Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Juniper Upgrade - Changed inheritance for OrganizationMemberBackend #13

Merged
merged 1 commit into from
Mar 31, 2021
Merged

Juniper Upgrade - Changed inheritance for OrganizationMemberBackend #13

merged 1 commit into from
Mar 31, 2021

Conversation

johnbaldwin
Copy link

@johnbaldwin johnbaldwin commented Mar 30, 2021
edited
Loading

This commit changes the base model to AllowAllUsersModelBackend from
ModelBackend for which Organizations.backends.OrganizationMemberBackend
inherits. The purpose of this is to address an architectural issue with how
Open edX handles authentication and authorization on email vericification.

See the source code in this commit for more details
https://appsembler.atlassian.net/browse/RED-1864

@johnbaldwin johnbaldwin force-pushed the john/juniper-upgrade/fix-not-is_active branch from 39b0e7d to 690a43b Compare March 30, 2021 17:17
OmarIthawi
OmarIthawi reviewed Mar 30, 2021
View reviewed changes
Copy link

@OmarIthawi OmarIthawi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

First, thank you for debugging through this very difficult issue! This is a very challenging part of Open edX! I read the comments and reviewed the PR and I think this is the way to go.

I have one suggestion and it should be good to be merged:

  • Import from django.contrib.auth.backends import AllowAllUsersModelBackend instead of ModelBackend
  • AllowAllUsersModelBackend should be used instead of NoActiveCanAuthenticateMixin

organizations/backends.py Outdated
return None


class OrganizationMemberBackend(ModelBackend):
class OrganizationMemberBackend(NoActiveCanAuthenticateMixin, ModelBackend):
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
class OrganizationMemberBackend(NoActiveCanAuthenticateMixin, ModelBackend):
class OrganizationMemberBackend(AllowAllUsersModelBackend):

organizations/backends.py Outdated
@@ -11,6 +11,66 @@
)


class NoActiveCanAuthenticateMixin:
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've read the documentation the pointers you've posted which lead me to lms/envs/common.py:

AUTHENTICATION_BACKENDS = [
    'rules.permissions.ObjectPermissionBackend',
    'openedx.core.djangoapps.oauth_dispatch.dot_overrides.backends.EdxRateLimitedAllowAllUsersModelBackend',
    'bridgekeeper.backends.RulePermissionBackend',
]

Looking at EdxRateLimitedAllowAllUsersModelBackend it turns out it extends AllowAllUsersModelBackend which does exactly what NoActiveCanAuthenticateMixin does.

# Standard Django backend.
# see https://docs.djangoproject.com/en/3.1/ref/contrib/auth/#django.contrib.auth.backends.AllowAllUsersModelBackend
class AllowAllUsersModelBackend(ModelBackend):
    def user_can_authenticate(self, user):
        return True

@johnbaldwin johnbaldwin force-pushed the john/juniper-upgrade/fix-not-is_active branch from 690a43b to 66faaf6 Compare March 31, 2021 14:40
@johnbaldwin
Juniper Upgrade - Changed inheritance for OrganizationMemberBackend
5e264ce 
This commit changes the base model to AllowAllUsersModelBackend from
ModelBackend for which Organizations.backends.OrganizationMemberBackend
inherits. The purpose of this is to address an architectural issue with how
Open edX handles authentication and authorization on email vericification.

See the source code in this commit for more details
@johnbaldwin johnbaldwin force-pushed the john/juniper-upgrade/fix-not-is_active branch from 66faaf6 to 5e264ce Compare March 31, 2021 14:47
@johnbaldwin
Copy link
Author

@OmarIthawi Great find and suggestion! Implemented and also updated documentation. Please review and approve if you don't see anything else

@johnbaldwin johnbaldwin requested a review from OmarIthawi March 31, 2021 14:48
@johnbaldwin johnbaldwin changed the title Juniper Upgrade - Add mixin to handle not is_active Juniper Upgrade - Changed inheritance for OrganizationMemberBackend Mar 31, 2021
OmarIthawi
OmarIthawi approved these changes Mar 31, 2021
View reviewed changes
Copy link

@OmarIthawi OmarIthawi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @johnbaldwin! Look great!

@johnbaldwin johnbaldwin merged commit f46a1b6 into main Mar 31, 2021
@johnbaldwin johnbaldwin deleted the john/juniper-upgrade/fix-not-is_active branch March 31, 2021 15:11
OmarIthawi added a commit to appsembler/edx-platform that referenced this pull request Apr 1, 2021
@OmarIthawi
RED-1864: bump edx-organizations to 5.2.0-appsembler13
7660f83 
Show better error message for inactive users and ask them to check
email as described in RED-1864 .

Brings over changes from appsembler/edx-organizations#13
@OmarIthawi OmarIthawi mentioned this pull request Apr 1, 2021
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@OmarIthawi OmarIthawi OmarIthawi approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@johnbaldwin @OmarIthawi