Added support for JWT authentication to the Enrollment API

ECOM-7099

Added support for JWT authentication to the Enrollment API
9d9cf1a8 · Clinton Blackburn · Clinton Blackburn · e7ea1b47 · 9d9cf1a8
Commit 9d9cf1a8 authored 8 years ago by Clinton Blackburn Committed by Clinton Blackburn 8 years ago
--- a/common/djangoapps/enrollment/views.py
+++ b/common/djangoapps/enrollment/views.py
@@ -7,35 +7,31 @@ import logging

 from django.core.exceptions import ObjectDoesNotExist
 from django.utils.decorators import method_decorator
+from edx_rest_framework_extensions.authentication import JwtAuthentication
 from opaque_keys import InvalidKeyError
-from course_modes.models import CourseMode
-from openedx.core.lib.log_utils import audit_log
-from openedx.core.djangoapps.user_api.preferences.api import update_email_opt_in
-from openedx.core.lib.api.permissions import ApiKeyHeaderPermission, ApiKeyHeaderPermissionIsAuthenticated
+from opaque_keys.edx.keys import CourseKey
 from rest_framework import status
 from rest_framework.response import Response
 from rest_framework.throttling import UserRateThrottle
 from rest_framework.views import APIView
-from opaque_keys.edx.keys import CourseKey
-from openedx.core.djangoapps.embargo import api as embargo_api
+
+from course_modes.models import CourseMode
+from enrollment import api
+from enrollment.errors import CourseEnrollmentError, CourseModeNotFoundError, CourseEnrollmentExistsError
 from openedx.core.djangoapps.cors_csrf.authentication import SessionAuthenticationCrossDomainCsrf
 from openedx.core.djangoapps.cors_csrf.decorators import ensure_csrf_cookie_cross_domain
+from openedx.core.djangoapps.embargo import api as embargo_api
+from openedx.core.djangoapps.user_api.preferences.api import update_email_opt_in
 from openedx.core.lib.api.authentication import (
-    SessionAuthenticationAllowInactiveUser,
-    OAuth2AuthenticationAllowInactiveUser,
+    SessionAuthenticationAllowInactiveUser, OAuth2AuthenticationAllowInactiveUser,
 )
+from openedx.core.lib.api.permissions import ApiKeyHeaderPermission, ApiKeyHeaderPermissionIsAuthenticated
 from openedx.core.lib.exceptions import CourseNotFoundError
-from util.disable_rate_limit import can_disable_rate_limit
-from enrollment import api
-from enrollment.errors import (
-    CourseEnrollmentError,
-    CourseModeNotFoundError,
-    CourseEnrollmentExistsError
-)
+from openedx.core.lib.log_utils import audit_log
 from student.auth import user_has_role
 from student.models import User
 from student.roles import CourseStaffRole, GlobalStaff
-
+from util.disable_rate_limit import can_disable_rate_limit

 log = logging.getLogger(__name__)
 REQUIRED_ATTRIBUTES = {
@@ -53,6 +49,7 @@ class ApiKeyPermissionMixIn(object):
    This mixin is used to provide a convenience function for doing individual permission checks
    for the presence of API keys.
    """
+
    def has_api_key_permissions(self, request):
        """
        Checks to see if the request was made by a server with an API key.
@@ -139,7 +136,8 @@ class EnrollmentView(APIView, ApiKeyPermissionMixIn):
            * user: The ID of the user.
   """

-    authentication_classes = OAuth2AuthenticationAllowInactiveUser, SessionAuthenticationAllowInactiveUser
+    authentication_classes = (JwtAuthentication, OAuth2AuthenticationAllowInactiveUser,
+                              SessionAuthenticationAllowInactiveUser,)
    permission_classes = ApiKeyHeaderPermissionIsAuthenticated,
    throttle_classes = EnrollmentUserThrottle,

@@ -452,7 +450,8 @@ class EnrollmentListView(APIView, ApiKeyPermissionMixIn):

             * user: The username of the user.
    """
-    authentication_classes = OAuth2AuthenticationAllowInactiveUser, EnrollmentCrossDomainSessionAuth
+    authentication_classes = (JwtAuthentication, OAuth2AuthenticationAllowInactiveUser,
+                              EnrollmentCrossDomainSessionAuth,)
    permission_classes = ApiKeyHeaderPermissionIsAuthenticated,
    throttle_classes = EnrollmentUserThrottle,