From 67f082a311b0bd4aaed693b43c1b45ec1d0d9952 Mon Sep 17 00:00:00 2001 From: Brian Buck Date: Wed, 13 May 2026 11:36:42 -0600 Subject: [PATCH 1/2] fix: Add authentication classes to special exams reset attempts view --- lms/djangoapps/instructor/views/api_v2.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lms/djangoapps/instructor/views/api_v2.py b/lms/djangoapps/instructor/views/api_v2.py index b952ad922f8e..d463a516b848 100644 --- a/lms/djangoapps/instructor/views/api_v2.py +++ b/lms/djangoapps/instructor/views/api_v2.py @@ -43,6 +43,8 @@ ProctoredBaseException, ProctoredExamNotFoundException, ) +from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication +from openedx.core.djangoapps.cors_csrf.authentication import SessionAuthenticationCrossDomainCsrf from edx_proctoring.models import ProctoredExamStudentAllowance from edx_rest_framework_extensions.paginators import DefaultPagination from edx_when import api as edx_when_api @@ -4187,6 +4189,7 @@ class SpecialExamResetView(DeveloperErrorViewMixin, APIView): POST /api/instructor/v2/courses/{course_id}/special_exams/{exam_id}/reset/{username} """ + authentication_classes = (JwtAuthentication, SessionAuthenticationCrossDomainCsrf) permission_classes = (IsAuthenticated, permissions.InstructorPermission) permission_name = permissions.EXAM_RESULTS From 1c12b1980c37c2334763a838b17589e083f20157 Mon Sep 17 00:00:00 2001 From: Brian Buck Date: Wed, 13 May 2026 11:48:32 -0600 Subject: [PATCH 2/2] fix: Only use JwtAuthentication in authentication_classes --- lms/djangoapps/instructor/views/api_v2.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/lms/djangoapps/instructor/views/api_v2.py b/lms/djangoapps/instructor/views/api_v2.py index d463a516b848..d855a630c7e7 100644 --- a/lms/djangoapps/instructor/views/api_v2.py +++ b/lms/djangoapps/instructor/views/api_v2.py @@ -43,9 +43,8 @@ ProctoredBaseException, ProctoredExamNotFoundException, ) -from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication -from openedx.core.djangoapps.cors_csrf.authentication import SessionAuthenticationCrossDomainCsrf from edx_proctoring.models import ProctoredExamStudentAllowance +from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication from edx_rest_framework_extensions.paginators import DefaultPagination from edx_when import api as edx_when_api from opaque_keys import InvalidKeyError @@ -4189,7 +4188,7 @@ class SpecialExamResetView(DeveloperErrorViewMixin, APIView): POST /api/instructor/v2/courses/{course_id}/special_exams/{exam_id}/reset/{username} """ - authentication_classes = (JwtAuthentication, SessionAuthenticationCrossDomainCsrf) + authentication_classes = (JwtAuthentication,) permission_classes = (IsAuthenticated, permissions.InstructorPermission) permission_name = permissions.EXAM_RESULTS