From d8d18829e60f12b8519a1b774b87c5b6eabadc75 Mon Sep 17 00:00:00 2001 From: Douglas Hall Date: Tue, 30 Oct 2018 11:46:53 -0400 Subject: [PATCH] Use JWT cookies for authentication when explicitly requested by client. --- lms/envs/common.py | 2 ++ openedx/core/djangoapps/user_authn/tests/test_cookies.py | 5 +++++ requirements/edx/base.txt | 2 +- requirements/edx/development.txt | 2 +- requirements/edx/testing.txt | 2 +- 5 files changed, 10 insertions(+), 3 deletions(-) diff --git a/lms/envs/common.py b/lms/envs/common.py index b0eb4bcb8a..1e22da7ba5 100644 --- a/lms/envs/common.py +++ b/lms/envs/common.py @@ -3177,6 +3177,8 @@ JWT_AUTH = { 'JWT_LEEWAY': 1, 'JWT_DECODE_HANDLER': 'edx_rest_framework_extensions.auth.jwt.decoder.jwt_decode_handler', + 'JWT_AUTH_COOKIE': 'edx-jwt-cookie', + # Number of seconds before JWTs expire 'JWT_EXPIRATION': 30, 'JWT_IN_COOKIE_EXPIRATION': 60 * 60, diff --git a/openedx/core/djangoapps/user_authn/tests/test_cookies.py b/openedx/core/djangoapps/user_authn/tests/test_cookies.py index ab0d3ce32c..daefd24fc6 100644 --- a/openedx/core/djangoapps/user_authn/tests/test_cookies.py +++ b/openedx/core/djangoapps/user_authn/tests/test_cookies.py @@ -56,6 +56,9 @@ class CookieTests(TestCase): for key, val in response.cookies.iteritems() } + def _set_use_jwt_cookie_header(self, request): + request.META['HTTP_USE_JWT_COOKIE'] = 'true' + def _assert_recreate_jwt_from_cookies(self, response, can_recreate): """ If can_recreate is True, verifies that a JWT can be properly recreated @@ -107,6 +110,7 @@ class CookieTests(TestCase): def test_set_logged_in_jwt_cookies(self): setup_login_oauth_client() + self._set_use_jwt_cookie_header(self.request) with cookies_api.JWT_COOKIES_FLAG.override(True): response = cookies_api.set_logged_in_cookies(self.request, HttpResponse(), self.user) self._assert_cookies_present(response, cookies_api.ALL_LOGGED_IN_COOKIE_NAMES) @@ -127,6 +131,7 @@ class CookieTests(TestCase): return response.cookies[cookies_api.jwt_cookies.jwt_refresh_cookie_name()].value setup_login_oauth_client() + self._set_use_jwt_cookie_header(self.request) with cookies_api.JWT_COOKIES_FLAG.override(True): response = cookies_api.set_logged_in_cookies(self.request, HttpResponse(), self.user) self._copy_cookies_to_request(response, self.request) diff --git a/requirements/edx/base.txt b/requirements/edx/base.txt index ecbcd570c7..7cf9da9125 100644 --- a/requirements/edx/base.txt +++ b/requirements/edx/base.txt @@ -118,7 +118,7 @@ edx-django-oauth2-provider==1.3.5 edx-django-release-util==0.3.1 edx-django-sites-extensions==2.3.1 edx-django-utils==1.0.1 -edx-drf-extensions==2.0.0 +edx-drf-extensions==2.0.1 edx-enterprise==1.0.2 edx-i18n-tools==0.4.6 edx-milestones==0.1.13 diff --git a/requirements/edx/development.txt b/requirements/edx/development.txt index 4b5d8d54b8..0a39573a35 100644 --- a/requirements/edx/development.txt +++ b/requirements/edx/development.txt @@ -137,7 +137,7 @@ edx-django-oauth2-provider==1.3.5 edx-django-release-util==0.3.1 edx-django-sites-extensions==2.3.1 edx-django-utils==1.0.1 -edx-drf-extensions==2.0.0 +edx-drf-extensions==2.0.1 edx-enterprise==1.0.2 edx-i18n-tools==0.4.6 edx-lint==0.5.5 diff --git a/requirements/edx/testing.txt b/requirements/edx/testing.txt index 369ff38331..885b6c589c 100644 --- a/requirements/edx/testing.txt +++ b/requirements/edx/testing.txt @@ -132,7 +132,7 @@ edx-django-oauth2-provider==1.3.5 edx-django-release-util==0.3.1 edx-django-sites-extensions==2.3.1 edx-django-utils==1.0.1 -edx-drf-extensions==2.0.0 +edx-drf-extensions==2.0.1 edx-enterprise==1.0.2 edx-i18n-tools==0.4.6 edx-lint==0.5.5