update usage of SessionAuthenticationAllowInactiveUser
LEARNER-6469
This commit is contained in:
Ahsan Ulhaq
@@ -10,7 +10,7 @@ from django.db import transaction
|
||||
from django.contrib.auth import get_user_model
|
||||
from django.core.exceptions import ObjectDoesNotExist
|
||||
from django.utils.decorators import method_decorator
|
||||
from edx_rest_framework_extensions.authentication import JwtAuthentication
|
||||
from edx_rest_framework_extensions.authentication import JwtAuthentication, SessionAuthenticationAllowInactiveUser
|
||||
from enrollment import api
|
||||
from enrollment.errors import CourseEnrollmentError, CourseEnrollmentExistsError, CourseModeNotFoundError
|
||||
from opaque_keys import InvalidKeyError
|
||||
@@ -23,10 +23,7 @@ from openedx.core.djangoapps.user_api.accounts.permissions import CanRetireUser
|
||||
from openedx.core.djangoapps.user_api.models import UserRetirementStatus
|
||||
from openedx.core.djangoapps.user_api.preferences.api import update_email_opt_in
|
||||
from openedx.core.djangoapps.course_groups.cohorts import add_user_to_cohort, get_cohort_by_name, CourseUserGroup
|
||||
from openedx.core.lib.api.authentication import (
|
||||
OAuth2AuthenticationAllowInactiveUser,
|
||||
SessionAuthenticationAllowInactiveUser
|
||||
)
|
||||
from openedx.core.lib.api.authentication import OAuth2AuthenticationAllowInactiveUser
|
||||
from openedx.core.lib.api.permissions import ApiKeyHeaderPermission, ApiKeyHeaderPermissionIsAuthenticated
|
||||
from openedx.core.lib.exceptions import CourseNotFoundError
|
||||
from openedx.core.lib.log_utils import audit_log
|
||||
|
||||
@@ -4,6 +4,7 @@ Third Party Auth REST API views
|
||||
from django.contrib.auth.models import User
|
||||
from django.db.models import Q
|
||||
from django.http import Http404
|
||||
from edx_rest_framework_extensions.authentication import SessionAuthenticationAllowInactiveUser
|
||||
from rest_framework import exceptions, status
|
||||
from rest_framework.generics import ListAPIView
|
||||
from rest_framework.response import Response
|
||||
@@ -11,10 +12,7 @@ from rest_framework.views import APIView
|
||||
from rest_framework_oauth.authentication import OAuth2Authentication
|
||||
from social_django.models import UserSocialAuth
|
||||
|
||||
from openedx.core.lib.api.authentication import (
|
||||
OAuth2AuthenticationAllowInactiveUser,
|
||||
SessionAuthenticationAllowInactiveUser
|
||||
)
|
||||
from openedx.core.lib.api.authentication import OAuth2AuthenticationAllowInactiveUser
|
||||
from openedx.core.lib.api.permissions import ApiKeyHeaderPermission
|
||||
from third_party_auth import pipeline
|
||||
from third_party_auth.api import serializers
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
"""
|
||||
API views for badges
|
||||
"""
|
||||
from edx_rest_framework_extensions.authentication import SessionAuthenticationAllowInactiveUser
|
||||
from opaque_keys import InvalidKeyError
|
||||
from opaque_keys.edx.django.models import CourseKeyField
|
||||
from opaque_keys.edx.keys import CourseKey
|
||||
@@ -9,10 +10,7 @@ from rest_framework.exceptions import APIException
|
||||
|
||||
from badges.models import BadgeAssertion
|
||||
from openedx.core.djangoapps.user_api.permissions import is_field_shared_factory
|
||||
from openedx.core.lib.api.authentication import (
|
||||
OAuth2AuthenticationAllowInactiveUser,
|
||||
SessionAuthenticationAllowInactiveUser
|
||||
)
|
||||
from openedx.core.lib.api.authentication import OAuth2AuthenticationAllowInactiveUser
|
||||
|
||||
from .serializers import BadgeAssertionSerializer
|
||||
|
||||
|
||||
@@ -9,7 +9,7 @@ from ccx_keys.locator import CCXLocator
|
||||
from django.contrib.auth.models import User
|
||||
from django.db import transaction
|
||||
from django.http import Http404
|
||||
from edx_rest_framework_extensions.authentication import JwtAuthentication
|
||||
from edx_rest_framework_extensions.authentication import JwtAuthentication, SessionAuthenticationAllowInactiveUser
|
||||
from opaque_keys import InvalidKeyError
|
||||
from opaque_keys.edx.keys import CourseKey, UsageKey
|
||||
from rest_framework import status
|
||||
@@ -355,7 +355,7 @@ class CCXListView(GenericAPIView):
|
||||
authentication_classes = (
|
||||
JwtAuthentication,
|
||||
authentication.OAuth2AuthenticationAllowInactiveUser,
|
||||
authentication.SessionAuthenticationAllowInactiveUser,
|
||||
SessionAuthenticationAllowInactiveUser,
|
||||
)
|
||||
permission_classes = (IsAuthenticated, permissions.IsMasterCourseStaffInstructor)
|
||||
serializer_class = CCXCourseSerializer
|
||||
@@ -611,7 +611,7 @@ class CCXDetailView(GenericAPIView):
|
||||
authentication_classes = (
|
||||
JwtAuthentication,
|
||||
authentication.OAuth2AuthenticationAllowInactiveUser,
|
||||
authentication.SessionAuthenticationAllowInactiveUser,
|
||||
SessionAuthenticationAllowInactiveUser,
|
||||
)
|
||||
permission_classes = (IsAuthenticated, permissions.IsCourseStaffInstructor)
|
||||
serializer_class = CCXCourseSerializer
|
||||
|
||||
@@ -5,14 +5,11 @@ from rest_framework.generics import GenericAPIView
|
||||
from rest_framework.response import Response
|
||||
|
||||
from edx_rest_framework_extensions import permissions
|
||||
from edx_rest_framework_extensions.authentication import JwtAuthentication
|
||||
from edx_rest_framework_extensions.authentication import JwtAuthentication, SessionAuthenticationAllowInactiveUser
|
||||
from lms.djangoapps.certificates.api import get_certificate_for_user
|
||||
from opaque_keys import InvalidKeyError
|
||||
from opaque_keys.edx.keys import CourseKey
|
||||
from openedx.core.lib.api.authentication import (
|
||||
OAuth2AuthenticationAllowInactiveUser,
|
||||
SessionAuthenticationAllowInactiveUser
|
||||
)
|
||||
from openedx.core.lib.api.authentication import OAuth2AuthenticationAllowInactiveUser
|
||||
|
||||
|
||||
log = logging.getLogger(__name__)
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
from django.contrib.auth import get_user_model
|
||||
from django.db import transaction
|
||||
from django_filters.rest_framework import DjangoFilterBackend
|
||||
from edx_rest_framework_extensions.authentication import JwtAuthentication
|
||||
from edx_rest_framework_extensions.authentication import JwtAuthentication, SessionAuthenticationAllowInactiveUser
|
||||
from rest_framework import permissions, viewsets
|
||||
from rest_framework.decorators import list_route
|
||||
from rest_framework.response import Response
|
||||
@@ -9,7 +9,6 @@ from rest_framework.response import Response
|
||||
from experiments import filters, serializers
|
||||
from experiments.models import ExperimentData, ExperimentKeyValue
|
||||
from experiments.permissions import IsStaffOrOwner, IsStaffOrReadOnly
|
||||
from openedx.core.lib.api.authentication import SessionAuthenticationAllowInactiveUser
|
||||
from openedx.core.djangoapps.cors_csrf.authentication import SessionAuthenticationCrossDomainCsrf
|
||||
|
||||
User = get_user_model() # pylint: disable=invalid-name
|
||||
|
||||
@@ -8,16 +8,13 @@ from rest_framework.generics import GenericAPIView
|
||||
from rest_framework.response import Response
|
||||
|
||||
from edx_rest_framework_extensions import permissions
|
||||
from edx_rest_framework_extensions.authentication import JwtAuthentication
|
||||
from edx_rest_framework_extensions.authentication import JwtAuthentication, SessionAuthenticationAllowInactiveUser
|
||||
from enrollment import data as enrollment_data
|
||||
from lms.djangoapps.grades.course_grade_factory import CourseGradeFactory
|
||||
from opaque_keys import InvalidKeyError
|
||||
from opaque_keys.edx.keys import CourseKey
|
||||
from openedx.core.djangoapps.content.course_overviews.models import CourseOverview
|
||||
from openedx.core.lib.api.authentication import (
|
||||
OAuth2AuthenticationAllowInactiveUser,
|
||||
SessionAuthenticationAllowInactiveUser
|
||||
)
|
||||
from openedx.core.lib.api.authentication import OAuth2AuthenticationAllowInactiveUser
|
||||
from openedx.core.lib.api.view_utils import DeveloperErrorViewMixin
|
||||
from student.models import CourseEnrollment
|
||||
|
||||
|
||||
@@ -8,6 +8,7 @@ from contextlib import closing
|
||||
|
||||
from pytz import UTC
|
||||
from django.utils.translation import ugettext as _
|
||||
from edx_rest_framework_extensions.authentication import SessionAuthenticationAllowInactiveUser
|
||||
from rest_framework import permissions, status
|
||||
from rest_framework.parsers import FormParser, MultiPartParser
|
||||
from rest_framework.response import Response
|
||||
@@ -16,10 +17,7 @@ from six import text_type
|
||||
|
||||
from openedx.core.djangoapps.user_api.accounts.image_helpers import get_profile_image_names, set_has_profile_image
|
||||
from openedx.core.djangoapps.user_api.errors import UserNotFound
|
||||
from openedx.core.lib.api.authentication import (
|
||||
OAuth2AuthenticationAllowInactiveUser,
|
||||
SessionAuthenticationAllowInactiveUser
|
||||
)
|
||||
from openedx.core.lib.api.authentication import OAuth2AuthenticationAllowInactiveUser
|
||||
from openedx.core.lib.api.parsers import TypedFileUploadParser
|
||||
from openedx.core.lib.api.permissions import IsUserInUrl
|
||||
from openedx.core.lib.api.view_utils import DeveloperErrorViewMixin
|
||||
|
||||
@@ -17,7 +17,7 @@ from django.db import transaction
|
||||
from django.utils.translation import ugettext as _
|
||||
from edx_ace import ace
|
||||
from edx_ace.recipient import Recipient
|
||||
from edx_rest_framework_extensions.authentication import JwtAuthentication
|
||||
from edx_rest_framework_extensions.authentication import JwtAuthentication, SessionAuthenticationAllowInactiveUser
|
||||
from enterprise.models import EnterpriseCourseEnrollment, EnterpriseCustomerUser, PendingEnterpriseCustomerUser
|
||||
from integrated_channels.degreed.models import DegreedLearnerDataTransmissionAudit
|
||||
from integrated_channels.sap_success_factors.models import SapSuccessFactorsLearnerDataTransmissionAudit
|
||||
@@ -41,10 +41,7 @@ from openedx.core.djangoapps.course_groups.models import UnregisteredLearnerCoho
|
||||
from openedx.core.djangoapps.profile_images.images import remove_profile_images
|
||||
from openedx.core.djangoapps.user_api.accounts.image_helpers import get_profile_image_names, set_has_profile_image
|
||||
from openedx.core.djangolib.oauth2_retirement_utils import retire_dot_oauth2_models, retire_dop_oauth2_models
|
||||
from openedx.core.lib.api.authentication import (
|
||||
OAuth2AuthenticationAllowInactiveUser,
|
||||
SessionAuthenticationAllowInactiveUser
|
||||
)
|
||||
from openedx.core.lib.api.authentication import OAuth2AuthenticationAllowInactiveUser
|
||||
from openedx.core.lib.api.parsers import MergePatchParser
|
||||
from student.models import (
|
||||
CourseEnrollment,
|
||||
|
||||
@@ -11,11 +11,9 @@ from rest_framework import permissions
|
||||
|
||||
from django.db import transaction
|
||||
from django.utils.translation import ugettext as _
|
||||
from edx_rest_framework_extensions.authentication import SessionAuthenticationAllowInactiveUser
|
||||
|
||||
from openedx.core.lib.api.authentication import (
|
||||
SessionAuthenticationAllowInactiveUser,
|
||||
OAuth2AuthenticationAllowInactiveUser,
|
||||
)
|
||||
from openedx.core.lib.api.authentication import OAuth2AuthenticationAllowInactiveUser
|
||||
from openedx.core.lib.api.parsers import MergePatchParser
|
||||
from openedx.core.lib.api.permissions import IsUserInUrlOrStaff
|
||||
from ..errors import UserNotFound, UserNotAuthorized, PreferenceValidationError, PreferenceUpdateError
|
||||
|
||||
@@ -17,6 +17,7 @@ from six import text_type
|
||||
|
||||
import accounts
|
||||
from django_comment_common.models import Role
|
||||
from edx_rest_framework_extensions.authentication import SessionAuthenticationAllowInactiveUser
|
||||
from opaque_keys import InvalidKeyError
|
||||
from opaque_keys.edx import locator
|
||||
from opaque_keys.edx.keys import CourseKey
|
||||
@@ -32,7 +33,6 @@ from openedx.core.djangoapps.user_api.preferences.api import get_country_time_zo
|
||||
from openedx.core.djangoapps.user_api.serializers import CountryTimeZoneSerializer, UserPreferenceSerializer, UserSerializer
|
||||
from openedx.core.djangoapps.user_authn.cookies import set_logged_in_cookies
|
||||
from openedx.core.djangoapps.user_authn.views.register import create_account_with_params
|
||||
from openedx.core.lib.api.authentication import SessionAuthenticationAllowInactiveUser
|
||||
from openedx.core.lib.api.permissions import ApiKeyHeaderPermission
|
||||
from student.helpers import AccountValidationError
|
||||
from util.json_request import JsonResponse
|
||||
|
||||
@@ -20,53 +20,6 @@ OAUTH2_TOKEN_ERROR_NOT_PROVIDED = u'token_not_provided'
|
||||
log = logging.getLogger(__name__)
|
||||
|
||||
|
||||
class SessionAuthenticationAllowInactiveUser(SessionAuthentication):
|
||||
"""Ensure that the user is logged in, but do not require the account to be active.
|
||||
|
||||
We use this in the special case that a user has created an account,
|
||||
but has not yet activated it. We still want to allow the user to
|
||||
enroll in courses, so we remove the usual restriction
|
||||
on session authentication that requires an active account.
|
||||
|
||||
You should use this authentication class ONLY for end-points that
|
||||
it's safe for an un-activated user to access. For example,
|
||||
we can allow a user to update his/her own enrollments without
|
||||
activating an account.
|
||||
|
||||
"""
|
||||
def authenticate(self, request):
|
||||
"""Authenticate the user, requiring a logged-in account and CSRF.
|
||||
|
||||
This is exactly the same as the `SessionAuthentication` implementation,
|
||||
with the `user.is_active` check removed.
|
||||
|
||||
Args:
|
||||
request (HttpRequest)
|
||||
|
||||
Returns:
|
||||
Tuple of `(user, token)`
|
||||
|
||||
Raises:
|
||||
PermissionDenied: The CSRF token check failed.
|
||||
|
||||
"""
|
||||
# Get the underlying HttpRequest object
|
||||
request = request._request # pylint: disable=protected-access
|
||||
user = getattr(request, 'user', None)
|
||||
|
||||
# Unauthenticated, CSRF validation not required
|
||||
# This is where regular `SessionAuthentication` checks that the user is active.
|
||||
# We have removed that check in this implementation.
|
||||
# But we added a check to prevent anonymous users since we require a logged-in account.
|
||||
if not user or user.is_anonymous:
|
||||
return None
|
||||
|
||||
self.enforce_csrf(request)
|
||||
|
||||
# CSRF passed with authenticated user
|
||||
return (user, None)
|
||||
|
||||
|
||||
class OAuth2AuthenticationAllowInactiveUser(OAuth2Authentication):
|
||||
"""
|
||||
This is a temporary workaround while the is_active field on the user is coupled
|
||||
|
||||
@@ -4,7 +4,7 @@ Utilities related to API views
|
||||
from django.core.exceptions import NON_FIELD_ERRORS, ObjectDoesNotExist, ValidationError
|
||||
from django.http import Http404
|
||||
from django.utils.translation import ugettext as _
|
||||
from edx_rest_framework_extensions.authentication import JwtAuthentication
|
||||
from edx_rest_framework_extensions.authentication import JwtAuthentication, SessionAuthenticationAllowInactiveUser
|
||||
from rest_framework import status
|
||||
from rest_framework.exceptions import APIException
|
||||
from rest_framework.generics import GenericAPIView
|
||||
@@ -14,10 +14,7 @@ from rest_framework.request import clone_request
|
||||
from rest_framework.response import Response
|
||||
from six import text_type
|
||||
|
||||
from openedx.core.lib.api.authentication import (
|
||||
OAuth2AuthenticationAllowInactiveUser,
|
||||
SessionAuthenticationAllowInactiveUser
|
||||
)
|
||||
from openedx.core.lib.api.authentication import OAuth2AuthenticationAllowInactiveUser
|
||||
from openedx.core.lib.api.permissions import IsUserInUrl
|
||||
|
||||
|
||||
|
||||
@@ -117,7 +117,7 @@ edx-django-oauth2-provider==1.3.5
|
||||
edx-django-release-util==0.3.1
|
||||
edx-django-sites-extensions==2.3.1
|
||||
edx-django-utils==1.0.1
|
||||
edx-drf-extensions==1.9.0
|
||||
edx-drf-extensions==1.10.0
|
||||
edx-enterprise==0.73.5
|
||||
edx-i18n-tools==0.4.6
|
||||
edx-milestones==0.1.13
|
||||
|
||||
@@ -136,7 +136,7 @@ edx-django-oauth2-provider==1.3.5
|
||||
edx-django-release-util==0.3.1
|
||||
edx-django-sites-extensions==2.3.1
|
||||
edx-django-utils==1.0.1
|
||||
edx-drf-extensions==1.9.0
|
||||
edx-drf-extensions==1.10.0
|
||||
edx-enterprise==0.73.5
|
||||
edx-i18n-tools==0.4.6
|
||||
edx-lint==0.5.5
|
||||
|
||||
@@ -131,7 +131,7 @@ edx-django-oauth2-provider==1.3.5
|
||||
edx-django-release-util==0.3.1
|
||||
edx-django-sites-extensions==2.3.1
|
||||
edx-django-utils==1.0.1
|
||||
edx-drf-extensions==1.9.0
|
||||
edx-drf-extensions==1.10.0
|
||||
edx-enterprise==0.73.5
|
||||
edx-i18n-tools==0.4.6
|
||||
edx-lint==0.5.5
|
||||
|
||||
Reference in New Issue
Block a user