Return 404 response from third party auth login when SAML disabled

28cb402a · Omar Khan · 158c4e58 · 28cb402a · 28cb402a
Commit 28cb402a authored Feb 05, 2016 by Omar Khan
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 5 deletions

common/djangoapps/third_party_auth/saml.py
+7 -5

common/djangoapps/third_party_auth/tests/test_views.py
+6 -0

No files found.
--- a/common/djangoapps/third_party_auth/saml.py
+++ b/common/djangoapps/third_party_auth/saml.py
@@ -2,6 +2,7 @@
 Slightly customized python-social-auth backend for SAML 2.0 support
 """
 import logging
+from django.http import Http404
 from social.backends.saml import SAMLAuth, OID_EDU_PERSON_ENTITLEMENT
 from social.exceptions import AuthForbidden, AuthMissingParameter

@@ -25,9 +26,6 @@ class SAMLAuthBackend(SAMLAuth):  # pylint: disable=abstract-method
        if not hasattr(self, '_config'):
            from .models import SAMLConfiguration
            self._config = SAMLConfiguration.current()  # pylint: disable=attribute-defined-outside-init
-        if not self._config.enabled:
-            from django.core.exceptions import ImproperlyConfigured
-            raise ImproperlyConfigured("SAML Authentication is not enabled.")
        try:
            return self._config.get_setting(name)
        except KeyError:
@@ -35,14 +33,18 @@ class SAMLAuthBackend(SAMLAuth):  # pylint: disable=abstract-method

    def auth_url(self):
        """
-        Check that the request includes an 'idp' parameter before getting the
-        URL to which we must redirect in order to authenticate the user.
+        Check that SAML is enabled and that the request includes an 'idp'
+        parameter before getting the URL to which we must redirect in order to
+        authenticate the user.

+        raise Http404 if SAML is disabled
        raise AuthMissingParameter if the 'idp' parameter is missing.

        TODO: remove this method once the fix is merged upstream:
        https://github.com/omab/python-social-auth/pull/821
        """
+        if not self._config.enabled:
+            raise Http404
        if 'idp' not in self.strategy.request_data():
            raise AuthMissingParameter(self, 'idp')
        return super(SAMLAuthBackend, self).auth_url()

--- a/common/djangoapps/third_party_auth/tests/test_views.py
+++ b/common/djangoapps/third_party_auth/tests/test_views.py
@@ -143,3 +143,9 @@ class SAMLAuthTest(SAMLTestCase):
        self.enable_saml()
        response = self.client.get(self.LOGIN_URL)
        self.assertEqual(response.status_code, 302)
+
+    def test_login_disabled(self):
+        """ When SAML is not enabled, the login view should return 404 """
+        self.enable_saml(enabled=False)
+        response = self.client.get(self.LOGIN_URL)
+        self.assertEqual(response.status_code, 404)