feat: Add LTI utilities app (Bad user fix)

Author: arslanashraf7

src/ol_openedx_lti_utilities/.coveragerc

@@ -0,0 +1,10 @@
+[run]
+branch = True
+data_file = .coverage
+source=ol_openedx_lti_utilities
+omit =
+    test_settings.py
+    */migrations/*
+    *admin.py
+    */static/*
+    */templates/*

src/ol_openedx_lti_utilities/CHANGELOG.rst

@@ -0,0 +1,12 @@
+Change Log
+##########
+
+..
+   All enhancements and patches to ol_openedx_lti_utilities will be documented
+   in this file.  It adheres to the structure of https://keepachangelog.com/ ,
+   but in reStructuredText instead of Markdown (for ease of incorporation into
+   Sphinx documentation and the PyPI description).
+
+   This project adheres to Semantic Versioning (https://semver.org/).
+
+.. There should always be an "Unreleased" section for changes pending release.

src/ol_openedx_lti_utilities/LICENSE.txt

@@ -0,0 +1,28 @@
+Copyright (C) 2023  MIT Open Learning
+
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright notice, this
+  list of conditions and the following disclaimer.
+
+* Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
+
+* Neither the name of the copyright holder nor the names of its
+  contributors may be used to endorse or promote products derived from
+  this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

src/ol_openedx_lti_utilities/MANIFEST.in

@@ -0,0 +1,4 @@
+include CHANGELOG.rst
+include LICENSE.txt
+include README.rst
+recursive-include ol_openedx_lti_utilities *.html *.png *.gif *.js *.css *.jpg *.jpeg *.svg *.py

src/ol_openedx_lti_utilities/README.rst

@@ -0,0 +1,17 @@
+LTI Utilities Plugin
+=============================
+
+A django app plugin to add LTI related utilities in Open edX platform.
+
+
+Installation
+------------
+
+For detailed installation instructions, please refer to the `plugin installation guide <../../docs#installation-guide>`_.
+
+Installation required in:
+
+* LMS
+
+How To Use
+----------

src/ol_openedx_lti_utilities/ol_openedx_lti_utilities/__init__.py

@@ -0,0 +1,3 @@
+"""
+ol_openedx_lti_utilities
+"""

src/ol_openedx_lti_utilities/ol_openedx_lti_utilities/app.py

@@ -0,0 +1,25 @@
+"""
+Ol Openedx LTI Utilities App Configuration
+"""
+
+from django.apps import AppConfig
+from edx_django_utils.plugins import PluginURLs
+from openedx.core.djangoapps.plugins.constants import ProjectType
+
+
+class LTIUtilitiesConfig(AppConfig):
+    """
+    Configuration class for Ol Openedx LTI Utilities
+    """
+
+    name = "ol_openedx_lti_utilities"
+
+    plugin_app = {
+        PluginURLs.CONFIG: {
+            ProjectType.LMS: {
+                PluginURLs.NAMESPACE: "",
+                PluginURLs.REGEX: "^api/lti-user-fix/",
+                PluginURLs.RELATIVE_PATH: "urls",
+            }
+        },
+    }

src/ol_openedx_lti_utilities/ol_openedx_lti_utilities/urls.py

@@ -0,0 +1,15 @@
+"""
+OL Open edX LTI Utilities URLs
+"""
+
+from django.urls import re_path
+
+from ol_openedx_lti_utilities.views import LtiUserFixView
+
+urlpatterns = [
+    re_path(
+        r"^",
+        LtiUserFixView.as_view(),
+        name="lti_user_fix",
+    ),
+]

src/ol_openedx_lti_utilities/ol_openedx_lti_utilities/views.py

@@ -0,0 +1,123 @@
+"""
+Views for LTI Utilities operations.
+"""
+
+import logging
+import re
+
+from django.contrib.auth.models import User
+from django.http import Http404
+from edx_rest_framework_extensions import permissions
+from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication
+from edx_rest_framework_extensions.auth.session.authentication import (
+    SessionAuthenticationAllowInactiveUser,
+)
+from lms.djangoapps.lti_provider.models import LtiUser
+from openedx.core.lib.api.authentication import BearerAuthenticationAllowInactiveUser
+from rest_framework import status
+from rest_framework.response import Response
+from rest_framework.views import APIView
+
+log = logging.getLogger(__name__)
+
+# Matches 40-character random username used by LTI users
+LTI_USERNAME_REGEX = r"^[A-Za-z0-9]{40}$"
+
+
+class LtiUserFixView(APIView):
+    """
+    Fix the auth record of an LTI-created user.
+
+    POST /api/lti-user-fix/
+
+    Request payload:
+    {
+        "email": "<user_email>",
+        "username": "<desired_username>"
+    }
+
+    Responses:
+    - 200: Fixed successfully
+    - 400: Bad request or user does not need fixing
+    - 404: No matching LTI user found
+    """
+
+    # Same authentication model as CourseModesMixin
+    authentication_classes = (
+        JwtAuthentication,
+        BearerAuthenticationAllowInactiveUser,
+        SessionAuthenticationAllowInactiveUser,
+    )
+
+    # Same permission enforcement as CourseModesMixin
+    permission_classes = (permissions.JWT_RESTRICTED_APPLICATION_OR_USER_ACCESS,)
+
+    # Only POST allowed
+    http_method_names = ["post"]
+
+    def post(self, request):
+        """
+        Handle POST request to fix LTI user authentication record.
+
+        This endpoint fixes LTI-created users who have random 40-character usernames
+        by updating their username to a more user-friendly value.
+
+        Parameters
+        ----------
+        request : Request
+            The HTTP request object containing email and username in request.data
+
+        Returns
+        -------
+        Response
+            HTTP 200 on successful fix, HTTP 400 for bad requests or users that
+            don't need fixing, HTTP 404 if no matching LTI user is found
+
+        Raises
+        ------
+        Http404
+            If no LTI user exists for the provided email address
+        """
+        user_email = request.data.get("email")
+        user_username = request.data.get("username")
+
+        if not user_email or not user_username:
+            log.error("email and username are required")
+            return Response(
+                {"detail": "email and username are required"},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+
+        def get_bad_lti_user_or_raise(email):
+            """Get LTI user or raise if none exists."""
+            qs = LtiUser.objects.filter(edx_user__email=email)
+            if not qs.exists():
+                raise LtiUser.DoesNotExist
+            return qs.first()
+
+        try:
+            lti_user = get_bad_lti_user_or_raise(user_email)
+
+            # LTI-created users have a 40-char random username → "bad" username
+            bad_lti_user = (
+                lti_user.edx_user
+                if re.match(LTI_USERNAME_REGEX, lti_user.edx_user.username)
+                else None
+            )
+
+            if not bad_lti_user:
+                return Response(
+                    {"detail": "User does not need fixing"},
+                    status=status.HTTP_400_BAD_REQUEST,
+                )
+
+        except LtiUser.DoesNotExist as exc:
+            log.error("No user was found against the given email (%s)", user_email)  # noqa: TRY400
+            raise Http404 from exc
+
+        # Fix username
+        user = User.objects.get(email=user_email)
+        user.username = user_username
+        user.save()
+
+        return Response(status=status.HTTP_200_OK)

src/ol_openedx_lti_utilities/pyproject.toml

@@ -0,0 +1,37 @@
+[project]
+name = "ol-openedx-lti-utilities"
+version = "0.1.0"
+description = "An Open edX plugin to add utilities for LTI operations"
+authors = [
+  {name = "MIT Office of Digital Learning"}
+]
+license = "BSD-3-Clause"
+readme = "README.rst"
+requires-python = ">=3.11"
+dependencies = [
+  "Django>=4.0",
+  "djangorestframework>=3.14.0",
+  "edx-django-utils>4.0.0",
+  "edx-drf-extensions>=10.0.0",
+  "edx-opaque-keys",
+]
+
+[project.entry-points."lms.djangoapp"]
+ol_openedx_lti_utilities = "ol_openedx_lti_utilities.app:LTIUtilitiesConfig"
+
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[tool.hatch.build.targets.wheel]
+packages = ["ol_openedx_lti_utilities"]
+include = [
+  "ol_openedx_lti_utilities/**/*.py",
+]
+
+[tool.hatch.build.targets.sdist]
+include = [
+  "ol_openedx_lti_utilities/**/*",
+  "README.rst",
+  "pyproject.toml",
+]