Merge pull request #23026 from edx/diana/shut-oauth-dispatch

Add toggle to remove access to DOP code paths.
2020-02-06 13:42:00 -05:00
parent 4e277cb3d7 7f65b7c6b7
commit 8c41447484
3 changed files with 22 additions and 1 deletions
--- a/lms/envs/common.py
+++ b/lms/envs/common.py
@@ -603,6 +603,20 @@ OAUTH_ENFORCE_SECURE = True
 OAUTH_EXPIRE_CONFIDENTIAL_CLIENT_DAYS = 365
 OAUTH_EXPIRE_PUBLIC_CLIENT_DAYS = 30

+
+# .. toggle_name: ENABLE_DOP_ADAPTER
+# .. toggle_implementation: DjangoSetting
+# .. toggle_default: True
+# .. toggle_description: A switch toggle for controlling whether or not we allow usage of the DOP OAuth adapter with the goal of removing the DOP adapter once we're confident it won't be used.
+# .. toggle_category: n/a
+# .. toggle_use_cases: incremental_release
+# .. toggle_creation_date: 2020-02-06
+# .. toggle_expiration_date: 2020-02-29
+# .. toggle_warnings: None
+# .. toggle_tickets: BOM-1160
+# .. toggle_status: supported
+ENABLE_DOP_ADAPTER = True
+
 ################################## THIRD_PARTY_AUTH CONFIGURATION #############################
 TPA_PROVIDER_BURST_THROTTLE = '10/min'
 TPA_PROVIDER_SUSTAINED_THROTTLE = '50/hr'
--- a/openedx/core/djangoapps/oauth_dispatch/tests/test_views.py
+++ b/openedx/core/djangoapps/oauth_dispatch/tests/test_views.py
@@ -641,6 +641,11 @@ class TestViewDispatch(TestCase):
        view_object = views.AccessTokenView()
        self.assertRaises(KeyError, view_object.get_view_for_backend, None)

+    def test_dop_toggle_enforced(self):
+        with self.settings(ENABLE_DOP_ADAPTER=False):
+            request = self._get_request('dop-id')
+            self.assertEqual(self.view.select_backend(request), self.dot_adapter.backend)
+

 class TestRevokeTokenView(AccessTokenLoginMixin, _DispatchingViewTestCase):  # pylint: disable=abstract-method
    """
--- a/openedx/core/djangoapps/oauth_dispatch/views.py
+++ b/openedx/core/djangoapps/oauth_dispatch/views.py
@@ -39,7 +39,7 @@ class _DispatchingView(View):
        client_id = self._get_client_id(request)
        monitoring_utils.set_custom_metric('oauth_client_id', client_id)

-        if dot_models.Application.objects.filter(client_id=client_id).exists():
+        if dot_models.Application.objects.filter(client_id=client_id).exists() or not settings.ENABLE_DOP_ADAPTER:
            monitoring_utils.set_custom_metric('oauth_adapter', 'dot')
            return self.dot_adapter
        else:
@@ -69,8 +69,10 @@ class _DispatchingView(View):
        Return the appropriate view from the requested backend.
        """
        if backend == self.dot_adapter.backend:
+            monitoring_utils.set_custom_metric('oauth_view', 'dot')
            return self.dot_view.as_view()
        elif backend == self.dop_adapter.backend:
+            monitoring_utils.set_custom_metric('oauth_view', 'dop')
            return self.dop_view.as_view()
        else:
            raise KeyError('Failed to dispatch view. Invalid backend {}'.format(backend))