Django 1.6 compatibility

  + Added installation notes about the SESSION_SERIALIZER setting.
  + Included tox.ini section for Python 2.7 + Django 1.6.
  + New decorator override_session_serializer enforces pickle session
    serialization in tests.
  + Added test checking Django version defaults for
    SESSION_SERIALIZER.

README.txt

@@ -8,13 +8,18 @@ single signon systems.
 
 == Basic Installation ==
 
- 1. Install the Jan Rain Python OpenID library.  It can be found at:
+ 0. Install the Jan Rain Python OpenID library.  It can be found at:
 
         http://openidenabled.com/python-openid/
 
     It can also be found in most Linux distributions packaged as
     "python-openid".  You will need version 2.2.0 or later.
 
+ 1. If you are using Django 1.6, configure your project to use the
+    pickle based session serializer:
+
+        SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer'
+
  2. Add 'django_openid_auth' to INSTALLED_APPS for your application.
     At a minimum, you'll need the following in there:
 
@@ -143,8 +148,8 @@ If you require openid authentication into the admin application, add the followi
 
         OPENID_USE_AS_ADMIN_LOGIN = True
 
-It is worth noting that a user needs to be be marked as a "staff user" to be able to access the admin interface.  A new openid user will not normally be a "staff user".  
-The easiest way to resolve this is to use traditional authentication (OPENID_USE_AS_ADMIN_LOGIN = False) to sign in as your first user with a password and authorise your 
+It is worth noting that a user needs to be be marked as a "staff user" to be able to access the admin interface.  A new openid user will not normally be a "staff user".
+The easiest way to resolve this is to use traditional authentication (OPENID_USE_AS_ADMIN_LOGIN = False) to sign in as your first user with a password and authorise your
 openid user to be staff.
 
 == Change Django usernames if the nickname changes on the provider ==
@@ -162,7 +167,7 @@ If the user has already been renamed to nickname+1 due to a conflict, and the ni
 If you must have a valid, unique nickname in order to create a user accont, add the following setting:
 
         OPENID_STRICT_USERNAMES = True
-        
+
 This will cause an OpenID login attempt to fail if the provider does not return a 'nickname' (username) for the user, or if the nickname conflicts with an existing user with a different openid identiy url.
 Without this setting, logins without a nickname will be given the username 'openiduser', and upon conflicts with existing username, an incrementing number will be appended to the username until it is unique.
 
@@ -171,7 +176,7 @@ Without this setting, logins without a nickname will be given the username 'open
 If your users should use a physical multi-factor authentication method, such as RSA tokens or YubiKey, add the following setting:
 
         OPENID_PHYSICAL_MULTIFACTOR_REQUIRED = True
-        
+
 If the user's OpenID provider supports the PAPE extension and provides the Physical Multifactor authentication policy, this will
 cause the OpenID login to fail if the user does not provide valid physical authentication to the provider.
 

django_openid_auth/tests/__init__.py

@@ -28,6 +28,7 @@
 
 import unittest
 from test_views import *
+from test_settings import *
 from test_store import *
 from test_auth import *
 from test_admin import *
@@ -35,8 +36,8 @@ from test_admin import *
 
 def suite():
     suite = unittest.TestSuite()
-    for name in ['test_auth', 'test_models', 'test_store', 'test_views',
-                 'test_admin']:
+    for name in ['test_auth', 'test_models', 'test_settings', 'test_store',
+                 'test_views', 'test_admin']:
         mod = __import__('%s.%s' % (__name__, name), {}, {}, ['suite'])
         suite.addTest(mod.suite())
     return suite

django_openid_auth/tests/helpers.py

+from django.test.utils import override_settings
+
+
+override_session_serializer = override_settings(
+    SESSION_SERIALIZER='django.contrib.sessions.serializers.PickleSerializer')

django_openid_auth/tests/test_auth.py

@@ -39,6 +39,7 @@ from django.test import TestCase
 from django_openid_auth.auth import OpenIDBackend
 from django_openid_auth.models import UserOpenID
 from django_openid_auth.teams import ns_uri as TEAMS_NS
+from django_openid_auth.tests.helpers import override_session_serializer
 from openid.consumer.consumer import SuccessResponse
 from openid.consumer.discover import OpenIDServiceEndpoint
 from openid.message import Message, OPENID2_NS
@@ -47,6 +48,8 @@ from openid.message import Message, OPENID2_NS
 SREG_NS = "http://openid.net/sreg/1.0"
 AX_NS = "http://openid.net/srv/ax/1.0"
 
+
+@override_session_serializer
 class OpenIDBackendTests(TestCase):
 
     def setUp(self):

django_openid_auth/tests/test_settings.py

+from unittest import skipIf, TestLoader
+
+from django import VERSION
+from django.conf import settings
+from django.test import TestCase
+
+
+class SessionSerializerTest(TestCase):
+    """Django 1.6 changed the default session serializer to use JSON
+    instead of pickle for security reasons[0]. Unfortunately the
+    openid module on which we rely stores objects which are not JSON
+    serializable[1], so until this is fixed upstream (or we decide to
+    create a wrapper serializer) we are recommending Django 1.6 users
+    to fallback to the PickleSerializer.
+
+    [0] https://bit.ly/1myzetd
+    [1] https://github.com/openid/python-openid/issues/17
+    """
+    @skipIf(VERSION >= (1, 6, 0), "Old versions used the pickle serializer.")
+    def test_not_using_json_session_serializer(self):
+        # We use getattr because this setting did not exist in Django
+        # 1.4 (pickle serialization was hard coded)
+        serializer = getattr(settings, 'SESSION_SERIALIZER', '')
+        self.assertNotEqual(
+            serializer, 'django.contrib.sessions.serializers.JSONSerializer')
+
+    @skipIf(VERSION < (1, 6, 0), "Newer versions use JSON by default.")
+    def test_using_json_session_serializer(self):
+        serializer = getattr(settings, 'SESSION_SERIALIZER', '')
+        self.assertEqual(
+            serializer, 'django.contrib.sessions.serializers.JSONSerializer')
+
+
+def suite():
+    return TestLoader().loadTestsFromName(__name__)

django_openid_auth/tests/test_views.py

@@ -47,6 +47,7 @@ from openid.message import IDENTIFIER_SELECT
 
 from django_openid_auth import teams
 from django_openid_auth.models import UserOpenID
+from django_openid_auth.tests.helpers import override_session_serializer
 from django_openid_auth.views import (
     sanitise_redirect_url,
     make_consumer,
@@ -161,6 +162,8 @@ class DummyDjangoRequest(object):
         return request
     REQUEST = property(_combined_request)
 
+
+@override_session_serializer
 class RelyingPartyTests(TestCase):
     urls = 'django_openid_auth.tests.urls'
 
@@ -1354,7 +1357,7 @@ class RelyingPartyTests(TestCase):
         self.assertTrue(group3 not in user.groups.all())
 
     def test_login_teams_staff_not_defined(self):
-        delattr(settings, 'OPENID_LAUNCHPAD_STAFF_TEAMS')
+        assert getattr(settings, 'OPENID_LAUNCHPAD_STAFF_TEAMS', None) is None
         user = User.objects.create_user('testuser', 'someone@example.com')
         user.is_staff = True
         user.save()
@@ -1433,6 +1436,7 @@ class RelyingPartyTests(TestCase):
         openid_login_complete.disconnect(login_callback)
 
 
+@override_session_serializer
 class HelperFunctionsTest(TestCase):
     def test_sanitise_redirect_url(self):
         settings.ALLOWED_EXTERNAL_OPENID_REDIRECT_DOMAINS = [

tox.ini

 [tox]
 envlist =
-        py2.7-django1.4, py2.7-django1.5
+        py2.7-django1.4, py2.7-django1.5, py2.7-django1.6
 
 [testenv]
 commands = make check
@@ -17,3 +17,9 @@ basepython = python2.7
 deps = django >= 1.5, < 1.6
        python-openid
        south
+
+[testenv:py2.7-django1.6]
+basepython = python2.7
+deps = django >= 1.6, < 1.7
+       python-openid
+       south