From 7d2ff9cd3ffffc8ba2a06ae8869dd74e739c66a9 Mon Sep 17 00:00:00 2001
From: Manjinder Singh <49171515+jinder1s@users.noreply.github.com>
Date: Wed, 4 Mar 2020 09:06:29 -0500
Subject: [PATCH] Removing all settings that have OIDC in name (#23251)
* Removing all settings that have OIDC in name
* Removing ENABLE_DOP_ADAPTER
* changes JWT_ISSUER value in devstack
---
cms/envs/bok_choy.env.json | 1 -
cms/envs/bok_choy.yml | 1 -
cms/envs/bok_choy_docker.env.json | 1 -
cms/envs/bok_choy_docker.yml | 1 -
cms/envs/common.py | 2 --
cms/envs/devstack.py | 2 --
cms/envs/devstack_docker.py | 4 +---
cms/envs/production.py | 3 ---
lms/envs/common.py | 8 --------
lms/envs/devstack.py | 4 +---
lms/envs/devstack_docker.py | 4 +---
lms/envs/production.py | 1 -
lms/envs/test.py | 2 --
.../core/djangoapps/oauth_dispatch/tests/test_views.py | 5 -----
14 files changed, 3 insertions(+), 36 deletions(-)
diff --git a/cms/envs/bok_choy.env.json b/cms/envs/bok_choy.env.json
index cdb25a8fcb3..835bba51aed 100644
--- a/cms/envs/bok_choy.env.json
+++ b/cms/envs/bok_choy.env.json
@@ -99,5 +99,4 @@
"TECH_SUPPORT_EMAIL": "technical@example.com",
"TIME_ZONE": "America/New_York",
"WIKI_ENABLED": true,
- "OAUTH_OIDC_ISSUER": "https://www.example.com/oauth2"
}
diff --git a/cms/envs/bok_choy.yml b/cms/envs/bok_choy.yml
index 8c44975e970..741918ef783 100644
--- a/cms/envs/bok_choy.yml
+++ b/cms/envs/bok_choy.yml
@@ -112,7 +112,6 @@ MODULESTORE:
- ENGINE: xmodule.modulestore.xml.XMLModuleStore
NAME: xml
OPTIONS: {data_dir: '** OVERRIDDEN **', default_class: xmodule.hidden_module.HiddenDescriptor}
-OAUTH_OIDC_ISSUER: https://www.example.com/oauth2
SECRET_KEY: ''
SERVER_EMAIL: devops@example.com
SESSION_COOKIE_DOMAIN: null
diff --git a/cms/envs/bok_choy_docker.env.json b/cms/envs/bok_choy_docker.env.json
index a1515c97f11..cc8b9daa53f 100644
--- a/cms/envs/bok_choy_docker.env.json
+++ b/cms/envs/bok_choy_docker.env.json
@@ -98,5 +98,4 @@
"TECH_SUPPORT_EMAIL": "technical@example.com",
"TIME_ZONE": "America/New_York",
"WIKI_ENABLED": true,
- "OAUTH_OIDC_ISSUER": "https://www.example.com/oauth2"
}
diff --git a/cms/envs/bok_choy_docker.yml b/cms/envs/bok_choy_docker.yml
index cd2da8f7f28..2a162460a43 100644
--- a/cms/envs/bok_choy_docker.yml
+++ b/cms/envs/bok_choy_docker.yml
@@ -112,7 +112,6 @@ MODULESTORE:
- ENGINE: xmodule.modulestore.xml.XMLModuleStore
NAME: xml
OPTIONS: {data_dir: '** OVERRIDDEN **', default_class: xmodule.hidden_module.HiddenDescriptor}
-OAUTH_OIDC_ISSUER: https://www.example.com/oauth2
SECRET_KEY: ''
SERVER_EMAIL: devops@example.com
SESSION_COOKIE_DOMAIN: null
diff --git a/cms/envs/common.py b/cms/envs/common.py
index 6157e6e4083..696fee419b4 100644
--- a/cms/envs/common.py
+++ b/cms/envs/common.py
@@ -1826,8 +1826,6 @@ CACHES = {
############################ OAUTH2 Provider ###################################
-# OpenID Connect issuer ID. Normally the URL of the authentication endpoint.
-OAUTH_OIDC_ISSUER = 'http://127.0.0.1:8000/oauth2'
# 5 minute expiration time for JWT id tokens issued for external API requests.
OAUTH_ID_TOKEN_EXPIRATION = 5 * 60
diff --git a/cms/envs/devstack.py b/cms/envs/devstack.py
index 47c2ac786fd..460b357ebd7 100644
--- a/cms/envs/devstack.py
+++ b/cms/envs/devstack.py
@@ -136,8 +136,6 @@ FEATURES['FRONTEND_APP_PUBLISHER_URL'] = 'http://localhost:18400'
REQUIRE_DEBUG = DEBUG
########################### OAUTH2 #################################
-OAUTH_OIDC_ISSUER = 'http://127.0.0.1:8000/oauth2'
-
JWT_AUTH.update({
'JWT_SECRET_KEY': 'lms-secret',
'JWT_ISSUER': 'http://127.0.0.1:8000/oauth2',
diff --git a/cms/envs/devstack_docker.py b/cms/envs/devstack_docker.py
index 407d44bd204..20a4f3346a4 100644
--- a/cms/envs/devstack_docker.py
+++ b/cms/envs/devstack_docker.py
@@ -21,10 +21,8 @@ FEATURES.update({
CREDENTIALS_SERVICE_USERNAME = 'credentials_worker'
-OAUTH_OIDC_ISSUER = '{}/oauth2'.format(LMS_ROOT_URL)
-
JWT_AUTH.update({
+ 'JWT_ISSUER': '{}/oauth2'.format(LMS_ROOT_URL),
'JWT_SECRET_KEY': 'lms-secret',
- 'JWT_ISSUER': OAUTH_OIDC_ISSUER,
'JWT_AUDIENCE': 'lms-key',
})
diff --git a/cms/envs/production.py b/cms/envs/production.py
index eb89b8bde45..aa254585e6d 100644
--- a/cms/envs/production.py
+++ b/cms/envs/production.py
@@ -545,9 +545,6 @@ XBLOCK_SETTINGS.setdefault("VideoBlock", {})['YOUTUBE_API_KEY'] = AUTH_TOKENS.ge
############################ OAUTH2 Provider ###################################
-# OpenID Connect issuer ID. Normally the URL of the authentication endpoint.
-OAUTH_OIDC_ISSUER = ENV_TOKENS['OAUTH_OIDC_ISSUER']
-
#### JWT configuration ####
JWT_AUTH.update(ENV_TOKENS.get('JWT_AUTH', {}))
JWT_AUTH.update(AUTH_TOKENS.get('JWT_AUTH', {}))
diff --git a/lms/envs/common.py b/lms/envs/common.py
index f24110c04a9..936caa43dc4 100644
--- a/lms/envs/common.py
+++ b/lms/envs/common.py
@@ -551,15 +551,7 @@ CACHES = {
},
}
-############################ OpenID Provider ##################################
-OPENID_PROVIDER_TRUSTED_ROOTS = ['cs50.net', '*.cs50.net']
-
############################ OAUTH2 Provider ###################################
-
-# OpenID Connect issuer ID. Normally the URL of the authentication endpoint.
-
-OAUTH_OIDC_ISSUER = 'http://127.0.0.1:8000/oauth2'
-
OAUTH_EXPIRE_CONFIDENTIAL_CLIENT_DAYS = 365
OAUTH_EXPIRE_PUBLIC_CLIENT_DAYS = 30
diff --git a/lms/envs/devstack.py b/lms/envs/devstack.py
index d544a9a4e7b..b440eb38410 100644
--- a/lms/envs/devstack.py
+++ b/lms/envs/devstack.py
@@ -140,10 +140,8 @@ CC_PROCESSOR = {
########################### External REST APIs #################################
FEATURES['ENABLE_OAUTH2_PROVIDER'] = True
-OAUTH_OIDC_ISSUER = 'http://127.0.0.1:8000/oauth2'
FEATURES['ENABLE_MOBILE_REST_API'] = True
FEATURES['ENABLE_VIDEO_ABSTRACTION_LAYER_API'] = True
-ENABLE_DOP_ADAPTER = False
########################## SECURITY #######################
FEATURES['ENABLE_MAX_FAILED_LOGIN_ATTEMPTS'] = False
@@ -246,7 +244,7 @@ LOGIN_REDIRECT_WHITELIST = [CMS_BASE]
###################### JWTs ######################
# pylint: disable=unicode-format-string
JWT_AUTH.update({
- 'JWT_ISSUER': OAUTH_OIDC_ISSUER,
+ 'JWT_ISSUER': 'http://127.0.0.1:8000/oauth2',
'JWT_AUDIENCE': 'lms-key',
'JWT_SECRET_KEY': 'lms-secret',
'JWT_SIGNING_ALGORITHM': 'RS512',
diff --git a/lms/envs/devstack_docker.py b/lms/envs/devstack_docker.py
index 19bada8af3a..71182550fad 100644
--- a/lms/envs/devstack_docker.py
+++ b/lms/envs/devstack_docker.py
@@ -25,10 +25,8 @@ ENTERPRISE_API_URL = '{}/enterprise/api/v1/'.format(LMS_INTERNAL_ROOT_URL)
CREDENTIALS_INTERNAL_SERVICE_URL = 'http://edx.devstack.credentials:18150'
CREDENTIALS_PUBLIC_SERVICE_URL = 'http://localhost:18150'
-OAUTH_OIDC_ISSUER = '{}/oauth2'.format(LMS_ROOT_URL)
-
JWT_AUTH.update({
- 'JWT_ISSUER': OAUTH_OIDC_ISSUER,
+ 'JWT_ISSUER': '{}/oauth2'.format(LMS_ROOT_URL),
})
FEATURES.update({
diff --git a/lms/envs/production.py b/lms/envs/production.py
index f5219148732..fcff4a9b0b1 100644
--- a/lms/envs/production.py
+++ b/lms/envs/production.py
@@ -756,7 +756,6 @@ if FEATURES.get('ENABLE_THIRD_PARTY_AUTH'):
##### OAUTH2 Provider ##############
if FEATURES.get('ENABLE_OAUTH2_PROVIDER'):
- OAUTH_OIDC_ISSUER = ENV_TOKENS['OAUTH_OIDC_ISSUER']
OAUTH_ENFORCE_SECURE = ENV_TOKENS.get('OAUTH_ENFORCE_SECURE', True)
OAUTH_ENFORCE_CLIENT_SECURE = ENV_TOKENS.get('OAUTH_ENFORCE_CLIENT_SECURE', True)
# Defaults for the following are defined in lms.envs.common
diff --git a/lms/envs/test.py b/lms/envs/test.py
index ff3cd29a94a..cc10e2a0a89 100644
--- a/lms/envs/test.py
+++ b/lms/envs/test.py
@@ -281,8 +281,6 @@ OPENID_PROVIDER_TRUSTED_ROOTS = ['*']
############################## OAUTH2 Provider ################################
FEATURES['ENABLE_OAUTH2_PROVIDER'] = True
-# don't cache courses for testing
-OIDC_COURSE_HANDLER_CACHE_TIMEOUT = 0
OAUTH_ENFORCE_SECURE = False
########################### External REST APIs #################################
diff --git a/openedx/core/djangoapps/oauth_dispatch/tests/test_views.py b/openedx/core/djangoapps/oauth_dispatch/tests/test_views.py
index 269fa89af9e..acc463ddbee 100644
--- a/openedx/core/djangoapps/oauth_dispatch/tests/test_views.py
+++ b/openedx/core/djangoapps/oauth_dispatch/tests/test_views.py
@@ -557,11 +557,6 @@ class TestViewDispatch(TestCase):
view_object = views.AccessTokenView()
self.assertRaises(KeyError, view_object.get_view_for_backend, None)
- def test_dop_toggle_enforced(self):
- with self.settings(ENABLE_DOP_ADAPTER=False):
- request = self._get_request('dop-id')
- self.assertEqual(self.view.select_backend(request), self.dot_adapter.backend)
-
class TestRevokeTokenView(AccessTokenLoginMixin, _DispatchingViewTestCase): # pylint: disable=abstract-method
"""
--
GitLab