Commit 084160c1 by Jason Bau

Finishing up tests/modifications per @ormsbee feedback

parent ca649d3c
......@@ -145,6 +145,7 @@ def external_login_or_signup(request,
eamap.save()
log.info("External_Auth login_or_signup for %s : %s : %s : %s" % (external_domain, external_id, email, fullname))
internal_user = eamap.user
if internal_user is None:
if settings.MITX_FEATURES.get('AUTH_USE_SHIB'):
......@@ -156,19 +157,21 @@ def external_login_or_signup(request,
eamap.user = link_user
eamap.save()
internal_user = link_user
log.debug('Linking existing account for %s' % eamap.external_email)
log.info('SHIB: Linking existing account for %s' % eamap.external_email)
# now pass through to log in
else:
# otherwise, set external_email to '' to ask for a new one at user signup
eamap.external_email = ''
eamap.save()
log.debug('User with external login found for %s, asking for new email during signup' % email)
return signup(request, eamap)
# otherwise, there must have been an error, b/c we've already linked a user with these external
# creds
failure_msg = _(dedent("""
You have already created an account using an external login like WebAuth or Shibboleth.
Please contact %s for support """
% getattr(settings, 'TECH_SUPPORT_EMAIL', 'techsupport@class.stanford.edu')))
return default_render_failure(request, failure_msg)
except User.DoesNotExist:
log.debug('No user for %s yet, doing signup' % eamap.external_email)
log.info('SHIB: No user for %s yet, doing signup' % eamap.external_email)
return signup(request, eamap)
else:
log.debug('No user for %s yet, doing signup' % eamap.external_email)
log.info('No user for %s yet, doing signup' % eamap.external_email)
return signup(request, eamap)
# We trust shib's authentication, so no need to authenticate using the password again
......@@ -180,6 +183,7 @@ def external_login_or_signup(request,
else:
auth_backend = 'django.contrib.auth.backends.ModelBackend'
user.backend = auth_backend
log.info('SHIB: Logging in linked user %s' % user.email)
else:
uname = internal_user.username
user = authenticate(username=uname, password=eamap.internal_password)
......@@ -193,14 +197,13 @@ def external_login_or_signup(request,
# TODO: improve error page
msg = 'Account not yet activated: please look for link in your email'
return default_render_failure(request, msg)
login(request, user)
request.session.set_expiry(0)
# Now to try enrollment
# Need to special case Shibboleth here because it logs in via a GET.
# testing request.method for extra paranoia
if 'shib:' in external_domain and request.method == 'GET':
if settings.MITX_FEATURES.get('AUTH_USE_SHIB') and 'shib:' in external_domain and request.method == 'GET':
enroll_request = make_shib_enrollment_request(request)
student_views.try_change_enrollment(enroll_request)
else:
......@@ -256,7 +259,7 @@ def signup(request, eamap=None):
except ValidationError:
context['ask_for_email'] = True
log.debug('Doing signup for %s' % eamap.external_email)
log.info('EXTAUTH: Doing signup for %s' % eamap.external_id)
return student_views.register_user(request, extra_context=context)
......@@ -370,7 +373,7 @@ def ssl_login(request):
# -----------------------------------------------------------------------------
# Shibboleth (Stanford and others. Uses *Apache* environment variables)
# -----------------------------------------------------------------------------
def shib_login(request, retfun=None):
def shib_login(request):
"""
Uses Apache's REMOTE_USER environment variable as the external id.
This in turn typically uses EduPersonPrincipalName
......@@ -384,29 +387,31 @@ def shib_login(request, retfun=None):
"""))
if not request.META.get('REMOTE_USER'):
log.exception("SHIB: no REMOTE_USER found in request.META")
return default_render_failure(request, shib_error_msg)
elif not request.META.get('Shib-Identity-Provider'):
log.exception("SHIB: no Shib-Identity-Provider in request.META")
return default_render_failure(request, shib_error_msg)
else:
#if we get here, the user has authenticated properly
attrs = ['REMOTE_USER', 'givenName', 'sn', 'mail',
'Shib-Identity-Provider']
shib = {}
for attr in attrs:
shib[attr] = request.META.get(attr, '')
shib = {attr: request.META.get(attr, '')
for attr in ['REMOTE_USER', 'givenName', 'sn', 'mail', 'Shib-Identity-Provider']}
#Clean up first name, last name, and email address
#TODO: Make this less hardcoded re: format, but split will work
#even if ";" is not present since we are accessing 1st element
shib['sn'] = shib['sn'].split(";")[0].strip().capitalize()
shib['givenName'] = shib['givenName'].split(";")[0].strip().capitalize()
shib['sn'] = shib['sn'].split(";")[0].strip().capitalize().decode('utf-8')
shib['givenName'] = shib['givenName'].split(";")[0].strip().capitalize().decode('utf-8')
log.info("SHIB creds returned: %r" % shib)
return external_login_or_signup(request,
external_id=shib['REMOTE_USER'],
external_domain="shib:" + shib['Shib-Identity-Provider'],
credentials=shib,
email=shib['mail'],
fullname="%s %s" % (shib['givenName'], shib['sn']),
retfun=retfun)
fullname=u'%s %s' % (shib['givenName'], shib['sn']),
)
def make_shib_enrollment_request(request):
......
......@@ -599,7 +599,7 @@ def create_account(request, post_override=None):
password = eamap.internal_password
post_vars = dict(post_vars.items())
post_vars.update(dict(email=email, name=name, password=password))
log.debug('extauth test: post_vars = %s' % post_vars)
log.info('In create_account with external_auth: post_vars = %s' % post_vars)
# Confirm we have a properly formed request
for a in ['username', 'email', 'password', 'name']:
......@@ -699,10 +699,11 @@ def create_account(request, post_override=None):
eamap.user = login_user
eamap.dtsignup = datetime.datetime.now(UTC)
eamap.save()
log.debug('Updated ExternalAuthMap for %s to be %s' % (post_vars['username'], eamap))
log.info("User registered with external_auth %s" % post_vars['username'])
log.info('Updated ExternalAuthMap for %s to be %s' % (post_vars['username'], eamap))
if settings.MITX_FEATURES.get('BYPASS_ACTIVATION_EMAIL_FOR_EXTAUTH'):
log.debug('bypassing activation email')
log.info('bypassing activation email')
login_user.is_active = True
login_user.save()
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment