lms.djangoapps.discussion.notification_prefs package#
Submodules#
lms.djangoapps.discussion.notification_prefs.views module#
Views to support notification preferences.
- class lms.djangoapps.discussion.notification_prefs.views.UsernameCipher#
Bases:
objectA transformation of a username to/from an opaque token
The purpose of the token is to make one-click unsubscribe links that don’t require the user to log in. To prevent users from unsubscribing other users, we must ensure the token cannot be computed by anyone who has this source code. The token must also be embeddable in a URL.
Thus, we take the following steps to encode (and do the inverse to decode): 1. Pad the UTF-8 encoding of the username with PKCS#7 padding to match the
AES block length
Generate a random AES block length initialization vector
Use AES-256 (with a hash of settings.SECRET_KEY as the encryption key) in CBC mode to encrypt the username
Prepend the IV to the encrypted value to allow for initialization of the decryption cipher
base64url encode the result
- static decrypt(token)#
- static encrypt(username)#
- exception lms.djangoapps.discussion.notification_prefs.views.UsernameDecryptionException#
Bases:
Exception
- lms.djangoapps.discussion.notification_prefs.views.ajax_disable(request)#
A view that disables notifications for the authenticated user
This view should be invoked by an AJAX POST call. It returns status 204 (no content) or an error.
- lms.djangoapps.discussion.notification_prefs.views.ajax_enable(request)#
A view that enables notifications for the authenticated user
This view should be invoked by an AJAX POST call. It returns status 204 (no content) or an error. If notifications were already enabled for this user, this has no effect. Otherwise, a preference is created with the unsubscribe token (an encryption of the username) as the value.username
- lms.djangoapps.discussion.notification_prefs.views.ajax_status(request)#
A view that retrieves notifications status for the authenticated user.
This view should be invoked by an AJAX GET call. It returns status 200, with a JSON-formatted payload, or an error.
- lms.djangoapps.discussion.notification_prefs.views.enable_notifications(user)#
Enable notifications for a user. Currently only used for daily forum digests.
- lms.djangoapps.discussion.notification_prefs.views.set_subscription(request, token, subscribe)#
A view that disables or re-enables notifications for a user who may not be authenticated
This view is meant to be the target of an unsubscribe link. The request must be a GET, and the token parameter must decrypt to a valid username. The subscribe flag feature controls whether the view subscribes or unsubscribes the user, with subscribe=True used to “undo” accidentally clicking on the unsubscribe link
A 405 will be returned if the request method is not GET. A 404 will be returned if the token parameter does not decrypt to a valid username. On success, the response will contain a page indicating success.