From 0d72f532ec0a72e93d8503f877604c5d2537d58c Mon Sep 17 00:00:00 2001 From: Robert Raposa Date: Thu, 31 Aug 2023 11:39:19 -0400 Subject: [PATCH] fix: changed a value of jwt_auth_result Updated one of the values of the custom attribute jwt_auth_result from 'skipped' to 'n/a'. --- CHANGELOG.rst | 5 +++++ edx_rest_framework_extensions/auth/jwt/authentication.py | 4 ++-- .../auth/jwt/tests/test_authentication.py | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 9c9e458a..ffc7a2d4 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -19,6 +19,11 @@ Fixed ~~~~~ * Fixes exceptional case where JwtAuthentication should not CSRF protect a request that has both a JWT token in the authorization header and a JWT cookie, since the cookie should be ignored. +Changed +~~~~~~~ +* Updated one of the values of the custom attribute jwt_auth_result from 'skipped' to 'n/a'. + + [8.9.1] - 2023-08-22 -------------------- diff --git a/edx_rest_framework_extensions/auth/jwt/authentication.py b/edx_rest_framework_extensions/auth/jwt/authentication.py index 83b945ef..c0ed7554 100644 --- a/edx_rest_framework_extensions/auth/jwt/authentication.py +++ b/edx_rest_framework_extensions/auth/jwt/authentication.py @@ -69,7 +69,7 @@ def authenticate(self, request): # .. custom_attribute_name: jwt_auth_result # .. custom_attribute_description: The result of the JWT authenticate process, # which can having the following values: - # 'skipped': When JWT Authentication doesn't apply. + # 'n/a': When JWT Authentication doesn't apply. # 'success-auth-header': Successfully authenticated using the Authorization header. # 'success-cookie': Successfully authenticated using a JWT cookie. # 'forgiven-failure': Returns None instead of failing for JWT cookies. This handles @@ -87,7 +87,7 @@ def authenticate(self, request): # Unauthenticated, CSRF validation not required if not user_and_auth: - set_custom_attribute('jwt_auth_result', 'skipped') + set_custom_attribute('jwt_auth_result', 'n/a') return user_and_auth # Not using JWT cookie, CSRF validation not required diff --git a/edx_rest_framework_extensions/auth/jwt/tests/test_authentication.py b/edx_rest_framework_extensions/auth/jwt/tests/test_authentication.py index fa8c6946..4d18766e 100644 --- a/edx_rest_framework_extensions/auth/jwt/tests/test_authentication.py +++ b/edx_rest_framework_extensions/auth/jwt/tests/test_authentication.py @@ -285,7 +285,7 @@ def test_authenticate_with_bearer_token(self, mock_set_custom_attribute): auth_header = '{token_name} {token}'.format(token_name='Bearer', token='abc123') request = RequestFactory().get('/', HTTP_AUTHORIZATION=auth_header) self.assertIsNone(JwtAuthentication().authenticate(request)) - mock_set_custom_attribute.assert_any_call('jwt_auth_result', 'skipped') + mock_set_custom_attribute.assert_any_call('jwt_auth_result', 'n/a') def _get_test_jwt_token(self): """ Returns a user and jwt token """