ENT-361: Allow hiding of IDP selection page during SSO

Closes ENT-361.

ENT-361: Allow hiding of IDP selection page during SSO
Closes ENT-361.
123584e5 · Brandon DeRosier · 7b34fe4b · 123584e5 · 123584e5 · 123584e5
Unverified Commit 123584e5 authored May 03, 2017 by Brandon DeRosier
4 changed files
--- a/common/djangoapps/third_party_auth/migrations/0010_add_skip_hinted_login_dialog_field.py
+++ b/common/djangoapps/third_party_auth/migrations/0010_add_skip_hinted_login_dialog_field.py
+# -*- coding: utf-8 -*-
+from __future__ import unicode_literals
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('third_party_auth', '0009_auto_20170415_1144'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='ltiproviderconfig',
+            name='skip_hinted_login_dialog',
+            field=models.BooleanField(default=False, help_text='If this option is enabled, users that visit a "TPA hinted" URL for this provider (e.g. a URL ending with `?tpa_hint=[provider_name]`) will be forwarded directly to the login URL of the provider instead of being first prompted with a login dialog.'),
+        ),
+        migrations.AddField(
+            model_name='oauth2providerconfig',
+            name='skip_hinted_login_dialog',
+            field=models.BooleanField(default=False, help_text='If this option is enabled, users that visit a "TPA hinted" URL for this provider (e.g. a URL ending with `?tpa_hint=[provider_name]`) will be forwarded directly to the login URL of the provider instead of being first prompted with a login dialog.'),
+        ),
+        migrations.AddField(
+            model_name='samlproviderconfig',
+            name='skip_hinted_login_dialog',
+            field=models.BooleanField(default=False, help_text='If this option is enabled, users that visit a "TPA hinted" URL for this provider (e.g. a URL ending with `?tpa_hint=[provider_name]`) will be forwarded directly to the login URL of the provider instead of being first prompted with a login dialog.'),
+        ),
+    ]
--- a/common/djangoapps/third_party_auth/models.py
+++ b/common/djangoapps/third_party_auth/models.py
@@ -117,6 +117,14 @@ class ProviderConfig(ConfigurationModel):
            'The Site that this provider configuration belongs to.'
        ),
    )
+    skip_hinted_login_dialog = models.BooleanField(
+        default=False,
+        help_text=_(
+            "If this option is enabled, users that visit a \"TPA hinted\" URL for this provider "
+            "(e.g. a URL ending with `?tpa_hint=[provider_name]`) will be forwarded directly to "
+            "the login URL of the provider instead of being first prompted with a login dialog."
+        ),
+    )
    skip_registration_form = models.BooleanField(
        default=False,
        help_text=_(

--- a/lms/djangoapps/student_account/test/test_views.py
+++ b/lms/djangoapps/student_account/test/test_views.py
@@ -290,7 +290,7 @@ class StudentAccountLoginAndRegistrationTest(ThirdPartyAuthTestMixin, UrlResetMi
        super(StudentAccountLoginAndRegistrationTest, self).setUp()

        # Several third party auth providers are created for these tests:
-        self.configure_google_provider(enabled=True, visible=True)
+        self.google_provider = self.configure_google_provider(enabled=True, visible=True)
        self.configure_facebook_provider(enabled=True, visible=True)
        self.configure_dummy_provider(
            visible=True,
@@ -443,6 +443,18 @@ class StudentAccountLoginAndRegistrationTest(ThirdPartyAuthTestMixin, UrlResetMi
        response = self.client.get(reverse('signin_user'), params, HTTP_ACCEPT="text/html")
        self.assertNotIn(response.content, tpa_hint)

+    def test_hinted_login_dialog_disabled(self):
+        """Test that the dialog doesn't show up for hinted logins when disabled. """
+        self.google_provider.skip_hinted_login_dialog = True
+        self.google_provider.save()
+        params = [("next", "/courses/something/?tpa_hint=oa2-google-oauth2")]
+        response = self.client.get(reverse('signin_user'), params, HTTP_ACCEPT="text/html")
+        self.assertRedirects(
+            response,
+            'auth/login/google-oauth2/?auth_entry=login&next=%2Fcourses%2Fsomething%2F%3Ftpa_hint%3Doa2-google-oauth2',
+            target_status_code=302
+        )
+
    @override_settings(SITE_NAME=settings.MICROSITE_TEST_HOSTNAME)
    def test_microsite_uses_old_login_page(self):
        # Retrieve the login page from a microsite domain

--- a/lms/djangoapps/student_account/views.py
+++ b/lms/djangoapps/student_account/views.py
@@ -83,7 +83,14 @@ def login_and_registration_form(request, initial_mode="login"):
        try:
            next_args = urlparse.parse_qs(urlparse.urlparse(redirect_to).query)
            provider_id = next_args['tpa_hint'][0]
-            if third_party_auth.provider.Registry.get(provider_id=provider_id):
+            tpa_hint_provider = third_party_auth.provider.Registry.get(provider_id=provider_id)
+            if tpa_hint_provider:
+                if tpa_hint_provider.skip_hinted_login_dialog:
+                    # Forward the user directly to the provider's login URL when the provider is configured
+                    # to skip the dialog.
+                    return redirect(
+                        pipeline.get_login_url(provider_id, pipeline.AUTH_ENTRY_LOGIN, redirect_url=redirect_to)
+                    )
                third_party_auth_hint = provider_id
                initial_mode = "hinted_login"
        except (KeyError, ValueError, IndexError):