diff --git a/edx_exams/apps/core/middleware.py b/edx_exams/apps/core/middleware.py deleted file mode 100644 index 55bc05a4..00000000 --- a/edx_exams/apps/core/middleware.py +++ /dev/null @@ -1,23 +0,0 @@ -""" -Middleware that checks if in incoming request has a browser jwt cookie -and enables JWT auth for that request. - -This is a temporary workaround that allows easier testing of browser endpoints in -absence of a frontend UI. Normally a frontend application must explicity request -the JWT token to be used for auth by setting USE_JWT_COOKIE_HEADER. -""" -from django.utils.deprecation import MiddlewareMixin -from edx_rest_framework_extensions.auth.jwt.constants import USE_JWT_COOKIE_HEADER -from edx_rest_framework_extensions.auth.jwt.cookies import jwt_cookie_header_payload_name - - -class ForceJWTAuthMiddleware(MiddlewareMixin): # pragma: no cover - """ Middleware to automically enable JWT auth for browser requests """ - def process_request(self, request): # pylint: disable=missing-function-docstring - # prevent lti callback endpoints from reading jwt, we want to ensure - # the session token generated for these is used instead - if request.path.startswith('/lti/lti_consumer'): - return - - if request.COOKIES.get(jwt_cookie_header_payload_name(), None): - request.META[USE_JWT_COOKIE_HEADER] = 'true' diff --git a/edx_exams/settings/base.py b/edx_exams/settings/base.py index dcb23443..49b5b70e 100644 --- a/edx_exams/settings/base.py +++ b/edx_exams/settings/base.py @@ -64,8 +64,6 @@ def root(*path_fragments): 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.locale.LocaleMiddleware', 'django.middleware.common.CommonMiddleware', - # Forces JWT auth if edx JWT cookie exists - 'edx_exams.apps.core.middleware.ForceJWTAuthMiddleware', 'edx_rest_framework_extensions.auth.jwt.middleware.JwtAuthCookieMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', @@ -253,6 +251,11 @@ def root(*path_fragments): } # Carry fields from the JWT token and LMS user into the local user +# Note: ENABLE_SET_REQUEST_USER_FOR_JWT_COOKIE applies a fix for +# https://github.com/jpadilla/django-rest-framework-jwt/issues/45 +# However, we cannot use it in this service since the session user may +# differ from the JWT user when performing LTI launches with multiple accounts +# in the same browser. EDX_DRF_EXTENSIONS = { "JWT_PAYLOAD_USER_ATTRIBUTE_MAPPING": { "administrator": "is_staff", @@ -261,7 +264,7 @@ def root(*path_fragments): "user_id": "lms_user_id", }, "OAUTH2_USER_INFO_URL": "http://127.0.0.1:8000/oauth2/user_info", - "ENABLE_SET_REQUEST_USER_FOR_JWT_COOKIE": True, + "ENABLE_SET_REQUEST_USER_FOR_JWT_COOKIE": False, } # Request the user's permissions in the ID token diff --git a/requirements/base.txt b/requirements/base.txt index 34190534..f91e4b77 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -24,9 +24,9 @@ backports-zoneinfo==0.2.1 # djangorestframework bleach==6.1.0 # via lti-consumer-xblock -boto3==1.34.80 +boto3==1.34.84 # via fs-s3fs -botocore==1.34.80 +botocore==1.34.84 # via # boto3 # s3transfer @@ -148,10 +148,8 @@ edx-django-utils==5.12.0 # edx-rest-api-client # edx-toggles # openedx-events -edx-drf-extensions==9.1.2 - # via - # -c requirements/constraints.txt - # -r requirements/base.in +edx-drf-extensions==10.3.0 + # via -r requirements/base.in edx-event-bus-kafka==5.7.0 # via -r requirements/base.in edx-event-bus-redis==0.5.0 @@ -182,7 +180,7 @@ fs-s3fs==1.1.1 # via openedx-django-pyfs future==1.0.0 # via pyjwkest -idna==3.6 +idna==3.7 # via requests inflection==0.5.1 # via drf-yasg @@ -206,7 +204,7 @@ lxml==5.2.1 # via # lti-consumer-xblock # xblock -mako==1.3.2 +mako==1.3.3 # via # lti-consumer-xblock # xblock @@ -228,12 +226,12 @@ openapi-codec==1.3.2 # via django-rest-swagger openedx-django-pyfs==3.6.0 # via lti-consumer-xblock -openedx-events==9.7.0 +openedx-events==9.9.1 # via # -r requirements/base.in # edx-event-bus-kafka # edx-event-bus-redis -openedx-filters==1.6.0 +openedx-filters==1.8.1 # via lti-consumer-xblock packaging==24.0 # via drf-yasg @@ -322,7 +320,7 @@ social-auth-core==4.5.3 # via # edx-auth-backends # social-auth-app-django -sqlparse==0.4.4 +sqlparse==0.5.0 # via django stevedore==5.2.0 # via diff --git a/requirements/ci.txt b/requirements/ci.txt index c085cbcf..641296fb 100644 --- a/requirements/ci.txt +++ b/requirements/ci.txt @@ -12,7 +12,7 @@ colorama==0.4.6 # via tox distlib==0.3.8 # via virtualenv -filelock==3.13.3 +filelock==3.13.4 # via # tox # virtualenv diff --git a/requirements/constraints.txt b/requirements/constraints.txt index a90fa04c..a51cb08b 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -10,5 +10,3 @@ # Common constraints for edx repos -c common_constraints.txt - -edx-drf-extensions<10.0.0 # JWT changes in v10 break LTI authenication diff --git a/requirements/dev.txt b/requirements/dev.txt index 23f63c63..3167b5e3 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -41,11 +41,11 @@ bleach==6.1.0 # via # -r requirements/validation.txt # lti-consumer-xblock -boto3==1.34.80 +boto3==1.34.84 # via # -r requirements/validation.txt # fs-s3fs -botocore==1.34.80 +botocore==1.34.84 # via # -r requirements/validation.txt # boto3 @@ -115,7 +115,6 @@ cryptography==42.0.5 # via # -r requirements/validation.txt # pyjwt - # secretstorage # social-auth-core ddt==1.7.2 # via -r requirements/validation.txt @@ -124,7 +123,7 @@ defusedxml==0.8.0rc2 # -r requirements/validation.txt # python3-openid # social-auth-core -diff-cover==8.0.3 +diff-cover==9.0.0 # via -r requirements/dev.in dill==0.3.8 # via @@ -248,13 +247,13 @@ edx-django-utils==5.12.0 # edx-rest-api-client # edx-toggles # openedx-events -edx-drf-extensions==9.1.2 +edx-drf-extensions==10.3.0 # via -r requirements/validation.txt edx-event-bus-kafka==5.7.0 # via -r requirements/validation.txt edx-event-bus-redis==0.5.0 # via -r requirements/validation.txt -edx-i18n-tools==1.3.0 +edx-i18n-tools==1.5.0 # via -r requirements/dev.in edx-lint==5.3.6 # via -r requirements/validation.txt @@ -280,7 +279,7 @@ exceptiongroup==1.2.0 # pytest factory-boy==3.3.0 # via -r requirements/validation.txt -faker==24.7.1 +faker==24.9.0 # via # -r requirements/validation.txt # factory-boy @@ -288,7 +287,7 @@ fastavro==1.9.4 # via # -r requirements/validation.txt # openedx-events -filelock==3.13.3 +filelock==3.13.4 # via # -r requirements/validation.txt # tox @@ -309,7 +308,7 @@ future==1.0.0 # via # -r requirements/validation.txt # pyjwkest -idna==3.6 +idna==3.7 # via # -r requirements/validation.txt # requests @@ -352,11 +351,6 @@ jaraco-functools==4.0.0 # via # -r requirements/validation.txt # keyring -jeepney==0.8.0 - # via - # -r requirements/validation.txt - # keyring - # secretstorage jinja2==3.1.3 # via # -r requirements/validation.txt @@ -388,7 +382,7 @@ lxml==5.2.1 # edx-i18n-tools # lti-consumer-xblock # xblock -mako==1.3.2 +mako==1.3.3 # via # -r requirements/validation.txt # lti-consumer-xblock @@ -442,12 +436,12 @@ openedx-django-pyfs==3.6.0 # via # -r requirements/validation.txt # lti-consumer-xblock -openedx-events==9.7.0 +openedx-events==9.9.1 # via # -r requirements/validation.txt # edx-event-bus-kafka # edx-event-bus-redis -openedx-filters==1.6.0 +openedx-filters==1.8.1 # via # -r requirements/validation.txt # lti-consumer-xblock @@ -642,10 +636,6 @@ s3transfer==0.10.1 # via # -r requirements/validation.txt # boto3 -secretstorage==3.3.3 - # via - # -r requirements/validation.txt - # keyring semantic-version==2.10.0 # via # -r requirements/validation.txt @@ -684,7 +674,7 @@ social-auth-core==4.5.3 # -r requirements/validation.txt # edx-auth-backends # social-auth-app-django -sqlparse==0.4.4 +sqlparse==0.5.0 # via # -r requirements/validation.txt # django diff --git a/requirements/doc.txt b/requirements/doc.txt index 433e58cc..ed577861 100644 --- a/requirements/doc.txt +++ b/requirements/doc.txt @@ -43,11 +43,11 @@ bleach==6.1.0 # via # -r requirements/test.txt # lti-consumer-xblock -boto3==1.34.80 +boto3==1.34.84 # via # -r requirements/test.txt # fs-s3fs -botocore==1.34.80 +botocore==1.34.84 # via # -r requirements/test.txt # boto3 @@ -112,7 +112,6 @@ cryptography==42.0.5 # via # -r requirements/test.txt # pyjwt - # secretstorage # social-auth-core ddt==1.7.2 # via -r requirements/test.txt @@ -244,10 +243,8 @@ edx-django-utils==5.12.0 # edx-rest-api-client # edx-toggles # openedx-events -edx-drf-extensions==9.1.2 - # via - # -c requirements/constraints.txt - # -r requirements/test.txt +edx-drf-extensions==10.3.0 + # via -r requirements/test.txt edx-event-bus-kafka==5.7.0 # via -r requirements/test.txt edx-event-bus-redis==0.5.0 @@ -278,7 +275,7 @@ exceptiongroup==1.2.0 # pytest factory-boy==3.3.0 # via -r requirements/test.txt -faker==24.7.1 +faker==24.9.0 # via # -r requirements/test.txt # factory-boy @@ -286,7 +283,7 @@ fastavro==1.9.4 # via # -r requirements/test.txt # openedx-events -filelock==3.13.3 +filelock==3.13.4 # via # -r requirements/test.txt # tox @@ -307,7 +304,7 @@ future==1.0.0 # via # -r requirements/test.txt # pyjwkest -idna==3.6 +idna==3.7 # via # -r requirements/test.txt # requests @@ -344,10 +341,6 @@ jaraco-context==5.3.0 # via keyring jaraco-functools==4.0.0 # via keyring -jeepney==0.8.0 - # via - # keyring - # secretstorage jinja2==3.1.3 # via # -r requirements/test.txt @@ -376,7 +369,7 @@ lxml==5.2.1 # -r requirements/test.txt # lti-consumer-xblock # xblock -mako==1.3.2 +mako==1.3.3 # via # -r requirements/test.txt # lti-consumer-xblock @@ -423,12 +416,12 @@ openedx-django-pyfs==3.6.0 # via # -r requirements/test.txt # lti-consumer-xblock -openedx-events==9.7.0 +openedx-events==9.9.1 # via # -r requirements/test.txt # edx-event-bus-kafka # edx-event-bus-redis -openedx-filters==1.6.0 +openedx-filters==1.8.1 # via # -r requirements/test.txt # lti-consumer-xblock @@ -602,8 +595,6 @@ s3transfer==0.10.1 # via # -r requirements/test.txt # boto3 -secretstorage==3.3.3 - # via keyring semantic-version==2.10.0 # via # -r requirements/test.txt @@ -657,7 +648,7 @@ sphinxcontrib-qthelp==1.0.3 # via sphinx sphinxcontrib-serializinghtml==1.1.5 # via sphinx -sqlparse==0.4.4 +sqlparse==0.5.0 # via # -r requirements/test.txt # django diff --git a/requirements/pip.txt b/requirements/pip.txt index cf449024..e3ffcc7b 100644 --- a/requirements/pip.txt +++ b/requirements/pip.txt @@ -10,5 +10,5 @@ wheel==0.43.0 # The following packages are considered to be unsafe in a requirements file: pip==24.0 # via -r requirements/pip.in -setuptools==69.2.0 +setuptools==69.5.1 # via -r requirements/pip.in diff --git a/requirements/production.txt b/requirements/production.txt index 68599747..49943c11 100644 --- a/requirements/production.txt +++ b/requirements/production.txt @@ -32,12 +32,12 @@ bleach==6.1.0 # via # -r requirements/base.txt # lti-consumer-xblock -boto3==1.34.80 +boto3==1.34.84 # via # -r requirements/base.txt # django-ses # fs-s3fs -botocore==1.34.80 +botocore==1.34.84 # via # -r requirements/base.txt # boto3 @@ -139,7 +139,7 @@ django-model-utils==4.5.0 # via -r requirements/base.txt django-rest-swagger==2.2.0 # via -r requirements/base.txt -django-ses==3.5.2 +django-ses==3.6.0 # via -r requirements/production.in django-simple-history==3.5.0 # via -r requirements/base.txt @@ -190,7 +190,7 @@ edx-django-utils==5.12.0 # edx-rest-api-client # edx-toggles # openedx-events -edx-drf-extensions==9.1.2 +edx-drf-extensions==10.3.0 # via -r requirements/base.txt edx-event-bus-kafka==5.7.0 # via -r requirements/base.txt @@ -236,7 +236,7 @@ greenlet==3.0.3 # via gevent gunicorn==21.2.0 # via -r requirements/production.in -idna==3.6 +idna==3.7 # via # -r requirements/base.txt # requests @@ -273,7 +273,7 @@ lxml==5.2.1 # -r requirements/base.txt # lti-consumer-xblock # xblock -mako==1.3.2 +mako==1.3.3 # via # -r requirements/base.txt # lti-consumer-xblock @@ -306,12 +306,12 @@ openedx-django-pyfs==3.6.0 # via # -r requirements/base.txt # lti-consumer-xblock -openedx-events==9.7.0 +openedx-events==9.9.1 # via # -r requirements/base.txt # edx-event-bus-kafka # edx-event-bus-redis -openedx-filters==1.6.0 +openedx-filters==1.8.1 # via # -r requirements/base.txt # lti-consumer-xblock @@ -444,7 +444,7 @@ social-auth-core==4.5.3 # -r requirements/base.txt # edx-auth-backends # social-auth-app-django -sqlparse==0.4.4 +sqlparse==0.5.0 # via # -r requirements/base.txt # django @@ -495,7 +495,7 @@ xblock==3.1.0 # lti-consumer-xblock zope-event==5.0 # via gevent -zope-interface==6.2 +zope-interface==6.3 # via gevent # The following packages are considered to be unsafe in a requirements file: diff --git a/requirements/quality.txt b/requirements/quality.txt index 5a609d2f..02bdb1aa 100644 --- a/requirements/quality.txt +++ b/requirements/quality.txt @@ -39,11 +39,11 @@ bleach==6.1.0 # via # -r requirements/test.txt # lti-consumer-xblock -boto3==1.34.80 +boto3==1.34.84 # via # -r requirements/test.txt # fs-s3fs -botocore==1.34.80 +botocore==1.34.84 # via # -r requirements/test.txt # boto3 @@ -106,7 +106,6 @@ cryptography==42.0.5 # via # -r requirements/test.txt # pyjwt - # secretstorage # social-auth-core ddt==1.7.2 # via -r requirements/test.txt @@ -232,10 +231,8 @@ edx-django-utils==5.12.0 # edx-rest-api-client # edx-toggles # openedx-events -edx-drf-extensions==9.1.2 - # via - # -c requirements/constraints.txt - # -r requirements/test.txt +edx-drf-extensions==10.3.0 + # via -r requirements/test.txt edx-event-bus-kafka==5.7.0 # via -r requirements/test.txt edx-event-bus-redis==0.5.0 @@ -266,7 +263,7 @@ exceptiongroup==1.2.0 # pytest factory-boy==3.3.0 # via -r requirements/test.txt -faker==24.7.1 +faker==24.9.0 # via # -r requirements/test.txt # factory-boy @@ -274,7 +271,7 @@ fastavro==1.9.4 # via # -r requirements/test.txt # openedx-events -filelock==3.13.3 +filelock==3.13.4 # via # -r requirements/test.txt # tox @@ -295,7 +292,7 @@ future==1.0.0 # via # -r requirements/test.txt # pyjwkest -idna==3.6 +idna==3.7 # via # -r requirements/test.txt # requests @@ -329,10 +326,6 @@ jaraco-context==5.3.0 # via keyring jaraco-functools==4.0.0 # via keyring -jeepney==0.8.0 - # via - # keyring - # secretstorage jinja2==3.1.3 # via # -r requirements/test.txt @@ -360,7 +353,7 @@ lxml==5.2.1 # -r requirements/test.txt # lti-consumer-xblock # xblock -mako==1.3.2 +mako==1.3.3 # via # -r requirements/test.txt # lti-consumer-xblock @@ -407,12 +400,12 @@ openedx-django-pyfs==3.6.0 # via # -r requirements/test.txt # lti-consumer-xblock -openedx-events==9.7.0 +openedx-events==9.9.1 # via # -r requirements/test.txt # edx-event-bus-kafka # edx-event-bus-redis -openedx-filters==1.6.0 +openedx-filters==1.8.1 # via # -r requirements/test.txt # lti-consumer-xblock @@ -580,8 +573,6 @@ s3transfer==0.10.1 # via # -r requirements/test.txt # boto3 -secretstorage==3.3.3 - # via keyring semantic-version==2.10.0 # via # -r requirements/test.txt @@ -618,7 +609,7 @@ social-auth-core==4.5.3 # -r requirements/test.txt # edx-auth-backends # social-auth-app-django -sqlparse==0.4.4 +sqlparse==0.5.0 # via # -r requirements/test.txt # django diff --git a/requirements/test.txt b/requirements/test.txt index 2e8f10ea..8497dc40 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -36,11 +36,11 @@ bleach==6.1.0 # via # -r requirements/base.txt # lti-consumer-xblock -boto3==1.34.80 +boto3==1.34.84 # via # -r requirements/base.txt # fs-s3fs -botocore==1.34.80 +botocore==1.34.84 # via # -r requirements/base.txt # boto3 @@ -214,10 +214,8 @@ edx-django-utils==5.12.0 # edx-rest-api-client # edx-toggles # openedx-events -edx-drf-extensions==9.1.2 - # via - # -c requirements/constraints.txt - # -r requirements/base.txt +edx-drf-extensions==10.3.0 + # via -r requirements/base.txt edx-event-bus-kafka==5.7.0 # via -r requirements/base.txt edx-event-bus-redis==0.5.0 @@ -244,13 +242,13 @@ exceptiongroup==1.2.0 # via pytest factory-boy==3.3.0 # via -r requirements/test.in -faker==24.7.1 +faker==24.9.0 # via factory-boy fastavro==1.9.4 # via # -r requirements/base.txt # openedx-events -filelock==3.13.3 +filelock==3.13.4 # via # tox # virtualenv @@ -270,7 +268,7 @@ future==1.0.0 # via # -r requirements/base.txt # pyjwkest -idna==3.6 +idna==3.7 # via # -r requirements/base.txt # requests @@ -311,7 +309,7 @@ lxml==5.2.1 # -r requirements/base.txt # lti-consumer-xblock # xblock -mako==1.3.2 +mako==1.3.3 # via # -r requirements/base.txt # lti-consumer-xblock @@ -346,12 +344,12 @@ openedx-django-pyfs==3.6.0 # via # -r requirements/base.txt # lti-consumer-xblock -openedx-events==9.7.0 +openedx-events==9.9.1 # via # -r requirements/base.txt # edx-event-bus-kafka # edx-event-bus-redis -openedx-filters==1.6.0 +openedx-filters==1.8.1 # via # -r requirements/base.txt # lti-consumer-xblock @@ -522,7 +520,7 @@ social-auth-core==4.5.3 # -r requirements/base.txt # edx-auth-backends # social-auth-app-django -sqlparse==0.4.4 +sqlparse==0.5.0 # via # -r requirements/base.txt # django diff --git a/requirements/validation.txt b/requirements/validation.txt index 759078b4..7506cfb2 100644 --- a/requirements/validation.txt +++ b/requirements/validation.txt @@ -48,12 +48,12 @@ bleach==6.1.0 # -r requirements/quality.txt # -r requirements/test.txt # lti-consumer-xblock -boto3==1.34.80 +boto3==1.34.84 # via # -r requirements/quality.txt # -r requirements/test.txt # fs-s3fs -botocore==1.34.80 +botocore==1.34.84 # via # -r requirements/quality.txt # -r requirements/test.txt @@ -130,7 +130,6 @@ cryptography==42.0.5 # -r requirements/quality.txt # -r requirements/test.txt # pyjwt - # secretstorage # social-auth-core ddt==1.7.2 # via @@ -292,7 +291,7 @@ edx-django-utils==5.12.0 # edx-rest-api-client # edx-toggles # openedx-events -edx-drf-extensions==9.1.2 +edx-drf-extensions==10.3.0 # via # -r requirements/quality.txt # -r requirements/test.txt @@ -339,7 +338,7 @@ factory-boy==3.3.0 # via # -r requirements/quality.txt # -r requirements/test.txt -faker==24.7.1 +faker==24.9.0 # via # -r requirements/quality.txt # -r requirements/test.txt @@ -349,7 +348,7 @@ fastavro==1.9.4 # -r requirements/quality.txt # -r requirements/test.txt # openedx-events -filelock==3.13.3 +filelock==3.13.4 # via # -r requirements/quality.txt # -r requirements/test.txt @@ -376,7 +375,7 @@ future==1.0.0 # -r requirements/quality.txt # -r requirements/test.txt # pyjwkest -idna==3.6 +idna==3.7 # via # -r requirements/quality.txt # -r requirements/test.txt @@ -422,11 +421,6 @@ jaraco-functools==4.0.0 # via # -r requirements/quality.txt # keyring -jeepney==0.8.0 - # via - # -r requirements/quality.txt - # keyring - # secretstorage jinja2==3.1.3 # via # -r requirements/quality.txt @@ -463,7 +457,7 @@ lxml==5.2.1 # -r requirements/test.txt # lti-consumer-xblock # xblock -mako==1.3.2 +mako==1.3.3 # via # -r requirements/quality.txt # -r requirements/test.txt @@ -528,13 +522,13 @@ openedx-django-pyfs==3.6.0 # -r requirements/quality.txt # -r requirements/test.txt # lti-consumer-xblock -openedx-events==9.7.0 +openedx-events==9.9.1 # via # -r requirements/quality.txt # -r requirements/test.txt # edx-event-bus-kafka # edx-event-bus-redis -openedx-filters==1.6.0 +openedx-filters==1.8.1 # via # -r requirements/quality.txt # -r requirements/test.txt @@ -748,10 +742,6 @@ s3transfer==0.10.1 # -r requirements/quality.txt # -r requirements/test.txt # boto3 -secretstorage==3.3.3 - # via - # -r requirements/quality.txt - # keyring semantic-version==2.10.0 # via # -r requirements/quality.txt @@ -796,7 +786,7 @@ social-auth-core==4.5.3 # -r requirements/test.txt # edx-auth-backends # social-auth-app-django -sqlparse==0.4.4 +sqlparse==0.5.0 # via # -r requirements/quality.txt # -r requirements/test.txt