Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
53,520 Commits 1 Branch 0 Tags
0c2dfd136eafaae88a71df4eecdcacc3845fca45
Commit Graph

114 Commits

Author SHA1 Message Date
Robert Raposa
d28889db1a delete oauth2.enforce_jwt_scopes waffle switch 
The code for this switch was removed in:
https://github.com/edx/edx-platform/pull/23188

BOM-1324
 2020-03-04 10:56:52 -05:00
Manjinder Singh
7d2ff9cd3f Removing all settings that have OIDC in name (#23251) 
* Removing all settings that have OIDC in name

* Removing ENABLE_DOP_ADAPTER

* changes JWT_ISSUER value in devstack
 2020-03-04 09:06:29 -05:00
Feanil Patel
5ec487452d Merge pull request #23188 from edx/robrap/BOM-1324-add-constraint 
BOM-1324: remove oauth2.enforce_jwt_scopes toggle
 2020-03-02 09:55:35 -05:00
Feanil Patel
54d7743817 Don't iterate over an empty filters list. 2020-02-27 16:32:43 -05:00
Feanil Patel
781629d489 Correct docs and test of restricted JWTs. 
The comment is misleading beacuse now that restricted JWTs are enforced
everywhere, we don't need to set the expiry to be in the past for JWT
tokens.
 2020-02-27 15:53:48 -05:00
jinder1s
295da79fe5 Remove DOP dispatching from oauth_dispatch. 
https://openedx.atlassian.net/browse/BOM-1330
 2020-02-27 10:47:06 -05:00
Feanil Patel
fe22e77072 Merge pull request #23199 from edx/robrap/BOM-1292-remove-application-organization 
BOM-1292: remove uses of ApplicationOrganization
 2020-02-27 10:36:46 -05:00
Robert Raposa
e2cc7fa348 fix failing tests 2020-02-27 09:00:01 -05:00
Robert Raposa
84686e81c3 BOM-1324: remove oauth2.enforce_jwt_scopes toggle 
The oauth2.enforce_jwt_scopes waffle switch was added temporarily for
the rollout of jwt scopes. This removes the toggle and replacing code
with the equivalent of `oauth2.enforce_jwt_scopes` as True.
 2020-02-27 08:58:45 -05:00
Feanil Patel
4a54967cc5 Replace the ApplicationOrganization in EdxOAuth2AuthorizationView 
Move to using the filters list provided in the ApplicationAccess model
to genarically store scopes instead of the org specific ApplicationOrg
model mapping.
 2020-02-26 16:02:39 -05:00
Feanil Patel
667df875bd Add back necessary import for ApplicationOrganization. 2020-02-26 11:30:59 -05:00
Feanil Patel
b6104b71fa Deal with linting violations. 2020-02-26 11:29:55 -05:00
Manjinder Singh
e9e584b28b Removing DOP from auth_exchange (#23187) 
-  This PR removes all imports from provider by either bringing them into edx-platform or finding dot replacement. Removing tests that tested dop parts of code. 

-  Skipping some tests and removing dop

The tests are difficult to fix due to its entanglement with dop use in third_party_auth.
These tests should be restarted once dop has been removed from third_party_auth and its tests.

-  set ENABLE_DOP_ADAPTER = False for devstack
 2020-02-26 10:21:26 -05:00
Robert Raposa
3526f48c2a remove uses of ApplicationOrganization 
To understand ApplicationOrganization is being removed, see:
- 372d2e927c/openedx/core/djangoapps/oauth_dispatch/docs/decisions/0011-scope-filter-support.rst (L19)

See ApplicationOrganization docstring for instructions to community
for migrating data post-Juniper.

BOM-1292
 2020-02-25 15:55:07 -05:00
Diana Huang
0b9f7298c6 Replace DOP library factories with the DOT equivalent. 
https://openedx.atlassian.net/browse/BOM-1312
 2020-02-24 16:33:56 -05:00
Robert Raposa
372d2e927c BOM-1264: add third-party-auth scope and usage (#23135) 
* WIP: add third-party-auth scope and usage

BOM-1264


* Fix tests now that we do permissions in a more standard way.

Rather than manually setting the permission class we previously
explicitly raised a PermissionDenied exception.  The way DRF
permissoning logic works, if we use the WWW-Authenticate header in the
highest priority auth class, it will return a 401 instead of a 403.


* Added test to make sure having permissions gives access to user mapping api

* Test new filters logic.

Ensure that the filters we add to the application access model make it
into the JWT correctly.

* quality fix

* quality fix

* disable pylint warning

* quality fix

* fix indent prob

Co-authored-by: Feanil Patel <feanil@edx.org>
Co-authored-by: Manjinder Singh <49171515+jinder1s@users.noreply.github.com>
 2020-02-21 11:25:28 -05:00
Robert Raposa
0a64e11db7 update auth docs 
1. clarify asymmetric jwt decision.
2. move relevant auth docs to edx-drf-extensions and
edx-rest-api-client.
 2020-02-14 13:26:35 -05:00
Robert Raposa
1718cc91ba remove hard line breaks 2020-02-13 10:16:33 -05:00
Diana Huang
7f65b7c6b7 Add toggle to remove access to DOP code paths. 2020-02-06 11:21:41 -05:00
Aarif
8cc86d3aab BOM-1141 
Updating the django-rate-limit requirement.
updated the django-ratelimit to use unreleased version that supports Django 2.2
 2020-01-26 12:45:37 +05:00
Zulqarnain
cf58da6ee0 Update assertRedirects usage 2020-01-08 14:35:40 +05:00
Aarif
e607657a73 Merge pull request #22620 from edx/on_delete_parameter 
Added on_delete parameter to models
 2019-12-31 15:23:47 +05:00
Feanil Patel
6e3fe00fff Fix all E303 pep8 errors. 2019-12-30 12:25:38 -05:00
Feanil Patel
9cf2f9f298 Run 2to3 -f future . -w 
This will remove imports from __future__ that are no longer needed.

https://docs.python.org/3.5/library/2to3.html#2to3fixer-future
 2019-12-30 10:35:30 -05:00
aarif
02350e0fee added on_delete parameter to foreign_key and oneToOne fields 
changes made to fix issues with quality
 2019-12-27 19:59:45 +05:00
Robert Raposa
ddc34bd023 upgrade edx-drf-extensions to 2.4.5 (#22269) 
- Upgrade edx-drf-extensions to 2.4.5
- Removed constraint to 2.4.0, because 2.4.2 introduces a workaround for
ARCH-1210 by putting the problematic code behind a django setting.
- Remove unused JWT_AUTH_REFRESH_COOKIE setting.

ARCH-418, ARCH-1269, ARCH-1044

fix broken toggle
 2019-11-12 15:10:28 -05:00
Manjinder Singh
a40f1d9bd6 BOM-933: Fix type mismatches in various migrations 2 (#22115) 
* Fix type mismatches in track migrations

* Fix type mismatches in oauth_dispatch

* Fix type mismatches in badges migrations

* fix type mismatch in contentserver migrations

* Fix type mismatches in mobile_api migrations

* fix type mismatch in crawlers migrations

* fix type mismatch in dark_lang migrations

* fix type mismatch in branding  migrations
 2019-10-23 13:04:36 -04:00
David J. Malan
680f62278c AccessTokenView: support for X-Token-Type in HTTP header (#21662) 
* AccessTokenView: support for X-Token-Type in HTTP header
 2019-10-01 15:57:21 -04:00
Jeremy Bowman
10d9bb22b5 Fix oauth_dispatch tests BOM-732 2019-09-18 17:02:38 -04:00
Nimisha Asthagiri
1c4a645d4c Merge pull request #21363 from edx/robrap/adr-update-jwt-login-redirect 
Update ADR around HTTP_USE_JWT_COOKIE
 2019-09-04 14:18:20 -04:00
Robert Raposa
ab4ec931be Update ADR around HTTP_USE_JWT_COOKIE 
Update the ADR to clarify another rollout strategy with
HTTP_USE_JWT_COOKIE using the new
JwtRedirectToLoginIfUnauthenticatedMiddleware and new permission class
LoginRedirectIfUnauthenticated.

ARCH-1051
 2019-09-04 12:13:57 -04:00
David Ormsbee
9a1385585f Convert response bytes to str before JSON parsing. (#21375) 
Convert response bytes to str before JSON parsing.
 2019-08-19 11:01:55 -04:00
aarif
61800c619f replaced StringIO imports with import from six 
replaced cStringIO and StringIO imports with import from six

fixed StringIO imports

fixed StringIO imports

fixed XSS python-wrap warning
 2019-08-08 00:09:16 +05:00
Alex Dusenbery
8dbc1c2fcc EDUCATOR-4498 | Allow generate_jwt_signing_key to not include key prefixes. 2019-07-22 13:57:11 -04:00
Kyle McCormick
13681eb499 Add --update option to create_dot_access (#21172) 2019-07-22 13:15:23 -04:00
Alex Dusenbery
ba2f0725ee EDUCATOR-4498 | Add optional output-file option to generate_jwt_signing_key command. 2019-07-17 14:45:25 -04:00
Christie Rice
c66ad09dbc REVMI-234 Remove flaky test (#20752) 2019-06-05 15:48:47 -04:00
Christie Rice
b5d07783b9 REVMI-234 Include user id in jwt sent to ecommerce (#20743) 
* REVMI-234 Include user id in jwt sent to ecommerce

* Reorder params
 2019-06-05 10:27:23 -04:00
Awais Jibran
da1c2a119b Fix Elevation in permission over OAuth 2019-05-23 02:12:00 +05:00
Amit
f587bb8297 INCR-234 (#20511) 
* INCR-234: Run python-modernize and isort on openedx/core/djangoapps/oauth_dispatch

* INCR-234: [ADD] Missing module docstring
 2019-05-10 14:10:35 -04:00
Bill Tucker
b1ff149953 INCR-207 ran python-modernize and isort as described in the case. (#20430) 2019-05-08 14:17:46 -04:00
Bill Tucker
6031b220f5 INCR-208: run python-modernize and isort (#20434) 
* INCR-208: run python-modernize and isort

This change supports python2 -> python3 transition.

* INCR-208:  combine import statements for cleaner look.

* INCR-208: combine import from __future__ statements for cleaner look.
 2019-05-07 14:15:24 -04:00
Michael Youngstrom
ceaff53be6 INCR-192 2019-04-25 14:14:48 -04:00
Robert Raposa
c12048ed1f add optional scopes to create application access 
Supply create_dot_application with optional scopes argument to create
an oauth_dispatch ApplicationAccess with the provided scopes.

ARCH-603
 2019-03-28 17:04:30 -04:00
Christopher Pappas
3fcf99f65b ENT-1556 - Adding in roles claim to jwt for use with edx rbac 
Adding logic that adds roles to jwt

Quality fixes
 2019-03-28 14:17:07 -04:00
Robert Raposa
e52db402b8 add user_id scope to the list of available scopes 
This should have been done when the scope was first added as part
of (#19765).

ARCH-603
 2019-03-27 19:00:04 -04:00
Nimisha Asthagiri
e4f935aab3 JWT Cookie updates: remove refresh cookie, cookie expires with JWT 
ARCH-418, ARCH-548
 2019-03-12 09:14:33 -04:00
Julia Eskew
d74ec765b5 Add skip-authorization flag for DOT application creation. 2019-02-25 12:42:21 -05:00
bmedx
7df1e05f49 Fix xxslint errors in touched files 2019-02-19 11:24:24 -05:00
Julia Eskew
368f221f0a Initial start on annotations. 2019-02-19 11:24:21 -05:00