Removing unencrypted user credentials data

integrated_channels/api/v1/moodle/serializers.py

@@ -1,6 +1,8 @@
 """
     Serializer for Moodle configuration.
 """
+from rest_framework import serializers
+
 from integrated_channels.api.serializers import EnterpriseCustomerPluginConfigSerializer
 from integrated_channels.moodle.models import MoodleEnterpriseCustomerConfiguration
 
@@ -12,8 +14,12 @@ class Meta:
             'moodle_base_url',
             'service_short_name',
             'category_id',
-            'username',
-            'password',
-            'token',
+            'encrypted_username',
+            'encrypted_password',
+            'encrypted_token',
         )
         fields = EnterpriseCustomerPluginConfigSerializer.Meta.fields + extra_fields
+
+    encrypted_password = serializers.CharField(required=False, allow_blank=False, read_only=False)
+    encrypted_username = serializers.CharField(required=False, allow_blank=False, read_only=False)
+    encrypted_token = serializers.CharField(required=False, allow_blank=False, read_only=False)

integrated_channels/moodle/admin/__init__.py

@@ -24,9 +24,9 @@ class Meta:
 
     def clean(self):
         cleaned_data = super().clean()
-        cleaned_username = cleaned_data.get('username')
-        cleaned_password = cleaned_data.get('password')
-        cleaned_token = cleaned_data.get('token')
+        cleaned_username = cleaned_data.get('decrypted_username')
+        cleaned_password = cleaned_data.get('decrypted_password')
+        cleaned_token = cleaned_data.get('decrypted_token')
         if cleaned_token and (cleaned_username or cleaned_password):
             raise ValidationError(_('Cannot set both a Username/Password and Token'))
         if (cleaned_username and not cleaned_password) or (cleaned_password and not cleaned_username):

integrated_channels/moodle/client.py

@@ -10,7 +10,6 @@
 import requests
 
 from django.apps import apps
-from django.conf import settings
 
 from integrated_channels.exceptions import ClientError
 from integrated_channels.integrated_channel.client import IntegratedChannelApiClient
@@ -143,12 +142,7 @@ def __init__(self, enterprise_configuration):
         """
         super().__init__(enterprise_configuration)
         self.config = apps.get_app_config('moodle')
-        token = (
-            enterprise_configuration.decrypted_token
-            if getattr(settings, 'FEATURES', {}).get('USE_ENCRYPTED_USER_DATA', False)
-            else enterprise_configuration.token
-        )
-        self.token = token or self._get_access_token()
+        self.token = enterprise_configuration.decrypted_token or self._get_access_token()
         self.api_url = urljoin(self.enterprise_configuration.moodle_base_url, self.MOODLE_API_PATH)
 
     def _post(self, additional_params):
@@ -188,11 +182,6 @@ def _get_access_token(self):
             'service': self.enterprise_configuration.service_short_name
         }
 
-        decrypted_username = self.enterprise_configuration.decrypted_username
-        username = self.enterprise_configuration.username
-        decrypted_password = self.enterprise_configuration.decrypted_password
-        password = self.enterprise_configuration.password
-
         response = requests.post(
             urljoin(
                 self.enterprise_configuration.moodle_base_url,
@@ -203,8 +192,8 @@ def _get_access_token(self):
                 'Content-Type': 'application/x-www-form-urlencoded',
             },
             data={
-                "username": decrypted_username if settings.FEATURES.get('USE_ENCRYPTED_USER_DATA', False) else username,
-                "password": decrypted_password if settings.FEATURES.get('USE_ENCRYPTED_USER_DATA', False) else password,
+                "username": self.enterprise_configuration.decrypted_username,
+                "password": self.enterprise_configuration.decrypted_password,
             },
         )
 

integrated_channels/moodle/migrations/0031_auto_20231204_0737.py

@@ -0,0 +1,23 @@
+# Generated by Django 3.2.20 on 2023-12-04 07:37
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('moodle', '0030_merge_0028_auto_20231116_1826_0029_auto_20231106_1233'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='historicalmoodleenterprisecustomerconfiguration',
+            name='use_encrypted_user_data',
+            field=models.BooleanField(default=False, help_text='When set to True, the configured customer will use encrypted columns data to make client requests, this a boolean flag for testing purpose'),
+        ),
+        migrations.AddField(
+            model_name='moodleenterprisecustomerconfiguration',
+            name='use_encrypted_user_data',
+            field=models.BooleanField(default=False, help_text='When set to True, the configured customer will use encrypted columns data to make client requests, this a boolean flag for testing purpose'),
+        ),
+    ]

integrated_channels/moodle/migrations/0032_auto_20231208_2345.py

@@ -0,0 +1,45 @@
+# Generated by Django 3.2.23 on 2023-12-08 23:45
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('moodle', '0031_auto_20231204_0737'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='historicalmoodleenterprisecustomerconfiguration',
+            name='password',
+        ),
+        migrations.RemoveField(
+            model_name='historicalmoodleenterprisecustomerconfiguration',
+            name='token',
+        ),
+        migrations.RemoveField(
+            model_name='historicalmoodleenterprisecustomerconfiguration',
+            name='use_encrypted_user_data',
+        ),
+        migrations.RemoveField(
+            model_name='historicalmoodleenterprisecustomerconfiguration',
+            name='username',
+        ),
+        migrations.RemoveField(
+            model_name='moodleenterprisecustomerconfiguration',
+            name='password',
+        ),
+        migrations.RemoveField(
+            model_name='moodleenterprisecustomerconfiguration',
+            name='token',
+        ),
+        migrations.RemoveField(
+            model_name='moodleenterprisecustomerconfiguration',
+            name='use_encrypted_user_data',
+        ),
+        migrations.RemoveField(
+            model_name='moodleenterprisecustomerconfiguration',
+            name='username',
+        ),
+    ]

integrated_channels/moodle/models.py

@@ -57,15 +57,6 @@ class MoodleEnterpriseCustomerConfiguration(EnterpriseCustomerPluginConfiguratio
         )
     )
 
-    username = models.CharField(
-        max_length=255,
-        verbose_name="Webservice Username",
-        blank=True,
-        help_text=_(
-            "The API user's username used to obtain new tokens."
-        )
-    )
-
     decrypted_username = EncryptedCharField(
         max_length=255,
         verbose_name="Encrypted Webservice Username",
@@ -100,15 +91,6 @@ def encrypted_username(self, value):
         """
         self.decrypted_username = value
 
-    password = models.CharField(
-        max_length=255,
-        blank=True,
-        verbose_name="Webservice Password",
-        help_text=_(
-            "The API user's password used to obtain new tokens."
-        )
-    )
-
     decrypted_password = EncryptedCharField(
         max_length=255,
         verbose_name="Encrypted Webservice Password",
@@ -143,15 +125,6 @@ def encrypted_password(self, value):
         """
         self.decrypted_password = value
 
-    token = models.CharField(
-        max_length=255,
-        blank=True,
-        verbose_name="Webservice User Token",
-        help_text=_(
-            "The user's token for the Moodle webservice."
-        )
-    )
-
     decrypted_token = EncryptedCharField(
         max_length=255,
         verbose_name="Encrypted Webservice Token",
@@ -230,7 +203,7 @@ def is_valid(self):
         incorrect_items = {'incorrect': []}
         if not self.moodle_base_url:
             missing_items.get('missing').append('moodle_base_url')
-        if not self.token and not (self.username and self.password):
+        if not self.decrypted_token and not (self.decrypted_username and self.decrypted_password):
             missing_items.get('missing').append('token OR username and password')
         if not self.service_short_name:
             missing_items.get('missing').append('service_short_name')

tests/test_integrated_channels/test_api/test_moodle/test_views.py

@@ -82,13 +82,13 @@ def test_update(self, mock_current_request):
             'moodle_base_url': 'http://testing2',
             'service_short_name': 'test',
             'enterprise_customer': ENTERPRISE_ID,
-            'token': 'testing'
+            'encrypted_token': 'testing'
         }
         response = self.client.put(url, payload)
         self.moodle_config.refresh_from_db()
         self.assertEqual(self.moodle_config.moodle_base_url, 'http://testing2')
         self.assertEqual(self.moodle_config.service_short_name, 'test')
-        self.assertEqual(self.moodle_config.token, 'testing')
+        self.assertEqual(self.moodle_config.decrypted_token, 'testing')
         self.assertEqual(response.status_code, 200)
 
     @mock.patch('enterprise.rules.crum.get_current_request')
@@ -139,9 +139,9 @@ def test_is_valid_field(self, mock_current_request):
         _, incorrect = data[0].get('is_valid')
         assert incorrect.get('incorrect') == ['moodle_base_url', 'display_name']
 
-        self.moodle_config.token = ''
-        self.moodle_config.username = ''
-        self.moodle_config.password = ''
+        self.moodle_config.decrypted_token = ''
+        self.moodle_config.decrypted_username = ''
+        self.moodle_config.decrypted_password = ''
         self.moodle_config.moodle_base_url = ''
         self.moodle_config.service_short_name = ''
         self.moodle_config.save()
@@ -152,9 +152,9 @@ def test_is_valid_field(self, mock_current_request):
         assert missing.get('missing') == ['moodle_base_url', 'token OR username and password', 'service_short_name']
 
         self.moodle_config.category_id = 10
-        self.moodle_config.username = 'lmao'
-        self.moodle_config.password = 'foobar'
-        self.moodle_config.token = 'baa'
+        self.moodle_config.decrypted_username = 'lmao'
+        self.moodle_config.decrypted_password = 'foobar'
+        self.moodle_config.decrypted_token = 'baa'
         self.moodle_config.moodle_base_url = 'http://lovely.com'
         self.moodle_config.service_short_name = 'short'
         self.moodle_config.display_name = '1234!@#$'

tests/test_integrated_channels/test_moodle/test_client.py

@@ -82,18 +82,12 @@ def setUp(self):
             decrypted_username=self.user,
             decrypted_password=self.password,
             decrypted_token=self.token,
-            username=self.user,
-            password=self.password,
-            token=self.token,
         )
         self.enterprise_custom_config = factories.MoodleEnterpriseCustomerConfigurationFactory(
             moodle_base_url=self.custom_moodle_base_url,
             decrypted_username=self.user,
             decrypted_password=self.password,
             decrypted_token=self.token,
-            username=self.user,
-            password=self.password,
-            token=self.token,
             grade_scale=10,
             grade_assignment_name='edX Grade Test'
         )

tests/test_integrated_channels/test_moodle/test_transmitters/test_content_metadata.py

@@ -36,9 +36,6 @@ def setUp(self):
             decrypted_username=self.user,
             decrypted_password=self.password,
             decrypted_token=self.api_token,
-            username=self.user,
-            password=self.password,
-            token=self.api_token,
         )
 
     def test_prepare_items_for_transmission(self):

tests/test_integrated_channels/test_moodle/test_transmitters/test_learner_data.py

@@ -39,9 +39,6 @@ def setUp(self):
             decrypted_username='username',
             decrypted_password='password',
             decrypted_token='token',
-            username='username',
-            password='password',
-            token='token',
         )
         self.payload = MoodleLearnerDataTransmissionAudit(
             moodle_user_email=self.enterprise_customer.contact_email,