Skip to content

Commit

Permalink
feat: unblock edx-drf-extensions upgrade (#267)
Browse files Browse the repository at this point in the history
allows jwt/session user mismatch. This occurs when a user does an LTI launch as user A and than switches their account to user B while that session token is still active. In this case we should always use the JWT first but allow the mismatch during middleware. If another LTI launch occurs a new session is minted during that request.
  • Loading branch information
zacharis278 authored Apr 15, 2024
1 parent 3180e3f commit f47e877
Show file tree
Hide file tree
Showing 12 changed files with 82 additions and 146 deletions.
23 changes: 0 additions & 23 deletions edx_exams/apps/core/middleware.py

This file was deleted.

9 changes: 6 additions & 3 deletions edx_exams/settings/base.py
Original file line number Diff line number Diff line change
Expand Up @@ -64,8 +64,6 @@ def root(*path_fragments):
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.locale.LocaleMiddleware',
'django.middleware.common.CommonMiddleware',
# Forces JWT auth if edx JWT cookie exists
'edx_exams.apps.core.middleware.ForceJWTAuthMiddleware',
'edx_rest_framework_extensions.auth.jwt.middleware.JwtAuthCookieMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
Expand Down Expand Up @@ -253,6 +251,11 @@ def root(*path_fragments):
}

# Carry fields from the JWT token and LMS user into the local user
# Note: ENABLE_SET_REQUEST_USER_FOR_JWT_COOKIE applies a fix for
# https://github.com/jpadilla/django-rest-framework-jwt/issues/45
# However, we cannot use it in this service since the session user may
# differ from the JWT user when performing LTI launches with multiple accounts
# in the same browser.
EDX_DRF_EXTENSIONS = {
"JWT_PAYLOAD_USER_ATTRIBUTE_MAPPING": {
"administrator": "is_staff",
Expand All @@ -261,7 +264,7 @@ def root(*path_fragments):
"user_id": "lms_user_id",
},
"OAUTH2_USER_INFO_URL": "http://127.0.0.1:8000/oauth2/user_info",
"ENABLE_SET_REQUEST_USER_FOR_JWT_COOKIE": True,
"ENABLE_SET_REQUEST_USER_FOR_JWT_COOKIE": False,
}

# Request the user's permissions in the ID token
Expand Down
20 changes: 9 additions & 11 deletions requirements/base.txt
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,9 @@ backports-zoneinfo==0.2.1
# djangorestframework
bleach==6.1.0
# via lti-consumer-xblock
boto3==1.34.80
boto3==1.34.84
# via fs-s3fs
botocore==1.34.80
botocore==1.34.84
# via
# boto3
# s3transfer
Expand Down Expand Up @@ -148,10 +148,8 @@ edx-django-utils==5.12.0
# edx-rest-api-client
# edx-toggles
# openedx-events
edx-drf-extensions==9.1.2
# via
# -c requirements/constraints.txt
# -r requirements/base.in
edx-drf-extensions==10.3.0
# via -r requirements/base.in
edx-event-bus-kafka==5.7.0
# via -r requirements/base.in
edx-event-bus-redis==0.5.0
Expand Down Expand Up @@ -182,7 +180,7 @@ fs-s3fs==1.1.1
# via openedx-django-pyfs
future==1.0.0
# via pyjwkest
idna==3.6
idna==3.7
# via requests
inflection==0.5.1
# via drf-yasg
Expand All @@ -206,7 +204,7 @@ lxml==5.2.1
# via
# lti-consumer-xblock
# xblock
mako==1.3.2
mako==1.3.3
# via
# lti-consumer-xblock
# xblock
Expand All @@ -228,12 +226,12 @@ openapi-codec==1.3.2
# via django-rest-swagger
openedx-django-pyfs==3.6.0
# via lti-consumer-xblock
openedx-events==9.7.0
openedx-events==9.9.1
# via
# -r requirements/base.in
# edx-event-bus-kafka
# edx-event-bus-redis
openedx-filters==1.6.0
openedx-filters==1.8.1
# via lti-consumer-xblock
packaging==24.0
# via drf-yasg
Expand Down Expand Up @@ -322,7 +320,7 @@ social-auth-core==4.5.3
# via
# edx-auth-backends
# social-auth-app-django
sqlparse==0.4.4
sqlparse==0.5.0
# via django
stevedore==5.2.0
# via
Expand Down
2 changes: 1 addition & 1 deletion requirements/ci.txt
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ colorama==0.4.6
# via tox
distlib==0.3.8
# via virtualenv
filelock==3.13.3
filelock==3.13.4
# via
# tox
# virtualenv
Expand Down
2 changes: 0 additions & 2 deletions requirements/constraints.txt
Original file line number Diff line number Diff line change
Expand Up @@ -10,5 +10,3 @@

# Common constraints for edx repos
-c common_constraints.txt

edx-drf-extensions<10.0.0 # JWT changes in v10 break LTI authenication
34 changes: 12 additions & 22 deletions requirements/dev.txt
Original file line number Diff line number Diff line change
Expand Up @@ -41,11 +41,11 @@ bleach==6.1.0
# via
# -r requirements/validation.txt
# lti-consumer-xblock
boto3==1.34.80
boto3==1.34.84
# via
# -r requirements/validation.txt
# fs-s3fs
botocore==1.34.80
botocore==1.34.84
# via
# -r requirements/validation.txt
# boto3
Expand Down Expand Up @@ -115,7 +115,6 @@ cryptography==42.0.5
# via
# -r requirements/validation.txt
# pyjwt
# secretstorage
# social-auth-core
ddt==1.7.2
# via -r requirements/validation.txt
Expand All @@ -124,7 +123,7 @@ defusedxml==0.8.0rc2
# -r requirements/validation.txt
# python3-openid
# social-auth-core
diff-cover==8.0.3
diff-cover==9.0.0
# via -r requirements/dev.in
dill==0.3.8
# via
Expand Down Expand Up @@ -248,13 +247,13 @@ edx-django-utils==5.12.0
# edx-rest-api-client
# edx-toggles
# openedx-events
edx-drf-extensions==9.1.2
edx-drf-extensions==10.3.0
# via -r requirements/validation.txt
edx-event-bus-kafka==5.7.0
# via -r requirements/validation.txt
edx-event-bus-redis==0.5.0
# via -r requirements/validation.txt
edx-i18n-tools==1.3.0
edx-i18n-tools==1.5.0
# via -r requirements/dev.in
edx-lint==5.3.6
# via -r requirements/validation.txt
Expand All @@ -280,15 +279,15 @@ exceptiongroup==1.2.0
# pytest
factory-boy==3.3.0
# via -r requirements/validation.txt
faker==24.7.1
faker==24.9.0
# via
# -r requirements/validation.txt
# factory-boy
fastavro==1.9.4
# via
# -r requirements/validation.txt
# openedx-events
filelock==3.13.3
filelock==3.13.4
# via
# -r requirements/validation.txt
# tox
Expand All @@ -309,7 +308,7 @@ future==1.0.0
# via
# -r requirements/validation.txt
# pyjwkest
idna==3.6
idna==3.7
# via
# -r requirements/validation.txt
# requests
Expand Down Expand Up @@ -352,11 +351,6 @@ jaraco-functools==4.0.0
# via
# -r requirements/validation.txt
# keyring
jeepney==0.8.0
# via
# -r requirements/validation.txt
# keyring
# secretstorage
jinja2==3.1.3
# via
# -r requirements/validation.txt
Expand Down Expand Up @@ -388,7 +382,7 @@ lxml==5.2.1
# edx-i18n-tools
# lti-consumer-xblock
# xblock
mako==1.3.2
mako==1.3.3
# via
# -r requirements/validation.txt
# lti-consumer-xblock
Expand Down Expand Up @@ -442,12 +436,12 @@ openedx-django-pyfs==3.6.0
# via
# -r requirements/validation.txt
# lti-consumer-xblock
openedx-events==9.7.0
openedx-events==9.9.1
# via
# -r requirements/validation.txt
# edx-event-bus-kafka
# edx-event-bus-redis
openedx-filters==1.6.0
openedx-filters==1.8.1
# via
# -r requirements/validation.txt
# lti-consumer-xblock
Expand Down Expand Up @@ -642,10 +636,6 @@ s3transfer==0.10.1
# via
# -r requirements/validation.txt
# boto3
secretstorage==3.3.3
# via
# -r requirements/validation.txt
# keyring
semantic-version==2.10.0
# via
# -r requirements/validation.txt
Expand Down Expand Up @@ -684,7 +674,7 @@ social-auth-core==4.5.3
# -r requirements/validation.txt
# edx-auth-backends
# social-auth-app-django
sqlparse==0.4.4
sqlparse==0.5.0
# via
# -r requirements/validation.txt
# django
Expand Down
31 changes: 11 additions & 20 deletions requirements/doc.txt
Original file line number Diff line number Diff line change
Expand Up @@ -43,11 +43,11 @@ bleach==6.1.0
# via
# -r requirements/test.txt
# lti-consumer-xblock
boto3==1.34.80
boto3==1.34.84
# via
# -r requirements/test.txt
# fs-s3fs
botocore==1.34.80
botocore==1.34.84
# via
# -r requirements/test.txt
# boto3
Expand Down Expand Up @@ -112,7 +112,6 @@ cryptography==42.0.5
# via
# -r requirements/test.txt
# pyjwt
# secretstorage
# social-auth-core
ddt==1.7.2
# via -r requirements/test.txt
Expand Down Expand Up @@ -244,10 +243,8 @@ edx-django-utils==5.12.0
# edx-rest-api-client
# edx-toggles
# openedx-events
edx-drf-extensions==9.1.2
# via
# -c requirements/constraints.txt
# -r requirements/test.txt
edx-drf-extensions==10.3.0
# via -r requirements/test.txt
edx-event-bus-kafka==5.7.0
# via -r requirements/test.txt
edx-event-bus-redis==0.5.0
Expand Down Expand Up @@ -278,15 +275,15 @@ exceptiongroup==1.2.0
# pytest
factory-boy==3.3.0
# via -r requirements/test.txt
faker==24.7.1
faker==24.9.0
# via
# -r requirements/test.txt
# factory-boy
fastavro==1.9.4
# via
# -r requirements/test.txt
# openedx-events
filelock==3.13.3
filelock==3.13.4
# via
# -r requirements/test.txt
# tox
Expand All @@ -307,7 +304,7 @@ future==1.0.0
# via
# -r requirements/test.txt
# pyjwkest
idna==3.6
idna==3.7
# via
# -r requirements/test.txt
# requests
Expand Down Expand Up @@ -344,10 +341,6 @@ jaraco-context==5.3.0
# via keyring
jaraco-functools==4.0.0
# via keyring
jeepney==0.8.0
# via
# keyring
# secretstorage
jinja2==3.1.3
# via
# -r requirements/test.txt
Expand Down Expand Up @@ -376,7 +369,7 @@ lxml==5.2.1
# -r requirements/test.txt
# lti-consumer-xblock
# xblock
mako==1.3.2
mako==1.3.3
# via
# -r requirements/test.txt
# lti-consumer-xblock
Expand Down Expand Up @@ -423,12 +416,12 @@ openedx-django-pyfs==3.6.0
# via
# -r requirements/test.txt
# lti-consumer-xblock
openedx-events==9.7.0
openedx-events==9.9.1
# via
# -r requirements/test.txt
# edx-event-bus-kafka
# edx-event-bus-redis
openedx-filters==1.6.0
openedx-filters==1.8.1
# via
# -r requirements/test.txt
# lti-consumer-xblock
Expand Down Expand Up @@ -602,8 +595,6 @@ s3transfer==0.10.1
# via
# -r requirements/test.txt
# boto3
secretstorage==3.3.3
# via keyring
semantic-version==2.10.0
# via
# -r requirements/test.txt
Expand Down Expand Up @@ -657,7 +648,7 @@ sphinxcontrib-qthelp==1.0.3
# via sphinx
sphinxcontrib-serializinghtml==1.1.5
# via sphinx
sqlparse==0.4.4
sqlparse==0.5.0
# via
# -r requirements/test.txt
# django
Expand Down
2 changes: 1 addition & 1 deletion requirements/pip.txt
Original file line number Diff line number Diff line change
Expand Up @@ -10,5 +10,5 @@ wheel==0.43.0
# The following packages are considered to be unsafe in a requirements file:
pip==24.0
# via -r requirements/pip.in
setuptools==69.2.0
setuptools==69.5.1
# via -r requirements/pip.in
Loading

0 comments on commit f47e877

Please sign in to comment.