Commit Graph

8 Commits

Author SHA1 Message Date
salmannawaz
57b480b04f Update all edx-platform REST endpoints to support JWT Auth (#34152)
* chore: update API endpoints to support default JWT auth

The default DRF Auth classes were recently updated to allow for both JWT and Session auth by default. Any endpoint that overrides the AUTHENTICATION_CLASSES but has just session, just JWT or just both of those should be updated to remove the override.

Details in https://github.com/openedx/edx-platform/issues/33662
2024-02-13 10:46:58 -05:00
Ali Nawaz
9c06ef5c17 chore: log the user triggering the retirement flow
chore: change user retirement permissions to allow support staff
2023-04-13 02:29:39 +05:00
Ned Batchelder
fee4ec26f5 fix: return a sorted list so tests can be deterministic
Tests on Maple were failing:

```
    def test_retirement_for_multiple_users(self):
        user_retirement_url = reverse('bulk_retirement_api')
        expected_response = {
            'successful_user_retirements': [self.user3.username, self.user4.username],
            'failed_user_retirements': []
        }
        with self.settings(RETIREMENT_SERVICE_WORKER_USERNAME=self.user1.username):
            response = self.client.post(user_retirement_url, {
                "usernames": f'{self.user3.username},{self.user4.username}'
            })
            assert response.status_code == 200
>           assert response.data == expected_response
E           AssertionError: assert {'failed_user... 'testuser3']} == {'failed_user... 'testuser4']}
E             Omitting 1 identical items, use -vv to show
E             Differing items:
E             {'successful_user_retirements': ['testuser4', 'testuser3']} != {'successful_user_retirements': ['testuser3', 'testuser4']}
E             Use -v to get the full diff
```

`sorted(set(...))` still produces a list, and I guess we didn't care
about the order before, since it wasn't determined.  So this should be
an acceptable change.
2022-01-31 04:09:45 -08:00
Tim McCormack
e6536d0d0e test: Stop sharing API client between users in unit tests
Using the same Client or APIClient instance for multiple users, where
one user has an active session and the other is making an
Authorization header call, results in a Safe Sessions violation.

By using separate clients for different test users, we avoid this
violation, allowing `ENFORCE_SAFE_SESSIONS` to be enabled by default.
2022-01-25 16:03:54 +00:00
M. Zulqarnain
1003f262ad feat: Django codemods on LMS (1) (#28851) 2021-11-02 17:00:46 +05:00
Awais Qureshi
d061f64b27 test: Tests were failing due to different sorting order. (#29151) 2021-10-28 17:16:37 +05:00
Usama Sadiq
a1f80a00c7 refactor: pyupgrade second iteration (#27443) 2021-05-03 17:14:25 +05:00
Pooja Kulkarni
86bfcea19c feat: Django app to allow user retirement via API (#25800)
This adds a new django app to allow the GDPR user retirement via
Open edX's REST API. Prior to this the only way to trigger the user
retirement was either by the user themself clicking "Delete my account"
in the account setting page or via creating a User Retirement request
by admin. With these changes, the user retirement process can be
triggered using REST API.
2021-04-08 13:50:12 -04:00