Merged origin/trunk into ax-email-verified.

fe9b4f33 · James Tait · fb446fbf · cfb82d35 · fe9b4f33 · fe9b4f33
Commit fe9b4f33 authored Jun 21, 2013 by James Tait
Show whitespace changes
Inline Side-by-side

Showing with 72 additions and 39 deletions

django_openid_auth/tests/test_auth.py
+36 -24

django_openid_auth/tests/test_views.py
+20 -10

django_openid_auth/views.py
+16 -5

No files found.
--- a/django_openid_auth/tests/test_auth.py
+++ b/django_openid_auth/tests/test_auth.py
@@ -192,37 +192,49 @@ class OpenIDBackendTests(TestCase):
        self.assertEqual("Some56789012345678901234567890",  user.first_name)
        self.assertEqual("User56789012345678901234567890",  user.last_name)
-    def test_update_user_openid_unverified(self):
+    def make_user(self, username='someuser', email='someuser@example.com',
-        response = self.make_response_ax()
+                password=None):
-        user = User.objects.create_user('someuser', 'someuser@example.com',
+        user = User.objects.create_user(username, email, password=password)
-            password=None)
+        return user
-        user_openid, created = UserOpenID.objects.get_or_create(
-            user=user,
+    def make_user_openid(self, user=None,
                         claimed_id='http://example.com/existing_identity',
-            display_id='http://example.com/existing_identity',
+                         display_id='http://example.com/existing_identity'):
-            account_verified=False)
+        if user is None:
-        data = dict(first_name=u"Some56789012345678901234567890123",
+            user = self.make_user()
-            last_name=u"User56789012345678901234567890123",
+        user_openid, created = UserOpenID.objects.get_or_create(
-            email=u"someotheruser@example.com", account_verified=False)
+            user=user, claimed_id=claimed_id, display_id=display_id)
+        return user_openid
-        self.backend.update_user_details(user_openid, data, response)
+    def _test_account_verified(self, user_openid, verified, expected):
-        self.assertFalse(user_openid.account_verified)
+        # set user's verification status
+        user_openid.account_verified = verified
-    def test_update_user_openid_verified(self):
+        # get a response including verification status
        response = self.make_response_ax()
-        user = User.objects.create_user('someuser', 'someuser@example.com',
-            password=None)
-        user_openid, created = UserOpenID.objects.get_or_create(
-            user=user,
-            claimed_id='http://example.com/existing_identity',
-            display_id='http://example.com/existing_identity',
-            account_verified=False)
        data = dict(first_name=u"Some56789012345678901234567890123",
            last_name=u"User56789012345678901234567890123",
-            email=u"someotheruser@example.com", account_verified=True)
+            email=u"someotheruser@example.com", account_verified=expected)
        self.backend.update_user_details(user_openid, data, response)
-        self.assertTrue(user_openid.account_verified)
+        # refresh object from the database
+        user_openid = UserOpenID.objects.get(pk=user_openid.pk)
+        # check the verification status
+        self.assertEqual(user_openid.account_verified, expected)
+        self.assertEqual(user_openid.user.has_perm(
+            'django_openid_auth.account_verified'), expected)
+    def test_update_user_openid_unverified(self):
+        user_openid = self.make_user_openid()
+        for verified in (False, True):
+            self._test_account_verified(user_openid, verified, expected=False)
+    def test_update_user_openid_verified(self):
+        user_openid = self.make_user_openid()
+        for verified in (False, True):
+            self._test_account_verified(user_openid, verified, expected=True)
    def test_extract_user_details_name_with_trailing_space(self):
        response = self.make_response_ax(fullname="SomeUser ")

--- a/django_openid_auth/tests/test_views.py
+++ b/django_openid_auth/tests/test_views.py
@@ -1164,14 +1164,14 @@ class RelyingPartyTests(TestCase):
        self.assertEqual(['email', 'language'], sreg_request.required)
        self.assertEqual(['fullname', 'nickname'], sreg_request.optional)
-    def check_login_attribute_exchange(self, validation_type, is_verified):
+    def check_login_attribute_exchange(self, validation_type, is_verified,
+                                       request_account_verified=True):
        settings.OPENID_UPDATE_DETAILS_FROM_SREG = True
        user = User.objects.create_user('testuser', 'someone@example.com')
        useropenid = UserOpenID(
            user=user,
            claimed_id='http://example.com/identity',
-            display_id='http://example.com/identity',
+            display_id='http://example.com/identity')
-            account_verified=False)
        useropenid.save()
        # Configure the provider to advertise attribute exchange
@@ -1208,8 +1208,10 @@ class RelyingPartyTests(TestCase):
        self.assertTrue(fetch_request.has_key(
                'http://schema.openid.net/namePerson/friendly'))
        # Account verification:
-        self.assertTrue(fetch_request.has_key(
+        self.assertEqual(
-                'http://ns.login.ubuntu.com/2013/validation/account'))
+            fetch_request.has_key(
+                'http://ns.login.ubuntu.com/2013/validation/account'),
+            request_account_verified)
        # Build up a response including AX data.
        openid_response = openid_request.answer(True)
@@ -1248,27 +1250,35 @@ class RelyingPartyTests(TestCase):
        user_openid = UserOpenID.objects.get(user=user)
        self.assertEqual(user_openid.account_verified, is_verified)
-    def test_login_attribute_exchange_with_validation(self):
+    def test_login_attribute_exchange_with_verification(self):
        settings.OPENID_VALID_VERIFICATION_SCHEMES = {
            self.provider.endpoint_url: ('token_via_email',),
        }
        self.check_login_attribute_exchange('token_via_email',
                                            is_verified=True)
-    def test_login_attribute_exchange_without_validation(self):
+    def test_login_attribute_exchange_without_verification(self):
        settings.OPENID_VALID_VERIFICATION_SCHEMES = {
            self.provider.endpoint_url: ('token_via_email',),
        }
        self.check_login_attribute_exchange(None, is_verified=False)
-    def test_login_attribute_exchange_unrecognised_validation(self):
+    def test_login_attribute_exchange_without_account_verified(self):
+        # don't request account_verified attribute in AX request (as there are
+        # no valid verificatation schemes defined)
+        # and check account verification status is left unmodified
+        # (it's set to False by default for a new user)
+        self.check_login_attribute_exchange(None, is_verified=False,
+                                            request_account_verified=False)
+    def test_login_attribute_exchange_unrecognised_verification(self):
        settings.OPENID_VALID_VERIFICATION_SCHEMES = {
            self.provider.endpoint_url: ('token_via_email',),
        }
        self.check_login_attribute_exchange('unrecognised_scheme',
                                            is_verified=False)
-    def test_login_attribute_exchange_different_default_validation(self):
+    def test_login_attribute_exchange_different_default_verification(self):
        settings.OPENID_VALID_VERIFICATION_SCHEMES = {
            None: ('token_via_email', 'sms'),
            'http://otherprovider/': ('unrecognised_scheme',),
@@ -1276,7 +1286,7 @@ class RelyingPartyTests(TestCase):
        self.check_login_attribute_exchange('unrecognised_scheme',
                                            is_verified=False)
-    def test_login_attribute_exchange_matched_default_validation(self):
+    def test_login_attribute_exchange_matched_default_verification(self):
        settings.OPENID_VALID_VERIFICATION_SCHEMES = {
            None: ('token_via_email',),
            'http://otherprovider/': ('unrecognised_scheme',),

--- a/django_openid_auth/views.py
+++ b/django_openid_auth/views.py
@@ -169,7 +169,6 @@ def login_begin(request, template_name='openid/login.html',
                    redirect_field_name: redirect_to
                    }, context_instance=RequestContext(request))
-    error = None
    consumer = make_consumer(request)
    try:
        openid_request = consumer.begin(openid_url)
@@ -180,7 +179,8 @@ def login_begin(request, template_name='openid/login.html',
    # Request some user details.  If the provider advertises support
    # for attribute exchange, use that.
-    if openid_request.endpoint.supportsType(ax.AXMessage.ns_uri):
+    endpoint = openid_request.endpoint
+    if endpoint.supportsType(ax.AXMessage.ns_uri):
        fetch_request = ax.FetchRequest()
        # We mark all the attributes as required, since Google ignores
        # optional attributes.  We request both the full name and
@@ -198,10 +198,21 @@ def login_begin(request, template_name='openid/login.html',
                ('http://schema.openid.net/contact/email', 'old_email'),
                ('http://schema.openid.net/namePerson', 'old_fullname'),
                ('http://schema.openid.net/namePerson/friendly',
-                 'old_nickname'),
+                 'old_nickname')]:
-                ('http://ns.login.ubuntu.com/2013/validation/account',
-                 'account_verified')]:
            fetch_request.add(ax.AttrInfo(attr, alias=alias, required=True))
+        # conditionally require account_verified attribute
+        verification_scheme_map = getattr(
+            settings, 'OPENID_VALID_VERIFICATION_SCHEMES', {})
+        valid_schemes = verification_scheme_map.get(
+            endpoint.server_url, verification_scheme_map.get(None, ()))
+        if valid_schemes:
+            # there are valid schemes configured for this endpoint, so
+            # request account_verified status
+            fetch_request.add(ax.AttrInfo(
+                'http://ns.login.ubuntu.com/2013/validation/account',
+                alias='account_verified', required=True))
        openid_request.addExtension(fetch_request)
    else:
        sreg_required_fields = []