Skip to content

E
edx-platform
Switch branch/tag
Find file
Normal viewHistoryPermalink
settings.py 4.23 KB
Newer Older
Add common/djangoapps/third_party_auth; update pylintrc to allow test_* names.
8ecfa867
 
John Cox committed
1 2 3 4 5 
"""Settings for the third-party auth module.

The flow for settings registration is:

The base settings file contains a boolean, ENABLE_THIRD_PARTY_AUTH, indicating
Use ConfigurationModels for third_party_auth, new metadata fetching - PR 8155
b4904adc
 
Braden MacDonald committed
6 
whether this module is enabled. startup.py probes the ENABLE_THIRD_PARTY_AUTH.
Add common/djangoapps/third_party_auth; update pylintrc to allow test_* names.
8ecfa867
 
John Cox committed
7 8 9 
If true, it:

    a) loads this module.
Use ConfigurationModels for third_party_auth, new metadata fetching - PR 8155
b4904adc
 
Braden MacDonald committed
10 
    b) calls apply_settings(), passing in the Django settings
Add common/djangoapps/third_party_auth; update pylintrc to allow test_* names.
8ecfa867
 
John Cox committed
11 12 
"""
Add data sharing consent features for EnterpriseCustomer
fc814aee
 
Jesse Shapiro committed
13 14 
from util.enterprise_helpers import insert_enterprise_pipeline_elements
Fix CRI-9 so third_party_auth pipeline always completes, and consolidate auto-enrollment code
345fcabd
 
Braden MacDonald committed
15 
_FIELDS_STORED_IN_SESSION = ['auth_entry', 'next']
Add third-party auth implementation and tests
ce0b6407
 
John Cox committed
16 17 
_MIDDLEWARE_CLASSES = (
    'third_party_auth.middleware.ExceptionMiddleware',
Add data sharing consent features for EnterpriseCustomer
fc814aee
 
Jesse Shapiro committed
18 
    'third_party_auth.middleware.PipelineQuarantineMiddleware',
Add third-party auth implementation and tests
ce0b6407
 
John Cox committed
19 20 21 22 
)
_SOCIAL_AUTH_LOGIN_REDIRECT_URL = '/dashboard'
Use ConfigurationModels for third_party_auth, new metadata fetching - PR 8155
b4904adc
 
Braden MacDonald committed
23 
def apply_settings(django_settings):
Add common/djangoapps/third_party_auth; update pylintrc to allow test_* names.
8ecfa867
 
John Cox committed
24 
    """Set provider-independent settings."""
Add third-party auth implementation and tests
ce0b6407
 
John Cox committed
25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 

    # Whitelisted URL query parameters retrained in the pipeline session.
    # Params not in this whitelist will be silently dropped.
    django_settings.FIELDS_STORED_IN_SESSION = _FIELDS_STORED_IN_SESSION

    # Inject exception middleware to make redirects fire.
    django_settings.MIDDLEWARE_CLASSES += _MIDDLEWARE_CLASSES

    # Where to send the user if there's an error during social authentication
    # and we cannot send them to a more specific URL
    # (see middleware.ExceptionMiddleware).
    django_settings.SOCIAL_AUTH_LOGIN_ERROR_URL = '/'

    # Where to send the user once social authentication is successful.
    django_settings.SOCIAL_AUTH_LOGIN_REDIRECT_URL = _SOCIAL_AUTH_LOGIN_REDIRECT_URL
Add common/djangoapps/third_party_auth; update pylintrc to allow test_* names.
8ecfa867
 
John Cox committed
41 42 
    # Inject our customized auth pipeline. All auth backends must work with
    # this pipeline.
Add data sharing consent features for EnterpriseCustomer
fc814aee
 
Jesse Shapiro committed
43 
    django_settings.SOCIAL_AUTH_PIPELINE = [
Add third-party auth implementation and tests
ce0b6407
 
John Cox committed
44 45 46 47 48 
        'third_party_auth.pipeline.parse_query_params',
        'social.pipeline.social_auth.social_details',
        'social.pipeline.social_auth.social_uid',
        'social.pipeline.social_auth.auth_allowed',
        'social.pipeline.social_auth.social_user',
MA-95: Update Registration endpoint to support 3rd party credentials
dfcef9dd
 
Nimisha Asthagiri committed
49 
        'third_party_auth.pipeline.associate_by_email_if_login_api',
Add third-party auth implementation and tests
ce0b6407
 
John Cox committed
50 
        'social.pipeline.user.get_username',
Fix CRI-9 so third_party_auth pipeline always completes, and consolidate auto-enrollment code
345fcabd
 
Braden MacDonald committed
51 
        'third_party_auth.pipeline.set_pipeline_timeout',
Add endpoint to log in with OAuth access token
d2183c58
 
Greg Price committed
52 
        'third_party_auth.pipeline.ensure_user_information',
Add third-party auth implementation and tests
ce0b6407
 
John Cox committed
53 54 55 56 
        'social.pipeline.user.create_user',
        'social.pipeline.social_auth.associate_user',
        'social.pipeline.social_auth.load_extra_data',
        'social.pipeline.user.user_details',
User info cookie
5e86a647
 
Will Daly committed
57 
        'third_party_auth.pipeline.set_logged_in_cookies',
Login analytics
059d0dff
 
Julia Hansbrough committed
58 
        'third_party_auth.pipeline.login_analytics',
Add data sharing consent features for EnterpriseCustomer
fc814aee
 
Jesse Shapiro committed
59 60 61 62 
    ]

    # Add enterprise pipeline elements if the enterprise app is installed
    insert_enterprise_pipeline_elements(django_settings.SOCIAL_AUTH_PIPELINE)
Add third-party auth implementation and tests
ce0b6407
 
John Cox committed
63
Use ConfigurationModels for third_party_auth, new metadata fetching - PR 8155
b4904adc
 
Braden MacDonald committed
64 65 66 
    # Required so that we can use unmodified PSA OAuth2 backends:
    django_settings.SOCIAL_AUTH_STRATEGY = 'third_party_auth.strategy.ConfigurationModelStrategy'
Add third-party auth implementation and tests
ce0b6407
 
John Cox committed
67 68 69 70 71 72 73 74 
    # We let the user specify their email address during signup.
    django_settings.SOCIAL_AUTH_PROTECTED_USER_FIELDS = ['email']

    # Disable exceptions by default for prod so you get redirect behavior
    # instead of a Django error page. During development you may want to
    # enable this when you want to get stack traces rather than redirections.
    django_settings.SOCIAL_AUTH_RAISE_EXCEPTIONS = False
Fix CRI-9 so third_party_auth pipeline always completes, and consolidate auto-enrollment code
345fcabd
 
Braden MacDonald committed
75 
    # Allow users to login using social auth even if their account is not verified yet
Add some asserts and explanations, per review
9ccf78ed
 
Braden MacDonald committed
76 77 78 79 80 81 82 83 
    # This is required since we [ab]use django's 'is_active' flag to indicate verified
    # accounts; without this set to True, python-social-auth won't allow us to link the
    # user's account to the third party account during registration (since the user is
    # not verified at that point).
    # We also generally allow unverified third party auth users to login (see the logic
    # in ensure_user_information in pipeline.py) because otherwise users who use social
    # auth to register with an invalid email address can become "stuck".
    # TODO: Remove the following if/when email validation is separated from the is_active flag.
Allow users to login via third_party_auth even if not activated
90cdb913
 
Braden MacDonald committed
84 85 
    django_settings.SOCIAL_AUTH_INACTIVE_USER_LOGIN = True
    django_settings.SOCIAL_AUTH_INACTIVE_USER_URL = '/auth/inactive'
Fix CRI-9 so third_party_auth pipeline always completes, and consolidate auto-enrollment code
345fcabd
 
Braden MacDonald committed
86
Add third-party auth implementation and tests
ce0b6407
 
John Cox committed
87 88 
    # Context processors required under Django.
    django_settings.SOCIAL_AUTH_UUID_LENGTH = 4
Rebase upgrade Django to v1.8.5
6cb62f26
 
Usman Khalid committed
89 
    django_settings.DEFAULT_TEMPLATE_ENGINE['OPTIONS']['context_processors'] += (
Add third-party auth implementation and tests
ce0b6407
 
John Cox committed
90 91 
        'social.apps.django_app.context_processors.backends',
        'social.apps.django_app.context_processors.login_redirect',
Add common/djangoapps/third_party_auth; update pylintrc to allow test_* names.
8ecfa867
 
John Cox committed
92 
    )