def test_on_auth_complete(self):
""" Verify the function receives the auth_complete_signal signal, and updates course permissions. """
# No initial permissions
permissions.set_user_course_permissions(self.user, [])
self.assertFalse(
permissions.user_can_view_course(self.user, self.course_id))
# Permissions can be granted
id_token = {
claim: [self.course_id]
for claim in settings.COURSE_PERMISSIONS_CLAIMS
}
EdXOpenIdConnect.auth_complete_signal.send(None,
user=self.user,
id_token=id_token)
self.assertTrue(
permissions.user_can_view_course(self.user, self.course_id))
# Permissions can be revoked
revoked_access_id_token = {
claim: list()
for claim in settings.COURSE_PERMISSIONS_CLAIMS
}
EdXOpenIdConnect.auth_complete_signal.send(
None, user=self.user, id_token=revoked_access_id_token)
self.assertFalse(
permissions.user_can_view_course(self.user, self.course_id))
def test_user_can_view_course(self):
"""
Verify basic functionality of user_can_view_course.
"""
# A user with no permissions should not be able to view the course.
permissions.set_user_course_permissions(self.user, [])
self.assertFalse(permissions.user_can_view_course(self.user, self.course_id))
# The user should be able to view the course after the permissions have been set.
permissions.set_user_course_permissions(self.user, [self.course_id])
self.assertTrue(permissions.user_can_view_course(self.user, self.course_id))
def test_user_can_view_course(self):
"""
Verify basic functionality of user_can_view_course.
"""
# A user with no permissions should not be able to view the course.
permissions.set_user_course_permissions(self.user, [])
self.assertFalse(permissions.user_can_view_course(self.user, self.course_id))
# The user should be able to view the course after the permissions have been set.
permissions.set_user_course_permissions(self.user, [self.course_id])
self.assertTrue(permissions.user_can_view_course(self.user, self.course_id))
def test_superuser_can_view_course(self):
""" Verify that superusers can view everything. """
user = self.user
user.is_superuser = True
user.save()
# With no permissions set, a superuser should still be able to view a course.
permissions.set_user_course_permissions(user, [])
self.assertTrue(permissions.user_can_view_course(user, self.course_id))
# With permissions set, a superuser should be able to view a course
# (although the individual permissions don't matter).
permissions.set_user_course_permissions(user, [self.course_id])
self.assertTrue(permissions.user_can_view_course(user, self.course_id))
def test_superuser_can_view_course(self):
""" Verify that superusers can view everything. """
user = self.user
user.is_superuser = True
user.save()
# With no permissions set, a superuser should still be able to view a course.
permissions.set_user_course_permissions(user, [])
self.assertTrue(permissions.user_can_view_course(user, self.course_id))
# With permissions set, a superuser should be able to view a course
# (although the individual permissions don't matter).
permissions.set_user_course_permissions(user, [self.course_id])
self.assertTrue(permissions.user_can_view_course(user, self.course_id))
def test_revoke_user_permissions(self):
courses = [self.course_id]
permissions_key = 'course_permissions_{}'.format(self.user.pk)
update_key = 'course_permissions_updated_at_{}'.format(self.user.pk)
# Set permissions and verify cache is updated
permissions.set_user_course_permissions(self.user, courses)
self.assertListEqual(cache.get(permissions_key), courses)
self.assertIsNotNone(cache.get(update_key))
self.assertTrue(permissions.user_can_view_course(self.user, self.course_id))
# Revoke permissions and verify cache cleared
permissions.revoke_user_course_permissions(self.user)
self.assertIsNone(cache.get(permissions_key))
self.assertIsNone(cache.get(update_key))
def test_on_auth_complete(self):
""" Verify the function receives the auth_complete_signal signal, and updates course permissions. """
# No initial permissions
permissions.set_user_course_permissions(self.user, [])
self.assertFalse(permissions.user_can_view_course(self.user, self.course_id))
# Permissions can be granted
id_token = {claim: [self.course_id] for claim in settings.COURSE_PERMISSIONS_CLAIMS}
EdXOpenIdConnect.auth_complete_signal.send(None, user=self.user, id_token=id_token)
self.assertTrue(permissions.user_can_view_course(self.user, self.course_id))
# Permissions can be revoked
revoked_access_id_token = {claim: list() for claim in settings.COURSE_PERMISSIONS_CLAIMS}
EdXOpenIdConnect.auth_complete_signal.send(None, user=self.user, id_token=revoked_access_id_token)
self.assertFalse(permissions.user_can_view_course(self.user, self.course_id))
def test_revoke_user_permissions(self):
courses = [self.course_id]
permissions_key = 'course_permissions_{}'.format(self.user.pk)
update_key = 'course_permissions_updated_at_{}'.format(self.user.pk)
# Set permissions and verify cache is updated
permissions.set_user_course_permissions(self.user, courses)
self.assertListEqual(cache.get(permissions_key), courses)
self.assertIsNotNone(cache.get(update_key))
self.assertTrue(permissions.user_can_view_course(self.user, self.course_id))
# Revoke permissions and verify cache cleared
permissions.revoke_user_course_permissions(self.user)
self.assertIsNone(cache.get(permissions_key))
self.assertIsNone(cache.get(update_key))
def get(self, request, *_args, **_kwargs):
if not settings.ENABLE_AUTO_AUTH:
raise Http404
# Create a new user
username = password = '******' + uuid.uuid4().hex[0:20]
user = User.objects.create_user(username, password=password)
# Grant user access to demo course
permissions.set_user_course_permissions(user, ['edX/DemoX/Demo_Course'])
# Login the new user
user = authenticate(username=username, password=password)
login(request, user)
return redirect('/')
def test_set_user_course_permissions(self):
courses = []
permissions.set_user_course_permissions(self.user, courses)
permissions_key = 'course_permissions_{}'.format(self.user.pk)
self.assertListEqual(cache.get(permissions_key), courses)
update_key = 'course_permissions_updated_at_{}'.format(self.user.pk)
last_updated = cache.get(update_key)
self.assertIsNotNone(last_updated)
courses = [self.course_id]
permissions.set_user_course_permissions(self.user, courses)
self.assertListEqual(cache.get(permissions_key), courses)
self.assertGreater(cache.get(update_key), last_updated)
self.assertTrue(permissions.user_can_view_course(self.user, self.course_id))
def test_set_user_course_permissions(self):
courses = []
permissions.set_user_course_permissions(self.user, courses)
permissions_key = 'course_permissions_{}'.format(self.user.pk)
self.assertListEqual(cache.get(permissions_key), courses)
update_key = 'course_permissions_updated_at_{}'.format(self.user.pk)
last_updated = cache.get(update_key)
self.assertIsNotNone(last_updated)
courses = [self.course_id]
permissions.set_user_course_permissions(self.user, courses)
self.assertListEqual(cache.get(permissions_key), courses)
self.assertGreater(cache.get(update_key), last_updated)
self.assertTrue(permissions.user_can_view_course(self.user, self.course_id))
def get(self, request, *_args, **_kwargs):
if not settings.ENABLE_AUTO_AUTH:
raise Http404
if not settings.AUTO_AUTH_USERNAME_PREFIX:
raise ValueError('AUTO_AUTH_USERNAME_PREFIX must be set!')
# Create a new user
username = password = settings.AUTO_AUTH_USERNAME_PREFIX + uuid.uuid4().hex[0:20]
user = User.objects.create_user(username, password=password)
# Grant user access to demo course
permissions.set_user_course_permissions(user, ['edX/DemoX/Demo_Course'])
# Login the new user
user = authenticate(username=username, password=password)
login(request, user)
return redirect('/')
def assertViewClearsPermissions(self, view_name):
self.login()
user = self.user
course_id = 'edX/DemoX/Demo_Course'
courses = [course_id]
permissions_key = 'course_permissions_{}'.format(user.pk)
update_key = 'course_permissions_updated_at_{}'.format(user.pk)
# Set permissions and verify cache is updated
set_user_course_permissions(user, courses)
self.assertListEqual(cache.get(permissions_key), courses)
self.assertIsNotNone(cache.get(update_key))
self.assertTrue(user_can_view_course(user, course_id))
# Logout by GETing the URL. self.client.logout() doesn't actually call this view.
response = self.client.get(reverse(view_name))
# Verify cache cleared
self.assertIsNone(cache.get(permissions_key))
self.assertIsNone(cache.get(update_key))
return response
def assertViewClearsPermissions(self, view_name):
self.login()
user = self.user
course_id = 'edX/DemoX/Demo_Course'
courses = [course_id]
permissions_key = 'course_permissions_{}'.format(user.pk)
update_key = 'course_permissions_updated_at_{}'.format(user.pk)
# Set permissions and verify cache is updated
set_user_course_permissions(user, courses)
self.assertListEqual(cache.get(permissions_key), courses)
self.assertIsNotNone(cache.get(update_key))
self.assertTrue(user_can_view_course(user, course_id))
# Logout by GETing the URL. self.client.logout() doesn't actually call this view.
response = self.client.get(reverse(view_name))
# Verify cache cleared
self.assertIsNone(cache.get(permissions_key))
self.assertIsNone(cache.get(update_key))
return response
def grant_permission(self, user, *courses):
set_user_course_permissions(user, courses)
def grant_permission(self, user, *courses):
set_user_course_permissions(user, courses)
def set_empty_permissions(user):
set_user_course_permissions(user, [])
return []
def set_empty_permissions(user):
set_user_course_permissions(user, [])
return []
