def setUp(self):
super().setUp()
self.student = UserFactory.create(username='******')
self.course_key = 'course-v1:testX+test101+2T2020'
self.site = SiteFactory()
self.site_configuration = SiteConfigurationFactory(site=self.site)
ApplicationFactory.create(name='credentials')
UserFactory.create(username=settings.CREDENTIALS_SERVICE_USERNAME)
self.create_credentials_config()
self.inverted_programs = {self.course_key: [{'uuid': 1}, {'uuid': 2}]}
def setUp(self):
super().setUp()
ApplicationFactory(name=CredentialsApiConfig.OAUTH2_CLIENT_NAME)
self.credentials_config = self.create_credentials_config(cache_ttl=1)
self.user = UserFactory()
def setUp(self):
super(TestGetCredentials, self).setUp() # lint-amnesty, pylint: disable=super-with-arguments
ApplicationFactory(name=CredentialsApiConfig.OAUTH2_CLIENT_NAME)
self.credentials_config = self.create_credentials_config(cache_ttl=1)
self.user = UserFactory()
def test_oauth(self):
""" Verify the endpoint supports authentication via OAuth 2.0. """
access_token = AccessTokenFactory(
user=self.user, application=ApplicationFactory()).token
headers = {'HTTP_AUTHORIZATION': 'Bearer ' + access_token}
self.client.logout()
response = self.client.get(self.path, **headers)
assert response.status_code == 200
def test_safe_redirect_oauth2(self, client_redirect_uri, redirect_url, host, expected_is_safe):
""" Test safe redirect_url parameter when logging out OAuth2 client. """
application = ApplicationFactory(redirect_uris=client_redirect_uri)
params = {
'client_id': application.client_id,
'redirect_url': redirect_url,
}
req = self.request.get('/logout?{}'.format(urlencode(params)), HTTP_HOST=host)
actual_is_safe = is_safe_login_or_logout_redirect(req, redirect_url)
self.assertEqual(actual_is_safe, expected_is_safe)
def test_safe_redirect_oauth2(self, client_redirect_uri, redirect_url,
host, expected_is_safe):
""" Test safe redirect_url parameter when logging out OAuth2 client. """
application = ApplicationFactory(redirect_uris=client_redirect_uri)
params = {
'client_id': application.client_id,
'redirect_url': redirect_url,
}
req = self.request.get(f'/logout?{urlencode(params)}', HTTP_HOST=host)
actual_is_safe = self._is_safe_redirect(req, redirect_url)
assert actual_is_safe == expected_is_safe
def setUp(self):
super(AwardCourseCertificatesTestCase, self).setUp() # lint-amnesty, pylint: disable=super-with-arguments
self.available_date = datetime.now(pytz.UTC) + timedelta(days=1)
self.course = CourseOverviewFactory.create(
self_paced=
True, # Any option to allow the certificate to be viewable for the course
certificate_available_date=self.available_date,
)
self.student = UserFactory.create(username='******')
# Instantiate the Certificate first so that the config doesn't execute issuance
self.certificate = GeneratedCertificateFactory.create(
user=self.student,
mode='verified',
course_id=self.course.id,
status='downloadable')
self.create_credentials_config()
self.site = SiteFactory()
ApplicationFactory.create(name='credentials')
UserFactory.create(username=settings.CREDENTIALS_SERVICE_USERNAME)
def setUp(self):
super().setUp()
self.available_date = datetime.now(pytz.UTC) + timedelta(days=1)
self.course = CourseOverviewFactory.create(
self_paced=True, # Any option to allow the certificate to be viewable for the course
certificate_available_date=self.available_date,
certificates_display_behavior=CertificatesDisplayBehaviors.END_WITH_DATE
)
self.student = UserFactory.create(username='******')
# Instantiate the Certificate first so that the config doesn't execute issuance
self.certificate = GeneratedCertificateFactory.create(
user=self.student,
mode='verified',
course_id=self.course.id,
status='downloadable'
)
self.create_credentials_config()
self.site = SiteFactory()
ApplicationFactory.create(name='credentials')
UserFactory.create(username=settings.CREDENTIALS_SERVICE_USERNAME)
def test_oauth(self):
""" Verify the endpoint supports OAuth, and only allows authorization for staff users. """
user = UserFactory(is_staff=False)
oauth_client = ApplicationFactory.create()
access_token = AccessTokenFactory.create(
user=user, application=oauth_client).token
headers = {'HTTP_AUTHORIZATION': 'Bearer ' + access_token}
# Non-staff users should not have access to the API
response = self.client.get(self.path, **headers)
assert response.status_code == 403
# Staff users should have access to the API
user.is_staff = True
user.save()
response = self.client.get(self.path, **headers)
assert response.status_code == 200
def test_oauth_list(self, path_name):
""" Verify the endpoints supports OAuth, and only allows authorization for staff users. """
path = reverse(path_name,
kwargs={'course_key_string': self.course_str})
user = UserFactory(is_staff=False)
oauth_client = ApplicationFactory.create()
access_token = AccessTokenFactory.create(
user=user, application=oauth_client).token
headers = {'HTTP_AUTHORIZATION': 'Bearer ' + access_token}
# Non-staff users should not have access to the API
response = self.client.get(path=path, **headers)
self.assertEqual(response.status_code, 403)
# Staff users should have access to the API
user.is_staff = True
user.save()
response = self.client.get(path=path, **headers)
self.assertEqual(response.status_code, 200)
def test_oauth_csv(self):
""" Verify the endpoint supports OAuth, and only allows authorization for staff users. """
cohorts.add_cohort(self.course_key, "DEFAULT", "random")
path = reverse('api_cohorts:cohort_users_csv',
kwargs={'course_key_string': self.course_str})
user = UserFactory(is_staff=False)
oauth_client = ApplicationFactory.create()
access_token = AccessTokenFactory.create(
user=user, application=oauth_client).token
headers = {'HTTP_AUTHORIZATION': 'Bearer ' + access_token}
# Non-staff users should not have access to the API
response = self.client.post(path=path, **headers)
assert response.status_code == 403
# Staff users should have access to the API
user.is_staff = True
user.save()
response = self.client.post(path=path, **headers)
assert response.status_code == 400
def create_user_and_access_token(self):
self.user = GlobalStaffFactory.create()
self.oauth_client = ApplicationFactory.create()
self.access_token = AccessTokenFactory.create(
user=self.user, application=self.oauth_client).token
def _create_oauth_client(self):
""" Creates a trusted OAuth client. """
return ApplicationFactory(
redirect_uris='https://www.example.com/logout/',
skip_authorization=True)
