Allow for JWT Auth on All DRF Endpoints

[feanil]

Most REST endpoints in the edx-platform that require AUTH support JWTAuth or would if it was a default auth class.

However, some of the endpoints are explicitly set to only use SessionAuth. We should update these endpoints so that instead of explicitly overriding the DRF Authentication Classes they use the default authentication classes.

Tasks

• Update all API views that explicitly accept only SessionAuth to use the DEFAULT_AUTHENTICATION_CLASSES instead.

Relevant Views/URLs

• /api/bookmarks/v1/bookmarks/ : get
• /api/bookmarks/v1/bookmarks/ : post
• /api/bookmarks/v1/bookmarks/{username},{usage_id}/ : get
• /api/bookmarks/v1/bookmarks/{username},{usage_id}/ : delete
• /api/commerce/v0/baskets/{basket_id}/order/ : get
• /api/send_account_activation_email : post
• /api/team/v0/bulk_team_membership/{course_id} : get
• /api/team/v0/bulk_team_membership/{course_id} : post
• /api/team/v0/team_membership/ : get
• /api/team/v0/team_membership/ : post
• /api/team/v0/team_membership/{team_id},{username} : get
• /api/team/v0/team_membership/{team_id},{username} : delete
• /api/team/v0/teams/ : get
• /api/team/v0/teams/ : post
• /api/team/v0/teams/{team_id} : get
• /api/team/v0/teams/{team_id} : patch
• /api/team/v0/teams/{team_id} : delete
• /api/team/v0/teams/{team_id}/assignments : get
• /api/team/v0/topics/ : get
• /api/team/v0/topics/{topic_id},{course_id} : get
• /api/user/v1/forum_roles/{name}/users/ : get
• /api/user/v1/preferences/{pref_key}/users/ : get
• /api/user/v1/preferences/{username}/{preference_key} : get
• /api/user/v1/preferences/{username}/{preference_key} : put
• /api/user/v1/preferences/{username}/{preference_key} : delete
• /api/user/v1/preferences/email_opt_in/ : post
• /api/user/v1/user_prefs/ : get
• /api/user/v1/user_prefs/{id}/ : get
• /api/user/v1/users/ : get
• /api/user/v1/users/{id}/ : get
• /courses/{course_id}/teams/ : get
• /user_api/v1/forum_roles/{name}/users/ : get
• /user_api/v1/preferences/{pref_key}/users/ : get
• /user_api/v1/preferences/email_opt_in/ : post
• /user_api/v1/user_prefs/ : get
• /user_api/v1/user_prefs/{id}/ : get
• /user_api/v1/users/ : get
• /user_api/v1/users/{id}/ : get

Acceptance Criteria

• There are no API Views in edx-platform that explicitly only allow SessionAuth.
• It's fine to break this up into multiple PRs to ease review and land smaller changes.

[salman2013]

@feanil Just for confirmation that my understanding of this ticket is correct, as per ticket acceptance criteria we have to remove the authentication from view and use the default one if there is just SessionAuth and add the JWT in default authentication so that all endpoints would allow JWT auth?

I found almost the majority of the views using the combination
authentication_classes = (SessionAuthentication, JwtAuthentication) or SessionAuthenticationAllowInactiveUser but few are using authentication_classes = (authentication.SessionAuthentication).

[feanil]

@salman2013 mostly correct. I think we just need to update the ones that are using authentication_classes = (authentication.SessionAuthentication) as a part of this ticket. There is already other work in progress to add JWT auth as a default. Once we do that we'll do another pass where we remove overrides for any views where the overrides match the default.