BOM-1098 Removing ENABLE_ANONYMOUS_ACCESS_ROLLOUT flag

ENABLE_ANONYMOUS_ACCESS_ROLLOUT flag was a temporarily used to facilitate rollout
of CSFR protection for MFEs. With that effort finished, the flag is no longer necessary
and is now being removed.

edx_rest_framework_extensions/auth/jwt/authentication.py

@@ -12,7 +12,6 @@
 
 from edx_rest_framework_extensions.auth.jwt.constants import USE_JWT_COOKIE_HEADER
 from edx_rest_framework_extensions.auth.jwt.decoder import jwt_decode_handler
-from edx_rest_framework_extensions.config import ENABLE_ANONYMOUS_ACCESS_ROLLOUT
 from edx_rest_framework_extensions.settings import get_setting
 
 
@@ -65,12 +64,6 @@ def authenticate(self, request):
         try:
             user_and_auth = super(JwtAuthentication, self).authenticate(request)
 
-            is_anonymous_access_rollout_enabled = get_setting(ENABLE_ANONYMOUS_ACCESS_ROLLOUT)
-            # Use Django Setting for rollout to coordinate with frontend-auth changes for
-            # anonymous access being available across MFEs.
-            if not is_anonymous_access_rollout_enabled:
-                return user_and_auth
-
             # Unauthenticated, CSRF validation not required
             if not user_and_auth:
                 return user_and_auth

edx_rest_framework_extensions/auth/jwt/tests/test_authentication.py

@@ -17,7 +17,6 @@
     generate_jwt_token,
     generate_latest_version_payload,
 )
-from edx_rest_framework_extensions.config import ENABLE_ANONYMOUS_ACCESS_ROLLOUT
 from edx_rest_framework_extensions.tests import factories
 
 
@@ -176,48 +175,16 @@ def test_authenticate_credentials_no_usernames(self):
         with self.assertRaises(AuthenticationFailed):
             JwtAuthentication().authenticate_credentials({'email': 'test@example.com'})
 
-    _MOCK_ANONYMOUS_RETURN = None
-    _MOCK_USER_AUTH_RETURN = ('mock-user', "mock-auth")
-
-    @ddt.data(
-        # CSRF exempt because roll-out is not enabled
-        (False, False, _MOCK_USER_AUTH_RETURN),
-        # CSRF exempt because roll-out is not enabled (even though JWT cookies are used)
-        (False, True, _MOCK_USER_AUTH_RETURN),
-        # CSRF exempt because of anonymous access (similar to SessionAuthentication)
-        (True, True, _MOCK_ANONYMOUS_RETURN),
-        # CSRF exempt because request uses JWT authentication without JWT cookies
-        (True, False, _MOCK_USER_AUTH_RETURN),
-    )
-    @ddt.unpack
-    def test_authenticate_csrf_exempt(self, enable_rollout, use_jwt_cookies, mocked_return_value_user_and_auth):
-        """ Verify authenticate success for cases that are CSRF exempt. """
+    def test_authenticate_csrf_protected(self):
+        """ Verify authenticate exception for CSRF protected cases. """
         request = RequestFactory().post('/')
-        if use_jwt_cookies:
-            request.META[USE_JWT_COOKIE_HEADER] = 'true'
-
-        with mock.patch.object(JSONWebTokenAuthentication, 'authenticate', return_value=mocked_return_value_user_and_auth):  # noqa E501 line too long
-            with override_settings(EDX_DRF_EXTENSIONS={ENABLE_ANONYMOUS_ACCESS_ROLLOUT: enable_rollout}):
-                actual_user_and_auth = JwtAuthentication().authenticate(request)
 
-        self.assertEqual(mocked_return_value_user_and_auth, actual_user_and_auth)
+        request.META[USE_JWT_COOKIE_HEADER] = 'true'
 
-    @ddt.data(
-        # CSRF protected because using JWT cookies to successfully authenticate (similar to SessionAuthentication)
-        (True, True, _MOCK_USER_AUTH_RETURN),
-    )
-    @ddt.unpack
-    def test_authenticate_csrf_protected(self, enable_rollout, use_jwt_cookies, mocked_return_value_user_and_auth):
-        """ Verify authenticate exception for CSRF protected cases. """
-        request = RequestFactory().post('/')
-        if use_jwt_cookies:
-            request.META[USE_JWT_COOKIE_HEADER] = 'true'
-
-        with mock.patch.object(JSONWebTokenAuthentication, 'authenticate', return_value=mocked_return_value_user_and_auth):  # noqa E501 line too long
-            with override_settings(EDX_DRF_EXTENSIONS={ENABLE_ANONYMOUS_ACCESS_ROLLOUT: enable_rollout}):
-                with mock.patch.object(Logger, 'debug') as debug_logger:
-                    with self.assertRaises(PermissionDenied) as context_manager:
-                        JwtAuthentication().authenticate(request)
+        with mock.patch.object(JSONWebTokenAuthentication, 'authenticate', return_value=('mock-user', "mock-auth")):  # noqa E501 line too long
+            with mock.patch.object(Logger, 'debug') as debug_logger:
+                with self.assertRaises(PermissionDenied) as context_manager:
+                    JwtAuthentication().authenticate(request)
 
         self.assertEqual(context_manager.exception.detail, 'CSRF Failed: CSRF cookie not set.')
         self.assertTrue(debug_logger.called)

edx_rest_framework_extensions/config.py

@@ -14,16 +14,3 @@
 # .. toggle_tickets: ARCH-1210, ARCH-1199, ARCH-1197
 # .. toggle_status: supported
 ENABLE_SET_REQUEST_USER_FOR_JWT_COOKIE = 'ENABLE_SET_REQUEST_USER_FOR_JWT_COOKIE'
-
-# .. toggle_name: EDX_DRF_EXTENSIONS[ENABLE_ANONYMOUS_ACCESS_ROLLOUT]
-# .. toggle_implementation: DjangoSetting
-# .. toggle_default: False
-# .. toggle_description: Toggle for enabling some functionality related to anonymous access
-# .. toggle_category: micro-frontend
-# .. toggle_use_cases: incremental_release
-# .. toggle_creation_date: 2019-11-06
-# .. toggle_expiration_date: 2019-12-31
-# .. toggle_warnings: Requires coordination with MFE updates of frontend-auth refactor.
-# .. toggle_tickets: ARCH-1229
-# .. toggle_status: supported
-ENABLE_ANONYMOUS_ACCESS_ROLLOUT = 'ENABLE_ANONYMOUS_ACCESS_ROLLOUT'

edx_rest_framework_extensions/settings.py

@@ -15,10 +15,7 @@
 from django.conf import settings
 from rest_framework_jwt.settings import api_settings
 
-from edx_rest_framework_extensions.config import (
-    ENABLE_ANONYMOUS_ACCESS_ROLLOUT,
-    ENABLE_SET_REQUEST_USER_FOR_JWT_COOKIE,
-)
+from edx_rest_framework_extensions.config import ENABLE_SET_REQUEST_USER_FOR_JWT_COOKIE
 
 
 logger = logging.getLogger(__name__)
@@ -34,7 +31,6 @@
     },
     'JWT_PAYLOAD_MERGEABLE_USER_ATTRIBUTES': (),
     ENABLE_SET_REQUEST_USER_FOR_JWT_COOKIE: False,
-    ENABLE_ANONYMOUS_ACCESS_ROLLOUT: False,
 }