def test_third_party_auth_enrollment_embargo(self):
course = CourseFactory.create()
# Start the pipeline attempting to enroll in a restricted course
with restrict_course(course.id) as redirect_url:
response = self.client.get(reverse("account_login"), {"course_id": unicode(course.id)})
# Expect that the course ID has been removed from the
# login URLs (so the user won't be enrolled) and
# the ?next param sends users to the blocked message.
expected_providers = [
{
"name": "Facebook",
"iconClass": "fa-facebook",
"loginUrl": self._third_party_login_url(
"facebook", "login", course_id=unicode(course.id), redirect_url=redirect_url
),
"registerUrl": self._third_party_login_url(
"facebook", "register", course_id=unicode(course.id), redirect_url=redirect_url
),
},
{
"name": "Google",
"iconClass": "fa-google-plus",
"loginUrl": self._third_party_login_url(
"google-oauth2", "login", course_id=unicode(course.id), redirect_url=redirect_url
),
"registerUrl": self._third_party_login_url(
"google-oauth2", "register", course_id=unicode(course.id), redirect_url=redirect_url
),
},
]
self._assert_third_party_auth_data(response, None, expected_providers)
def test_blocked(self, disable_access_check):
with restrict_course(self.course.id, access_point='courseware', disable_access_check=disable_access_check) as redirect_url: # pylint: disable=line-too-long
response = self.client.get(self.courseware_url)
if disable_access_check:
self.assertEqual(response.status_code, 200)
else:
self.assertRedirects(response, redirect_url)
def test_blocked(self, disable_access_check):
with restrict_course(self.course.id, access_point='courseware', disable_access_check=disable_access_check) as redirect_url: # pylint: disable=line-too-long
response = self.client.get(self.courseware_url)
if disable_access_check:
self.assertEqual(response.status_code, 200)
else:
self.assertRedirects(response, redirect_url)
def test_always_allow_course_detail_access(self):
""" Access to the Course Structure API's course detail endpoint should always be granted. """
# Make the user staff so that it has permissions to access the views.
self.user.is_staff = True
self.user.save() # pylint: disable=no-member
# Blacklist an IP address
ip_address = "192.168.10.20"
IPFilter.objects.create(
blacklist=ip_address,
enabled=True
)
url = reverse('course_structure_api:v0:detail', kwargs={'course_id': unicode(self.course.id)})
response = self.client.get(
url,
HTTP_X_FORWARDED_FOR=ip_address,
REMOTE_ADDR=ip_address
)
self.assertEqual(response.status_code, 200)
# Test with a fully-restricted course
with restrict_course(self.course.id):
response = self.client.get(
url,
HTTP_X_FORWARDED_FOR=ip_address,
REMOTE_ADDR=ip_address
)
self.assertEqual(response.status_code, 200)
def test_always_allow_course_detail_access(self):
""" Access to the Course Structure API's course detail endpoint should always be granted. """
# Make the user staff so that it has permissions to access the views.
self.user.is_staff = True
self.user.save() # pylint: disable=no-member
# Blacklist an IP address
ip_address = "192.168.10.20"
IPFilter.objects.create(
blacklist=ip_address,
enabled=True
)
url = reverse('course_structure_api:v0:detail', kwargs={'course_id': unicode(self.course.id)})
response = self.client.get(
url,
HTTP_X_FORWARDED_FOR=ip_address,
REMOTE_ADDR=ip_address
)
self.assertEqual(response.status_code, 200)
# Test with a fully-restricted course
with restrict_course(self.course.id):
response = self.client.get(
url,
HTTP_X_FORWARDED_FOR=ip_address,
REMOTE_ADDR=ip_address
)
self.assertEqual(response.status_code, 200)
def test_embargo_restriction(self):
"""
The view should return HTTP 403 status if the course is embargoed.
"""
with restrict_course(self.course.id) as redirect_url:
response = self._post_to_view()
self.assertEqual(403, response.status_code)
body = json.loads(response.content)
self.assertEqual(get_absolute_url(redirect_url), body["user_message_url"])
def test_embargo_restriction(self):
"""
The view should return HTTP 403 status if the course is embargoed.
"""
with restrict_course(self.course.id) as redirect_url:
response = self._post_to_view()
self.assertEqual(403, response.status_code)
body = json.loads(response.content)
self.assertEqual(get_absolute_url(redirect_url), body['user_message_url'])
def test_blocked_by_embargo(self):
strategy = self._fake_strategy()
strategy.session_set('enroll_course_id', unicode(self.course.id))
with restrict_course(self.course.id):
result = pipeline.change_enrollment(strategy, 1, user=self.user) # pylint: disable=assignment-from-no-return,redundant-keyword-arg
# Verify that we were NOT enrolled
self.assertEqual(result, {})
self.assertFalse(CourseEnrollment.is_enrolled(self.user, self.course.id))
def test_blocked_by_embargo(self):
strategy = self._fake_strategy()
strategy.session_set('enroll_course_id', unicode(self.course.id))
with restrict_course(self.course.id):
result = pipeline.change_enrollment(strategy, 1, user=self.user) # pylint: disable=assignment-from-no-return,redundant-keyword-arg
# Verify that we were NOT enrolled
self.assertEqual(result, {})
self.assertFalse(CourseEnrollment.is_enrolled(self.user, self.course.id))
def test_embargo_restrict(self):
# When accessing the course from an embargoed country,
# we should be blocked.
with restrict_course(self.course.id) as redirect_url:
response = self._change_enrollment('enroll')
self.assertEqual(response.status_code, 200)
self.assertEqual(response.content, redirect_url)
# Verify that we weren't enrolled
is_enrolled = CourseEnrollment.is_enrolled(self.user, self.course.id)
self.assertFalse(is_enrolled)
def test_embargo_restrict(self):
# When accessing the course from an embargoed country,
# we should be blocked.
with restrict_course(self.course.id) as redirect_url:
response = self._change_enrollment('enroll')
self.assertEqual(response.status_code, 200)
self.assertEqual(response.content, redirect_url)
# Verify that we weren't enrolled
is_enrolled = CourseEnrollment.is_enrolled(self.user, self.course.id)
self.assertFalse(is_enrolled)
def test_whitelist_ip_skips_country_access_checks(self):
# Whitelist an IP address
IPFilter.objects.create(whitelist="192.168.10.20", enabled=True)
# Set up country access rules so the user would
# be restricted from the course.
with restrict_course(self.course.id):
# Make a request from the whitelisted IP address
response = self.client.get(self.courseware_url,
HTTP_X_FORWARDED_FOR="192.168.10.20",
REMOTE_ADDR="192.168.10.20")
# Expect that we were still able to access the page,
# even though we would have been blocked by country
# access rules.
self.assertEqual(response.status_code, 200)
def test_whitelist_ip_skips_country_access_checks(self):
# Whitelist an IP address
IPFilter.objects.create(whitelist="192.168.10.20", enabled=True)
# Set up country access rules so the user would
# be restricted from the course.
with restrict_course(self.course.id):
# Make a request from the whitelisted IP address
response = self.client.get(
self.courseware_url, HTTP_X_FORWARDED_FOR="192.168.10.20", REMOTE_ADDR="192.168.10.20"
)
# Expect that we were still able to access the page,
# even though we would have been blocked by country
# access rules.
self.assertEqual(response.status_code, 200)
def test_third_party_auth_enrollment_embargo(self):
course = CourseFactory.create()
# Start the pipeline attempting to enroll in a restricted course
with restrict_course(course.id) as redirect_url:
response = self.client.get(reverse("account_login"),
{"course_id": unicode(course.id)})
# Expect that the course ID has been removed from the
# login URLs (so the user won't be enrolled) and
# the ?next param sends users to the blocked message.
expected_providers = [{
"name":
"Facebook",
"iconClass":
"fa-facebook",
"loginUrl":
self._third_party_login_url("facebook",
"login",
course_id=unicode(course.id),
redirect_url=redirect_url),
"registerUrl":
self._third_party_login_url("facebook",
"register",
course_id=unicode(course.id),
redirect_url=redirect_url)
}, {
"name":
"Google",
"iconClass":
"fa-google-plus",
"loginUrl":
self._third_party_login_url("google-oauth2",
"login",
course_id=unicode(course.id),
redirect_url=redirect_url),
"registerUrl":
self._third_party_login_url("google-oauth2",
"register",
course_id=unicode(course.id),
redirect_url=redirect_url)
}]
self._assert_third_party_auth_data(response, None,
expected_providers)
def test_embargo_change_enrollment_restrict(self):
url = reverse('courseenrollments')
data = json.dumps({
'course_details': {
'course_id': unicode(self.course.id)
},
'user': self.user.username
})
# Attempt to enroll from a country embargoed for this course
with restrict_course(self.course.id) as redirect_url:
response = self.client.post(url, data, content_type='application/json')
# Expect an error response
self.assertEqual(response.status_code, 403)
# Expect that the redirect URL is included in the response
resp_data = json.loads(response.content)
self.assertEqual(resp_data['user_message_url'], redirect_url)
# Verify that we were not enrolled
self.assertEqual(self._get_enrollments(), [])
def test_non_courseware_url(self):
with restrict_course(self.course.id):
response = self.client.get(self.non_courseware_url)
self.assertEqual(response.status_code, 200)
def test_embargo_change_enrollment_restrict_geoip(self):
""" Validates that enrollment changes are blocked if the request originates from an embargoed country. """
# Use the helper to setup the embargo and simulate a request from a blocked IP address.
with restrict_course(self.course.id) as redirect_path:
self.assert_access_denied(redirect_path)
def test_blocked(self):
with restrict_course(self.course.id, access_point='courseware') as redirect_url:
response = self.client.get(self.courseware_url)
self.assertRedirects(response, redirect_url)
def test_embargo_restrict(self):
with restrict_course(self.course.id) as redirect_url:
response = self.client.get(self.url)
self.assertRedirects(response, redirect_url)
def test_non_courseware_url(self):
with restrict_course(self.course.id):
response = self.client.get(self.non_courseware_url)
self.assertEqual(response.status_code, 200)
def test_embargo_restrict(self):
with restrict_course(self.course.id) as redirect_url:
response = self.client.get(self.url)
self.assertRedirects(response, redirect_url)
def test_blocked(self):
with restrict_course(self.course.id, access_point='courseware') as redirect_url:
response = self.client.get(self.courseware_url)
self.assertRedirects(response, redirect_url)
def test_embargo_change_enrollment_restrict_geoip(self):
""" Validates that enrollment changes are blocked if the request originates from an embargoed country. """
# Use the helper to setup the embargo and simulate a request from a blocked IP address.
with restrict_course(self.course.id) as redirect_path:
self.assert_access_denied(redirect_path)