🔥(back) remove mozilla OIDCAuthentication fron DRF settings

The mozilla OIDCAuthentication backend was configured in the DRF
settings but not used. We have to remove it.

Author: lunika

src/backend/core/tests/items/test_api_item_accesses.py

@@ -21,7 +21,7 @@ def test_api_item_accesses_list_anonymous():
     factories.UserItemAccessFactory.create_batch(2, item=item)
 
     response = APIClient().get(f"/api/v1.0/items/{item.id!s}/accesses/")
-    assert response.status_code == 401
+    assert response.status_code == 403
     assert response.json() == {
         "errors": [
             {
@@ -145,7 +145,7 @@ def test_api_item_accesses_retrieve_anonymous():
         f"/api/v1.0/items/{access.item_id!s}/accesses/{access.id!s}/",
     )
 
-    assert response.status_code == 401
+    assert response.status_code == 403
     assert response.json() == {
         "errors": [
             {
@@ -262,7 +262,7 @@ def test_api_item_accesses_update_anonymous():
             {**old_values, field: value},
             format="json",
         )
-        assert response.status_code == 401
+        assert response.status_code == 403
 
     access.refresh_from_db()
     updated_values = serializers.ItemAccessSerializer(instance=access).data
@@ -631,7 +631,7 @@ def test_api_item_accesses_delete_anonymous():
         f"/api/v1.0/items/{item.id!s}/accesses/{access.id!s}/",
     )
 
-    assert response.status_code == 401
+    assert response.status_code == 403
     assert models.ItemAccess.objects.count() == 1
 
 

src/backend/core/tests/items/test_api_item_accesses_create.py

@@ -32,7 +32,7 @@ def test_api_item_accesses_create_anonymous():
         format="json",
     )
 
-    assert response.status_code == 401
+    assert response.status_code == 403
     assert response.json() == {
         "errors": [
             {

src/backend/core/tests/items/test_api_item_invitations.py

@@ -27,7 +27,7 @@ def test_api_item_invitations_list_anonymous_user():
     """Anonymous users should not be able to list invitations."""
     invitation = factories.InvitationFactory()
     response = APIClient().get(f"/api/v1.0/items/{invitation.item.id!s}/invitations/")
-    assert response.status_code == 401
+    assert response.status_code == 403
 
 
 @pytest.mark.parametrize("via", VIA)
@@ -189,7 +189,7 @@ def test_api_item_invitations_retrieve_anonymous_user():
         f"/api/v1.0/items/{invitation.item.id!s}/invitations/{invitation.id!s}/",
     )
 
-    assert response.status_code == 401
+    assert response.status_code == 403
 
 
 def test_api_item_invitations_retrieve_unrelated_user():
@@ -293,7 +293,7 @@ def test_api_item_invitations_create_anonymous():
         format="json",
     )
 
-    assert response.status_code == 401
+    assert response.status_code == 403
     assert response.json() == {
         "errors": [
             {
@@ -775,7 +775,7 @@ def test_api_item_invitations_delete_anonymous():
     response = APIClient().delete(
         f"/api/v1.0/items/{invitation.item.id!s}/invitations/{invitation.id!s}/",
     )
-    assert response.status_code == 401
+    assert response.status_code == 403
 
 
 def test_api_item_invitations_delete_authenticated_outsider():

src/backend/core/tests/items/test_api_item_upload_ended.py

@@ -18,7 +18,7 @@ def test_api_item_upload_ended_anonymous():
     item = factories.ItemFactory()
     response = APIClient().post(f"/api/v1.0/items/{item.id!s}/upload-ended/")
 
-    assert response.status_code == 401
+    assert response.status_code == 403
 
 
 @pytest.mark.parametrize("role", [None, "reader"])

src/backend/core/tests/items/test_api_items_children_create.py

@@ -41,7 +41,7 @@ def test_api_items_children_create_anonymous(reach, role, depth):
     )
 
     assert Item.objects.count() == items_created
-    assert response.status_code == 401
+    assert response.status_code == 403
     assert response.json() == {
         "type": "client_error",
         "errors": [

src/backend/core/tests/items/test_api_items_children_list.py

@@ -207,7 +207,7 @@ def test_api_items_children_list_anonymous_restricted_or_authenticated(reach):
 
     response = APIClient().get(f"/api/v1.0/items/{item.id!s}/children/")
 
-    assert response.status_code == 401
+    assert response.status_code == 403
     assert response.json() == {
         "errors": [
             {

src/backend/core/tests/items/test_api_items_create.py

@@ -26,7 +26,7 @@ def test_api_items_create_anonymous():
         },
     )
 
-    assert response.status_code == 401
+    assert response.status_code == 403
     assert not Item.objects.exists()
 
 

src/backend/core/tests/items/test_api_items_delete.py

@@ -20,7 +20,7 @@ def test_api_items_delete_anonymous():
         f"/api/v1.0/items/{item.id!s}/",
     )
 
-    assert response.status_code == 401
+    assert response.status_code == 403
     assert models.Item.objects.count() == existing_items
 
 

src/backend/core/tests/items/test_api_items_favorite.py

@@ -23,7 +23,7 @@ def test_api_item_favorite_anonymous_user(method, reach):
 
     response = getattr(APIClient(), method)(f"/api/v1.0/items/{item.id!s}/favorite/")
 
-    assert response.status_code == 401
+    assert response.status_code == 403
     assert response.json() == {
         "errors": [
             {

src/backend/core/tests/items/test_api_items_favorite_list.py

@@ -9,13 +9,13 @@
 
 
 def test_api_item_favorite_list_anonymous():
-    """Anonymous users should receive a 401 error."""
+    """Anonymous users should receive a 403 error."""
 
     client = APIClient()
 
     response = client.get("/api/v1.0/items/favorite_list/")
 
-    assert response.status_code == 401
+    assert response.status_code == 403
 
 
 def test_api_item_favorite_list_authenticated_no_favorite():