": \"RSA\", \"n\": \"o5cn3ljSRi6FaDEKTn0PS-oL9EFyv1pI7dRgffQLD1qf5D6sprmYfWWokSsrWig8u2y0HChSygR6Jn5KXBqQn6FpM0dDJLnWQDRXHLl3Ey1iPYgDSmOIsIGrV9ZyNCQwk03wAgWbfdBTig3QSDYD-sTNOs3pc4UD_PqAvU2nz_1SS2ZiOwOn5F6gulE1L0iE3KEUEvOIagfHNVhz0oxa_VRZILkzV-zr6R_TW1m97h4H8jXl_VJyQGyhMGGypuDrQ9_vaY_RLEulLCyY0INglHWQ7pckxBtI5q55-Vio2wgewe2_qYcGsnBGaDNbySAsvYcWRrqDiFyzrJYivodqTQ\"}]}",
|
||||
"JWT_PRIVATE_SIGNING_JWK": "{\"e\": \"AQAB\", \"d\": \"HIiV7KNjcdhVbpn3KT-I9n3JPf5YbGXsCIedmPqDH1d4QhBofuAqZ9zebQuxkRUpmqtYMv0Zi6ECSUqH387GYQF_XvFUFcjQRPycISd8TH0DAKaDpGr-AYNshnKiEtQpINhcP44I1AYNPCwyoxXA1fGTtmkKChsuWea7o8kytwU5xSejvh5-jiqu2SF4GEl0BEXIAPZsgbzoPIWNxgO4_RzNnWs6nJZeszcaDD0CyezVSuH9QcI6g5QFzAC_YuykSsaaFJhZ05DocBsLczShJ9Omf6PnK9xlm26I84xrEh_7x4fVmNBg3xWTLh8qOnHqGko93A1diLRCrKHOvnpvgQ\", \"n\": \"o5cn3ljSRi6FaDEKTn0PS-oL9EFyv1pI7dRgffQLD1qf5D6sprmYfWWokSsrWig8u2y0HChSygR6Jn5KXBqQn6FpM0dDJLnWQDRXHLl3Ey1iPYgDSmOIsIGrV9ZyNCQwk03wAgWbfdBTig3QSDYD-sTNOs3pc4UD_PqAvU2nz_1SS2ZiOwOn5F6gulE1L0iE3KEUEvOIagfHNVhz0oxa_VRZILkzV-zr6R_TW1m97h4H8jXl_VJyQGyhMGGypuDrQ9_vaY_RLEulLCyY0INglHWQ7pckxBtI5q55-Vio2wgewe2_qYcGsnBGaDNbySAsvYcWRrqDiFyzrJYivodqTQ\", \"q\": \"3T3DEtBUka7hLGdIsDlC96Uadx_q_E4Vb1cxx_4Ss_wGp1Loz3N3ZngGyInsKlmbBgLo1Ykd6T9TRvRNEWEtFSOcm2INIBoVoXk7W5RuPa8Cgq2tjQj9ziGQ08JMejrPlj3Q1wmALJr5VTfvSYBu0WkljhKNCy1KB6fCby0C9WE\", \"p\": \"vUqzWPZnDG4IXyo-k5F0bHV0BNL_pVhQoLW7eyFHnw74IOEfSbdsMspNcPSFIrtgPsn7981qv3lN_staZ6JflKfHayjB_lvltHyZxfl0dvruShZOx1N6ykEo7YrAskC_qxUyrIvqmJ64zPW3jkuOYrFs7Ykj3zFx3Zq1H5568G0\", \"kid\": \"BTZ9HA6K\", \"kty\": \"RSA\"}"
|
||||
},
|
||||
"MODULESTORE": {
|
||||
"default": {
|
||||
"ENGINE": "xmodule.modulestore.mixed.MixedModuleStore",
|
||||
|
||||
@@ -79,9 +79,6 @@
|
||||
},
|
||||
"FEEDBACK_SUBMISSION_EMAIL": "",
|
||||
"GITHUB_REPO_ROOT": "** OVERRIDDEN **",
|
||||
"JWT_AUTH": {
|
||||
"JWT_SECRET_KEY": "super-secret-key"
|
||||
},
|
||||
"GRADES_DOWNLOAD": {
|
||||
"BUCKET": "edx-grades",
|
||||
"ROOT_PATH": "/tmp/edx-s3/grades",
|
||||
|
||||
@@ -517,6 +517,7 @@ OAUTH_OIDC_ISSUER = ENV_TOKENS['OAUTH_OIDC_ISSUER']
|
||||
|
||||
#### JWT configuration ####
|
||||
JWT_AUTH.update(ENV_TOKENS.get('JWT_AUTH', {}))
|
||||
JWT_AUTH.update(AUTH_TOKENS.get('JWT_AUTH', {}))
|
||||
|
||||
######################## CUSTOM COURSES for EDX CONNECTOR ######################
|
||||
if FEATURES.get('CUSTOM_COURSES_EDX'):
|
||||
|
||||
@@ -192,6 +192,8 @@ PASSWORD_HASHERS = [
|
||||
# No segment key
|
||||
CMS_SEGMENT_KEY = None
|
||||
|
||||
FEATURES['DISABLE_SET_JWT_COOKIES_FOR_TESTS'] = True
|
||||
|
||||
FEATURES['ENABLE_SERVICE_STATUS'] = True
|
||||
|
||||
# Toggles embargo on for testing
|
||||
|
||||
@@ -74,6 +74,11 @@
|
||||
}
|
||||
}
|
||||
},
|
||||
"JWT_AUTH": {
|
||||
"JWT_SECRET_KEY": "super-secret-key",
|
||||
"JWT_PUBLIC_SIGNING_JWK_SET": "{\"keys\": [{\"kid\": \"BTZ9HA6K\", \"e\": \"AQAB\", \"kty\": \"RSA\", \"n\": \"o5cn3ljSRi6FaDEKTn0PS-oL9EFyv1pI7dRgffQLD1qf5D6sprmYfWWokSsrWig8u2y0HChSygR6Jn5KXBqQn6FpM0dDJLnWQDRXHLl3Ey1iPYgDSmOIsIGrV9ZyNCQwk03wAgWbfdBTig3QSDYD-sTNOs3pc4UD_PqAvU2nz_1SS2ZiOwOn5F6gulE1L0iE3KEUEvOIagfHNVhz0oxa_VRZILkzV-zr6R_TW1m97h4H8jXl_VJyQGyhMGGypuDrQ9_vaY_RLEulLCyY0INglHWQ7pckxBtI5q55-Vio2wgewe2_qYcGsnBGaDNbySAsvYcWRrqDiFyzrJYivodqTQ\"}]}",
|
||||
"JWT_PRIVATE_SIGNING_JWK": "{\"e\": \"AQAB\", \"d\": \"HIiV7KNjcdhVbpn3KT-I9n3JPf5YbGXsCIedmPqDH1d4QhBofuAqZ9zebQuxkRUpmqtYMv0Zi6ECSUqH387GYQF_XvFUFcjQRPycISd8TH0DAKaDpGr-AYNshnKiEtQpINhcP44I1AYNPCwyoxXA1fGTtmkKChsuWea7o8kytwU5xSejvh5-jiqu2SF4GEl0BEXIAPZsgbzoPIWNxgO4_RzNnWs6nJZeszcaDD0CyezVSuH9QcI6g5QFzAC_YuykSsaaFJhZ05DocBsLczShJ9Omf6PnK9xlm26I84xrEh_7x4fVmNBg3xWTLh8qOnHqGko93A1diLRCrKHOvnpvgQ\", \"n\": \"o5cn3ljSRi6FaDEKTn0PS-oL9EFyv1pI7dRgffQLD1qf5D6sprmYfWWokSsrWig8u2y0HChSygR6Jn5KXBqQn6FpM0dDJLnWQDRXHLl3Ey1iPYgDSmOIsIGrV9ZyNCQwk03wAgWbfdBTig3QSDYD-sTNOs3pc4UD_PqAvU2nz_1SS2ZiOwOn5F6gulE1L0iE3KEUEvOIagfHNVhz0oxa_VRZILkzV-zr6R_TW1m97h4H8jXl_VJyQGyhMGGypuDrQ9_vaY_RLEulLCyY0INglHWQ7pckxBtI5q55-Vio2wgewe2_qYcGsnBGaDNbySAsvYcWRrqDiFyzrJYivodqTQ\", \"q\": \"3T3DEtBUka7hLGdIsDlC96Uadx_q_E4Vb1cxx_4Ss_wGp1Loz3N3ZngGyInsKlmbBgLo1Ykd6T9TRvRNEWEtFSOcm2INIBoVoXk7W5RuPa8Cgq2tjQj9ziGQ08JMejrPlj3Q1wmALJr5VTfvSYBu0WkljhKNCy1KB6fCby0C9WE\", \"p\": \"vUqzWPZnDG4IXyo-k5F0bHV0BNL_pVhQoLW7eyFHnw74IOEfSbdsMspNcPSFIrtgPsn7981qv3lN_staZ6JflKfHayjB_lvltHyZxfl0dvruShZOx1N6ykEo7YrAskC_qxUyrIvqmJ64zPW3jkuOYrFs7Ykj3zFx3Zq1H5568G0\", \"kid\": \"BTZ9HA6K\", \"kty\": \"RSA\"}"
|
||||
},
|
||||
"MODULESTORE": {
|
||||
"default": {
|
||||
"ENGINE": "xmodule.modulestore.mixed.MixedModuleStore",
|
||||
|
||||
@@ -92,9 +92,6 @@
|
||||
},
|
||||
"FEEDBACK_SUBMISSION_EMAIL": "",
|
||||
"GITHUB_REPO_ROOT": "** OVERRIDDEN **",
|
||||
"JWT_AUTH": {
|
||||
"JWT_SECRET_KEY": "super-secret-key"
|
||||
},
|
||||
"LMS_BASE": "localhost:8003",
|
||||
"LMS_ROOT_URL": "http://localhost:8003",
|
||||
"LOCAL_LOGLEVEL": "INFO",
|
||||
|
||||
@@ -82,6 +82,11 @@
|
||||
}
|
||||
}
|
||||
},
|
||||
"JWT_AUTH": {
|
||||
"JWT_SECRET_KEY": "super-secret-key",
|
||||
"JWT_PUBLIC_SIGNING_JWK_SET": "{\"keys\": [{\"kid\": \"BTZ9HA6K\", \"e\": \"AQAB\", \"kty\": \"RSA\", \"n\": \"o5cn3ljSRi6FaDEKTn0PS-oL9EFyv1pI7dRgffQLD1qf5D6sprmYfWWokSsrWig8u2y0HChSygR6Jn5KXBqQn6FpM0dDJLnWQDRXHLl3Ey1iPYgDSmOIsIGrV9ZyNCQwk03wAgWbfdBTig3QSDYD-sTNOs3pc4UD_PqAvU2nz_1SS2ZiOwOn5F6gulE1L0iE3KEUEvOIagfHNVhz0oxa_VRZILkzV-zr6R_TW1m97h4H8jXl_VJyQGyhMGGypuDrQ9_vaY_RLEulLCyY0INglHWQ7pckxBtI5q55-Vio2wgewe2_qYcGsnBGaDNbySAsvYcWRrqDiFyzrJYivodqTQ\"}]}",
|
||||
"JWT_PRIVATE_SIGNING_JWK": "{\"e\": \"AQAB\", \"d\": \"HIiV7KNjcdhVbpn3KT-I9n3JPf5YbGXsCIedmPqDH1d4QhBofuAqZ9zebQuxkRUpmqtYMv0Zi6ECSUqH387GYQF_XvFUFcjQRPycISd8TH0DAKaDpGr-AYNshnKiEtQpINhcP44I1AYNPCwyoxXA1fGTtmkKChsuWea7o8kytwU5xSejvh5-jiqu2SF4GEl0BEXIAPZsgbzoPIWNxgO4_RzNnWs6nJZeszcaDD0CyezVSuH9QcI6g5QFzAC_YuykSsaaFJhZ05DocBsLczShJ9Omf6PnK9xlm26I84xrEh_7x4fVmNBg3xWTLh8qOnHqGko93A1diLRCrKHOvnpvgQ\", \"n\": \"o5cn3ljSRi6FaDEKTn0PS-oL9EFyv1pI7dRgffQLD1qf5D6sprmYfWWokSsrWig8u2y0HChSygR6Jn5KXBqQn6FpM0dDJLnWQDRXHLl3Ey1iPYgDSmOIsIGrV9ZyNCQwk03wAgWbfdBTig3QSDYD-sTNOs3pc4UD_PqAvU2nz_1SS2ZiOwOn5F6gulE1L0iE3KEUEvOIagfHNVhz0oxa_VRZILkzV-zr6R_TW1m97h4H8jXl_VJyQGyhMGGypuDrQ9_vaY_RLEulLCyY0INglHWQ7pckxBtI5q55-Vio2wgewe2_qYcGsnBGaDNbySAsvYcWRrqDiFyzrJYivodqTQ\", \"q\": \"3T3DEtBUka7hLGdIsDlC96Uadx_q_E4Vb1cxx_4Ss_wGp1Loz3N3ZngGyInsKlmbBgLo1Ykd6T9TRvRNEWEtFSOcm2INIBoVoXk7W5RuPa8Cgq2tjQj9ziGQ08JMejrPlj3Q1wmALJr5VTfvSYBu0WkljhKNCy1KB6fCby0C9WE\", \"p\": \"vUqzWPZnDG4IXyo-k5F0bHV0BNL_pVhQoLW7eyFHnw74IOEfSbdsMspNcPSFIrtgPsn7981qv3lN_staZ6JflKfHayjB_lvltHyZxfl0dvruShZOx1N6ykEo7YrAskC_qxUyrIvqmJ64zPW3jkuOYrFs7Ykj3zFx3Zq1H5568G0\", \"kid\": \"BTZ9HA6K\", \"kty\": \"RSA\"}"
|
||||
},
|
||||
"MODULESTORE": {
|
||||
"default": {
|
||||
"ENGINE": "xmodule.modulestore.mixed.MixedModuleStore",
|
||||
|
||||
@@ -92,9 +92,6 @@
|
||||
},
|
||||
"FEEDBACK_SUBMISSION_EMAIL": "",
|
||||
"GITHUB_REPO_ROOT": "** OVERRIDDEN **",
|
||||
"JWT_AUTH": {
|
||||
"JWT_SECRET_KEY": "super-secret-key"
|
||||
},
|
||||
"LMS_BASE": "http://edx.devstack.lms:18003",
|
||||
"LMS_ROOT_URL": "http://edx.devstack.lms:18003",
|
||||
"LOCAL_LOGLEVEL": "INFO",
|
||||
|
||||
@@ -50,6 +50,8 @@ os.environ['DJANGO_LIVE_TEST_SERVER_ADDRESS'] = 'localhost:8000-9000'
|
||||
|
||||
THIS_UUID = uuid4().hex[:5]
|
||||
|
||||
FEATURES['DISABLE_SET_JWT_COOKIES_FOR_TESTS'] = True
|
||||
|
||||
# can't test start dates with this True, but on the other hand,
|
||||
# can test everything else :)
|
||||
FEATURES['DISABLE_START_DATES'] = True
|
||||
@@ -596,7 +598,6 @@ JWT_AUTH.update({
|
||||
'ayjB_lvltHyZxfl0dvruShZOx1N6ykEo7YrAskC_qxUyrIvqmJ64zPW3jkuOYrFs7Ykj3zFx3Zq1H5568G0", "kid": "BTZ9HA6K", "kty"'
|
||||
': "RSA"}'
|
||||
),
|
||||
'JWT_LOGIN_CLIENT_ID': 'test-login-service-client-id',
|
||||
})
|
||||
|
||||
####################### Plugin Settings ##########################
|
||||
|
||||
@@ -57,7 +57,6 @@ from openedx.core.djangoapps.user_api.errors import (
|
||||
UserNotAuthorized,
|
||||
UserNotFound
|
||||
)
|
||||
from openedx.core.djangoapps.waffle_utils.testutils import override_waffle_flag
|
||||
from openedx.core.djangolib.testing.utils import skip_unless_lms
|
||||
from openedx.core.lib.tests import attr
|
||||
from student.models import PendingEmailChange
|
||||
|
||||
@@ -22,7 +22,6 @@ from openedx.core.djangoapps.oauth_dispatch.api import create_dot_access_token,
|
||||
from openedx.core.djangoapps.oauth_dispatch.jwt import create_jwt_from_token
|
||||
from openedx.core.djangoapps.user_api.accounts.utils import retrieve_last_sitewide_block_completed
|
||||
from openedx.core.djangoapps.user_authn.exceptions import AuthFailedError
|
||||
from openedx.core.djangoapps.user_authn.waffle import JWT_COOKIES_FLAG
|
||||
from student.models import CourseEnrollment
|
||||
|
||||
|
||||
@@ -152,15 +151,14 @@ def refresh_jwt_cookies(request, response):
|
||||
Resets the JWT related cookies in the response, while expecting a refresh
|
||||
cookie in the request.
|
||||
"""
|
||||
if JWT_COOKIES_FLAG.is_enabled():
|
||||
try:
|
||||
refresh_token = request.COOKIES[jwt_cookies.jwt_refresh_cookie_name()]
|
||||
except KeyError:
|
||||
raise AuthFailedError(u"JWT Refresh Cookie not found in request.")
|
||||
try:
|
||||
refresh_token = request.COOKIES[jwt_cookies.jwt_refresh_cookie_name()]
|
||||
except KeyError:
|
||||
raise AuthFailedError(u"JWT Refresh Cookie not found in request.")
|
||||
|
||||
# TODO don't extend the cookie expiration - reuse value from existing cookie
|
||||
cookie_settings = standard_cookie_settings(request)
|
||||
_create_and_set_jwt_cookies(response, request, cookie_settings, refresh_token=refresh_token)
|
||||
# TODO don't extend the cookie expiration - reuse value from existing cookie
|
||||
cookie_settings = standard_cookie_settings(request)
|
||||
_create_and_set_jwt_cookies(response, request, cookie_settings, refresh_token=refresh_token)
|
||||
return response
|
||||
|
||||
|
||||
@@ -248,7 +246,12 @@ def _get_user_info_cookie_data(request, user):
|
||||
|
||||
def _create_and_set_jwt_cookies(response, request, cookie_settings, user=None, refresh_token=None):
|
||||
""" Sets a cookie containing a JWT on the response. """
|
||||
if not JWT_COOKIES_FLAG.is_enabled():
|
||||
|
||||
# Skip setting JWT cookies for most unit tests, since it raises errors when
|
||||
# a login oauth client cannot be found in the database in ``_get_login_oauth_client``.
|
||||
# This solution is not ideal, but see https://github.com/edx/edx-platform/pull/19180#issue-226706355
|
||||
# for a discussion of alternative solutions that did not work or were halted.
|
||||
if settings.FEATURES.get('DISABLE_SET_JWT_COOKIES_FOR_TESTS', False):
|
||||
return
|
||||
|
||||
# For security reasons, the JWT that is embedded inside the cookie expires
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
# pylint: disable=missing-docstring
|
||||
from __future__ import unicode_literals
|
||||
|
||||
from mock import MagicMock
|
||||
from mock import MagicMock, patch
|
||||
import six
|
||||
from django.conf import settings
|
||||
from django.http import HttpResponse
|
||||
@@ -108,14 +108,14 @@ class CookieTests(TestCase):
|
||||
self._assert_consistent_expires(response)
|
||||
self._assert_recreate_jwt_from_cookies(response, can_recreate=False)
|
||||
|
||||
@patch.dict("django.conf.settings.FEATURES", {"DISABLE_SET_JWT_COOKIES_FOR_TESTS": False})
|
||||
def test_set_logged_in_jwt_cookies(self):
|
||||
setup_login_oauth_client()
|
||||
self._set_use_jwt_cookie_header(self.request)
|
||||
with cookies_api.JWT_COOKIES_FLAG.override(True):
|
||||
response = cookies_api.set_logged_in_cookies(self.request, HttpResponse(), self.user)
|
||||
self._assert_cookies_present(response, cookies_api.ALL_LOGGED_IN_COOKIE_NAMES)
|
||||
self._assert_consistent_expires(response)
|
||||
self._assert_recreate_jwt_from_cookies(response, can_recreate=True)
|
||||
response = cookies_api.set_logged_in_cookies(self.request, HttpResponse(), self.user)
|
||||
self._assert_cookies_present(response, cookies_api.ALL_LOGGED_IN_COOKIE_NAMES)
|
||||
self._assert_consistent_expires(response)
|
||||
self._assert_recreate_jwt_from_cookies(response, can_recreate=True)
|
||||
|
||||
def test_delete_and_is_logged_in_cookie_set(self):
|
||||
response = cookies_api.set_logged_in_cookies(self.request, HttpResponse(), self.user)
|
||||
@@ -126,19 +126,19 @@ class CookieTests(TestCase):
|
||||
self._copy_cookies_to_request(response, self.request)
|
||||
self.assertFalse(cookies_api.is_logged_in_cookie_set(self.request))
|
||||
|
||||
@patch.dict("django.conf.settings.FEATURES", {"DISABLE_SET_JWT_COOKIES_FOR_TESTS": False})
|
||||
def test_refresh_jwt_cookies(self):
|
||||
def _get_refresh_token_value(response):
|
||||
return response.cookies[cookies_api.jwt_cookies.jwt_refresh_cookie_name()].value
|
||||
|
||||
setup_login_oauth_client()
|
||||
self._set_use_jwt_cookie_header(self.request)
|
||||
with cookies_api.JWT_COOKIES_FLAG.override(True):
|
||||
response = cookies_api.set_logged_in_cookies(self.request, HttpResponse(), self.user)
|
||||
self._copy_cookies_to_request(response, self.request)
|
||||
response = cookies_api.set_logged_in_cookies(self.request, HttpResponse(), self.user)
|
||||
self._copy_cookies_to_request(response, self.request)
|
||||
|
||||
new_response = cookies_api.refresh_jwt_cookies(self.request, HttpResponse())
|
||||
self._assert_recreate_jwt_from_cookies(new_response, can_recreate=True)
|
||||
self.assertNotEqual(
|
||||
_get_refresh_token_value(response),
|
||||
_get_refresh_token_value(new_response),
|
||||
)
|
||||
new_response = cookies_api.refresh_jwt_cookies(self.request, HttpResponse())
|
||||
self._assert_recreate_jwt_from_cookies(new_response, can_recreate=True)
|
||||
self.assertNotEqual(
|
||||
_get_refresh_token_value(response),
|
||||
_get_refresh_token_value(new_response),
|
||||
)
|
||||
|
||||
@@ -26,7 +26,6 @@ from openedx.core.djangoapps.password_policy.compliance import (
|
||||
from openedx.core.djangoapps.user_api.config.waffle import PREVENT_AUTH_USER_WRITES, waffle
|
||||
from openedx.core.djangoapps.user_authn.cookies import jwt_cookies
|
||||
from openedx.core.djangoapps.user_authn.tests.utils import setup_login_oauth_client
|
||||
from openedx.core.djangoapps.user_authn.waffle import JWT_COOKIES_FLAG
|
||||
from openedx.core.djangolib.testing.utils import CacheIsolationTestCase
|
||||
from student.tests.factories import RegistrationFactory, UserFactory, UserProfileFactory
|
||||
from xmodule.modulestore.tests.django_utils import ModuleStoreTestCase
|
||||
@@ -292,18 +291,18 @@ class LoginTest(CacheIsolationTestCase):
|
||||
response, _audit_log = self._login_response('test@edx.org', 'wrong_password')
|
||||
self._assert_response(response, success=False, value='Too many failed login attempts')
|
||||
|
||||
@patch.dict("django.conf.settings.FEATURES", {"DISABLE_SET_JWT_COOKIES_FOR_TESTS": False})
|
||||
def test_login_refresh(self):
|
||||
def _assert_jwt_cookie_present(response):
|
||||
self.assertEqual(response.status_code, 200)
|
||||
self.assertIn(jwt_cookies.jwt_refresh_cookie_name(), self.client.cookies)
|
||||
|
||||
setup_login_oauth_client()
|
||||
with JWT_COOKIES_FLAG.override(True):
|
||||
response, _ = self._login_response('test@edx.org', 'test_password')
|
||||
_assert_jwt_cookie_present(response)
|
||||
response, _ = self._login_response('test@edx.org', 'test_password')
|
||||
_assert_jwt_cookie_present(response)
|
||||
|
||||
response = self.client.post(reverse('login_refresh'))
|
||||
_assert_jwt_cookie_present(response)
|
||||
response = self.client.post(reverse('login_refresh'))
|
||||
_assert_jwt_cookie_present(response)
|
||||
|
||||
@patch.dict("django.conf.settings.FEATURES", {'PREVENT_CONCURRENT_LOGINS': True})
|
||||
def test_single_session(self):
|
||||
|
||||
@@ -25,7 +25,6 @@ from openedx.core.djangoapps.user_authn.views.register import (
|
||||
_skip_activation_email,
|
||||
)
|
||||
from openedx.core.djangoapps.external_auth.models import ExternalAuthMap
|
||||
from openedx.core.djangoapps.waffle_utils.testutils import override_waffle_flag
|
||||
from openedx.core.djangoapps.lang_pref import LANGUAGE_KEY
|
||||
from openedx.core.djangoapps.site_configuration.tests.mixins import SiteMixin
|
||||
from openedx.core.djangoapps.user_api.accounts import (
|
||||
|
||||
@@ -1,16 +0,0 @@
|
||||
"""
|
||||
Feature toggles for user_authn.
|
||||
"""
|
||||
from openedx.core.djangoapps.waffle_utils import WaffleFlagNamespace, WaffleFlag
|
||||
|
||||
# Namespace
|
||||
_WAFFLE_NAMESPACE = u'user_authn'
|
||||
_WAFFLE_FLAG_NAMESPACE = WaffleFlagNamespace(_WAFFLE_NAMESPACE)
|
||||
|
||||
# Flags
|
||||
|
||||
# TODO (ARCH-247)
|
||||
# Intended as a temporary toggle for roll-out of jwt cookies feature.
|
||||
# Satisfies Use Case #3 "Ops - Monitored Rollout" from
|
||||
# https://open-edx-proposals.readthedocs.io/en/latest/oep-0017-bp-feature-toggles.html
|
||||
JWT_COOKIES_FLAG = WaffleFlag(_WAFFLE_FLAG_NAMESPACE, u'jwt_cookies')
|
||||
Reference in New Issue
Block a user