diff --git a/CHANGELOG.rst b/CHANGELOG.rst index e3ddf6a78b..51e2890bd5 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -16,6 +16,11 @@ Change Log Unreleased ---------- +[4.9.5] +-------- + +feat: replacing non encrypted fields of moodle config model with encrypted ones + [4.9.4] -------- diff --git a/enterprise/__init__.py b/enterprise/__init__.py index 665440b6f8..897c6f5e55 100644 --- a/enterprise/__init__.py +++ b/enterprise/__init__.py @@ -2,4 +2,4 @@ Your project description goes here. """ -__version__ = "4.9.4" +__version__ = "4.9.5" diff --git a/integrated_channels/api/v1/moodle/serializers.py b/integrated_channels/api/v1/moodle/serializers.py index fcef70f5a5..9668dcdb43 100644 --- a/integrated_channels/api/v1/moodle/serializers.py +++ b/integrated_channels/api/v1/moodle/serializers.py @@ -1,6 +1,8 @@ """ Serializer for Moodle configuration. """ +from rest_framework import serializers + from integrated_channels.api.serializers import EnterpriseCustomerPluginConfigSerializer from integrated_channels.moodle.models import MoodleEnterpriseCustomerConfiguration @@ -12,8 +14,12 @@ class Meta: 'moodle_base_url', 'service_short_name', 'category_id', - 'username', - 'password', - 'token', + 'encrypted_username', + 'encrypted_password', + 'encrypted_token', ) fields = EnterpriseCustomerPluginConfigSerializer.Meta.fields + extra_fields + + encrypted_password = serializers.CharField(required=False, allow_blank=False, read_only=False) + encrypted_username = serializers.CharField(required=False, allow_blank=False, read_only=False) + encrypted_token = serializers.CharField(required=False, allow_blank=False, read_only=False) diff --git a/integrated_channels/moodle/admin/__init__.py b/integrated_channels/moodle/admin/__init__.py index 81156462a5..44c11cb02c 100644 --- a/integrated_channels/moodle/admin/__init__.py +++ b/integrated_channels/moodle/admin/__init__.py @@ -24,9 +24,9 @@ class Meta: def clean(self): cleaned_data = super().clean() - cleaned_username = cleaned_data.get('username') - cleaned_password = cleaned_data.get('password') - cleaned_token = cleaned_data.get('token') + cleaned_username = cleaned_data.get('decrypted_username') + cleaned_password = cleaned_data.get('decrypted_password') + cleaned_token = cleaned_data.get('decrypted_token') if cleaned_token and (cleaned_username or cleaned_password): raise ValidationError(_('Cannot set both a Username/Password and Token')) if (cleaned_username and not cleaned_password) or (cleaned_password and not cleaned_username): diff --git a/integrated_channels/moodle/client.py b/integrated_channels/moodle/client.py index d62558ad22..9226c524bf 100644 --- a/integrated_channels/moodle/client.py +++ b/integrated_channels/moodle/client.py @@ -184,6 +184,7 @@ def _get_access_token(self): username = self.enterprise_configuration.username decrypted_password = self.enterprise_configuration.decrypted_password password = self.enterprise_configuration.password + use_encrypted_user_data = getattr(settings, 'FEATURES', {}).get('USE_ENCRYPTED_USER_DATA', False) response = requests.post( urljoin( @@ -195,8 +196,8 @@ def _get_access_token(self): 'Content-Type': 'application/x-www-form-urlencoded', }, data={ - "username": decrypted_username if settings.FEATURES.get('USE_ENCRYPTED_USER_DATA', False) else username, - "password": decrypted_password if settings.FEATURES.get('USE_ENCRYPTED_USER_DATA', False) else password, + "username": decrypted_username if use_encrypted_user_data else username, + "password": decrypted_password if use_encrypted_user_data else password, }, ) diff --git a/integrated_channels/moodle/models.py b/integrated_channels/moodle/models.py index 793dfbbe8a..83442f4d44 100644 --- a/integrated_channels/moodle/models.py +++ b/integrated_channels/moodle/models.py @@ -230,7 +230,7 @@ def is_valid(self): incorrect_items = {'incorrect': []} if not self.moodle_base_url: missing_items.get('missing').append('moodle_base_url') - if not self.token and not (self.username and self.password): + if not self.decrypted_token and not (self.decrypted_username and self.decrypted_password): missing_items.get('missing').append('token OR username and password') if not self.service_short_name: missing_items.get('missing').append('service_short_name') diff --git a/tests/test_integrated_channels/test_api/test_moodle/test_views.py b/tests/test_integrated_channels/test_api/test_moodle/test_views.py index 23fe53db18..ef420739e9 100644 --- a/tests/test_integrated_channels/test_api/test_moodle/test_views.py +++ b/tests/test_integrated_channels/test_api/test_moodle/test_views.py @@ -82,13 +82,13 @@ def test_update(self, mock_current_request): 'moodle_base_url': 'http://testing2', 'service_short_name': 'test', 'enterprise_customer': ENTERPRISE_ID, - 'token': 'testing' + 'encrypted_token': 'testing' } response = self.client.put(url, payload) self.moodle_config.refresh_from_db() self.assertEqual(self.moodle_config.moodle_base_url, 'http://testing2') self.assertEqual(self.moodle_config.service_short_name, 'test') - self.assertEqual(self.moodle_config.token, 'testing') + self.assertEqual(self.moodle_config.decrypted_token, 'testing') self.assertEqual(response.status_code, 200) @mock.patch('enterprise.rules.crum.get_current_request') @@ -139,6 +139,9 @@ def test_is_valid_field(self, mock_current_request): _, incorrect = data[0].get('is_valid') assert incorrect.get('incorrect') == ['moodle_base_url', 'display_name'] + self.moodle_config.decrypted_token = '' + self.moodle_config.decrypted_username = '' + self.moodle_config.decrypted_password = '' self.moodle_config.token = '' self.moodle_config.username = '' self.moodle_config.password = '' @@ -152,6 +155,9 @@ def test_is_valid_field(self, mock_current_request): assert missing.get('missing') == ['moodle_base_url', 'token OR username and password', 'service_short_name'] self.moodle_config.category_id = 10 + self.moodle_config.decrypted_username = 'lmao' + self.moodle_config.decrypted_password = 'foobar' + self.moodle_config.decrypted_token = 'baa' self.moodle_config.username = 'lmao' self.moodle_config.password = 'foobar' self.moodle_config.token = 'baa'