def construct_enterprise_course_consent_url(request, course_id,
enterprise_customer_uuid):
"""
Construct the URL that should be used for redirecting the user to the Enterprise service for
collecting consent.
"""
site = request.site
failure_url = '{base}?{params}'.format(
base=get_lms_dashboard_url(),
params=urlencode({
'enterprise_customer': enterprise_customer_uuid,
CONSENT_FAILED_PARAM: course_id
}),
)
request_params = {
'course_id': course_id,
'enterprise_customer_uuid': enterprise_customer_uuid,
'next': absolute_url(request, 'checkout:free-checkout'),
'failure_url': failure_url,
}
redirect_url = '{base}?{params}'.format(
base=site.siteconfiguration.enterprise_grant_data_sharing_url,
params=urlencode(request_params))
return redirect_url
def core(request):
return {
'lms_base_url': get_lms_url(),
'lms_dashboard_url': get_lms_dashboard_url(),
'platform_name': request.site.name,
'support_url': request.site.siteconfiguration.payment_support_url,
}
def construct_enterprise_course_consent_url(request,
course_id,
enterprise_customer_uuid,
consent_url_param_dict=None):
"""
Construct the URL that should be used for redirecting the user to the Enterprise service for
collecting consent.
"""
site = request.site
failure_url = '{base}?{params}'.format(
base=get_lms_dashboard_url(),
params=urlencode({
'enterprise_customer': enterprise_customer_uuid,
CONSENT_FAILED_PARAM: course_id
}),
)
request_params = {
'course_id': course_id,
'enterprise_customer_uuid': enterprise_customer_uuid,
'next': absolute_url(request, 'checkout:free-checkout'),
'failure_url': failure_url,
'source': 'ecommerce-free-checkout',
}
# Insert any extra forwarded params from the original request:
request_params.update(consent_url_param_dict or {})
redirect_url = '{base}?{params}'.format(
base=site.siteconfiguration.enterprise_grant_data_sharing_url,
params=urlencode(request_params)
)
return redirect_url
def get_order_dashboard_context(self, order):
program_uuid = get_program_uuid(order)
if program_uuid:
order_dashboard_url = get_lms_program_dashboard_url(program_uuid)
else:
order_dashboard_url = get_lms_dashboard_url()
return {'order_dashboard_url': order_dashboard_url}
def core(request):
return {
'lms_base_url': get_lms_url(),
'lms_dashboard_url': get_lms_dashboard_url(),
'platform_name': request.site.name,
'support_url': settings.SUPPORT_URL,
}
def test_core(self):
request = get_current_request()
self.assertDictEqual(
core(request), {
'lms_base_url': get_lms_url(),
'lms_dashboard_url': get_lms_dashboard_url(),
'platform_name': request.site.name,
'support_url': SUPPORT_URL
})
def test_core(self):
request = get_current_request()
self.assertDictEqual(
core(request),
{
'lms_base_url': get_lms_url(),
'lms_dashboard_url': get_lms_dashboard_url(),
'platform_name': request.site.name,
'support_url': request.site.siteconfiguration.payment_support_url,
}
)
def core(request):
site = request.site
site_configuration = site.siteconfiguration
return {
'lms_base_url': get_lms_url(),
'lms_dashboard_url': get_lms_dashboard_url(),
'platform_name': site.name,
'support_url': site_configuration.payment_support_url,
'optimizely_snippet_src': site_configuration.optimizely_snippet_src,
}
def test_core(self):
request = get_current_request()
self.assertDictEqual(
core(request),
{
'lms_base_url': get_lms_url(),
'lms_dashboard_url': get_lms_dashboard_url(),
'platform_name': request.site.name,
'support_url': SUPPORT_URL
}
)
def test_unauthorized_redirection(self):
"""Test that users not authorized to access the Oscar front-end are redirected to the LMS dashboard."""
user = self.create_user()
# Log in as a user not authorized to view the Oscar front-end (no staff permissions)
success = self.client.login(username=user.username, password=self.password)
self.assertTrue(success)
response = self.client.get(reverse('dashboard:index'))
# Test client can't fetch external URLs, so fetch_redirect_response is set to
# False to avoid loading the final page
self.assertRedirects(response, get_lms_dashboard_url(), fetch_redirect_response=False)
def core(request):
site = request.site
site_configuration = site.siteconfiguration
return {
'lms_base_url': get_lms_url(),
'lms_dashboard_url': get_lms_dashboard_url(),
'platform_name': site.name,
'support_url': site_configuration.payment_support_url,
'optimizely_snippet_src': site_configuration.optimizely_snippet_src,
'OSCAR_DEFAULT_CURRENCY': settings.OSCAR_DEFAULT_CURRENCY,
'CURRENCY_SYMBOL': settings.CURRENCY_SYMBOL
}
def test_unauthorized_redirection(self):
"""Test that users not authorized to access the Oscar front-end are redirected to the LMS dashboard."""
user = self.create_user()
# Log in as a user not authorized to view the Oscar front-end (no staff permissions)
success = self.client.login(username=user.username,
password=self.password)
self.assertTrue(success)
response = self.client.get(reverse('dashboard:index'))
# Test client can't fetch external URLs, so fetch_redirect_response is set to
# False to avoid loading the final page
self.assertRedirects(response,
get_lms_dashboard_url(),
fetch_redirect_response=False)
def handler403(_):
"""Redirect unauthorized users to the LMS student dashboard.
Removing URLs isn't the most elegant way to hide Oscar's front-end from
public view. It would require revising templates and parts of the Oscar core
which assume that these URLs exist. However, a clean way to, in effect,
disable these URLs is to only make them available to users with staff
permissions, the same protection used to guard the management dashboard from
public access.
This minimally invasive approach allows us to protect Oscar's front-end
without sacrificing any internal functionality. Users not authorized to view
Oscar's front-end are redirected to the LMS student dashboard, as one would
usually be after signing into the LMS.
"""
return redirect(get_lms_dashboard_url())
def handler403(_, exception): # pylint: disable=unused-argument
"""Redirect unauthorized users to the LMS student dashboard.
Removing URLs isn't the most elegant way to hide Oscar's front-end from
public view. It would require revising templates and parts of the Oscar core
which assume that these URLs exist. However, a clean way to, in effect,
disable these URLs is to only make them available to users with staff
permissions, the same protection used to guard the management dashboard from
public access.
This minimally invasive approach allows us to protect Oscar's front-end
without sacrificing any internal functionality. Users not authorized to view
Oscar's front-end are redirected to the LMS student dashboard, as one would
usually be after signing into the LMS.
"""
return redirect(get_lms_dashboard_url())
def test_handle_redirection(self):
"""
Verify redirection with proper cookie.
"""
expected_course_id = "fake_course_id"
course_id_hash = base64.b64encode(expected_course_id.encode())
url = '{}?course={}'.format(self.path, course_id_hash)
response = self.client.get(url)
actual_course_id_hash = response.cookies.get(
'pendingTransactionCourse').value
actual_course_id = base64.b64decode(actual_course_id_hash)
self.assertEqual(actual_course_id, expected_course_id)
self.assertRedirects(response,
get_lms_dashboard_url(),
fetch_redirect_response=False)
def test_core(self):
site_configuration = self.site.siteconfiguration
site_configuration.optimizely_snippet_src = Faker().url()
site_configuration.save()
self.assertEqual(
core(self.request),
{
'lms_base_url': get_lms_url(),
'lms_dashboard_url': get_lms_dashboard_url(),
'platform_name': self.site.name,
'support_url': site_configuration.payment_support_url,
'logo_url': get_logo_url(),
'favicon_url': get_favicon_url(),
'optimizely_snippet_src': site_configuration.optimizely_snippet_src,
}
)
def core(request):
all_lines = Basket.objects.get(id=request.basket.id).all_lines()
product = Product.objects.get(id=all_lines[0].product_id)
course = Course.objects.get(id=product.course_id)
parent_product = Product.objects.get(course=product.course_id,
structure='parent')
microsite_url = re.search('microsite_root_url:(.*):end_microsite_root_url',
parent_product.description).group(1)
return {
'lms_base_url': get_lms_url(),
'lms_dashboard_url': get_lms_dashboard_url(),
'platform_name': request.site.name,
'support_url': request.site.siteconfiguration.payment_support_url,
'microsite_url': microsite_url,
'parent_product': parent_product
}
def handle_redirection(request):
"""
Handle AuthorizeNet redirection. This view will be called when a user clicks on continue button
from AuthorizeNet receipt page. It will handle Transaction cookie named as "pendingTransactionCourse".
Transaction cookie should contain encrypted course id for which transaction has been performed butq
notification is yet to be received. This cookie will be used at LMS-side to display waiting
alert to the user.
"""
domain = settings.ECOMMERCE_COOKIE_DOMAIN
lms_dashboard = get_lms_dashboard_url()
response = redirect(lms_dashboard)
course_id_hash = request.GET.get('course')
if course_id_hash:
response.set_cookie('pendingTransactionCourse',
course_id_hash,
domain=domain)
return response
def test_unauthorized_homepage_redirection(self):
"""Test that users unauthorized to access the Oscar front-end are redirected to LMS Dashboard."""
user = self.create_user(
) # unauthorized user cannot view the Oscar Dashboard
success = self.client.login(username=user.username,
password=self.password)
self.assertTrue(success)
response = self.client.get('/')
# Unauthorized users are first redirected to oscar dashboard
# status code of 302 verifies further redirection on LMS dashboard
self.assertRedirects(response,
reverse('dashboard:index'),
target_status_code=302)
response = self.client.get(response.url)
# Test client can't fetch external URLs, so fetch_redirect_response is set to
# False to avoid loading the final page
self.assertRedirects(response,
get_lms_dashboard_url(),
fetch_redirect_response=False)
