fix: removed password from api response (#30988)

* fix: removed password from API response * fix: in case an empty secret is provided use the previous record * fix: resolver linter issues
2022-09-21 14:43:56 +05:00
parent 23972e7f94
commit dfd98e9655
2 changed files with 54 additions and 4 deletions
--- a/openedx/core/djangoapps/course_live/serializers.py
+++ b/openedx/core/djangoapps/course_live/serializers.py
@@ -27,6 +27,9 @@ class LtiSerializer(serializers.ModelSerializer):
        read_only = [
            'version'
        ]
+        extra_kwargs = {
+            'lti_1p1_client_secret': {'write_only': True}
+        }

    def validate_lti_config(self, value):
        """
@@ -76,6 +79,9 @@ class LtiSerializer(serializers.ModelSerializer):
        if lti_config.get('additional_parameters', None):
            instance.lti_config['additional_parameters'] = lti_config.get('additional_parameters')

+        if validated_data.get('lti_1p1_client_secret') == '':
+            validated_data['lti_1p1_client_secret'] = instance.lti_1p1_client_secret
+
        if validated_data:
            for key, value in validated_data.items():
                if key in self.Meta.fields:
--- a/openedx/core/djangoapps/course_live/tests/test_views.py
+++ b/openedx/core/djangoapps/course_live/tests/test_views.py
@@ -86,7 +86,6 @@ class TestCourseLiveConfigurationView(ModuleStoreTestCase, APITestCase):
            'enabled': True,
            'lti_configuration': {
                'lti_1p1_client_key': '',
-                'lti_1p1_client_secret': '',
                'lti_1p1_launch_url': '',
                'version': 'lti_1p1',
                'lti_config': {}
@@ -109,7 +108,6 @@ class TestCourseLiveConfigurationView(ModuleStoreTestCase, APITestCase):
            'pii_sharing_allowed': True,
            'lti_configuration': {
                'lti_1p1_client_key': '',
-                'lti_1p1_client_secret': '',
                'lti_1p1_launch_url': '',
                'lti_config': {},
                'version': 'lti_1p1'
@@ -150,6 +148,54 @@ class TestCourseLiveConfigurationView(ModuleStoreTestCase, APITestCase):

        self.assertEqual(response.status_code, 200)

+    @ddt.data(('zoom', False, False), ('big_blue_button', False, True))
+    @ddt.unpack
+    def test_update_configurations_data(self, provider, share_email, share_username):
+        """
+        Create and test courseLiveConfiguration data in database
+        """
+        lti_config, data, response = self.create_course_live_config(provider)
+        updated_lti_config = {
+            'lti_1p1_client_key': 'new_key',
+            'lti_1p1_client_secret': '',
+            'lti_1p1_launch_url': 'example01.com',
+            'lti_config': {
+                'additional_parameters': {
+                    'custom_instructor_email': 'new_email@example.com'
+                },
+            },
+        }
+        updated_data = {
+            'enabled': False,
+            'provider_type': provider,
+            'lti_configuration': updated_lti_config
+        }
+        response = self._post(updated_data)
+
+        live_configurations = CourseLiveConfiguration.get(self.course.id)
+        lti_configuration = live_configurations.get(self.course.id).lti_configuration
+
+        self.assertEqual(self.course.id, live_configurations.course_key)
+        self.assertEqual(updated_data['enabled'], live_configurations.enabled)
+        self.assertEqual(updated_data['provider_type'], live_configurations.provider_type)
+
+        self.assertEqual(updated_lti_config.get('lti_1p1_client_key'), lti_configuration.lti_1p1_client_key)
+        self.assertEqual(lti_config.get('lti_1p1_client_secret'), lti_configuration.lti_1p1_client_secret)
+        self.assertEqual(updated_lti_config.get('lti_1p1_launch_url'), lti_configuration.lti_1p1_launch_url)
+
+        provider_instance = ProviderManager().get_enabled_providers().get(provider)
+        additional_param = {'additional_parameters': {}}
+        if provider_instance.additional_parameters:
+            additional_param = updated_lti_config.get('lti_config')
+
+        self.assertEqual({
+            'pii_share_username': share_username,
+            'pii_share_email': share_email,
+            **additional_param
+        }, lti_configuration.lti_config)
+
+        self.assertEqual(response.status_code, 200)
+
    @ddt.data(('zoom', False, False), ('big_blue_button', False, True))
    @ddt.unpack
    def test_create_configurations_response(self, provider, share_email, share_username):
@@ -171,7 +217,6 @@ class TestCourseLiveConfigurationView(ModuleStoreTestCase, APITestCase):
            'free_tier': False,
            'lti_configuration': {
                'lti_1p1_client_key': 'this_is_key',
-                'lti_1p1_client_secret': 'this_is_secret',
                'lti_1p1_launch_url': 'example.com',
                'version': 'lti_1p1',
                'lti_config': {
@@ -223,7 +268,6 @@ class TestCourseLiveConfigurationView(ModuleStoreTestCase, APITestCase):
            'free_tier': False,
            'lti_configuration': {
                'lti_1p1_client_key': 'new_key',
-                'lti_1p1_client_secret': 'new_secret',
                'lti_1p1_launch_url': 'example01.com',
                'version': 'lti_1p1',
                'lti_config': {