From c68a5a3fb6113cb6a696378a2ac9bff3b8089a24 Mon Sep 17 00:00:00 2001
From: Nimisha Asthagiri <nasthagiri@edx.org>
Date: Tue, 10 Jul 2018 17:24:31 -0400
Subject: [PATCH] Authn: Remove unneeded Jwks View
---
.../oauth_dispatch/tests/test_views.py | 70 -------------------
.../core/djangoapps/oauth_dispatch/urls.py | 1 -
.../core/djangoapps/oauth_dispatch/views.py | 23 ------
3 files changed, 94 deletions(-)
diff --git a/openedx/core/djangoapps/oauth_dispatch/tests/test_views.py b/openedx/core/djangoapps/oauth_dispatch/tests/test_views.py
index 125fc5b164e..a58516e7e0d 100644
--- a/openedx/core/djangoapps/oauth_dispatch/tests/test_views.py
+++ b/openedx/core/djangoapps/oauth_dispatch/tests/test_views.py
@@ -648,76 +648,6 @@ class TestRevokeTokenView(AccessTokenLoginMixin, _DispatchingViewTestCase): # p
self.verify_revoke_token(self.access_token)
-@unittest.skipUnless(OAUTH_PROVIDER_ENABLED, 'OAuth2 not enabled')
-class JwksViewTests(TestCase):
- def test_serialize_rsa_key(self):
- key = """\
------BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCkK6N/mhkEYrgx
-p8xEZj37N1FEj1gObWv7zVygMLKxKvCSFOQUjA/Z2ZLqVi8m5DnCJ+5BrdYW/UqH
-02vZdEnWb04vf8mmYzJOL9i7APu0h/rm1pvVI5JFiSjE4pG669m5dAb2dZtesYOd
-yfC5bF97KbBZoisCEAtRLn6cNrt1q6PxWeCxZq4ysQD8xZKETOxHnfAYqVyIRkDW
-v8B9DnldLjYa8GhuGHL1J5ncHoseJoATLCnAWYo+yy6gdI2Fs9rj0tbeBcnoKwUZ
-ENwEUp3En+Xw7zjtDuSDWW9ySkuwrK7nXrs0r1CPVf87dLBUEvdzHHUelDr6rdIY
-tnieCjCHAgMBAAECggEBAJvTiAdQPzq4cVlAilTKLz7KTOsknFJlbj+9t5OdZZ9g
-wKQIDE2sfEcti5O+Zlcl/eTaff39gN6lYR73gMEQ7h0J3U6cnsy+DzvDkpY94qyC
-/ZYqUhPHBcnW3Mm0vNqNj0XGae15yBXjrKgSy9lUknSXJ3qMwQHeNL/DwA2KrfiL
-g0iVjk32dvSSHWcBh0M+Qy1WyZU0cf9VWzx+Q1YLj9eUCHteStVubB610XV3JUZt
-UTWiUCffpo2okHsTBuKPVXK/5BL+BpGplcxRSlnSbMaI611kN3iKlO8KGISXHBz7
-nOPdkfZC9poEXt5SshtINuGGCCc8hDxpg1otYqCLaYECgYEA1MSCPs3pBkEagchV
-g0rxYmDUC8QkeIOBuZFjhkdoUgZ6rFntyRZd1NbCUi3YBbV1YC12ZGohqWUWom1S
-AtNbQ2ZTbqEnDKWbNvLBRwkdp/9cKBce85lCCD6+U2o2Ha8C0+hKeLBn8un1y0zY
-1AQTqLAz9ItNr0aDPb89cs5voWcCgYEAxYdC8vR3t8iYMUnK6LWYDrKSt7YiorvF
-qXIMANcXQrnO0ptC0B56qrUCgKHNrtPi5bGpNBJ0oKMfbmGfwX+ca8sCUlLvq/O8
-S2WZwSJuaHH4lEBi8ErtY++8F4B4l3ENCT84Hyy5jiMpbpkHEnh/1GNcvvmyI8ud
-3jzovCNZ4+ECgYEA0r+Oz0zAOzyzV8gqw7Cw5iRJBRqUkXaZQUj8jt4eO9lFG4C8
-IolwCclrk2Drb8Qsbka51X62twZ1ZA/qwve9l0Y88ADaIBHNa6EKxyUFZglvrBoy
-w1GT8XzMou06iy52G5YkZeU+IYOSvnvw7hjXrChUXi65lRrAFqJd6GEIe5MCgYA/
-0LxDa9HFsWvh+JoyZoCytuSJr7Eu7AUnAi54kwTzzL3R8tE6Fa7BuesODbg6tD/I
-v4YPyaqePzUnXyjSxdyOQq8EU8EUx5Dctv1elTYgTjnmA4szYLGjKM+WtC3Bl4eD
-pkYGZFeqYRfAoHXVdNKvlk5fcKIpyF2/b+Qs7CrdYQKBgQCc/t+JxC9OpI+LhQtB
-tEtwvklxuaBtoEEKJ76P9vrK1semHQ34M1XyNmvPCXUyKEI38MWtgCCXcdmg5syO
-PBXdDINx+wKlW7LPgaiRL0Mi9G2aBpdFNI99CWVgCr88xqgSE24KsOxViMwmi0XB
-Ld/IRK0DgpGP5EJRwpKsDYe/UQ==
------END PRIVATE KEY-----"""
-
- # pylint: disable=line-too-long
- expected = {
- 'kty': 'RSA',
- 'use': 'sig',
- 'alg': 'RS512',
- 'n': 'pCujf5oZBGK4MafMRGY9-zdRRI9YDm1r-81coDCysSrwkhTkFIwP2dmS6lYvJuQ5wifuQa3WFv1Kh9Nr2XRJ1m9OL3_JpmMyTi_YuwD7tIf65tab1SOSRYkoxOKRuuvZuXQG9nWbXrGDncnwuWxfeymwWaIrAhALUS5-nDa7dauj8VngsWauMrEA_MWShEzsR53wGKlciEZA1r_AfQ55XS42GvBobhhy9SeZ3B6LHiaAEywpwFmKPssuoHSNhbPa49LW3gXJ6CsFGRDcBFKdxJ_l8O847Q7kg1lvckpLsKyu5167NK9Qj1X_O3SwVBL3cxx1HpQ6-q3SGLZ4ngowhw',
- 'e': 'AQAB',
- 'kid': '6e80b9d2e5075ae8bb5d1dd762ebc62e'
- }
- self.assertEqual(views.JwksView.serialize_rsa_key(key), expected)
-
- def test_get(self):
- JWT_PRIVATE_SIGNING_KEY = RSA.generate(2048).exportKey('PEM')
- JWT_EXPIRED_PRIVATE_SIGNING_KEYS = [RSA.generate(2048).exportKey('PEM'), RSA.generate(2048).exportKey('PEM')]
- secret_keys = [JWT_PRIVATE_SIGNING_KEY] + JWT_EXPIRED_PRIVATE_SIGNING_KEYS
-
- with override_settings(JWT_PRIVATE_SIGNING_KEY=JWT_PRIVATE_SIGNING_KEY,
- JWT_EXPIRED_PRIVATE_SIGNING_KEYS=JWT_EXPIRED_PRIVATE_SIGNING_KEYS):
- response = self.client.get(reverse('jwks'))
-
- self.assertEqual(response.status_code, 200)
- actual = json.loads(response.content)
- expected = {
- 'keys': [views.JwksView.serialize_rsa_key(key) for key in secret_keys],
- }
- self.assertEqual(actual, expected)
-
- @override_settings(JWT_PRIVATE_SIGNING_KEY=None, JWT_EXPIRED_PRIVATE_SIGNING_KEYS=[])
- def test_get_without_keys(self):
- """ The view should return an empty list if no keys are configured. """
- response = self.client.get(reverse('jwks'))
-
- self.assertEqual(response.status_code, 200)
- actual = json.loads(response.content)
- self.assertEqual(actual, {'keys': []})
-
-
@unittest.skipUnless(OAUTH_PROVIDER_ENABLED, 'OAuth2 not enabled')
class ProviderInfoViewTests(TestCase):
DOMAIN = 'testserver.fake'
diff --git a/openedx/core/djangoapps/oauth_dispatch/urls.py b/openedx/core/djangoapps/oauth_dispatch/urls.py
index 01af31e7b73..6fb7e8198f2 100644
--- a/openedx/core/djangoapps/oauth_dispatch/urls.py
+++ b/openedx/core/djangoapps/oauth_dispatch/urls.py
@@ -13,7 +13,6 @@ urlpatterns = [
url(r'^access_token/?$', csrf_exempt(views.AccessTokenView.as_view()), name='access_token'),
url(r'^revoke_token/?$', csrf_exempt(views.RevokeTokenView.as_view()), name='revoke_token'),
url(r'^\.well-known/openid-configuration/?$', views.ProviderInfoView.as_view(), name='openid-config'),
- url(r'^jwks\.json$', views.JwksView.as_view(), name='jwks')
]
if settings.FEATURES.get('ENABLE_THIRD_PARTY_AUTH'):
diff --git a/openedx/core/djangoapps/oauth_dispatch/views.py b/openedx/core/djangoapps/oauth_dispatch/views.py
index fb61caed208..9a521b1fda7 100644
--- a/openedx/core/djangoapps/oauth_dispatch/views.py
+++ b/openedx/core/djangoapps/oauth_dispatch/views.py
@@ -204,26 +204,3 @@ class ProviderInfoView(View):
}
response = JsonResponse(data)
return response
-
-
-class JwksView(View):
- @staticmethod
- def serialize_rsa_key(key):
- kid = hashlib.md5(key.encode('utf-8')).hexdigest()
- key = RSAKey(kid=kid, key=RSA.importKey(key), use='sig', alg='RS512')
- return key.serialize(private=False)
-
- def get(self, request, *args, **kwargs):
- secret_keys = []
-
- if settings.JWT_PRIVATE_SIGNING_KEY:
- secret_keys.append(settings.JWT_PRIVATE_SIGNING_KEY)
-
- # NOTE: We provide the expired keys in case there are unexpired access tokens
- # that need to have their signatures verified.
- if settings.JWT_EXPIRED_PRIVATE_SIGNING_KEYS:
- secret_keys += settings.JWT_EXPIRED_PRIVATE_SIGNING_KEYS
-
- return JsonResponse({
- 'keys': [self.serialize_rsa_key(key) for key in secret_keys if key],
- })
--
GitLab