From 9d9cf1a84bff4e541c0b3734e3a8cc9211eec94e Mon Sep 17 00:00:00 2001 From: Clinton Blackburn Date: Thu, 23 Feb 2017 15:26:29 -0500 Subject: [PATCH] Added support for JWT authentication to the Enrollment API ECOM-7099 --- common/djangoapps/enrollment/views.py | 35 +++++++++++++-------------- 1 file changed, 17 insertions(+), 18 deletions(-) diff --git a/common/djangoapps/enrollment/views.py b/common/djangoapps/enrollment/views.py index 9f61346e4d..f510d66024 100644 --- a/common/djangoapps/enrollment/views.py +++ b/common/djangoapps/enrollment/views.py @@ -7,35 +7,31 @@ import logging from django.core.exceptions import ObjectDoesNotExist from django.utils.decorators import method_decorator +from edx_rest_framework_extensions.authentication import JwtAuthentication from opaque_keys import InvalidKeyError -from course_modes.models import CourseMode -from openedx.core.lib.log_utils import audit_log -from openedx.core.djangoapps.user_api.preferences.api import update_email_opt_in -from openedx.core.lib.api.permissions import ApiKeyHeaderPermission, ApiKeyHeaderPermissionIsAuthenticated +from opaque_keys.edx.keys import CourseKey from rest_framework import status from rest_framework.response import Response from rest_framework.throttling import UserRateThrottle from rest_framework.views import APIView -from opaque_keys.edx.keys import CourseKey -from openedx.core.djangoapps.embargo import api as embargo_api + +from course_modes.models import CourseMode +from enrollment import api +from enrollment.errors import CourseEnrollmentError, CourseModeNotFoundError, CourseEnrollmentExistsError from openedx.core.djangoapps.cors_csrf.authentication import SessionAuthenticationCrossDomainCsrf from openedx.core.djangoapps.cors_csrf.decorators import ensure_csrf_cookie_cross_domain +from openedx.core.djangoapps.embargo import api as embargo_api +from openedx.core.djangoapps.user_api.preferences.api import update_email_opt_in from openedx.core.lib.api.authentication import ( - SessionAuthenticationAllowInactiveUser, - OAuth2AuthenticationAllowInactiveUser, + SessionAuthenticationAllowInactiveUser, OAuth2AuthenticationAllowInactiveUser, ) +from openedx.core.lib.api.permissions import ApiKeyHeaderPermission, ApiKeyHeaderPermissionIsAuthenticated from openedx.core.lib.exceptions import CourseNotFoundError -from util.disable_rate_limit import can_disable_rate_limit -from enrollment import api -from enrollment.errors import ( - CourseEnrollmentError, - CourseModeNotFoundError, - CourseEnrollmentExistsError -) +from openedx.core.lib.log_utils import audit_log from student.auth import user_has_role from student.models import User from student.roles import CourseStaffRole, GlobalStaff - +from util.disable_rate_limit import can_disable_rate_limit log = logging.getLogger(__name__) REQUIRED_ATTRIBUTES = { @@ -53,6 +49,7 @@ class ApiKeyPermissionMixIn(object): This mixin is used to provide a convenience function for doing individual permission checks for the presence of API keys. """ + def has_api_key_permissions(self, request): """ Checks to see if the request was made by a server with an API key. @@ -139,7 +136,8 @@ class EnrollmentView(APIView, ApiKeyPermissionMixIn): * user: The ID of the user. """ - authentication_classes = OAuth2AuthenticationAllowInactiveUser, SessionAuthenticationAllowInactiveUser + authentication_classes = (JwtAuthentication, OAuth2AuthenticationAllowInactiveUser, + SessionAuthenticationAllowInactiveUser,) permission_classes = ApiKeyHeaderPermissionIsAuthenticated, throttle_classes = EnrollmentUserThrottle, @@ -452,7 +450,8 @@ class EnrollmentListView(APIView, ApiKeyPermissionMixIn): * user: The username of the user. """ - authentication_classes = OAuth2AuthenticationAllowInactiveUser, EnrollmentCrossDomainSessionAuth + authentication_classes = (JwtAuthentication, OAuth2AuthenticationAllowInactiveUser, + EnrollmentCrossDomainSessionAuth,) permission_classes = ApiKeyHeaderPermissionIsAuthenticated, throttle_classes = EnrollmentUserThrottle,