From 57b480b04f5243aaa6104404c59ff78bec2dbabc Mon Sep 17 00:00:00 2001 From: salmannawaz Date: Tue, 13 Feb 2024 20:46:58 +0500 Subject: [PATCH] Update all edx-platform REST endpoints to support JWT Auth (#34152) * chore: update API endpoints to support default JWT auth The default DRF Auth classes were recently updated to allow for both JWT and Session auth by default. Any endpoint that overrides the AUTHENTICATION_CLASSES but has just session, just JWT or just both of those should be updated to remove the override. Details in https://github.com/openedx/edx-platform/issues/33662 --- cms/djangoapps/api/v1/views/course_runs.py | 3 --- common/djangoapps/entitlements/rest_api/v1/views.py | 2 -- .../third_party_auth/api/tests/test_permissions.py | 3 --- .../third_party_auth/saml_configuration/views.py | 3 --- .../third_party_auth/samlproviderconfig/views.py | 3 --- .../third_party_auth/samlproviderdata/views.py | 3 --- lms/djangoapps/bulk_user_retirement/views.py | 2 -- lms/djangoapps/commerce/api/v1/views.py | 1 - lms/djangoapps/course_home_api/outline/views.py | 1 - lms/djangoapps/discussion/rest_api/tests/test_views.py | 2 +- lms/djangoapps/discussion/rest_api/views.py | 2 -- lms/djangoapps/edxnotes/views.py | 2 -- lms/djangoapps/instructor_task/rest_api/v1/views.py | 10 ---------- lms/djangoapps/learner_dashboard/api/v0/views.py | 9 --------- .../support/views/feature_based_enrollments.py | 5 ----- lms/djangoapps/support/views/program_enrollments.py | 8 -------- lms/djangoapps/user_tours/v1/views.py | 4 ---- openedx/core/djangoapps/agreements/views.py | 3 --- .../core/djangoapps/demographics/rest_api/v1/views.py | 3 --- openedx/core/djangoapps/enrollments/views.py | 4 ---- openedx/core/djangoapps/user_api/accounts/views.py | 8 -------- openedx/core/djangoapps/waffle_utils/views.py | 6 ------ 22 files changed, 1 insertion(+), 86 deletions(-) diff --git a/cms/djangoapps/api/v1/views/course_runs.py b/cms/djangoapps/api/v1/views/course_runs.py index a0415d4e06..d7d6217275 100644 --- a/cms/djangoapps/api/v1/views/course_runs.py +++ b/cms/djangoapps/api/v1/views/course_runs.py @@ -3,10 +3,8 @@ from django.conf import settings from django.http import Http404 -from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication from opaque_keys.edx.keys import CourseKey from rest_framework import parsers, permissions, status, viewsets -from rest_framework.authentication import SessionAuthentication from rest_framework.decorators import action from rest_framework.response import Response @@ -21,7 +19,6 @@ from ..serializers.course_runs import ( class CourseRunViewSet(viewsets.GenericViewSet): # lint-amnesty, pylint: disable=missing-class-docstring - authentication_classes = (JwtAuthentication, SessionAuthentication,) lookup_value_regex = settings.COURSE_KEY_REGEX permission_classes = (permissions.IsAdminUser,) serializer_class = CourseRunSerializer diff --git a/common/djangoapps/entitlements/rest_api/v1/views.py b/common/djangoapps/entitlements/rest_api/v1/views.py index 9442dae29c..3306604d5d 100644 --- a/common/djangoapps/entitlements/rest_api/v1/views.py +++ b/common/djangoapps/entitlements/rest_api/v1/views.py @@ -14,7 +14,6 @@ from edx_rest_framework_extensions.paginators import DefaultPagination from opaque_keys import InvalidKeyError from opaque_keys.edx.keys import CourseKey from rest_framework import permissions, status, viewsets -from rest_framework.authentication import SessionAuthentication from rest_framework.response import Response from rest_framework.views import APIView @@ -328,7 +327,6 @@ class EntitlementEnrollmentViewSet(viewsets.GenericViewSet): - Unenroll - Switch Enrollment """ - authentication_classes = (JwtAuthentication, SessionAuthentication,) # TODO: ARCH-91 # This view is excluded from Swagger doc generation because it # does not specify a serializer class. diff --git a/common/djangoapps/third_party_auth/api/tests/test_permissions.py b/common/djangoapps/third_party_auth/api/tests/test_permissions.py index 120abc17aa..1cb9450c49 100644 --- a/common/djangoapps/third_party_auth/api/tests/test_permissions.py +++ b/common/djangoapps/third_party_auth/api/tests/test_permissions.py @@ -4,9 +4,7 @@ Tests for the Third Party Auth permissions import ddt from django.test import RequestFactory, TestCase -from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication from edx_rest_framework_extensions.auth.jwt.tests.utils import generate_jwt -from rest_framework.authentication import SessionAuthentication from rest_framework.response import Response from rest_framework.views import APIView @@ -25,7 +23,6 @@ class ThirdPartyAuthPermissionTest(TestCase): class SomeTpaClassView(APIView): """view used to test TPA_permissions""" - authentication_classes = (JwtAuthentication, SessionAuthentication) permission_classes = (TPA_PERMISSIONS,) required_scopes = ['tpa:read'] diff --git a/common/djangoapps/third_party_auth/saml_configuration/views.py b/common/djangoapps/third_party_auth/saml_configuration/views.py index aa051aac7f..b6e6c39ffe 100644 --- a/common/djangoapps/third_party_auth/saml_configuration/views.py +++ b/common/djangoapps/third_party_auth/saml_configuration/views.py @@ -2,16 +2,13 @@ Viewset for auth/saml/v0/saml_configuration """ -from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication from rest_framework import permissions, viewsets -from rest_framework.authentication import SessionAuthentication from ..models import SAMLConfiguration from .serializers import SAMLConfigurationSerializer class SAMLConfigurationMixin: - authentication_classes = (JwtAuthentication, SessionAuthentication,) permission_classes = (permissions.IsAuthenticated,) serializer_class = SAMLConfigurationSerializer diff --git a/common/djangoapps/third_party_auth/samlproviderconfig/views.py b/common/djangoapps/third_party_auth/samlproviderconfig/views.py index 08732f0950..7286402df5 100644 --- a/common/djangoapps/third_party_auth/samlproviderconfig/views.py +++ b/common/djangoapps/third_party_auth/samlproviderconfig/views.py @@ -5,10 +5,8 @@ Viewset for auth/saml/v0/samlproviderconfig from django.shortcuts import get_list_or_404 from django.db.utils import IntegrityError from edx_rbac.mixins import PermissionRequiredMixin -from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication from rest_framework import permissions, viewsets, status from rest_framework.response import Response -from rest_framework.authentication import SessionAuthentication from rest_framework.exceptions import ParseError, ValidationError from enterprise.models import EnterpriseCustomerIdentityProvider, EnterpriseCustomer @@ -20,7 +18,6 @@ from ..utils import convert_saml_slug_provider_id class SAMLProviderMixin: - authentication_classes = [JwtAuthentication, SessionAuthentication] permission_classes = [permissions.IsAuthenticated] serializer_class = SAMLProviderConfigSerializer diff --git a/common/djangoapps/third_party_auth/samlproviderdata/views.py b/common/djangoapps/third_party_auth/samlproviderdata/views.py index f61b237c12..b5d044bd04 100644 --- a/common/djangoapps/third_party_auth/samlproviderdata/views.py +++ b/common/djangoapps/third_party_auth/samlproviderdata/views.py @@ -8,10 +8,8 @@ from requests.exceptions import SSLError, MissingSchema, HTTPError from django.http import Http404 from django.shortcuts import get_object_or_404 from edx_rbac.mixins import PermissionRequiredMixin -from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication from enterprise.models import EnterpriseCustomerIdentityProvider from rest_framework import permissions, status, viewsets -from rest_framework.authentication import SessionAuthentication from rest_framework.decorators import action from rest_framework.exceptions import ParseError from rest_framework.response import Response @@ -31,7 +29,6 @@ log = logging.getLogger(__name__) class SAMLProviderDataMixin: - authentication_classes = [JwtAuthentication, SessionAuthentication] permission_classes = [permissions.IsAuthenticated] serializer_class = SAMLProviderDataSerializer diff --git a/lms/djangoapps/bulk_user_retirement/views.py b/lms/djangoapps/bulk_user_retirement/views.py index 14775ac322..8207314aec 100644 --- a/lms/djangoapps/bulk_user_retirement/views.py +++ b/lms/djangoapps/bulk_user_retirement/views.py @@ -3,7 +3,6 @@ An API for retiring user accounts. """ import logging -from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication from django.contrib.auth import get_user_model from django.db import transaction from rest_framework import permissions, status @@ -34,7 +33,6 @@ class BulkUsersRetirementView(APIView): * usernames: Comma separated strings of usernames that should be retired. """ - authentication_classes = (JwtAuthentication, ) permission_classes = (permissions.IsAuthenticated, CanRetireUser) def post(self, request, **kwargs): # pylint: disable=unused-argument diff --git a/lms/djangoapps/commerce/api/v1/views.py b/lms/djangoapps/commerce/api/v1/views.py index 0e634ee362..591f266b48 100644 --- a/lms/djangoapps/commerce/api/v1/views.py +++ b/lms/djangoapps/commerce/api/v1/views.py @@ -72,7 +72,6 @@ class CourseRetrieveUpdateView(PutAsCreateMixin, RetrieveUpdateAPIView): class OrderView(APIView): """ Retrieve order details. """ - authentication_classes = (JwtAuthentication, SessionAuthentication,) permission_classes = (IsAuthenticatedOrActivationOverridden,) def get(self, request, number): diff --git a/lms/djangoapps/course_home_api/outline/views.py b/lms/djangoapps/course_home_api/outline/views.py index 813bde793f..91c8a6d7f1 100644 --- a/lms/djangoapps/course_home_api/outline/views.py +++ b/lms/djangoapps/course_home_api/outline/views.py @@ -376,7 +376,6 @@ class OutlineTabView(RetrieveAPIView): @api_view(['POST']) -@authentication_classes((JwtAuthentication,)) @permission_classes((IsAuthenticated,)) def dismiss_welcome_message(request): # pylint: disable=missing-function-docstring course_id = request.data.get('course_id', None) diff --git a/lms/djangoapps/discussion/rest_api/tests/test_views.py b/lms/djangoapps/discussion/rest_api/tests/test_views.py index 1782a574b0..1ebed6380d 100644 --- a/lms/djangoapps/discussion/rest_api/tests/test_views.py +++ b/lms/djangoapps/discussion/rest_api/tests/test_views.py @@ -675,7 +675,7 @@ class ReplaceUsernamesViewTest(DiscussionAPIViewTestMixin, ModuleStoreTestCase): # Test unauthenticated response = self.client.post(self.url, data) - assert response.status_code == 401 + assert response.status_code == 403 # Test non-service worker random_user = UserFactory() diff --git a/lms/djangoapps/discussion/rest_api/views.py b/lms/djangoapps/discussion/rest_api/views.py index bcfc9c902d..b62356a45d 100644 --- a/lms/djangoapps/discussion/rest_api/views.py +++ b/lms/djangoapps/discussion/rest_api/views.py @@ -1099,7 +1099,6 @@ class RetireUserView(APIView): Empty string """ - authentication_classes = (JwtAuthentication,) permission_classes = (permissions.IsAuthenticated, CanRetireUser) def post(self, request): @@ -1147,7 +1146,6 @@ class ReplaceUsernamesView(APIView): """ - authentication_classes = (JwtAuthentication,) permission_classes = (permissions.IsAuthenticated, CanReplaceUsername) def post(self, request): diff --git a/lms/djangoapps/edxnotes/views.py b/lms/djangoapps/edxnotes/views.py index 54b1fa65f4..3e23ebe9ab 100644 --- a/lms/djangoapps/edxnotes/views.py +++ b/lms/djangoapps/edxnotes/views.py @@ -11,7 +11,6 @@ from django.contrib.auth.decorators import login_required from django.http import Http404, HttpResponse from django.urls import reverse from django.views.decorators.http import require_GET -from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication from opaque_keys.edx.keys import CourseKey from rest_framework import permissions, status from rest_framework.response import Response @@ -244,7 +243,6 @@ class RetireUserView(APIView): - EdxNotesServiceUnavailable is thrown: the edx-notes-api IDA is not available. """ - authentication_classes = (JwtAuthentication,) permission_classes = (permissions.IsAuthenticated, CanRetireUser) def post(self, request): diff --git a/lms/djangoapps/instructor_task/rest_api/v1/views.py b/lms/djangoapps/instructor_task/rest_api/v1/views.py index 3fcd226c9c..812b88e11d 100644 --- a/lms/djangoapps/instructor_task/rest_api/v1/views.py +++ b/lms/djangoapps/instructor_task/rest_api/v1/views.py @@ -9,8 +9,6 @@ import pytz import dateutil from celery.states import REVOKED from django.db import transaction -from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication -from rest_framework.authentication import SessionAuthentication from rest_framework.response import Response from rest_framework import generics, status @@ -35,10 +33,6 @@ class ListScheduledBulkEmailInstructorTasks(generics.ListAPIView): data also includes information about the and course email instance associated with each task. * 403: User does not have the required role to view this data. """ - authentication_classes = ( - JwtAuthentication, - SessionAuthentication, - ) permission_classes = ( CanViewOrModifyScheduledBulkCourseEmailTasks, ) @@ -74,10 +68,6 @@ class ModifyScheduledBulkEmailInstructorTask(generics.DestroyAPIView, generics.U * 403: User does not have permission to modify the object specified. * 404: Requested schedule object could not be found and thus could not be modified or removed. """ - authentication_classes = ( - JwtAuthentication, - SessionAuthentication, - ) permission_classes = ( CanViewOrModifyScheduledBulkCourseEmailTasks, ) diff --git a/lms/djangoapps/learner_dashboard/api/v0/views.py b/lms/djangoapps/learner_dashboard/api/v0/views.py index 92dac75806..1579fdd26a 100644 --- a/lms/djangoapps/learner_dashboard/api/v0/views.py +++ b/lms/djangoapps/learner_dashboard/api/v0/views.py @@ -1,9 +1,7 @@ """ API v0 views. """ import logging -from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication from enterprise.models import EnterpriseCourseEnrollment -from rest_framework.authentication import SessionAuthentication from rest_framework.permissions import IsAuthenticated from rest_framework.response import Response from rest_framework.views import APIView @@ -81,8 +79,6 @@ class Programs(APIView): ] """ - authentication_classes = (JwtAuthentication, SessionAuthentication,) - permission_classes = (IsAuthenticated,) def get(self, request, enterprise_uuid): @@ -298,11 +294,6 @@ class ProgramProgressDetailView(APIView): } """ - authentication_classes = ( - JwtAuthentication, - SessionAuthentication, - ) - permission_classes = (IsAuthenticated,) def get(self, request, program_uuid): diff --git a/lms/djangoapps/support/views/feature_based_enrollments.py b/lms/djangoapps/support/views/feature_based_enrollments.py index 929c2a30ea..af5861ac5e 100644 --- a/lms/djangoapps/support/views/feature_based_enrollments.py +++ b/lms/djangoapps/support/views/feature_based_enrollments.py @@ -2,10 +2,8 @@ Support tool for viewing course duration information """ -from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication from django.utils.decorators import method_decorator from django.views.generic import View -from rest_framework.authentication import SessionAuthentication from rest_framework.permissions import IsAuthenticated from rest_framework.generics import GenericAPIView @@ -43,9 +41,6 @@ class FeatureBasedEnrollmentSupportAPIView(GenericAPIView): Support-only API View for getting feature based enrollment configuration details for a course. """ - authentication_classes = ( - JwtAuthentication, SessionAuthentication - ) permission_classes = (IsAuthenticated,) @method_decorator(require_support_permission) diff --git a/lms/djangoapps/support/views/program_enrollments.py b/lms/djangoapps/support/views/program_enrollments.py index c912423197..d5b264069b 100644 --- a/lms/djangoapps/support/views/program_enrollments.py +++ b/lms/djangoapps/support/views/program_enrollments.py @@ -6,9 +6,7 @@ from django.contrib.auth.models import User # lint-amnesty, pylint: disable=imp from django.db.models import Q from django.utils.decorators import method_decorator from django.views.generic import View -from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication from rest_framework.views import APIView -from rest_framework.authentication import SessionAuthentication from rest_framework.response import Response from rest_framework.permissions import IsAuthenticated from social_django.models import UserSocialAuth @@ -77,9 +75,6 @@ class LinkProgramEnrollmentSupportAPIView(APIView): """ Support-only API View for linking learner enrollments by support staff. """ - authentication_classes = ( - JwtAuthentication, SessionAuthentication - ) permission_classes = ( IsAuthenticated, ) @@ -312,9 +307,6 @@ class ProgramEnrollmentsInspectorAPIView(ProgramEnrollmentInspector, APIView): information of a learner. """ - authentication_classes = ( - JwtAuthentication, SessionAuthentication - ) permission_classes = ( IsAuthenticated, ) diff --git a/lms/djangoapps/user_tours/v1/views.py b/lms/djangoapps/user_tours/v1/views.py index ce4c354e5d..65db60bcac 100644 --- a/lms/djangoapps/user_tours/v1/views.py +++ b/lms/djangoapps/user_tours/v1/views.py @@ -2,8 +2,6 @@ from django.conf import settings from django.db import transaction, IntegrityError from django.shortcuts import get_object_or_404 -from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication -from rest_framework.authentication import SessionAuthentication from rest_framework.generics import RetrieveUpdateAPIView from rest_framework.permissions import IsAuthenticated from rest_framework.response import Response @@ -25,7 +23,6 @@ class UserTourView(RetrieveUpdateAPIView): GET /api/user_tours/v1/{username} PATCH /api/user_tours/v1/{username} """ - authentication_classes = (JwtAuthentication,) permission_classes = (IsAuthenticated,) serializer_class = UserTourSerializer @@ -111,7 +108,6 @@ class UserDiscussionsToursView(APIView): ] """ - authentication_classes = (JwtAuthentication, SessionAuthentication) permission_classes = (IsAuthenticated,) def get(self, request, tour_id=None): diff --git a/openedx/core/djangoapps/agreements/views.py b/openedx/core/djangoapps/agreements/views.py index 82de8caabf..cc928669ff 100644 --- a/openedx/core/djangoapps/agreements/views.py +++ b/openedx/core/djangoapps/agreements/views.py @@ -3,11 +3,9 @@ Views served by the Agreements app """ from django.conf import settings -from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication from rest_framework import status from rest_framework.views import APIView from rest_framework.response import Response -from rest_framework.authentication import SessionAuthentication from rest_framework.permissions import IsAuthenticated from opaque_keys.edx.keys import CourseKey @@ -34,7 +32,6 @@ class AuthenticatedAPIView(APIView): """ Authenticated API View. """ - authentication_classes = (SessionAuthentication, JwtAuthentication) permission_classes = (IsAuthenticated,) diff --git a/openedx/core/djangoapps/demographics/rest_api/v1/views.py b/openedx/core/djangoapps/demographics/rest_api/v1/views.py index ab114c41f4..35aacc61bd 100644 --- a/openedx/core/djangoapps/demographics/rest_api/v1/views.py +++ b/openedx/core/djangoapps/demographics/rest_api/v1/views.py @@ -1,7 +1,5 @@ # lint-amnesty, pylint: disable=missing-module-docstring -from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication from rest_framework import permissions, status -from rest_framework.authentication import SessionAuthentication from rest_framework.response import Response from rest_framework.views import APIView @@ -18,7 +16,6 @@ class DemographicsStatusView(APIView): The API will return whether or not to display the Demographics UI based on the User's status in the Platform """ - authentication_classes = (JwtAuthentication, SessionAuthentication) permission_classes = (permissions.IsAuthenticated, ) def _response_context(self, user, user_demographics=None): diff --git a/openedx/core/djangoapps/enrollments/views.py b/openedx/core/djangoapps/enrollments/views.py index f413cb761e..52ec4e3b31 100644 --- a/openedx/core/djangoapps/enrollments/views.py +++ b/openedx/core/djangoapps/enrollments/views.py @@ -421,7 +421,6 @@ class UnenrollmentView(APIView): If the request is successful, an HTTP 200 "OK" response is returned along with a list of all courses from which the user was unenrolled. """ - authentication_classes = (JwtAuthentication,) permission_classes = (permissions.IsAuthenticated, CanRetireUser,) def post(self, request): @@ -1023,9 +1022,6 @@ class EnrollmentAllowedView(APIView): """ A view that allows the retrieval and creation of enrollment allowed for a given user email and course id. """ - authentication_classes = ( - JwtAuthentication, - ) permission_classes = (permissions.IsAdminUser,) throttle_classes = (EnrollmentUserThrottle,) serializer_class = CourseEnrollmentAllowedSerializer diff --git a/openedx/core/djangoapps/user_api/accounts/views.py b/openedx/core/djangoapps/user_api/accounts/views.py index 0f0a2a6019..cfe9872a95 100644 --- a/openedx/core/djangoapps/user_api/accounts/views.py +++ b/openedx/core/djangoapps/user_api/accounts/views.py @@ -456,7 +456,6 @@ class NameChangeView(ViewSet): """ Viewset to manage profile name change requests. """ - authentication_classes = (JwtAuthentication, SessionAuthentication,) permission_classes = (permissions.IsAuthenticated,) def create(self, request): @@ -514,7 +513,6 @@ class AccountDeactivationView(APIView): Account deactivation viewset. Currently only supports POST requests. Only admins can deactivate accounts. """ - authentication_classes = (JwtAuthentication,) permission_classes = (permissions.IsAuthenticated, CanDeactivateUser) def post(self, request, username): @@ -693,7 +691,6 @@ class AccountRetirementPartnerReportView(ViewSet): ORIGINAL_NAME_KEY = 'original_name' STUDENT_ID_KEY = 'student_id' - authentication_classes = (JwtAuthentication,) permission_classes = (permissions.IsAuthenticated, CanRetireUser,) parser_classes = (JSONParser,) serializer_class = UserRetirementStatusSerializer @@ -831,7 +828,6 @@ class CancelAccountRetirementStatusView(ViewSet): """ Provides API endpoints for canceling retirement process for a user's account. """ - authentication_classes = (JwtAuthentication, SessionAuthentication) permission_classes = (permissions.IsAuthenticated, CanCancelUserRetirement,) def cancel_retirement(self, request): @@ -873,7 +869,6 @@ class AccountRetirementStatusView(ViewSet): """ Provides API endpoints for managing the user retirement process. """ - authentication_classes = (JwtAuthentication,) permission_classes = (permissions.IsAuthenticated, CanRetireUser,) parser_classes = (JSONParser,) serializer_class = UserRetirementStatusSerializer @@ -1080,7 +1075,6 @@ class LMSAccountRetirementView(ViewSet): """ Provides an API endpoint for retiring a user in the LMS. """ - authentication_classes = (JwtAuthentication,) permission_classes = (permissions.IsAuthenticated, CanRetireUser,) parser_classes = (JSONParser,) @@ -1136,7 +1130,6 @@ class AccountRetirementView(ViewSet): """ Provides API endpoint for retiring a user. """ - authentication_classes = (JwtAuthentication,) permission_classes = (permissions.IsAuthenticated, CanRetireUser,) parser_classes = (JSONParser,) @@ -1276,7 +1269,6 @@ class UsernameReplacementView(APIView): This API will be called first, before calling the APIs in other services as this one handles the checks on the usernames provided. """ - authentication_classes = (JwtAuthentication,) permission_classes = (permissions.IsAuthenticated, CanReplaceUsername) def post(self, request): diff --git a/openedx/core/djangoapps/waffle_utils/views.py b/openedx/core/djangoapps/waffle_utils/views.py index 2a26430d18..a630976210 100644 --- a/openedx/core/djangoapps/waffle_utils/views.py +++ b/openedx/core/djangoapps/waffle_utils/views.py @@ -4,11 +4,9 @@ Views that we will use to view toggle state in edx-platform. from collections import OrderedDict from enum import Enum -from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication from edx_rest_framework_extensions.permissions import IsStaff from edx_toggles.toggles.state import ToggleStateReport, get_or_create_toggle_response from rest_framework import views -from rest_framework.authentication import SessionAuthentication from rest_framework.response import Response from .models import WaffleFlagCourseOverrideModel, WaffleFlagOrgOverrideModel @@ -59,10 +57,6 @@ class ToggleStateView(views.APIView): An endpoint for displaying the state of toggles in edx-platform. """ - authentication_classes = ( - JwtAuthentication, - SessionAuthentication, - ) permission_classes = (IsStaff,) def get(self, request):