Skip to content

E
edx-platform
Commit fc5d4aa7 by jsa
Options

make user_api compatible with HTTP basic auth

parent 45d7444e
Showing with 17 additions and 0 deletions
lms/djangoapps/user_api/tests/test_views.py
import base64
from django.contrib.auth.models import User from django.contrib.auth.models import User
from django.test import TestCase from django.test import TestCase
from django.test.utils import override_settings from django.test.utils import override_settings
...@@ -31,6 +33,9 @@ class UserApiTestCase(TestCase): ...@@ -31,6 +33,9 @@ class UserApiTestCase(TestCase):
UserPreferenceFactory.create(user=self.users[1], key="key0") UserPreferenceFactory.create(user=self.users[1], key="key0")
] ]
def basic_auth(self, username, password):
return {'HTTP_AUTHORIZATION': 'Basic ' + base64.b64encode('%s:%s' % (username, password))}
def request_with_auth(self, method, *args, **kwargs): def request_with_auth(self, method, *args, **kwargs):
"""Issue a get request to the given URI with the API key header""" """Issue a get request to the given URI with the API key header"""
return getattr(self.client, method)(*args, HTTP_X_EDX_API_KEY=TEST_API_KEY, **kwargs) return getattr(self.client, method)(*args, HTTP_X_EDX_API_KEY=TEST_API_KEY, **kwargs)
...@@ -127,6 +132,15 @@ class UserViewSetTest(UserApiTestCase): ...@@ -127,6 +132,15 @@ class UserViewSetTest(UserApiTestCase):
def test_debug_auth(self): def test_debug_auth(self):
self.assertHttpOK(self.client.get(self.LIST_URI)) self.assertHttpOK(self.client.get(self.LIST_URI))
@override_settings(DEBUG=False)
@override_settings(EDX_API_KEY=TEST_API_KEY)
def test_basic_auth(self):
# ensure that having basic auth headers in the mix does not break anything
self.assertHttpOK(
self.request_with_auth("get", self.LIST_URI, **self.basic_auth('someuser', 'somepass')))
self.assertHttpForbidden(
self.client.get(self.LIST_URI, **self.basic_auth('someuser', 'somepass')))
def test_get_list_empty(self): def test_get_list_empty(self):
User.objects.all().delete() User.objects.all().delete()
result = self.get_json(self.LIST_URI) result = self.get_json(self.LIST_URI)
......
lms/djangoapps/user_api/views.py
from django.conf import settings from django.conf import settings
from django.contrib.auth.models import User from django.contrib.auth.models import User
from rest_framework import authentication
from rest_framework import filters from rest_framework import filters
from rest_framework import permissions from rest_framework import permissions
from rest_framework import viewsets from rest_framework import viewsets
...@@ -25,6 +26,7 @@ class ApiKeyHeaderPermission(permissions.BasePermission): ...@@ -25,6 +26,7 @@ class ApiKeyHeaderPermission(permissions.BasePermission):
class UserViewSet(viewsets.ReadOnlyModelViewSet): class UserViewSet(viewsets.ReadOnlyModelViewSet):
authentication_classes = (authentication.SessionAuthentication,)
permission_classes = (ApiKeyHeaderPermission,) permission_classes = (ApiKeyHeaderPermission,)
queryset = User.objects.all() queryset = User.objects.all()
serializer_class = UserSerializer serializer_class = UserSerializer
...@@ -33,6 +35,7 @@ class UserViewSet(viewsets.ReadOnlyModelViewSet): ...@@ -33,6 +35,7 @@ class UserViewSet(viewsets.ReadOnlyModelViewSet):
class UserPreferenceViewSet(viewsets.ReadOnlyModelViewSet): class UserPreferenceViewSet(viewsets.ReadOnlyModelViewSet):
authentication_classes = (authentication.SessionAuthentication,)
permission_classes = (ApiKeyHeaderPermission,) permission_classes = (ApiKeyHeaderPermission,)
queryset = UserPreference.objects.all() queryset = UserPreference.objects.all()
filter_backends = (filters.DjangoFilterBackend,) filter_backends = (filters.DjangoFilterBackend,)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment