Merge pull request #2209 from openedx/sameeramin/ENT-8971

feat: added encrypted client id and secret for canvas
openedx · Aug 26, 2024 · 19fc0f3 · 19fc0f3
2 parents 96be03b + a781d83
commit 19fc0f3
Show file tree

Hide file tree

Showing 5 changed files with 65 additions and 1 deletion.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -17,6 +17,10 @@ Unreleased
 ----------
 * nothing unreleased
 
+[4.23.12]
+----------
+* feat: feat: added encrypted client id and secret for canvas integration
+
 [4.23.11]
 ----------
 * feat: implement back-off and retry for SAP SuccessFactors

diff --git a/enterprise/__init__.py b/enterprise/__init__.py
@@ -2,4 +2,4 @@
 Your project description goes here.
 """
 
-__version__ = "4.23.11"
+__version__ = "4.23.12"
diff --git a/enterprise/signals.py b/enterprise/signals.py
@@ -455,6 +455,17 @@ def generate_default_orchestration_record_display_name(sender, instance, **kwarg
             instance.display_name = f'SSO-config-{instance.identity_provider}-{num_records_for_customer + 1}'
 
 
+@receiver(pre_save, sender=CanvasEnterpriseCustomerConfiguration)
+def mirror_id_and_secret_to_decrypted_fields(sender, instance, **kwargs):   # pylint: disable=unused-argument
+    """
+    Mirror the client_id and client_secret to the decrypted fields.
+    """
+    if instance.client_id != instance.decrypted_client_id:
+        instance.decrypted_client_id = instance.client_id
+    if instance.client_secret != instance.decrypted_client_secret:
+        instance.decrypted_client_secret = instance.client_secret
+
+
 # Don't connect this receiver if we dont have access to CourseEnrollment model
 if CourseEnrollment is not None:
     post_save.connect(create_enterprise_enrollment_receiver, sender=CourseEnrollment)

diff --git a/...vas/migrations/0036_canvasenterprisecustomerconfiguration_decrypted_client_id_and_more.py b/...vas/migrations/0036_canvasenterprisecustomerconfiguration_decrypted_client_id_and_more.py
@@ -0,0 +1,24 @@
+# Generated by Django 4.2.15 on 2024-08-26 07:03
+
+from django.db import migrations
+import fernet_fields.fields
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('canvas', '0035_canvaslearnerassessmentdatatransmissionaudit_is_transmitted_and_more'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='canvasenterprisecustomerconfiguration',
+            name='decrypted_client_id',
+            field=fernet_fields.fields.EncryptedCharField(blank=True, default='', help_text='The encrypted API Client ID provided to edX by the enterprise customer to be used to make API calls to Canvas on behalf of the customer. It will be encrypted when stored in the database.', max_length=255, null=True, verbose_name='Encrypted API Client ID'),
+        ),
+        migrations.AddField(
+            model_name='canvasenterprisecustomerconfiguration',
+            name='decrypted_client_secret',
+            field=fernet_fields.fields.EncryptedCharField(blank=True, default='', help_text='The encrypted API Client Secret provided to edX by the enterprise customer to be used to make  API calls to Canvas on behalf of the customer. It will be encrypted when stored in the database.', max_length=255, null=True, verbose_name='Encrypted API Client Secret'),
+        ),
+    ]
diff --git a/integrated_channels/canvas/models.py b/integrated_channels/canvas/models.py
@@ -6,6 +6,7 @@
 import uuid
 from logging import getLogger
 
+from fernet_fields import EncryptedCharField
 from six.moves.urllib.parse import urljoin
 
 from django.conf import settings
@@ -44,6 +45,18 @@ class CanvasEnterpriseCustomerConfiguration(EnterpriseCustomerPluginConfiguratio
         )
     )
 
+    decrypted_client_id = EncryptedCharField(
+        max_length=255,
+        blank=True,
+        default='',
+        verbose_name="Encrypted API Client ID",
+        help_text=(
+            "The encrypted API Client ID provided to edX by the enterprise customer to be used to make API "
+            "calls to Canvas on behalf of the customer. It will be encrypted when stored in the database."
+        ),
+        null=True,
+    )
+
     client_secret = models.CharField(
         max_length=255,
         blank=True,
@@ -55,6 +68,18 @@ class CanvasEnterpriseCustomerConfiguration(EnterpriseCustomerPluginConfiguratio
         )
     )
 
+    decrypted_client_secret = EncryptedCharField(
+        max_length=255,
+        blank=True,
+        default='',
+        verbose_name="Encrypted API Client Secret",
+        help_text=(
+            "The encrypted API Client Secret provided to edX by the enterprise customer to be used to make "
+            " API calls to Canvas on behalf of the customer. It will be encrypted when stored in the database."
+        ),
+        null=True,
+    )
+
     canvas_account_id = models.BigIntegerField(
         null=True,
         blank=True,