Add OAuth2 support for problem response reports endpoints

[pcockwell]

This PR attempts to re-add functionality that was originally included with https://github.com/edx/edx-platform/pull/19635.

JIRA tickets:
OSPR-4933

Sandbox URL: TBD - sandbox is being provisioned.

Testing instructions:

1. Run tests related to this new endpoint:

paver test_system -t lms/djangoapps/instructor/tests/test_api.py

2. Go to the DemoX edX Demonstration Course as staff user.
3. Check if the generation of problem response reports is working correctly via the instructor interface.
4. Create an Oauth client here if one does not exists for testing.
5. Use the Oauth2 endpoint to get an auth token (cUrl, Postman or other tool).
6. Check get_response_report endpoint. Example:

POST /courses/course-v1:edX+DemoX+Demo_Course/instructor/api/get_problem_responses
Body:
{
    "problem_location": "block-v1:edX+DemoX+Demo_Course+type@problem+block@c554538a57664fac80783b99d9d6da7c"
}

7. Check list_instructor_tasks endpoint. Example:

POST /courses/course-v1:edX+DemoX+Demo_Course/instructor/api/list_instructor_tasks
Body: {}

8. Check list_report_downloads endpoint. Example:

POST /courses/course-v1:edX+DemoX+Demo_Course/instructor/api/list_report_downloads
Body: {}

Author notes and concerns:

1. The code from the original PR was cherry-picked to the current master branch and then conflicts were manually resolved.

Reviewers

• @xitij2000
• edX reviewer[s] TBD

[openedx-webhooks]

Thanks for the pull request, @pcockwell! I've created OSPR-4933 to keep track of it in JIRA, where we prioritize reviews. Please note that it may take us up to several weeks or months to complete a review and merge your PR.

Feel free to add as much of the following information to the ticket:

• supporting documentation
• Open edX discussion forum threads
• timeline information ("this must be merged by XX date", and why that is)
• partner information ("this is a course on edx.org")
• any other information that can help Product understand the context for the PR

All technical communication about the code itself will be done via the GitHub pull request interface. As a reminder, our process documentation is here.

Please let us know once your PR is ready for our review and all tests are green.

[pcockwell]

@ormsbee Did the investigation for #19635 produce any useful information as the cause of the problems? Could you describe what was happening such that these errors were occurring and/or how to reproduce them? Any information you have on this would be appreciated.

Right now, the requests made to these endpoints succeed when providing an Authorization header with the Bearer access token included, but they do not appear to require any CSRF Token for the request. My understanding of the Django Rest Framework APIView, is that when [SessionAuthentication](https://www.django-rest-framework.org/api-guide/authentication/#sessionauthentication) is included in authentication_classes, then any requests that use Session based credentials should require a CSRF Token. As of yet though, I can't seem to figure out how to test these endpoints using the CSRF token

[xitij2000]

jenkins run all

[xitij2000]

Please look at the failing tests and rectify.

[natabene]

@pcockwell Thank you for your contribution. Please let me know once it is ready for our review.

[xitij2000]

👍 Seems to be working OK. I've just suggested a few minor corrections and updates. See to them and this is done. Doesn't need another review pass from me.

• I tested this: tested using regular and via instructor dashboard.
• I read through the code
• Includes documentation

[xitij2000]

Suggested change

	Assumes that request is in args[0]
	Assumes that request is in args[0].

[xitij2000]

Suggested change

	POST /api/instructor/v1/course/{}/tasks
	POST /api/instructor/v1/course/{}/reports

[xitij2000]

Could you update this documentation to also point to the new API endpoints?

[pcockwell]

@xitij2000

Is this what you meant?

[xitij2000]

👍

• I tested this: tested endpoints using REST requests
• I read through the code
• Includes documentation

[pcockwell]

@natabene This is now ready for edX review. Thanks!

[pcockwell]

jenkins run py38

[natabene]

@pcockwell Thanks for letting me know, I am lining this up for our review.

[pcockwell]

jenkins run python-3.8

[bradenmacdonald]

@pcockwell If this PR is no longer WIP, could you please update the description to reflect its current status?

Please note this PR is a WIP. Functionality testing still needs to occur.

[pcockwell]

@pcockwell If this PR is no longer WIP, could you please update the description to reflect its current status?

Please note this PR is a WIP. Functionality testing still needs to occur.

Done. Sorry about that

[xitij2000]

jenkins run a11y

[edx-status-bot]

Your PR has finished running tests. The following contexts failed:

• jenkins/a11y
• jenkins/quality
• jenkins/python

[xitij2000]

@natabene This can be closed since I've opened a new PR here: https://github.com/edx/edx-platform/pull/27313

[openedx-webhooks]

@pcockwell Even though your pull request wasn’t merged, please take a moment to answer a two question survey so we can improve your experience in the future.