Ejemplo n.º 1
0
    def test_third_party_auth_enrollment_embargo(self):
        course = CourseFactory.create()

        # Start the pipeline attempting to enroll in a restricted course
        with restrict_course(course.id) as redirect_url:
            response = self.client.get(reverse("account_login"), {"course_id": unicode(course.id)})

            # Expect that the course ID has been removed from the
            # login URLs (so the user won't be enrolled) and
            # the ?next param sends users to the blocked message.
            expected_providers = [
                {
                    "name": "Facebook",
                    "iconClass": "fa-facebook",
                    "loginUrl": self._third_party_login_url(
                        "facebook", "login", course_id=unicode(course.id), redirect_url=redirect_url
                    ),
                    "registerUrl": self._third_party_login_url(
                        "facebook", "register", course_id=unicode(course.id), redirect_url=redirect_url
                    ),
                },
                {
                    "name": "Google",
                    "iconClass": "fa-google-plus",
                    "loginUrl": self._third_party_login_url(
                        "google-oauth2", "login", course_id=unicode(course.id), redirect_url=redirect_url
                    ),
                    "registerUrl": self._third_party_login_url(
                        "google-oauth2", "register", course_id=unicode(course.id), redirect_url=redirect_url
                    ),
                },
            ]
            self._assert_third_party_auth_data(response, None, expected_providers)
Ejemplo n.º 2
0
 def test_blocked(self, disable_access_check):
     with restrict_course(self.course.id, access_point='courseware', disable_access_check=disable_access_check) as redirect_url:  # pylint: disable=line-too-long
         response = self.client.get(self.courseware_url)
         if disable_access_check:
             self.assertEqual(response.status_code, 200)
         else:
             self.assertRedirects(response, redirect_url)
Ejemplo n.º 3
0
 def test_blocked(self, disable_access_check):
     with restrict_course(self.course.id, access_point='courseware', disable_access_check=disable_access_check) as redirect_url:  # pylint: disable=line-too-long
         response = self.client.get(self.courseware_url)
         if disable_access_check:
             self.assertEqual(response.status_code, 200)
         else:
             self.assertRedirects(response, redirect_url)
Ejemplo n.º 4
0
    def test_always_allow_course_detail_access(self):
        """ Access to the Course Structure API's course detail endpoint should always be granted. """
        # Make the user staff so that it has permissions to access the views.
        self.user.is_staff = True
        self.user.save()  # pylint: disable=no-member

        # Blacklist an IP address
        ip_address = "192.168.10.20"
        IPFilter.objects.create(
            blacklist=ip_address,
            enabled=True
        )

        url = reverse('course_structure_api:v0:detail', kwargs={'course_id': unicode(self.course.id)})
        response = self.client.get(
            url,
            HTTP_X_FORWARDED_FOR=ip_address,
            REMOTE_ADDR=ip_address
        )
        self.assertEqual(response.status_code, 200)

        # Test with a fully-restricted course
        with restrict_course(self.course.id):
            response = self.client.get(
                url,
                HTTP_X_FORWARDED_FOR=ip_address,
                REMOTE_ADDR=ip_address
            )
            self.assertEqual(response.status_code, 200)
Ejemplo n.º 5
0
    def test_always_allow_course_detail_access(self):
        """ Access to the Course Structure API's course detail endpoint should always be granted. """
        # Make the user staff so that it has permissions to access the views.
        self.user.is_staff = True
        self.user.save()  # pylint: disable=no-member

        # Blacklist an IP address
        ip_address = "192.168.10.20"
        IPFilter.objects.create(
            blacklist=ip_address,
            enabled=True
        )

        url = reverse('course_structure_api:v0:detail', kwargs={'course_id': unicode(self.course.id)})
        response = self.client.get(
            url,
            HTTP_X_FORWARDED_FOR=ip_address,
            REMOTE_ADDR=ip_address
        )
        self.assertEqual(response.status_code, 200)

        # Test with a fully-restricted course
        with restrict_course(self.course.id):
            response = self.client.get(
                url,
                HTTP_X_FORWARDED_FOR=ip_address,
                REMOTE_ADDR=ip_address
            )
            self.assertEqual(response.status_code, 200)
Ejemplo n.º 6
0
 def test_embargo_restriction(self):
     """
     The view should return HTTP 403 status if the course is embargoed.
     """
     with restrict_course(self.course.id) as redirect_url:
         response = self._post_to_view()
         self.assertEqual(403, response.status_code)
         body = json.loads(response.content)
         self.assertEqual(get_absolute_url(redirect_url), body["user_message_url"])
Ejemplo n.º 7
0
 def test_embargo_restriction(self):
     """
     The view should return HTTP 403 status if the course is embargoed.
     """
     with restrict_course(self.course.id) as redirect_url:
         response = self._post_to_view()
         self.assertEqual(403, response.status_code)
         body = json.loads(response.content)
         self.assertEqual(get_absolute_url(redirect_url), body['user_message_url'])
    def test_blocked_by_embargo(self):
        strategy = self._fake_strategy()
        strategy.session_set('enroll_course_id', unicode(self.course.id))

        with restrict_course(self.course.id):
            result = pipeline.change_enrollment(strategy, 1, user=self.user)  # pylint: disable=assignment-from-no-return,redundant-keyword-arg

        # Verify that we were NOT enrolled
        self.assertEqual(result, {})
        self.assertFalse(CourseEnrollment.is_enrolled(self.user, self.course.id))
Ejemplo n.º 9
0
    def test_blocked_by_embargo(self):
        strategy = self._fake_strategy()
        strategy.session_set('enroll_course_id', unicode(self.course.id))

        with restrict_course(self.course.id):
            result = pipeline.change_enrollment(strategy, 1, user=self.user)  # pylint: disable=assignment-from-no-return,redundant-keyword-arg

        # Verify that we were NOT enrolled
        self.assertEqual(result, {})
        self.assertFalse(CourseEnrollment.is_enrolled(self.user, self.course.id))
Ejemplo n.º 10
0
    def test_embargo_restrict(self):
        # When accessing the course from an embargoed country,
        # we should be blocked.
        with restrict_course(self.course.id) as redirect_url:
            response = self._change_enrollment('enroll')
            self.assertEqual(response.status_code, 200)
            self.assertEqual(response.content, redirect_url)

        # Verify that we weren't enrolled
        is_enrolled = CourseEnrollment.is_enrolled(self.user, self.course.id)
        self.assertFalse(is_enrolled)
Ejemplo n.º 11
0
    def test_embargo_restrict(self):
        # When accessing the course from an embargoed country,
        # we should be blocked.
        with restrict_course(self.course.id) as redirect_url:
            response = self._change_enrollment('enroll')
            self.assertEqual(response.status_code, 200)
            self.assertEqual(response.content, redirect_url)

        # Verify that we weren't enrolled
        is_enrolled = CourseEnrollment.is_enrolled(self.user, self.course.id)
        self.assertFalse(is_enrolled)
Ejemplo n.º 12
0
    def test_whitelist_ip_skips_country_access_checks(self):
        # Whitelist an IP address
        IPFilter.objects.create(whitelist="192.168.10.20", enabled=True)

        # Set up country access rules so the user would
        # be restricted from the course.
        with restrict_course(self.course.id):
            # Make a request from the whitelisted IP address
            response = self.client.get(self.courseware_url,
                                       HTTP_X_FORWARDED_FOR="192.168.10.20",
                                       REMOTE_ADDR="192.168.10.20")

        # Expect that we were still able to access the page,
        # even though we would have been blocked by country
        # access rules.
        self.assertEqual(response.status_code, 200)
Ejemplo n.º 13
0
    def test_whitelist_ip_skips_country_access_checks(self):
        # Whitelist an IP address
        IPFilter.objects.create(whitelist="192.168.10.20", enabled=True)

        # Set up country access rules so the user would
        # be restricted from the course.
        with restrict_course(self.course.id):
            # Make a request from the whitelisted IP address
            response = self.client.get(
                self.courseware_url, HTTP_X_FORWARDED_FOR="192.168.10.20", REMOTE_ADDR="192.168.10.20"
            )

        # Expect that we were still able to access the page,
        # even though we would have been blocked by country
        # access rules.
        self.assertEqual(response.status_code, 200)
Ejemplo n.º 14
0
    def test_third_party_auth_enrollment_embargo(self):
        course = CourseFactory.create()

        # Start the pipeline attempting to enroll in a restricted course
        with restrict_course(course.id) as redirect_url:
            response = self.client.get(reverse("account_login"),
                                       {"course_id": unicode(course.id)})

            # Expect that the course ID has been removed from the
            # login URLs (so the user won't be enrolled) and
            # the ?next param sends users to the blocked message.
            expected_providers = [{
                "name":
                "Facebook",
                "iconClass":
                "fa-facebook",
                "loginUrl":
                self._third_party_login_url("facebook",
                                            "login",
                                            course_id=unicode(course.id),
                                            redirect_url=redirect_url),
                "registerUrl":
                self._third_party_login_url("facebook",
                                            "register",
                                            course_id=unicode(course.id),
                                            redirect_url=redirect_url)
            }, {
                "name":
                "Google",
                "iconClass":
                "fa-google-plus",
                "loginUrl":
                self._third_party_login_url("google-oauth2",
                                            "login",
                                            course_id=unicode(course.id),
                                            redirect_url=redirect_url),
                "registerUrl":
                self._third_party_login_url("google-oauth2",
                                            "register",
                                            course_id=unicode(course.id),
                                            redirect_url=redirect_url)
            }]
            self._assert_third_party_auth_data(response, None,
                                               expected_providers)
Ejemplo n.º 15
0
    def test_embargo_change_enrollment_restrict(self):
        url = reverse('courseenrollments')
        data = json.dumps({
            'course_details': {
                'course_id': unicode(self.course.id)
            },
            'user': self.user.username
        })

        # Attempt to enroll from a country embargoed for this course
        with restrict_course(self.course.id) as redirect_url:
            response = self.client.post(url, data, content_type='application/json')

            # Expect an error response
            self.assertEqual(response.status_code, 403)

            # Expect that the redirect URL is included in the response
            resp_data = json.loads(response.content)
            self.assertEqual(resp_data['user_message_url'], redirect_url)

        # Verify that we were not enrolled
        self.assertEqual(self._get_enrollments(), [])
Ejemplo n.º 16
0
 def test_non_courseware_url(self):
     with restrict_course(self.course.id):
         response = self.client.get(self.non_courseware_url)
         self.assertEqual(response.status_code, 200)
Ejemplo n.º 17
0
    def test_embargo_change_enrollment_restrict_geoip(self):
        """ Validates that enrollment changes are blocked if the request originates from an embargoed country. """

        # Use the helper to setup the embargo and simulate a request from a blocked IP address.
        with restrict_course(self.course.id) as redirect_path:
            self.assert_access_denied(redirect_path)
 def test_blocked(self):
     with restrict_course(self.course.id, access_point='courseware') as redirect_url:
         response = self.client.get(self.courseware_url)
         self.assertRedirects(response, redirect_url)
Ejemplo n.º 19
0
 def test_embargo_restrict(self):
     with restrict_course(self.course.id) as redirect_url:
         response = self.client.get(self.url)
         self.assertRedirects(response, redirect_url)
Ejemplo n.º 20
0
 def test_non_courseware_url(self):
     with restrict_course(self.course.id):
         response = self.client.get(self.non_courseware_url)
         self.assertEqual(response.status_code, 200)
Ejemplo n.º 21
0
 def test_embargo_restrict(self):
     with restrict_course(self.course.id) as redirect_url:
         response = self.client.get(self.url)
         self.assertRedirects(response, redirect_url)
Ejemplo n.º 22
0
 def test_blocked(self):
     with restrict_course(self.course.id, access_point='courseware') as redirect_url:
         response = self.client.get(self.courseware_url)
         self.assertRedirects(response, redirect_url)
Ejemplo n.º 23
0
    def test_embargo_change_enrollment_restrict_geoip(self):
        """ Validates that enrollment changes are blocked if the request originates from an embargoed country. """

        # Use the helper to setup the embargo and simulate a request from a blocked IP address.
        with restrict_course(self.course.id) as redirect_path:
            self.assert_access_denied(redirect_path)