Add a json auth endpoint where previously there was only an HTML redirect version. This will make it easier to work with MFEs.
---------
Co-authored-by: Feanil Patel <feanil@axim.org>
* chore: update API endpoints to support default JWT auth
The default DRF Auth classes were recently updated to allow for both JWT and Session auth by default. Any endpoint that overrides the AUTHENTICATION_CLASSES but has just session, just JWT or just both of those should be updated to remove the override.
Details in https://github.com/openedx/edx-platform/issues/33662
rest-condition has not been updated for a while, and with DRF 3.9 it is no longer needed since the ability to combine Permission classes using boolean operators is now provided by DRF directly.
* Generate common/djangoapps import shims for LMS
* Generate common/djangoapps import shims for Studio
* Stop appending project root to sys.path
* Stop appending common/djangoapps to sys.path
* Import from common.djangoapps.course_action_state instead of course_action_state
* Import from common.djangoapps.course_modes instead of course_modes
* Import from common.djangoapps.database_fixups instead of database_fixups
* Import from common.djangoapps.edxmako instead of edxmako
* Import from common.djangoapps.entitlements instead of entitlements
* Import from common.djangoapps.pipline_mako instead of pipeline_mako
* Import from common.djangoapps.static_replace instead of static_replace
* Import from common.djangoapps.student instead of student
* Import from common.djangoapps.terrain instead of terrain
* Import from common.djangoapps.third_party_auth instead of third_party_auth
* Import from common.djangoapps.track instead of track
* Import from common.djangoapps.util instead of util
* Import from common.djangoapps.xblock_django instead of xblock_django
* Add empty common/djangoapps/__init__.py to fix pytest collection
* Fix pylint formatting violations
* Exclude import_shims/ directory tree from linting
This uses the new names introduced in edx-django-utils
3.8.0 (edx/edx-django-utils#59), which we're already using, as
well as updating a few other locations where we incorrectly refer
to New Relic custom metrics instead of custom attributes.
Includes a couple of unrelated lint fixes in a file I modified.
We sometimes update preexisting SAML SSO providers to configure them
to automatically create SSO identity verification (IdV) records when a
learner links an account via that provider. Turning that configuration
from off to on does make it such that when learners log back in via
their linked account, a new IdV record will be created for them. But
it's possible we'd want this process to happen more automatically and
seamlessly, for which this management command will be helpful.
Note that this does not help with removing SSO verification records
for a provider for which this configuration has been turned off.
JIRA:EDUCATOR-4947
* Remove ThirdPartyAuthProviderApiPermission
Also removed ProviderApiPermissions and ApiPermissionsAdminForm and removal of DOP for third_party_auth
* Removing model
* Replaced long_token with default_token_generator
* Adding skip to test_migrations_are_in_sync
The oauth2.enforce_jwt_scopes waffle switch was added temporarily for
the rollout of jwt scopes. This removes the toggle and replacing code
with the equivalent of `oauth2.enforce_jwt_scopes` as True.
* WIP: add third-party-auth scope and usage
BOM-1264
* Fix tests now that we do permissions in a more standard way.
Rather than manually setting the permission class we previously
explicitly raised a PermissionDenied exception. The way DRF
permissoning logic works, if we use the WWW-Authenticate header in the
highest priority auth class, it will return a 401 instead of a 403.
* Added test to make sure having permissions gives access to user mapping api
* Test new filters logic.
Ensure that the filters we add to the application access model make it
into the JWT correctly.
* quality fix
* quality fix
* disable pylint warning
* quality fix
* fix indent prob
Co-authored-by: Feanil Patel <feanil@edx.org>
Co-authored-by: Manjinder Singh <49171515+jinder1s@users.noreply.github.com>
* Renamed OAuth2Authentication to BearerAuthentication
* Added back OAuth2Authentication name
-there are libraries such as edx-enterprise that still import OAuth2Authentication. The OAuth2Authentication class should be fully removed when everything is importing BearerAuthentication correctly
- Removing deprecated auth classes
- Replacing OAuth2AuthenticationAllowInactiveUserDeprecated with OAuth2AuthenticationAllowInactiveUser
- the old class was a child class of a deprecated class that we are removing and replacing.
* Added new auth class
- Created new class called OAuth2AuthenticationAllowInactiveUser, which replaces old class with same name
- Renames previous OAuth2AuthenticationAllowInactiveUser to OAuth2AuthenticationAllowInactiveUserDeprecated
- Replaced all imports of OAuth2AuthenticationAllowInactiveUser to call deprecated class instead
- testing new class in discussion(added flag based on django setting)
Currently, we are working on removing the rest_framework_auth library from edx-platform. For this push, we need to remove the oauth2Authentication class. This PR creates a new class oauth2AuthenticationDeprecated that adds additional new relic metrics. The metrics would allow us to see how often this class is used and its success rate. The hope is that this information will help us with transitioning to a different authentication class.
