From ddfef5074eb35e4f714e8a2e63a2c3bd5c559e79 Mon Sep 17 00:00:00 2001 From: Feanil Patel Date: Fri, 21 Jul 2023 12:45:22 -0400 Subject: [PATCH] test: Update tests to also test forgiving JWT Auth. Run all the existing tests with both forgiving and original JWT Auth behaviors. Only one test needed to be modified. Previously we were raising an exception when CSRF checks failed within the authentication process but with forgiving auth, we no longer rais an exception so we update the one test to handle both cases for now. This will get cleaned when we hopefully move forward with only having the forgiving JWT auth flow in the future. --- .../auth/jwt/tests/test_authentication.py | 22 ++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/edx_rest_framework_extensions/auth/jwt/tests/test_authentication.py b/edx_rest_framework_extensions/auth/jwt/tests/test_authentication.py index 554eafd0..fd38b35e 100644 --- a/edx_rest_framework_extensions/auth/jwt/tests/test_authentication.py +++ b/edx_rest_framework_extensions/auth/jwt/tests/test_authentication.py @@ -11,11 +11,14 @@ from edx_rest_framework_extensions.auth.jwt import authentication from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication from edx_rest_framework_extensions.auth.jwt.constants import USE_JWT_COOKIE_HEADER +from edx_rest_framework_extensions.auth.jwt.cookies import jwt_cookie_name from edx_rest_framework_extensions.auth.jwt.decoder import jwt_decode_handler from edx_rest_framework_extensions.auth.jwt.tests.utils import ( generate_jwt_token, generate_latest_version_payload, ) +from edx_rest_framework_extensions.config import ENABLE_FORGIVING_JWT_COOKIES +from edx_rest_framework_extensions.settings import get_setting from edx_rest_framework_extensions.tests import factories @@ -180,12 +183,20 @@ def test_authenticate_csrf_protected(self, mock_set_custom_attribute): request = RequestFactory().post('/') request.META[USE_JWT_COOKIE_HEADER] = 'true' + # Set a sample JWT cookie. We mock the auth response but we still want + # to ensure that there is jwt set because there is other logic that + # checks for the jwt to be set before moving forward with CSRF checks. + request.COOKIES[jwt_cookie_name()] = 'foo' with mock.patch.object(JSONWebTokenAuthentication, 'authenticate', return_value=('mock-user', "mock-auth")): - with self.assertRaises(PermissionDenied) as context_manager: - JwtAuthentication().authenticate(request) + if get_setting(ENABLE_FORGIVING_JWT_COOKIES): + assert JwtAuthentication().authenticate(request) is None + else: + with self.assertRaises(PermissionDenied) as context_manager: + JwtAuthentication().authenticate(request) + + assert context_manager.exception.detail.startswith('CSRF Failed') - assert context_manager.exception.detail.startswith('CSRF Failed') mock_set_custom_attribute.assert_called_with( 'jwt_auth_failed', "Exception:PermissionDenied('CSRF Failed: CSRF cookie not set.')", @@ -235,3 +246,8 @@ def _get_test_jwt_token(self): payload = generate_latest_version_payload(user) jwt_token = generate_jwt_token(payload) return jwt_token + + +@override_settings(EDX_DRF_EXTENSIONS={ENABLE_FORGIVING_JWT_COOKIES: True}) +class ForgivingJwtAuthenticationTests(JwtAuthenticationTests): + pass