Finishing up tests/modifications per @ormsbee feedback

084160c1 · Jason Bau · ca649d3c · 084160c1 · 084160c1 · 084160c1
Commit 084160c1 authored Jun 19, 2013 by Jason Bau
Expand all Show whitespace changes
Inline Side-by-side

Showing with 31 additions and 25 deletions

common/djangoapps/external_auth/tests/test_shib.py
+0 -0

common/djangoapps/external_auth/views.py
+27 -22

common/djangoapps/student/views.py
+4 -3

No files found.
--- a/common/djangoapps/external_auth/tests/test_shib.py
+++ b/common/djangoapps/external_auth/tests/test_shib.py
--- a/common/djangoapps/external_auth/views.py
+++ b/common/djangoapps/external_auth/views.py
@@ -145,6 +145,7 @@ def external_login_or_signup(request,

        eamap.save()

+    log.info("External_Auth login_or_signup for %s : %s : %s : %s" % (external_domain, external_id, email, fullname))
    internal_user = eamap.user
    if internal_user is None:
        if settings.MITX_FEATURES.get('AUTH_USE_SHIB'):
@@ -156,19 +157,21 @@ def external_login_or_signup(request,
                    eamap.user = link_user
                    eamap.save()
                    internal_user = link_user
-                    log.debug('Linking existing account for %s' % eamap.external_email)
+                    log.info('SHIB: Linking existing account for %s' % eamap.external_email)
                    # now pass through to log in
                else:
-                    # otherwise, set external_email to '' to ask for a new one at user signup
-                    eamap.external_email = ''
-                    eamap.save()
-                    log.debug('User with external login found for %s, asking for new email during signup' % email)
-                    return signup(request, eamap)
+                    # otherwise, there must have been an error, b/c we've already linked a user with these external
+                    # creds
+                    failure_msg = _(dedent("""
+                        You have already created an account using an external login like WebAuth or Shibboleth.
+                        Please contact %s for support """
+                                           % getattr(settings, 'TECH_SUPPORT_EMAIL', 'techsupport@class.stanford.edu')))
+                    return default_render_failure(request, failure_msg)
            except User.DoesNotExist:
-                log.debug('No user for %s yet, doing signup' % eamap.external_email)
+                log.info('SHIB: No user for %s yet, doing signup' % eamap.external_email)
                return signup(request, eamap)
        else:
-            log.debug('No user for %s yet, doing signup' % eamap.external_email)
+            log.info('No user for %s yet, doing signup' % eamap.external_email)
            return signup(request, eamap)

    # We trust shib's authentication, so no need to authenticate using the password again
@@ -180,6 +183,7 @@ def external_login_or_signup(request,
        else:
            auth_backend = 'django.contrib.auth.backends.ModelBackend'
        user.backend = auth_backend
+        log.info('SHIB: Logging in linked user %s' % user.email)
    else:
        uname = internal_user.username
        user = authenticate(username=uname, password=eamap.internal_password)
@@ -193,14 +197,13 @@ def external_login_or_signup(request,
        # TODO: improve error page
        msg = 'Account not yet activated: please look for link in your email'
        return default_render_failure(request, msg)
-
    login(request, user)
    request.session.set_expiry(0)

    # Now to try enrollment
    # Need to special case Shibboleth here because it logs in via a GET.
    # testing request.method for extra paranoia
-    if 'shib:' in external_domain and request.method == 'GET':
+    if settings.MITX_FEATURES.get('AUTH_USE_SHIB') and 'shib:' in external_domain and request.method == 'GET':
        enroll_request = make_shib_enrollment_request(request)
        student_views.try_change_enrollment(enroll_request)
    else:
@@ -256,7 +259,7 @@ def signup(request, eamap=None):
    except ValidationError:
        context['ask_for_email'] = True

-    log.debug('Doing signup for %s' % eamap.external_email)
+    log.info('EXTAUTH: Doing signup for %s' % eamap.external_id)

    return student_views.register_user(request, extra_context=context)

@@ -370,7 +373,7 @@ def ssl_login(request):
 # -----------------------------------------------------------------------------
 # Shibboleth (Stanford and others.  Uses *Apache* environment variables)
 # -----------------------------------------------------------------------------
-def shib_login(request, retfun=None):
+def shib_login(request):
    """
        Uses Apache's REMOTE_USER environment variable as the external id.
        This in turn typically uses EduPersonPrincipalName
@@ -384,29 +387,31 @@ def shib_login(request, retfun=None):
        """))

    if not request.META.get('REMOTE_USER'):
+        log.exception("SHIB: no REMOTE_USER found in request.META")
+        return default_render_failure(request, shib_error_msg)
+    elif not request.META.get('Shib-Identity-Provider'):
+        log.exception("SHIB: no Shib-Identity-Provider in request.META")
        return default_render_failure(request, shib_error_msg)
    else:
        #if we get here, the user has authenticated properly
-        attrs = ['REMOTE_USER', 'givenName', 'sn', 'mail',
-                 'Shib-Identity-Provider']
-        shib = {}
-
-        for attr in attrs:
-            shib[attr] = request.META.get(attr, '')
+        shib = {attr: request.META.get(attr, '')
+                for attr in ['REMOTE_USER', 'givenName', 'sn', 'mail', 'Shib-Identity-Provider']}

        #Clean up first name, last name, and email address
        #TODO: Make this less hardcoded re: format, but split will work
        #even if ";" is not present since we are accessing 1st element
-        shib['sn'] = shib['sn'].split(";")[0].strip().capitalize()
-        shib['givenName'] = shib['givenName'].split(";")[0].strip().capitalize()
+        shib['sn'] = shib['sn'].split(";")[0].strip().capitalize().decode('utf-8')
+        shib['givenName'] = shib['givenName'].split(";")[0].strip().capitalize().decode('utf-8')
+
+    log.info("SHIB creds returned: %r" % shib)

    return external_login_or_signup(request,
                                    external_id=shib['REMOTE_USER'],
                                    external_domain="shib:" + shib['Shib-Identity-Provider'],
                                    credentials=shib,
                                    email=shib['mail'],
-                                    fullname="%s %s" % (shib['givenName'], shib['sn']),
-                                    retfun=retfun)
+                                    fullname=u'%s %s' % (shib['givenName'], shib['sn']),
+                                    )


 def make_shib_enrollment_request(request):

--- a/common/djangoapps/student/views.py
+++ b/common/djangoapps/student/views.py
@@ -599,7 +599,7 @@ def create_account(request, post_override=None):
        password = eamap.internal_password
        post_vars = dict(post_vars.items())
        post_vars.update(dict(email=email, name=name, password=password))
-        log.debug('extauth test: post_vars = %s' % post_vars)
+        log.info('In create_account with external_auth: post_vars = %s' % post_vars)

    # Confirm we have a properly formed request
    for a in ['username', 'email', 'password', 'name']:
@@ -699,10 +699,11 @@ def create_account(request, post_override=None):
        eamap.user = login_user
        eamap.dtsignup = datetime.datetime.now(UTC)
        eamap.save()
-        log.debug('Updated ExternalAuthMap for %s to be %s' % (post_vars['username'], eamap))
+        log.info("User registered with external_auth %s" % post_vars['username'])
+        log.info('Updated ExternalAuthMap for %s to be %s' % (post_vars['username'], eamap))

        if settings.MITX_FEATURES.get('BYPASS_ACTIVATION_EMAIL_FOR_EXTAUTH'):
-            log.debug('bypassing activation email')
+            log.info('bypassing activation email')
            login_user.is_active = True
            login_user.save()