diff --git a/common/djangoapps/third_party_auth/lti.py b/common/djangoapps/third_party_auth/lti.py index 2d34787886..3895c88866 100644 --- a/common/djangoapps/third_party_auth/lti.py +++ b/common/djangoapps/third_party_auth/lti.py @@ -11,8 +11,8 @@ from django.contrib.auth import REDIRECT_FIELD_NAME from oauthlib.common import Request from oauthlib.oauth1.rfc5849.signature import ( collect_parameters, - construct_base_string, - normalize_base_string_uri, + signature_base_string, + base_string_uri, normalize_parameters, sign_hmac_sha1 ) @@ -154,10 +154,10 @@ class LTIAuthBackend(BaseAuth): # we proceed through the entire validation before rejecting any request for any reason. # However, as noted there, the value of doing this is dubious. try: - base_uri = normalize_base_string_uri(request.uri) + base_uri = base_string_uri(request.uri) parameters = collect_parameters(uri_query=request.uri_query, body=request.body) parameters_string = normalize_parameters(parameters) - base_string = construct_base_string(request.http_method, base_uri, parameters_string) + base_string = signature_base_string(request.http_method, base_uri, parameters_string) computed_signature = sign_hmac_sha1(base_string, str(lti_consumer_secret), '') submitted_signature = request.oauth_signature diff --git a/openedx/core/djangoapps/oauth_dispatch/api.py b/openedx/core/djangoapps/oauth_dispatch/api.py index 6816e06218..82b51a0f37 100644 --- a/openedx/core/djangoapps/oauth_dispatch/api.py +++ b/openedx/core/djangoapps/oauth_dispatch/api.py @@ -33,7 +33,13 @@ def create_dot_access_token(request, user, client, expires_in=None, scopes=None) request_validator=dot_settings.OAUTH2_VALIDATOR_CLASS(), ) _populate_create_access_token_request(request, user, client, scopes) - return token_generator.create_token(request, refresh_token=True) + token = token_generator.create_token(request, refresh_token=True) + # This save_token call is required with BearerAuthentication. Once the DEPR for + # BearerAuthentication is complete and it has been fully removed, we may no + # longer need to save the token, since JWT tokens don't rely on the database. + # See DEPR https://github.com/openedx/edx-drf-extensions/issues/284 + token_generator.request_validator.save_token(token, request) + return token def _get_expires_in_value(expires_in): diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 52d61f84ab..fde1aa1f0f 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -30,11 +30,11 @@ django-storages==1.9.1 # for them. edx-enterprise==4.0.16 -# oauthlib>3.0.1 causes test failures ( also remove the django-oauth-toolkit constraint when this is fixed ) -oauthlib==3.0.1 - -# django-auth-toolkit==1.3.3 requires oauthlib>=3.1.0 which is pinned because of test failures -django-oauth-toolkit<=1.3.2 +# 1. django-oauth-toolkit version >=2.0.0 has breaking changes. More details +# mentioned on this issue https://github.com/openedx/edx-platform/issues/32884 +# 2. Versions from 1.5.0 to 2.0.0 have some migrations related changes. +# so we're upgrading minor versions one by one. +django-oauth-toolkit==1.4.1 # Will be updated once we update python-dateutil package matplotlib<3.4.0 diff --git a/requirements/edx/base.txt b/requirements/edx/base.txt index 98fe79f18f..43d8fd0b89 100644 --- a/requirements/edx/base.txt +++ b/requirements/edx/base.txt @@ -321,7 +321,7 @@ django-multi-email-field==0.7.0 # via edx-enterprise django-mysql==4.11.0 # via -r requirements/edx/kernel.in -django-oauth-toolkit==1.3.2 +django-oauth-toolkit==1.4.1 # via # -c requirements/edx/../constraints.txt # -r requirements/edx/kernel.in @@ -738,9 +738,8 @@ numpy==1.22.4 # openedx-calc # scipy # shapely -oauthlib==3.0.1 +oauthlib==3.2.2 # via - # -c requirements/edx/../constraints.txt # -r requirements/edx/kernel.in # django-oauth-toolkit # lti-consumer-xblock diff --git a/requirements/edx/development.txt b/requirements/edx/development.txt index c33b642b58..99831a4dcd 100644 --- a/requirements/edx/development.txt +++ b/requirements/edx/development.txt @@ -520,7 +520,7 @@ django-mysql==4.11.0 # via # -r requirements/edx/doc.txt # -r requirements/edx/testing.txt -django-oauth-toolkit==1.3.2 +django-oauth-toolkit==1.4.1 # via # -c requirements/edx/../constraints.txt # -r requirements/edx/doc.txt @@ -1253,9 +1253,8 @@ numpy==1.22.4 # openedx-calc # scipy # shapely -oauthlib==3.0.1 +oauthlib==3.2.2 # via - # -c requirements/edx/../constraints.txt # -r requirements/edx/doc.txt # -r requirements/edx/testing.txt # django-oauth-toolkit diff --git a/requirements/edx/doc.txt b/requirements/edx/doc.txt index 47f9a0ca9b..433375e74c 100644 --- a/requirements/edx/doc.txt +++ b/requirements/edx/doc.txt @@ -383,7 +383,7 @@ django-multi-email-field==0.7.0 # edx-enterprise django-mysql==4.11.0 # via -r requirements/edx/base.txt -django-oauth-toolkit==1.3.2 +django-oauth-toolkit==1.4.1 # via # -c requirements/edx/../constraints.txt # -r requirements/edx/base.txt @@ -877,9 +877,8 @@ numpy==1.22.4 # openedx-calc # scipy # shapely -oauthlib==3.0.1 +oauthlib==3.2.2 # via - # -c requirements/edx/../constraints.txt # -r requirements/edx/base.txt # django-oauth-toolkit # lti-consumer-xblock diff --git a/requirements/edx/testing.txt b/requirements/edx/testing.txt index 292cce2e43..bae66fd0ae 100644 --- a/requirements/edx/testing.txt +++ b/requirements/edx/testing.txt @@ -415,7 +415,7 @@ django-multi-email-field==0.7.0 # edx-enterprise django-mysql==4.11.0 # via -r requirements/edx/base.txt -django-oauth-toolkit==1.3.2 +django-oauth-toolkit==1.4.1 # via # -c requirements/edx/../constraints.txt # -r requirements/edx/base.txt @@ -946,9 +946,8 @@ numpy==1.22.4 # openedx-calc # scipy # shapely -oauthlib==3.0.1 +oauthlib==3.2.2 # via - # -c requirements/edx/../constraints.txt # -r requirements/edx/base.txt # django-oauth-toolkit # lti-consumer-xblock