Revert "Python Requirements Update" (#245)

edx · Feb 5, 2024 · aa2c519 · aa2c519
1 parent da30651
commit aa2c519
Show file tree

Hide file tree

Showing 11 changed files with 131 additions and 135 deletions.
diff --git a/edx_exams/apps/core/middleware.py b/edx_exams/apps/core/middleware.py
@@ -0,0 +1,23 @@
+"""
+Middleware that checks if in incoming request has a browser jwt cookie
+and enables JWT auth for that request.
+
+This is a temporary workaround that allows easier testing of browser endpoints in
+absence of a frontend UI. Normally a frontend application must explicity request
+the JWT token to be used for auth by setting USE_JWT_COOKIE_HEADER.
+"""
+from django.utils.deprecation import MiddlewareMixin
+from edx_rest_framework_extensions.auth.jwt.constants import USE_JWT_COOKIE_HEADER
+from edx_rest_framework_extensions.auth.jwt.cookies import jwt_cookie_header_payload_name
+
+
+class ForceJWTAuthMiddleware(MiddlewareMixin):  # pragma: no cover
+    """ Middleware to automically enable JWT auth for browser requests """
+    def process_request(self, request):  # pylint: disable=missing-function-docstring
+        # prevent lti callback endpoints from reading jwt, we want to ensure
+        # the session token generated for these is used instead
+        if request.path.startswith('/lti/lti_consumer'):
+            return
+
+        if request.COOKIES.get(jwt_cookie_header_payload_name(), None):
+            request.META[USE_JWT_COOKIE_HEADER] = 'true'
diff --git a/edx_exams/settings/base.py b/edx_exams/settings/base.py
@@ -64,6 +64,8 @@ def root(*path_fragments):
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.locale.LocaleMiddleware',
     'django.middleware.common.CommonMiddleware',
+    # Forces JWT auth if edx JWT cookie exists
+    'edx_exams.apps.core.middleware.ForceJWTAuthMiddleware',
     'edx_rest_framework_extensions.auth.jwt.middleware.JwtAuthCookieMiddleware',
     'django.middleware.csrf.CsrfViewMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',

diff --git a/requirements/base.txt b/requirements/base.txt
@@ -19,9 +19,9 @@ attrs==23.2.0
     #   openedx-events
 bleach==6.1.0
     # via lti-consumer-xblock
-boto3==1.34.30
+boto3==1.34.25
     # via fs-s3fs
-botocore==1.34.30
+botocore==1.34.25
     # via
     #   boto3
     #   s3transfer
@@ -45,7 +45,7 @@ coreapi==2.3.3
     #   openapi-codec
 coreschema==0.0.4
     # via coreapi
-cryptography==42.0.1
+cryptography==42.0.0
     # via
     #   pyjwt
     #   social-auth-core
@@ -142,7 +142,7 @@ edx-django-utils==5.10.1
     #   edx-event-bus-redis
     #   edx-rest-api-client
     #   edx-toggles
-edx-drf-extensions==10.1.0
+edx-drf-extensions==9.1.2
     # via -r requirements/base.in
 edx-event-bus-kafka==5.6.0
     # via -r requirements/base.in
@@ -198,7 +198,7 @@ lxml==5.1.0
     # via
     #   lti-consumer-xblock
     #   xblock
-mako==1.3.2
+mako==1.3.1
     # via
     #   lti-consumer-xblock
     #   xblock
@@ -209,7 +209,7 @@ markupsafe==2.1.4
     #   xblock
 mysqlclient==2.2.1
     # via -r requirements/base.in
-newrelic==9.6.0
+newrelic==9.5.0
     # via edx-django-utils
 oauthlib==3.2.2
     # via
@@ -261,11 +261,11 @@ python-dateutil==2.8.2
     # via
     #   botocore
     #   xblock
-python-slugify==8.0.2
+python-slugify==8.0.1
     # via code-annotations
 python3-openid==3.2.0
     # via social-auth-core
-pytz==2023.4
+pytz==2023.3.post1
     # via
     #   -r requirements/base.in
     #   django
@@ -313,7 +313,7 @@ slumber==0.7.1
     # via edx-rest-api-client
 social-auth-app-django==5.4.0
     # via edx-auth-backends
-social-auth-core==4.5.2
+social-auth-core==4.5.1
     # via
     #   edx-auth-backends
     #   social-auth-app-django
@@ -346,7 +346,7 @@ webencodings==0.5.1
     # via bleach
 webob==1.8.7
     # via xblock
-xblock==1.10.0
+xblock==1.9.1
     # via lti-consumer-xblock
 
 # The following packages are considered to be unsafe in a requirements file:

diff --git a/requirements/ci.txt b/requirements/ci.txt
@@ -24,7 +24,7 @@ platformdirs==4.1.0
     # via
     #   tox
     #   virtualenv
-pluggy==1.4.0
+pluggy==1.3.0
     # via tox
 pyproject-api==1.6.1
     # via tox

diff --git a/requirements/common_constraints.txt b/requirements/common_constraints.txt
@@ -1,4 +1,9 @@
 
+
+
+
+
+
 # A central location for most common version constraints
 # (across edx repos) for pip-installation.
 #

diff --git a/requirements/dev.txt b/requirements/dev.txt
@@ -31,11 +31,11 @@ bleach==6.1.0
     # via
     #   -r requirements/validation.txt
     #   lti-consumer-xblock
-boto3==1.34.30
+boto3==1.34.25
     # via
     #   -r requirements/validation.txt
     #   fs-s3fs
-botocore==1.34.30
+botocore==1.34.25
     # via
     #   -r requirements/validation.txt
     #   boto3
@@ -97,16 +97,15 @@ coreschema==0.0.4
     # via
     #   -r requirements/validation.txt
     #   coreapi
-coverage[toml]==7.4.1
+coverage[toml]==7.4.0
     # via
     #   -r requirements/validation.txt
     #   coverage
     #   pytest-cov
-cryptography==42.0.1
+cryptography==42.0.0
     # via
     #   -r requirements/validation.txt
     #   pyjwt
-    #   secretstorage
     #   social-auth-core
 ddt==1.7.1
     # via -r requirements/validation.txt
@@ -117,7 +116,7 @@ defusedxml==0.8.0rc2
     #   social-auth-core
 diff-cover==8.0.3
     # via -r requirements/dev.in
-dill==0.3.8
+dill==0.3.7
     # via
     #   -r requirements/validation.txt
     #   pylint
@@ -238,7 +237,7 @@ edx-django-utils==5.10.1
     #   edx-event-bus-redis
     #   edx-rest-api-client
     #   edx-toggles
-edx-drf-extensions==10.1.0
+edx-drf-extensions==9.1.2
     # via -r requirements/validation.txt
 edx-event-bus-kafka==5.6.0
     # via -r requirements/validation.txt
@@ -271,7 +270,7 @@ exceptiongroup==1.2.0
     #   pytest
 factory-boy==3.3.0
     # via -r requirements/validation.txt
-faker==22.6.0
+faker==22.5.0
     # via
     #   -r requirements/validation.txt
     #   factory-boy
@@ -335,11 +334,6 @@ jaraco-classes==3.3.0
     # via
     #   -r requirements/validation.txt
     #   keyring
-jeepney==0.8.0
-    # via
-    #   -r requirements/validation.txt
-    #   keyring
-    #   secretstorage
 jinja2==3.1.3
     # via
     #   -r requirements/validation.txt
@@ -371,7 +365,7 @@ lxml==5.1.0
     #   edx-i18n-tools
     #   lti-consumer-xblock
     #   xblock
-mako==1.3.2
+mako==1.3.1
     # via
     #   -r requirements/validation.txt
     #   lti-consumer-xblock
@@ -402,7 +396,7 @@ more-itertools==10.2.0
     #   jaraco-classes
 mysqlclient==2.2.1
     # via -r requirements/validation.txt
-newrelic==9.6.0
+newrelic==9.5.0
     # via
     #   -r requirements/validation.txt
     #   edx-django-utils
@@ -460,7 +454,7 @@ platformdirs==4.1.0
     #   pylint
     #   tox
     #   virtualenv
-pluggy==1.4.0
+pluggy==1.3.0
     # via
     #   -r requirements/validation.txt
     #   diff-cover
@@ -543,14 +537,14 @@ pyproject-hooks==1.0.0
     # via
     #   -r requirements/pip-tools.txt
     #   build
-pytest==8.0.0
+pytest==7.4.4
     # via
     #   -r requirements/validation.txt
     #   pytest-cov
     #   pytest-django
 pytest-cov==4.1.0
     # via -r requirements/validation.txt
-pytest-django==4.8.0
+pytest-django==4.7.0
     # via -r requirements/validation.txt
 python-dateutil==2.8.2
     # via
@@ -559,15 +553,15 @@ python-dateutil==2.8.2
     #   faker
     #   freezegun
     #   xblock
-python-slugify==8.0.2
+python-slugify==8.0.1
     # via
     #   -r requirements/validation.txt
     #   code-annotations
 python3-openid==3.2.0
     # via
     #   -r requirements/validation.txt
     #   social-auth-core
-pytz==2023.4
+pytz==2023.3.post1
     # via
     #   -r requirements/validation.txt
     #   django
@@ -626,10 +620,6 @@ s3transfer==0.10.0
     # via
     #   -r requirements/validation.txt
     #   boto3
-secretstorage==3.3.3
-    # via
-    #   -r requirements/validation.txt
-    #   keyring
 semantic-version==2.10.0
     # via
     #   -r requirements/validation.txt
@@ -663,7 +653,7 @@ social-auth-app-django==5.4.0
     # via
     #   -r requirements/validation.txt
     #   edx-auth-backends
-social-auth-core==4.5.2
+social-auth-core==4.5.1
     # via
     #   -r requirements/validation.txt
     #   edx-auth-backends
@@ -748,7 +738,7 @@ wheel==0.42.0
     # via
     #   -r requirements/pip-tools.txt
     #   pip-tools
-xblock==1.10.0
+xblock==1.9.1
     # via
     #   -r requirements/validation.txt
     #   lti-consumer-xblock