Merge pull request #484 from edly-io/feat/verify-lms-token

Added API to verify LMS token
edly-io · Jan 9, 2024 · 5b3f8f0 · 5b3f8f0
2 parents 826535a + dbd2e62
commit 5b3f8f0
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 7 deletions.
diff --git a/lms/djangoapps/badges/api/urls.py b/lms/djangoapps/badges/api/urls.py
@@ -6,11 +6,12 @@
 from django.conf import settings
 from django.urls import re_path
 
-from .views import UserBadgeAssertions, LeaderboardView
+from .views import UserBadgeAssertions, LeaderboardView, VerfyTokenView
 
 urlpatterns = [
     re_path('^assertions/user/' + settings.USERNAME_PATTERN + '/$',
             UserBadgeAssertions.as_view(), name='user_assertions'),
 
-    re_path('leaderboard/', LeaderboardView.as_view(), name='leaderboard')
+    re_path('leaderboard/', LeaderboardView.as_view(), name='leaderboard'),
+    re_path('verify-lms-token/', VerfyTokenView.as_view(), name='verify-lms-token'),
 ]
diff --git a/lms/djangoapps/badges/api/views.py b/lms/djangoapps/badges/api/views.py
@@ -3,25 +3,32 @@
 """
 
 
-from edx_rest_framework_extensions.auth.session.authentication import \
-    SessionAuthenticationAllowInactiveUser
+import json
+import logging
+
+from django.conf import settings
+from django.db.models import Case, Count, IntegerField, Sum, Value, When
+from django.utils.translation import gettext as _
+from edx_rest_framework_extensions.auth.session.authentication import SessionAuthenticationAllowInactiveUser
+from jwkest import jwk
+from jwkest.jws import JWS
 from opaque_keys import InvalidKeyError
 from opaque_keys.edx.django.models import CourseKeyField
 from opaque_keys.edx.keys import CourseKey
 from rest_framework import generics
 from rest_framework.exceptions import APIException
+from rest_framework.pagination import PageNumberPagination
 from rest_framework.response import Response
 from rest_framework.views import APIView
-from rest_framework.pagination import PageNumberPagination
 
-from django.db.models import Count, Case, When, Value, IntegerField, Sum
-from django.utils.translation import gettext as _
 from lms.djangoapps.badges.models import BadgeAssertion, LeaderboardEntry
 from openedx.core.djangoapps.user_api.permissions import is_field_shared_factory
 from openedx.core.lib.api.authentication import BearerAuthenticationAllowInactiveUser
 
 from .serializers import BadgeAssertionSerializer, UserLeaderboardSerializer
 
+log = logging.getLogger(__name__)
+
 
 class InvalidCourseKeyError(APIException):
     """
@@ -150,3 +157,29 @@ class LeaderboardView(generics.ListAPIView):
     """
     serializer_class = UserLeaderboardSerializer
     queryset = LeaderboardEntry.objects.all().order_by('-score')
+
+
+class VerfyTokenView(APIView):
+    """
+    Verify LMS token API View
+    """
+    def post(self, request):
+        token = request.headers.get('token')
+
+        if not token:
+            return Response(data={'status': 'Token not given'}, status=400)
+
+        try:
+            keys = jwk.KEYS()
+            serialized_keypair = json.loads(settings.JWT_AUTH['JWT_PRIVATE_SIGNING_JWK'])
+            keys.add(serialized_keypair)
+            JWS().verify_compact(token, keys=keys)
+        except Exception as e:
+            try:
+                keys.add({'key': settings.JWT_AUTH['JWT_SECRET_KEY'], 'kty': 'oct'})
+                JWS().verify_compact(token, keys=keys)
+            except Exception as e:
+                log.info(str(e))
+                return Response(data={'status': 'invalid token'}, status=403)
+
+        return Response(data={'status': 'verified'}, status=200)