def refresh_user_course_permissions(user):
"""
Refresh user course permissions from the auth server.
Arguments
user (User) -- User whose permissions should be refreshed
"""
backend = EdXOpenIdConnect(strategy=load_strategy())
user_social_auth = user.social_auth.filter(provider=backend.name).first()
if not user_social_auth:
raise UserNotAssociatedWithBackendError
access_token = user_social_auth.extra_data.get('access_token')
if not access_token:
raise InvalidAccessTokenError
courses = _get_user_courses(access_token, backend)
# If the backend does not provide course permissions, assign no permissions and log a warning as there may be an
# issue with the backend provider.
if not courses:
logger.warning(
'Authorization server did not return course permissions. Defaulting to no course access.'
)
courses = []
set_user_course_permissions(user, courses)
return courses
def test_deprecated(self):
""" Attempts to instantiate EdXOpenIdConnect should fire a warning. """
with mock.patch('warnings.warn') as mock_warn:
EdXOpenIdConnect(self.strategy, redirect_uri=self.complete_url)
mock_warn.assert_called_once_with(
'EdXOpenIdConnect is deprecated. Please use EdXOAuth2.',
DeprecationWarning)
def _get_user_claims_values(user, claims):
""" Return a list of values associate with the user claims. """
backend = EdXOpenIdConnect(strategy=load_strategy())
user_social_auth = user.social_auth.filter(provider=backend.name).first()
if not user_social_auth:
raise UserNotAssociatedWithBackendError
access_token = user_social_auth.extra_data.get('access_token')
token_type = user_social_auth.extra_data.get('token_type', 'Bearer')
if not access_token:
raise InvalidAccessTokenError
try:
data = backend.get_user_claims(access_token, claims, token_type=token_type)
except Exception as e:
raise PermissionsRetrievalFailedError(e)
return data
def _get_user_claims_values(user, claims):
""" Return a list of values associate with the user claims. """
backend = EdXOpenIdConnect(strategy=load_strategy())
user_social_auth = user.social_auth.filter(provider=backend.name).first()
if not user_social_auth:
raise UserNotAssociatedWithBackendError
access_token = user_social_auth.extra_data.get('access_token')
token_type = user_social_auth.extra_data.get('token_type', 'Bearer')
if not access_token:
raise InvalidAccessTokenError
try:
data = backend.get_user_claims(access_token,
claims,
token_type=token_type)
except Exception as e:
raise PermissionsRetrievalFailedError(e)
return data
def test_get_user_claims(self):
backend = EdXOpenIdConnect()
data = backend.get_user_claims(self.fake_access_token, claims=['a-claim'])
self.assertDictEqual(data, {'a-claim': 'some-data'})