From 6d150acf81b07c72e85bc86e2171cffc3a7818a7 Mon Sep 17 00:00:00 2001 From: Mubbshar Anwar <78487564+mubbsharanwar@users.noreply.github.com> Date: Thu, 31 Jul 2025 18:43:36 +0500 Subject: [PATCH] refactor: Remove HIBP settings from CMS (#36998) Remove HIBP settings from CMS common settings module --- cms/djangoapps/contentstore/tests/tests.py | 6 ++++++ cms/envs/common.py | 15 --------------- .../tests/test_configuration_overrides.py | 3 +++ .../student/tests/test_password_policy.py | 12 ++++++++++-- .../lang_pref/tests/test_middleware.py | 8 ++++++++ .../user_api/preferences/tests/test_api.py | 2 ++ .../user_authn/views/tests/test_login.py | 17 +++++++++++++++-- .../user_authn/views/tests/test_register.py | 14 +++++++++++--- 8 files changed, 55 insertions(+), 22 deletions(-) diff --git a/cms/djangoapps/contentstore/tests/tests.py b/cms/djangoapps/contentstore/tests/tests.py index 7efe298ad3..40b0f8ad4c 100644 --- a/cms/djangoapps/contentstore/tests/tests.py +++ b/cms/djangoapps/contentstore/tests/tests.py @@ -92,6 +92,12 @@ class ContentStoreTestCase(ModuleStoreTestCase): @ddt +# HIBP settings are only defined in lms envs but needed for cms auth related tests. +@override_settings( + ENABLE_AUTHN_LOGIN_BLOCK_HIBP_POLICY=False, + ENABLE_AUTHN_LOGIN_NUDGE_HIBP_POLICY=False, + ENABLE_AUTHN_REGISTER_HIBP_POLICY=False, +) class AuthTestCase(ContentStoreTestCase): """Check that various permissions-related things work""" diff --git a/cms/envs/common.py b/cms/envs/common.py index bb9c26029b..ad4bfed948 100644 --- a/cms/envs/common.py +++ b/cms/envs/common.py @@ -52,21 +52,6 @@ import lms.envs.common from openedx.envs.common import * # pylint: disable=wildcard-import -from lms.envs.common import ( - # NOTE: Do not add any new imports here. Use openedx.envs.common instead for - # platform wide settings. - - # FIXME: The HIBP settings are only used in the LMS, but CMS unit tests fail - # without them. Perhaps moving some code would allow us to remove these from - # this file. GitHub Issue: https://github.com/openedx/edx-platform/issues/36992. - ENABLE_AUTHN_LOGIN_BLOCK_HIBP_POLICY, - ENABLE_AUTHN_LOGIN_NUDGE_HIBP_POLICY, - ENABLE_AUTHN_REGISTER_HIBP_POLICY, - ENABLE_AUTHN_RESET_PASSWORD_HIBP_POLICY, - HIBP_LOGIN_BLOCK_PASSWORD_FREQUENCY_THRESHOLD, - HIBP_LOGIN_NUDGE_PASSWORD_FREQUENCY_THRESHOLD, - HIBP_REGISTRATION_PASSWORD_FREQUENCY_THRESHOLD, -) from path import Path as path from django.urls import reverse_lazy diff --git a/common/djangoapps/student/tests/test_configuration_overrides.py b/common/djangoapps/student/tests/test_configuration_overrides.py index 477f8255f6..fc69bdd174 100644 --- a/common/djangoapps/student/tests/test_configuration_overrides.py +++ b/common/djangoapps/student/tests/test_configuration_overrides.py @@ -8,6 +8,7 @@ import json from unittest import mock from django.contrib.auth.models import User # lint-amnesty, pylint: disable=imported-auth-user from django.test import TestCase +from django.test.utils import override_settings from django.urls import reverse from common.djangoapps.student.models import UserSignupSource @@ -50,6 +51,8 @@ def fake_get_value(name, default=None): return FAKE_SITE.get(name, default) +# HIBP settings are only defined in lms envs but needed for common tests. +@override_settings(ENABLE_AUTHN_REGISTER_HIBP_POLICY=False) class TestSite(TestCase): """Test for Account Creation from white labeled Sites""" def setUp(self): diff --git a/common/djangoapps/student/tests/test_password_policy.py b/common/djangoapps/student/tests/test_password_policy.py index c758e48f4c..fb84c049de 100644 --- a/common/djangoapps/student/tests/test_password_policy.py +++ b/common/djangoapps/student/tests/test_password_policy.py @@ -11,7 +11,11 @@ from django.urls import reverse from common.djangoapps.util.password_policy_validators import create_validator_config -@override_settings(RATELIMIT_ENABLE=False) +# HIBP settings are only defined in lms envs but needed for common tests. +@override_settings( + RATELIMIT_ENABLE=False, + ENABLE_AUTHN_REGISTER_HIBP_POLICY=False, +) class TestPasswordPolicy(TestCase): """ Go through some password policy tests to make sure things are properly working @@ -227,7 +231,11 @@ class TestPasswordPolicy(TestCase): assert obj['success'] -@override_settings(RATELIMIT_ENABLE=False) +# HIBP settings are only defined in lms envs but needed for common tests. +@override_settings( + RATELIMIT_ENABLE=False, + ENABLE_AUTHN_REGISTER_HIBP_POLICY=False, +) class TestUsernamePasswordNonmatch(TestCase): """ Test that registration username and password fields differ diff --git a/openedx/core/djangoapps/lang_pref/tests/test_middleware.py b/openedx/core/djangoapps/lang_pref/tests/test_middleware.py index e49c3aa66b..a9d69eddd3 100644 --- a/openedx/core/djangoapps/lang_pref/tests/test_middleware.py +++ b/openedx/core/djangoapps/lang_pref/tests/test_middleware.py @@ -11,6 +11,7 @@ from django.conf import settings from django.contrib.sessions.middleware import SessionMiddleware from django.http import HttpResponse from django.test.client import Client, RequestFactory +from openedx.core.lib.api.test_utils import override_settings from django.urls import reverse from django.utils.translation.trans_real import parse_accept_lang_header @@ -30,6 +31,13 @@ from common.djangoapps.student.tests.factories import AnonymousUserFactory, User @ddt.ddt +# HIBP settings are only defined in lms envs but needed for common tests. +@override_settings( + ENABLE_AUTHN_LOGIN_BLOCK_HIBP_POLICY=False, + ENABLE_AUTHN_LOGIN_NUDGE_HIBP_POLICY=False, + ENABLE_AUTHN_REGISTER_HIBP_POLICY=False, + HIBP_REGISTRATION_PASSWORD_FREQUENCY_THRESHOLD=100000, +) class TestUserPreferenceMiddleware(CacheIsolationTestCase): """ Tests to make sure user preferences are getting properly set in the middleware. diff --git a/openedx/core/djangoapps/user_api/preferences/tests/test_api.py b/openedx/core/djangoapps/user_api/preferences/tests/test_api.py index de7338d59b..3429580180 100644 --- a/openedx/core/djangoapps/user_api/preferences/tests/test_api.py +++ b/openedx/core/djangoapps/user_api/preferences/tests/test_api.py @@ -274,6 +274,8 @@ class TestPreferenceAPI(CacheIsolationTestCase): @ddt.ddt +# HIBP settings are only defined in lms envs but needed for common tests. +@override_settings(ENABLE_AUTHN_REGISTER_HIBP_POLICY=False) class UpdateEmailOptInTests(ModuleStoreTestCase): """ Test cases to cover API-driven email list opt-in update workflows diff --git a/openedx/core/djangoapps/user_authn/views/tests/test_login.py b/openedx/core/djangoapps/user_authn/views/tests/test_login.py index 7509bbff95..b00702ee25 100644 --- a/openedx/core/djangoapps/user_authn/views/tests/test_login.py +++ b/openedx/core/djangoapps/user_authn/views/tests/test_login.py @@ -47,6 +47,11 @@ from common.djangoapps.util.password_policy_validators import DEFAULT_MAX_PASSWO @ddt.ddt +# HIBP settings are only defined in lms envs but needed for common tests. +@override_settings( + ENABLE_AUTHN_LOGIN_BLOCK_HIBP_POLICY=False, + ENABLE_AUTHN_LOGIN_NUDGE_HIBP_POLICY=False, +) class LoginTest(SiteMixin, CacheIsolationTestCase, OpenEdxEventsTestMixin): """ Test login_user() view @@ -380,7 +385,11 @@ class LoginTest(SiteMixin, CacheIsolationTestCase, OpenEdxEventsTestMixin): ) self._assert_not_in_audit_log(mock_audit_log, 'warning', [self.user_email]) - @override_settings(ENABLE_AUTHN_LOGIN_BLOCK_HIBP_POLICY=True) + # HIBP settings are only defined in lms envs but needed for common tests. + @override_settings( + ENABLE_AUTHN_LOGIN_BLOCK_HIBP_POLICY=True, + HIBP_LOGIN_BLOCK_PASSWORD_FREQUENCY_THRESHOLD=5.0, + ) @override_waffle_switch(ENABLE_PWNED_PASSWORD_API, True) def test_password_compliance_block_error(self): """ @@ -394,7 +403,11 @@ class LoginTest(SiteMixin, CacheIsolationTestCase, OpenEdxEventsTestMixin): self._assert_response(response, success=False, error_code='require-password-change') - @override_settings(ENABLE_AUTHN_LOGIN_NUDGE_HIBP_POLICY=True) + # HIBP settings are only defined in lms envs but needed for common tests. + @override_settings( + ENABLE_AUTHN_LOGIN_NUDGE_HIBP_POLICY=True, + HIBP_LOGIN_NUDGE_PASSWORD_FREQUENCY_THRESHOLD=3.0, + ) @override_waffle_switch(ENABLE_PWNED_PASSWORD_API, True) def test_password_compliance_nudge_error(self): """ diff --git a/openedx/core/djangoapps/user_authn/views/tests/test_register.py b/openedx/core/djangoapps/user_authn/views/tests/test_register.py index 136adc01f7..54d42efa55 100644 --- a/openedx/core/djangoapps/user_authn/views/tests/test_register.py +++ b/openedx/core/djangoapps/user_authn/views/tests/test_register.py @@ -2848,6 +2848,11 @@ class RegistrationValidationViewTests(test_utils.ApiTestCase, OpenEdxEventsTestM ['country', list(testutils.VALID_COUNTRIES)], ) @ddt.unpack + # HIBP settings are only defined in lms envs but needed for common tests. + @override_settings( + ENABLE_AUTHN_RESET_PASSWORD_HIBP_POLICY=False, + ENABLE_AUTHN_REGISTER_HIBP_POLICY=False, + ) def test_positive_validation_decision(self, form_field_name, user_data): """ Test if {0} as any item in {1} gives a positive validation decision. @@ -3036,9 +3041,6 @@ class RegistrationValidationViewTests(test_utils.ApiTestCase, OpenEdxEventsTestM {'email': AUTHN_EMAIL_CONFLICT_MSG} ) - @override_settings( - ENABLE_AUTHN_REGISTER_HIBP_POLICY=True - ) @mock.patch('eventtracking.tracker.emit') @mock.patch( 'openedx.core.djangoapps.user_api.accounts.api.check_pwned_password', @@ -3048,6 +3050,12 @@ class RegistrationValidationViewTests(test_utils.ApiTestCase, OpenEdxEventsTestM 'user_request_page': 'registration', }) ) + # HIBP settings are only defined in lms envs but needed for tests here. + @override_settings( + ENABLE_AUTHN_REGISTER_HIBP_POLICY=True, + ENABLE_AUTHN_RESET_PASSWORD_HIBP_POLICY=True, + HIBP_REGISTRATION_PASSWORD_FREQUENCY_THRESHOLD=3.0, + ) def test_pwned_password_and_emit_track_event(self, emit): self.assertValidationDecision( {'password': 'testtest12'},