From bfc9d974399aea71eaabd6583649e07e23ba155e Mon Sep 17 00:00:00 2001 From: Robert Raposa Date: Fri, 9 Sep 2022 13:57:46 -0400 Subject: [PATCH] Revert "feat: Error message when JWT user disabled (#268)" (#275) This reverts commit d483e6651b584ff787bc9678dc5237264145c281. --- CHANGELOG.rst | 16 ++++++++++++++++ edx_rest_framework_extensions/__init__.py | 2 +- .../auth/jwt/authentication.py | 9 --------- .../auth/jwt/tests/test_authentication.py | 19 +------------------ 4 files changed, 18 insertions(+), 28 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 0b707212..f2a5b124 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -12,6 +12,22 @@ Change Log Unreleased ---------- +[8.3.1] - 2022-09-09 +-------------------- + +Fixed +~~~~~~~ + +* Fixed disabled user error by reverting change to JwtAuthentication. + +[8.3.0] - 2022-09-07 +-------------------- + +Changed +~~~~~~~ + +* JwtAuthentication will fail for disabled users (with unusable password). + [8.2.0] - 2022-08-24 -------------------- diff --git a/edx_rest_framework_extensions/__init__.py b/edx_rest_framework_extensions/__init__.py index 7525595c..2415b384 100644 --- a/edx_rest_framework_extensions/__init__.py +++ b/edx_rest_framework_extensions/__init__.py @@ -1,3 +1,3 @@ """ edx Django REST Framework extensions. """ -__version__ = '8.3.0' # pragma: no cover +__version__ = '8.3.1' # pragma: no cover diff --git a/edx_rest_framework_extensions/auth/jwt/authentication.py b/edx_rest_framework_extensions/auth/jwt/authentication.py index b54a82d9..1c40556a 100644 --- a/edx_rest_framework_extensions/auth/jwt/authentication.py +++ b/edx_rest_framework_extensions/auth/jwt/authentication.py @@ -67,15 +67,6 @@ def authenticate(self, request): if not user_and_auth: return user_and_auth - # Fail authentication if user disabled - user = user_and_auth[0] - if user and isinstance(user, get_user_model()): - if not user.has_usable_password(): - log_message = 'User id {} attempted JWT authentication after being disabled by ' \ - 'an admin.'.format(user.id) - logger.exception(log_message) - raise exceptions.AuthenticationFailed('User is disabled.') - # Not using JWT cookies, CSRF validation not required use_jwt_cookie_requested = request.META.get(USE_JWT_COOKIE_HEADER) if not use_jwt_cookie_requested: diff --git a/edx_rest_framework_extensions/auth/jwt/tests/test_authentication.py b/edx_rest_framework_extensions/auth/jwt/tests/test_authentication.py index 02ffaeb1..40e09e94 100644 --- a/edx_rest_framework_extensions/auth/jwt/tests/test_authentication.py +++ b/edx_rest_framework_extensions/auth/jwt/tests/test_authentication.py @@ -177,16 +177,11 @@ def test_authenticate_credentials_no_usernames(self): @mock.patch('edx_rest_framework_extensions.auth.jwt.authentication.set_custom_attribute') def test_authenticate_csrf_protected(self, mock_set_custom_attribute): """ Verify authenticate exception for CSRF protected cases. """ - - username = 'ckramer' - email = 'ckramer@hotmail.com' - user = factories.UserFactory(email=email, username=username, is_staff=False) - request = RequestFactory().post('/') request.META[USE_JWT_COOKIE_HEADER] = 'true' - with mock.patch.object(JSONWebTokenAuthentication, 'authenticate', return_value=(user, "mock-auth")): + with mock.patch.object(JSONWebTokenAuthentication, 'authenticate', return_value=('mock-user', "mock-auth")): with self.assertRaises(PermissionDenied) as context_manager: JwtAuthentication().authenticate(request) @@ -196,18 +191,6 @@ def test_authenticate_csrf_protected(self, mock_set_custom_attribute): "Exception:PermissionDenied('CSRF Failed: CSRF cookie not set.')", ) - def test_authenticate_with_disabled_user(self): - """ Verify an AuthenticationFailed exception is raised if user is disabled. """ - jwt_token = self._get_test_jwt_token() - request = RequestFactory().get('/', HTTP_AUTHORIZATION=jwt_token) - user = factories.UserFactory() - - with mock.patch.object(JSONWebTokenAuthentication, 'authenticate', return_value=(user, "mock-auth")): - with mock.patch.object(User, 'has_usable_password', return_value=False): - with self.assertRaises(AuthenticationFailed) as auth_failure: - JwtAuthentication().authenticate(request) - self.assertEqual(auth_failure.exception.detail, 'User is disabled.') - @ddt.data(True, False) def test_get_decoded_jwt_from_auth(self, is_jwt_authentication): """ Verify get_decoded_jwt_from_auth returns the appropriate value. """