Merge pull request #475 from MITx/tmac/openid-provider

OpenID provider implementation

lms/djangoapps/branding/views.py

@@ -20,8 +20,8 @@ def index(request):
         return redirect(reverse('dashboard'))
 
     if settings.MITX_FEATURES.get('AUTH_USE_MIT_CERTIFICATES'):
-        from external_auth.views import edXauth_ssl_login
-        return edXauth_ssl_login(request)
+        from external_auth.views import ssl_login
+        return ssl_login(request)
 
     university = branding.get_university(request.META.get('HTTP_HOST'))
     if university is None:

lms/envs/common.py

@@ -77,7 +77,7 @@ MITX_FEATURES = {
     'ACCESS_REQUIRE_STAFF_FOR_COURSE': False,
     'AUTH_USE_OPENID': False,
     'AUTH_USE_MIT_CERTIFICATES' : False,
-
+    'AUTH_USE_OPENID_PROVIDER': False,
 }
 
 # Used for A/B testing
@@ -120,6 +120,10 @@ node_paths = [COMMON_ROOT / "static/js/vendor",
               ]
 NODE_PATH = ':'.join(node_paths)
 
+
+############################ OpenID Provider  ##################################
+OPENID_PROVIDER_TRUSTED_ROOTS = ['cs50.net', '*.cs50.net'] 
+
 ################################## MITXWEB #####################################
 # This is where we stick our compiled template files. Most of the app uses Mako
 # templates

lms/envs/dev.py

@@ -105,6 +105,7 @@ LMS_MIGRATION_ALLOWED_IPS = ['127.0.0.1']
 
 ################################ OpenID Auth #################################
 MITX_FEATURES['AUTH_USE_OPENID'] = True
+MITX_FEATURES['AUTH_USE_OPENID_PROVIDER'] = True
 MITX_FEATURES['BYPASS_ACTIVATION_EMAIL_FOR_EXTAUTH'] = True
 
 INSTALLED_APPS += ('external_auth',)
@@ -115,6 +116,8 @@ OPENID_UPDATE_DETAILS_FROM_SREG = True
 OPENID_SSO_SERVER_URL = 'https://www.google.com/accounts/o8/id'	# TODO: accept more endpoints
 OPENID_USE_AS_ADMIN_LOGIN = False
 
+OPENID_PROVIDER_TRUSTED_ROOTS = ['*']
+
 ################################ MIT Certificates SSL Auth #################################
 MITX_FEATURES['AUTH_USE_MIT_CERTIFICATES'] = True
 

lms/envs/test.py

@@ -123,6 +123,11 @@ CACHES = {
 # Dummy secret key for dev
 SECRET_KEY = '85920908f28904ed733fe576320db18cabd7b6cd'
 
+################################## OPENID ######################################
+MITX_FEATURES['AUTH_USE_OPENID'] = True
+MITX_FEATURES['AUTH_USE_OPENID_PROVIDER'] = True
+OPENID_PROVIDER_TRUSTED_ROOTS = ['*']
+
 ############################ FILE UPLOADS (ASKBOT) #############################
 DEFAULT_FILE_STORAGE = 'django.core.files.storage.FileSystemStorage'
 MEDIA_ROOT = TEST_ROOT / "uploads"

lms/templates/identity.xml

+<?xml version="1.0" encoding="UTF-8"?>
+<xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)">
+    <XRD>
+        <Service priority="0">
+            <Type>http://specs.openid.net/auth/2.0/signon</Type>
+            <Type>http://openid.net/signon/1.1</Type>
+            <URI>${url}</URI>
+        </Service>
+    </XRD>
+</xrds:XRDS>

lms/templates/provider_login.html

+<%inherit file="main.html" />
+<%namespace name='static' file='static_content.html'/>
+
+<%block name="headextra">
+<style type="text/css">
+.openid-login {
+    display: block;
+    position: relative;
+    left: 0;
+    margin: 100px auto;
+    top: 0;
+    z-index: 200;
+}
+
+.openid-login input[type=submit] {
+    white-space: normal;
+    height: auto !important;
+}
+
+#lean_overlay {
+  display: block;
+  position: fixed;
+  left: 0px;
+  top: 0px;
+  z-index: 100;
+  width:100%;
+  height:100%;
+}
+</style>
+</%block>
+
+<section id="login-modal" class="modal login-modal openid-login">
+  <div class="inner-wrapper">
+    <header>
+      <h2>Log In</h2>
+      <hr>
+    </header>
+    <form id="login_form" class="login_form" method="post" action="/openid/provider/login/">
+%if error:
+      <div id="login_error" class="modal-form-error" style="display: block;">Email or password is incorrect.</div>
+%endif
+      <label>E-mail</label>
+      <input type="text" name="email" placeholder="E-mail" tabindex="1" />
+      <label>Password</label>
+      <input type="password" name="password" placeholder="Password" tabindex="2" />
+      <div class="submit">
+        <input name="submit" type="submit" value="Access My Courses and Return To ${return_to}" tabindex="3" />
+      </div>
+    </form>
+  </div>
+</section>
+<div id="lean_overlay"></div>

lms/templates/xrds.xml

+<?xml version="1.0" encoding="UTF-8"?>
+<xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)">
+    <XRD>
+        <Service priority="0">
+            <Type>http://specs.openid.net/auth/2.0/server</Type>
+            <Type>http://openid.net/sreg/1.0</Type>
+            <Type>http://openid.net/srv/ax/1.0</Type>
+            <URI>${url}</URI>
+        </Service>
+    </XRD>
+</xrds:XRDS>

lms/urls.py

@@ -215,9 +215,17 @@ if settings.DEBUG:
 if settings.MITX_FEATURES.get('AUTH_USE_OPENID'):
     urlpatterns += (
         url(r'^openid/login/$', 'django_openid_auth.views.login_begin', name='openid-login'),
-        url(r'^openid/complete/$', 'external_auth.views.edXauth_openid_login_complete', name='openid-complete'),
+        url(r'^openid/complete/$', 'external_auth.views.openid_login_complete', name='openid-complete'),
         url(r'^openid/logo.gif$', 'django_openid_auth.views.logo', name='openid-logo'),
-        )
+    )
+
+if settings.MITX_FEATURES.get('AUTH_USE_OPENID_PROVIDER'):
+    urlpatterns += (
+        url(r'^openid/provider/login/$', 'external_auth.views.provider_login', name='openid-provider-login'),
+        url(r'^openid/provider/login/(?:[\w%\. ]+)$', 'external_auth.views.provider_identity', name='openid-provider-login-identity'),
+        url(r'^openid/provider/identity/$', 'external_auth.views.provider_identity', name='openid-provider-identity'),
+        url(r'^openid/provider/xrds/$', 'external_auth.views.provider_xrds', name='openid-provider-xrds')
+    )
 
 if settings.MITX_FEATURES.get('ENABLE_LMS_MIGRATION'):
     urlpatterns += (