Merge pull request #19183 from edx/douglashall/explicit_jwt_cookie

Use JWT cookies for authentication when explicitly requested by client.
2018-10-30 20:04:00 -04:00
parent 0aa0b4d28d d8d18829e6
commit ebede18831
5 changed files with 10 additions and 3 deletions
--- a/lms/envs/common.py
+++ b/lms/envs/common.py
@@ -3177,6 +3177,8 @@ JWT_AUTH = {
    'JWT_LEEWAY': 1,
    'JWT_DECODE_HANDLER': 'edx_rest_framework_extensions.auth.jwt.decoder.jwt_decode_handler',

+    'JWT_AUTH_COOKIE': 'edx-jwt-cookie',
+
    # Number of seconds before JWTs expire
    'JWT_EXPIRATION': 30,
    'JWT_IN_COOKIE_EXPIRATION': 60 * 60,
--- a/openedx/core/djangoapps/user_authn/tests/test_cookies.py
+++ b/openedx/core/djangoapps/user_authn/tests/test_cookies.py
@@ -56,6 +56,9 @@ class CookieTests(TestCase):
            for key, val in response.cookies.iteritems()
        }

+    def _set_use_jwt_cookie_header(self, request):
+        request.META['HTTP_USE_JWT_COOKIE'] = 'true'
+
    def _assert_recreate_jwt_from_cookies(self, response, can_recreate):
        """
        If can_recreate is True, verifies that a JWT can be properly recreated
@@ -107,6 +110,7 @@ class CookieTests(TestCase):

    def test_set_logged_in_jwt_cookies(self):
        setup_login_oauth_client()
+        self._set_use_jwt_cookie_header(self.request)
        with cookies_api.JWT_COOKIES_FLAG.override(True):
            response = cookies_api.set_logged_in_cookies(self.request, HttpResponse(), self.user)
            self._assert_cookies_present(response, cookies_api.ALL_LOGGED_IN_COOKIE_NAMES)
@@ -127,6 +131,7 @@ class CookieTests(TestCase):
            return response.cookies[cookies_api.jwt_cookies.jwt_refresh_cookie_name()].value

        setup_login_oauth_client()
+        self._set_use_jwt_cookie_header(self.request)
        with cookies_api.JWT_COOKIES_FLAG.override(True):
            response = cookies_api.set_logged_in_cookies(self.request, HttpResponse(), self.user)
            self._copy_cookies_to_request(response, self.request)
--- a/requirements/edx/base.txt
+++ b/requirements/edx/base.txt
@@ -118,7 +118,7 @@ edx-django-oauth2-provider==1.3.5
 edx-django-release-util==0.3.1
 edx-django-sites-extensions==2.3.1
 edx-django-utils==1.0.1
-edx-drf-extensions==2.0.0
+edx-drf-extensions==2.0.1
 edx-enterprise==1.0.2
 edx-i18n-tools==0.4.6
 edx-milestones==0.1.13
--- a/requirements/edx/development.txt
+++ b/requirements/edx/development.txt
@@ -137,7 +137,7 @@ edx-django-oauth2-provider==1.3.5
 edx-django-release-util==0.3.1
 edx-django-sites-extensions==2.3.1
 edx-django-utils==1.0.1
-edx-drf-extensions==2.0.0
+edx-drf-extensions==2.0.1
 edx-enterprise==1.0.2
 edx-i18n-tools==0.4.6
 edx-lint==0.5.5
--- a/requirements/edx/testing.txt
+++ b/requirements/edx/testing.txt
@@ -132,7 +132,7 @@ edx-django-oauth2-provider==1.3.5
 edx-django-release-util==0.3.1
 edx-django-sites-extensions==2.3.1
 edx-django-utils==1.0.1
-edx-drf-extensions==2.0.0
+edx-drf-extensions==2.0.1
 edx-enterprise==1.0.2
 edx-i18n-tools==0.4.6
 edx-lint==0.5.5