Updated Commerce API v1 views to use JWT authentication

LEARNER-1375

Updated Commerce API v1 views to use JWT authentication
LEARNER-1375
0b07b53e · Clinton Blackburn · 5dd2c65c · 0b07b53e · 0b07b53e
Commit 0b07b53e authored Jun 08, 2017 by Clinton Blackburn
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 10 deletions

lms/djangoapps/commerce/api/v1/tests/test_views.py
+2 -2

lms/djangoapps/commerce/api/v1/views.py
+6 -8

No files found.
--- a/lms/djangoapps/commerce/api/v1/tests/test_views.py
+++ b/lms/djangoapps/commerce/api/v1/tests/test_views.py
@@ -417,7 +417,7 @@ class OrderViewTests(UserMixin, TestCase):
        self.assertEqual(response.status_code, 404)

    def test_login_required(self):
-        """ The view should return 403 if the user is not logged in. """
+        """ The view should return 401 if the user is not logged in. """
        self.client.logout()
        response = self.client.get(self.path)
-        self.assertEqual(response.status_code, 403)
+        self.assertEqual(response.status_code, 401)
--- a/lms/djangoapps/commerce/api/v1/views.py
+++ b/lms/djangoapps/commerce/api/v1/views.py
-""" API v1 views. """
 import logging

-from django.conf import settings
 from django.contrib.auth.models import User
 from django.http import Http404
 from edx_rest_api_client import exceptions
+from edx_rest_framework_extensions.authentication import JwtAuthentication
 from rest_framework.authentication import SessionAuthentication
-from rest_framework.views import APIView
 from rest_framework.generics import RetrieveUpdateAPIView, ListAPIView
 from rest_framework.permissions import IsAuthenticated
+from rest_framework.views import APIView
 from rest_framework_oauth.authentication import OAuth2Authentication

 from commerce.api.v1.models import Course
@@ -17,7 +16,6 @@ from commerce.api.v1.serializers import CourseSerializer
 from commerce.utils import is_account_activation_requirement_disabled
 from course_modes.models import CourseMode
 from openedx.core.djangoapps.commerce.utils import ecommerce_api_client
-from openedx.core.djangoapps.site_configuration import helpers as configuration_helpers
 from openedx.core.lib.api.mixins import PutAsCreateMixin
 from util.json_request import JsonResponse

@@ -26,7 +24,7 @@ log = logging.getLogger(__name__)

 class CourseListView(ListAPIView):
    """ List courses and modes. """
-    authentication_classes = (OAuth2Authentication, SessionAuthentication,)
+    authentication_classes = (JwtAuthentication, OAuth2Authentication, SessionAuthentication,)
    permission_classes = (IsAuthenticated,)
    serializer_class = CourseSerializer
    pagination_class = None
@@ -40,7 +38,7 @@ class CourseRetrieveUpdateView(PutAsCreateMixin, RetrieveUpdateAPIView):
    lookup_field = 'id'
    lookup_url_kwarg = 'course_id'
    model = CourseMode
-    authentication_classes = (OAuth2Authentication, SessionAuthentication,)
+    authentication_classes = (JwtAuthentication, OAuth2Authentication, SessionAuthentication,)
    permission_classes = (ApiKeyOrModelPermission,)
    serializer_class = CourseSerializer

@@ -67,7 +65,7 @@ class CourseRetrieveUpdateView(PutAsCreateMixin, RetrieveUpdateAPIView):
 class OrderView(APIView):
    """ Retrieve order details. """

-    authentication_classes = (SessionAuthentication,)
+    authentication_classes = (JwtAuthentication, SessionAuthentication,)
    permission_classes = (IsAuthenticatedOrActivationOverridden,)

    def get(self, request, number):
@@ -77,7 +75,7 @@ class OrderView(APIView):
        if not request.user.is_authenticated() and is_account_activation_requirement_disabled():
            try:
                request.user = User.objects.get(id=request.session._session_cache['_auth_user_id'])
-            except DoesNotExist:
+            except User.DoesNotExist:
                return JsonResponse(status=403)
        try:
            order = ecommerce_api_client(request.user).orders(number).get()