refactor: Remove HIBP settings from CMS (#36998)

Remove HIBP settings from CMS common settings module

cms/djangoapps/contentstore/tests/tests.py

@@ -92,6 +92,12 @@ class ContentStoreTestCase(ModuleStoreTestCase):
 
 
 @ddt
+# HIBP settings are only defined in lms envs but needed for cms auth related tests.
+@override_settings(
+    ENABLE_AUTHN_LOGIN_BLOCK_HIBP_POLICY=False,
+    ENABLE_AUTHN_LOGIN_NUDGE_HIBP_POLICY=False,
+    ENABLE_AUTHN_REGISTER_HIBP_POLICY=False,
+)
 class AuthTestCase(ContentStoreTestCase):
     """Check that various permissions-related things work"""
 

cms/envs/common.py

@@ -52,21 +52,6 @@ import lms.envs.common
 
 from openedx.envs.common import *  # pylint: disable=wildcard-import
 
-from lms.envs.common import (
-    # NOTE: Do not add any new imports here. Use openedx.envs.common instead for
-    # platform wide settings.
-
-    # FIXME: The HIBP settings are only used in the LMS, but CMS unit tests fail
-    # without them. Perhaps moving some code would allow us to remove these from
-    # this file. GitHub Issue: https://github.com/openedx/edx-platform/issues/36992.
-    ENABLE_AUTHN_LOGIN_BLOCK_HIBP_POLICY,
-    ENABLE_AUTHN_LOGIN_NUDGE_HIBP_POLICY,
-    ENABLE_AUTHN_REGISTER_HIBP_POLICY,
-    ENABLE_AUTHN_RESET_PASSWORD_HIBP_POLICY,
-    HIBP_LOGIN_BLOCK_PASSWORD_FREQUENCY_THRESHOLD,
-    HIBP_LOGIN_NUDGE_PASSWORD_FREQUENCY_THRESHOLD,
-    HIBP_REGISTRATION_PASSWORD_FREQUENCY_THRESHOLD,
-)
 from path import Path as path
 from django.urls import reverse_lazy
 

common/djangoapps/student/tests/test_configuration_overrides.py

@@ -8,6 +8,7 @@ import json
 from unittest import mock
 from django.contrib.auth.models import User  # lint-amnesty, pylint: disable=imported-auth-user
 from django.test import TestCase
+from django.test.utils import override_settings
 from django.urls import reverse
 
 from common.djangoapps.student.models import UserSignupSource
@@ -50,6 +51,8 @@ def fake_get_value(name, default=None):
     return FAKE_SITE.get(name, default)
 
 
+# HIBP settings are only defined in lms envs but needed for common tests.
+@override_settings(ENABLE_AUTHN_REGISTER_HIBP_POLICY=False)
 class TestSite(TestCase):
     """Test for Account Creation from white labeled Sites"""
     def setUp(self):

common/djangoapps/student/tests/test_password_policy.py

@@ -11,7 +11,11 @@ from django.urls import reverse
 from common.djangoapps.util.password_policy_validators import create_validator_config
 
 
-@override_settings(RATELIMIT_ENABLE=False)
+# HIBP settings are only defined in lms envs but needed for common tests.
+@override_settings(
+    RATELIMIT_ENABLE=False,
+    ENABLE_AUTHN_REGISTER_HIBP_POLICY=False,
+)
 class TestPasswordPolicy(TestCase):
     """
     Go through some password policy tests to make sure things are properly working
@@ -227,7 +231,11 @@ class TestPasswordPolicy(TestCase):
         assert obj['success']
 
 
-@override_settings(RATELIMIT_ENABLE=False)
+# HIBP settings are only defined in lms envs but needed for common tests.
+@override_settings(
+    RATELIMIT_ENABLE=False,
+    ENABLE_AUTHN_REGISTER_HIBP_POLICY=False,
+)
 class TestUsernamePasswordNonmatch(TestCase):
     """
     Test that registration username and password fields differ

openedx/core/djangoapps/lang_pref/tests/test_middleware.py

@@ -11,6 +11,7 @@ from django.conf import settings
 from django.contrib.sessions.middleware import SessionMiddleware
 from django.http import HttpResponse
 from django.test.client import Client, RequestFactory
+from openedx.core.lib.api.test_utils import override_settings
 from django.urls import reverse
 from django.utils.translation.trans_real import parse_accept_lang_header
 
@@ -30,6 +31,13 @@ from common.djangoapps.student.tests.factories import AnonymousUserFactory, User
 
 
 @ddt.ddt
+# HIBP settings are only defined in lms envs but needed for common tests.
+@override_settings(
+    ENABLE_AUTHN_LOGIN_BLOCK_HIBP_POLICY=False,
+    ENABLE_AUTHN_LOGIN_NUDGE_HIBP_POLICY=False,
+    ENABLE_AUTHN_REGISTER_HIBP_POLICY=False,
+    HIBP_REGISTRATION_PASSWORD_FREQUENCY_THRESHOLD=100000,
+)
 class TestUserPreferenceMiddleware(CacheIsolationTestCase):
     """
     Tests to make sure user preferences are getting properly set in the middleware.

openedx/core/djangoapps/user_api/preferences/tests/test_api.py

@@ -274,6 +274,8 @@ class TestPreferenceAPI(CacheIsolationTestCase):
 
 
 @ddt.ddt
+# HIBP settings are only defined in lms envs but needed for common tests.
+@override_settings(ENABLE_AUTHN_REGISTER_HIBP_POLICY=False)
 class UpdateEmailOptInTests(ModuleStoreTestCase):
     """
     Test cases to cover API-driven email list opt-in update workflows

openedx/core/djangoapps/user_authn/views/tests/test_login.py

@@ -47,6 +47,11 @@ from common.djangoapps.util.password_policy_validators import DEFAULT_MAX_PASSWO
 
 
 @ddt.ddt
+# HIBP settings are only defined in lms envs but needed for common tests.
+@override_settings(
+    ENABLE_AUTHN_LOGIN_BLOCK_HIBP_POLICY=False,
+    ENABLE_AUTHN_LOGIN_NUDGE_HIBP_POLICY=False,
+)
 class LoginTest(SiteMixin, CacheIsolationTestCase, OpenEdxEventsTestMixin):
     """
     Test login_user() view
@@ -380,7 +385,11 @@ class LoginTest(SiteMixin, CacheIsolationTestCase, OpenEdxEventsTestMixin):
         )
         self._assert_not_in_audit_log(mock_audit_log, 'warning', [self.user_email])
 
-    @override_settings(ENABLE_AUTHN_LOGIN_BLOCK_HIBP_POLICY=True)
+    # HIBP settings are only defined in lms envs but needed for common tests.
+    @override_settings(
+        ENABLE_AUTHN_LOGIN_BLOCK_HIBP_POLICY=True,
+        HIBP_LOGIN_BLOCK_PASSWORD_FREQUENCY_THRESHOLD=5.0,
+    )
     @override_waffle_switch(ENABLE_PWNED_PASSWORD_API, True)
     def test_password_compliance_block_error(self):
         """
@@ -394,7 +403,11 @@ class LoginTest(SiteMixin, CacheIsolationTestCase, OpenEdxEventsTestMixin):
 
         self._assert_response(response, success=False, error_code='require-password-change')
 
-    @override_settings(ENABLE_AUTHN_LOGIN_NUDGE_HIBP_POLICY=True)
+    # HIBP settings are only defined in lms envs but needed for common tests.
+    @override_settings(
+        ENABLE_AUTHN_LOGIN_NUDGE_HIBP_POLICY=True,
+        HIBP_LOGIN_NUDGE_PASSWORD_FREQUENCY_THRESHOLD=3.0,
+    )
     @override_waffle_switch(ENABLE_PWNED_PASSWORD_API, True)
     def test_password_compliance_nudge_error(self):
         """

openedx/core/djangoapps/user_authn/views/tests/test_register.py

@@ -2848,6 +2848,11 @@ class RegistrationValidationViewTests(test_utils.ApiTestCase, OpenEdxEventsTestM
         ['country', list(testutils.VALID_COUNTRIES)],
     )
     @ddt.unpack
+    # HIBP settings are only defined in lms envs but needed for common tests.
+    @override_settings(
+        ENABLE_AUTHN_RESET_PASSWORD_HIBP_POLICY=False,
+        ENABLE_AUTHN_REGISTER_HIBP_POLICY=False,
+    )
     def test_positive_validation_decision(self, form_field_name, user_data):
         """
         Test if {0} as any item in {1} gives a positive validation decision.
@@ -3036,9 +3041,6 @@ class RegistrationValidationViewTests(test_utils.ApiTestCase, OpenEdxEventsTestM
             {'email': AUTHN_EMAIL_CONFLICT_MSG}
         )
 
-    @override_settings(
-        ENABLE_AUTHN_REGISTER_HIBP_POLICY=True
-    )
     @mock.patch('eventtracking.tracker.emit')
     @mock.patch(
         'openedx.core.djangoapps.user_api.accounts.api.check_pwned_password',
@@ -3048,6 +3050,12 @@ class RegistrationValidationViewTests(test_utils.ApiTestCase, OpenEdxEventsTestM
             'user_request_page': 'registration',
         })
     )
+    # HIBP settings are only defined in lms envs but needed for tests here.
+    @override_settings(
+        ENABLE_AUTHN_REGISTER_HIBP_POLICY=True,
+        ENABLE_AUTHN_RESET_PASSWORD_HIBP_POLICY=True,
+        HIBP_REGISTRATION_PASSWORD_FREQUENCY_THRESHOLD=3.0,
+    )
     def test_pwned_password_and_emit_track_event(self, emit):
         self.assertValidationDecision(
             {'password': 'testtest12'},