Merge pull request #103 from edx/awais786/ECOM-3808-bearer-auth-tests

Awais786/ecom 3808 Implement Bearer Auth for acceptance tests.

Author: awais786

acceptance_tests/config.py

@@ -29,21 +29,12 @@ def str2bool(s):
 CREDENTIALS_API_URL = os.environ.get('CREDENTIALS_API_URL', CREDENTIALS_ROOT_URL + '/api/v1/')
 PROGRAM_ID = os.environ.get('PROGRAM_ID', 1)
 
-JWT_SECRET_KEY = os.environ.get('JWT_SECRET_KEY')
-if JWT_SECRET_KEY is None:
-    raise RuntimeError('A valid JWT_SECRET_KEY is required to run acceptance tests.')
-
-USER_JWT_AUDIENCE = os.environ.get('USER_JWT_AUDIENCE')
-if USER_JWT_AUDIENCE is None:
-    raise RuntimeError('A valid USER_JWT_AUDIENCE is required to run acceptance tests.')
-
 # LMS CONFIGURATION
 try:
     LMS_ROOT_URL = os.environ.get('LMS_ROOT_URL').strip('/')
 except AttributeError:
     raise RuntimeError('You must provide a valid URL root for the LMS to run acceptance tests.')
 
-OAUTH_URL = LMS_ROOT_URL + '/oauth2'
 LMS_USERNAME = os.environ.get('LMS_USERNAME')
 LMS_EMAIL = os.environ.get('LMS_EMAIL')
 LMS_PASSWORD = os.environ.get('LMS_PASSWORD')

acceptance_tests/mixins.py

@@ -35,19 +35,8 @@ def setUp(self):
 
     @property
     def credential_api_client(self):
-        now = datetime.datetime.utcnow()
-        expires_in = 60
-        payload = {
-            "iss": config.OAUTH_URL,
-            "aud": config.USER_JWT_AUDIENCE,
-            "exp": now + datetime.timedelta(seconds=expires_in),
-            "iat": now,
-            "preferred_username": config.LMS_USERNAME,
-            "administrator": True,
-        }
         try:
-            jwt_data = jwt.encode(payload, config.JWT_SECRET_KEY)
-            api_client = EdxRestApiClient(config.CREDENTIALS_API_URL, jwt=jwt_data)
+            api_client = EdxRestApiClient(config.CREDENTIALS_API_URL, oauth_access_token=config.ACCESS_TOKEN)
         except Exception:  # pylint: disable=broad-except
             log.exception("Failed to initialize the API client with url '%s'.", config.CREDENTIALS_API_URL)
             return

credentials/apps/api/authentication.py

@@ -4,7 +4,9 @@
 
 import logging
 
+from django.conf import settings
 from django.contrib.auth.models import Group
+from edx_rest_framework_extensions.authentication import BearerAuthentication as BaseBearerAuthentication
 from rest_framework.exceptions import AuthenticationFailed
 from rest_framework_jwt.authentication import JSONWebTokenAuthentication
 
@@ -63,3 +65,16 @@ def authenticate_credentials(self, payload):
             user.groups.remove(admin_group)
 
         return user
+
+
+class BearerAuthentication(BaseBearerAuthentication):
+    """
+    Simple token based authentication.
+
+    This authentication class is useful for authenticating an OAuth2 access token against a remote
+    authentication provider. Clients should authenticate by passing the token key in the "Authorization" HTTP header,
+    prepended with the string `"Bearer "`.
+    """
+    def get_user_info_url(self):
+        """ Returns the URL, hosted by the OAuth2 provider, from which user information can be pulled. """
+        return '{base}/user_info/'.format(base=settings.OAUTH2_PROVIDER_URL)

credentials/apps/api/tests/test_authentication.py

@@ -10,7 +10,9 @@
 from rest_framework.exceptions import AuthenticationFailed
 from rest_framework.test import APIRequestFactory
 
-from credentials.apps.api.authentication import JwtAuthentication, pipeline_set_user_roles
+from credentials.apps.api.authentication import (
+    BearerAuthentication, JwtAuthentication, pipeline_set_user_roles
+)
 from credentials.apps.api.jwt_decode_handler import api_settings as drf_jwt_settings
 from credentials.apps.api.tests.mixins import JwtMixin
 from credentials.apps.core.constants import Role
@@ -146,3 +148,33 @@ def test_no_user(self):
         """
         result = pipeline_set_user_roles({}, None)
         self.assertEqual(result, {})
+
+
+class BearerAuthenticationTests(TestCase):
+    """ Tests for the BearerAuthentication class. """
+
+    def setUp(self):
+        super(BearerAuthenticationTests, self).setUp()
+        self.auth = BearerAuthentication()
+        self.factory = APIRequestFactory()
+
+    def _create_request(self, token='12345', token_name='Bearer'):
+        """Create request with authorization header. """
+        auth_header = '{} {}'.format(token_name, token)
+        request = self.factory.get('/', HTTP_AUTHORIZATION=auth_header)
+        return request
+
+    def test_authenticate_header(self):
+        """The method should return the string Bearer."""
+        self.assertEqual(self.auth.authenticate_header(self._create_request()), 'Bearer')
+
+    def test_authenticate_invalid_token(self):
+        """If no token is supplied, or if the token contains spaces, the method should raise an exception."""
+
+        # Missing token
+        request = self._create_request('')
+        self.assertRaises(AuthenticationFailed, self.auth.authenticate, request)
+
+        # Token with spaces
+        request = self._create_request('abc 123 456')
+        self.assertRaises(AuthenticationFailed, self.auth.authenticate, request)

credentials/settings/base.py

@@ -288,6 +288,7 @@
 REST_FRAMEWORK = {
     'DEFAULT_AUTHENTICATION_CLASSES': (
         'credentials.apps.api.authentication.JwtAuthentication',
+        'credentials.apps.api.authentication.BearerAuthentication',
         'rest_framework.authentication.SessionAuthentication',
     ),
     'DEFAULT_FILTER_BACKENDS': ('rest_framework.filters.DjangoFilterBackend',),

docs/testing.rst

@@ -123,14 +123,6 @@ Our acceptance tests rely on configuration which can be specified using environm
      - URL root for credentials service
      - Yes
      - N/A
-   * - JWT_SECRET_KEY
-     - It should match ``SOCIAL_AUTH_EDX_OIDC_SECRET`` in credentials
-     - Yes
-     - N/A
-   * - USER_JWT_AUDIENCE
-     - It should match ``CREDENTIALS_JWT_AUDIENCE`` in credentials.
-     - Yes
-     - N/A
 
 Running Acceptance Tests
 ************************
@@ -141,8 +133,8 @@ Run all acceptance tests by executing ``make accept``. To run a specific test, e
 
 As discussed above, the acceptance tests rely on configuration which can be specified using environment variables. For example, when running the acceptance tests against local instances of Programs and the LMS, you might run::
 
-    $  CREDENTIALS_ROOT_URL="http://localhost:8150/" LMS_ROOT_URL="http://127.0.0.1:8000" LMS_USERNAME="<username>" LMS_EMAIL="<email address>" LMS_PASSWORD="<password>" JWT_SECRET_KEY="<secret-key>" ACCESS_TOKEN="<access token>" PROGRAM_ID=<program_id> make accept
+    $  CREDENTIALS_ROOT_URL="http://localhost:8150/" LMS_ROOT_URL="http://127.0.0.1:8000" LMS_USERNAME="<username>" LMS_EMAIL="<email address>" LMS_PASSWORD="<password>" ACCESS_TOKEN="<access token>" PROGRAM_ID=<program_id> make accept
 
 When running against a production-like staging environment, you might run::
 
-    $ CREDENTIALS_ROOT_URL="https://credentials.stage.edx.org" LMS_URL_ROOT="https://courses.stage.edx.org" LMS_USERNAME="<username>" LMS_EMAIL="<email address>" LMS_PASSWORD="<password>" JWT_SECRET_KEY="<secret-key>" ACCESS_TOKEN="<access token>" PROGRAM_ID=<program_id> make accept
+    $ CREDENTIALS_ROOT_URL="https://credentials.stage.edx.org" LMS_URL_ROOT="https://courses.stage.edx.org" LMS_USERNAME="<username>" LMS_EMAIL="<email address>" LMS_PASSWORD="<password>" ACCESS_TOKEN="<access token>" PROGRAM_ID=<program_id> make accept

requirements/base.txt

@@ -10,6 +10,7 @@ djangorestframework-jwt==1.7.2
 django-rest-swagger==0.3.4
 django-storages==1.1.8
 edx-auth-backends==0.2.3
+edx-drf-extensions==0.5.1
 edx-opaque-keys==0.3.1
 edx-rest-api-client==1.4.0
 # The package django-libsass requires libsass and the newest version of libsass '0.10.1'