def refresh_user_course_permissions(user):
"""
Refresh user course permissions from the auth server.
Arguments
user (User) -- User whose permissions should be refreshed
"""
backend = EdXOpenIdConnect(strategy=load_strategy())
user_social_auth = user.social_auth.filter(provider=backend.name).first()
if not user_social_auth:
raise UserNotAssociatedWithBackendError
access_token = user_social_auth.extra_data.get('access_token')
if not access_token:
raise InvalidAccessTokenError
courses = _get_user_courses(access_token, backend)
# If the backend does not provide course permissions, assign no permissions and log a warning as there may be an
# issue with the backend provider.
if not courses:
logger.warning('Authorization server did not return course permissions. Defaulting to no course access.')
courses = []
set_user_course_permissions(user, courses)
return courses
def refresh_user_course_permissions(user):
"""
Refresh user course permissions from the auth server.
Arguments
user (User) -- User whose permissions should be refreshed
"""
backend = EdXOpenIdConnect(strategy=load_strategy())
user_social_auth = user.social_auth.filter(provider=backend.name).first()
if not user_social_auth:
raise UserNotAssociatedWithBackendError
access_token = user_social_auth.extra_data.get('access_token')
if not access_token:
raise InvalidAccessTokenError
courses = _get_user_courses(access_token, backend)
# If the backend does not provide course permissions, assign no permissions and log a warning as there may be an
# issue with the backend provider.
if not courses:
logger.warning(
'Authorization server did not return course permissions. Defaulting to no course access.'
)
courses = []
set_user_course_permissions(user, courses)
return courses
def create(self, request, *args, **kwargs):
"""
Override `create` instead of `perform_create` to access request
request is necessary for `load_strategy`
"""
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
provider = request.data['provider']
# If this request was made with an authenticated user, try to associate this social account with it
authed_user = request.user if not request.user.is_anonymous() else None
strategy = load_strategy(request)
backend = load_backend(strategy=strategy, name=provider, redirect_uri=None)
if isinstance(backend, BaseOAuth1):
token = {
'oauth_token': request.data['access_token'],
'oauth_token_secret': request.data['access_token_secret'],
}
elif isinstance(backend, BaseOAuth2):
token = request.data['access_token']
try:
user = backend.do_auth(token, user=authed_user)
except AuthAlreadyAssociated:
return Response({"errors": "That social media account is already in use"},
status=status.HTTP_400_BAD_REQUEST)
if user and user.is_active:
# if the access token was set to an empty string, then save the access token from the request
auth_created = user.social_auth.get(provider=provider)
if not auth_created.extra_data['access_token']:
auth_created.extra_data['access_token'] = token
auth_created.save()
# Allow client to send up password to complete auth flow
if not authed_user and 'password' in request.data:
password = base64.decodestring(request.data['password'])
user.set_password(password)
user.save()
# Set instance since we are not calling `serializer.save()`
serializer.instance = user
headers = self.get_success_headers(serializer.data)
return Response(serializer.data, status=status.HTTP_201_CREATED, headers=headers)
else:
return Response({"errors": "Error with social authentication"}, status=status.HTTP_400_BAD_REQUEST)
def obj_create(self, bundle, request=None, **kwargs):
provider = bundle.data['provider']
access_token = bundle.data['access_token']
# If this request was made with an authenticated user, try to associate this social account with it
user = bundle.request.user if not bundle.request.user.is_anonymous() else None
strategy = load_strategy(backend=provider)
# backend = get_backend(settings.AUTHENTICATION_BACKENDS, provider)
user = strategy.backend.do_auth(access_token, user=user)
if user and user.is_active:
bundle.obj = user
return bundle
else:
raise BadRequest("Error authenticating token")
def obj_create(self, bundle, request=None, **kwargs):
provider = bundle.data['provider']
access_token = bundle.data['access_token']
# If this request was made with an authenticated user, try to associate this social account with it
user = bundle.request.user if not bundle.request.user.is_anonymous(
) else None
strategy = load_strategy(backend=provider)
# backend = get_backend(settings.AUTHENTICATION_BACKENDS, provider)
user = strategy.backend.do_auth(access_token, user=user)
if user and user.is_active:
bundle.obj = user
return bundle
else:
raise BadRequest("Error authenticating token")
