def check_course_access(course_key, user=None, ip_address=None, url=None):
"""
Check is the user with this ip_address has access to the given course
Arguments:
course_key (CourseKey): Location of the course the user is trying to access.
Keyword Arguments:
user (User): The user making the request. Can be None, in which case
the user's profile country will not be checked.
ip_address (str): The IP address of the request.
url (str): The URL the user is trying to access. Used in
log messages.
Returns:
Boolean: True if the user has access to the course; False otherwise
"""
# No-op if the country access feature is not enabled
if not settings.FEATURES.get('EMBARGO'):
return True
# First, check whether there are any restrictions on the course.
# If not, then we do not need to do any further checks
course_is_restricted = RestrictedCourse.is_restricted_course(course_key)
if not course_is_restricted:
return True
# Always give global and course staff access, regardless of embargo settings.
if user is not None and has_course_author_access(user, course_key):
return True
if ip_address is not None:
# Retrieve the country code from the IP address
# and check it against the allowed countries list for a course
user_country_from_ip = country_code_from_ip(ip_address)
if not CountryAccessRule.check_country_access(course_key,
user_country_from_ip):
log.info(("Blocking user %s from accessing course %s at %s "
"because the user's IP address %s appears to be "
"located in %s."),
getattr(user, 'id', '<Not Authenticated>'), course_key,
url, ip_address, user_country_from_ip)
return False
if user is not None:
# Retrieve the country code from the user's profile
# and check it against the allowed countries list for a course.
user_country_from_profile = _get_user_country_from_profile(user)
if not CountryAccessRule.check_country_access(
course_key, user_country_from_profile):
log.info(("Blocking user %s from accessing course %s at %s "
"because the user's profile country is %s."), user.id,
course_key, url, user_country_from_profile)
return False
return True
def get_mfe_context(request, redirect_to, tpa_hint=None):
"""
Returns Authn MFE context.
"""
ip_address = get_client_ip(request)[0]
country_code = country_code_from_ip(ip_address)
context = third_party_auth_context(request, redirect_to, tpa_hint)
context.update({
'countryCode': country_code,
})
return context
def setUp(self): # pylint: disable=arguments-differ
"""
Test Setup
"""
super().setUp()
self.url = reverse('mfe_context')
self.query_params = {'next': '/dashboard'}
hostname = socket.gethostname()
ip_address = socket.gethostbyname(hostname)
self.country_code = country_code_from_ip(ip_address)
# Several third party auth providers are created for these tests:
self.configure_google_provider(enabled=True, visible=True)
self.configure_facebook_provider(enabled=True, visible=True)
self.hidden_enabled_provider = self.configure_linkedin_provider(
visible=False,
enabled=True,
)