Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
E
edx-platform
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
edx
edx-platform
Commits
2bf6df23
Commit
2bf6df23
authored
11 years ago
by
Carson Gee
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
More fully integrate and test ssl external auth in CMS
parent
7e075eec
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
45 additions
and
14 deletions
+45
-14
cms/djangoapps/contentstore/views/public.py
+15
-2
cms/envs/test.py
+3
-0
cms/templates/register.html
+2
-0
common/djangoapps/external_auth/tests/test_ssl.py
+25
-12
No files found.
cms/djangoapps/contentstore/views/public.py
View file @
2bf6df23
...
...
@@ -3,13 +3,13 @@ Public views
"""
from
django_future.csrf
import
ensure_csrf_cookie
from
django.core.context_processors
import
csrf
from
django.core.urlresolvers
import
reverse
from
django.shortcuts
import
redirect
from
django.conf
import
settings
from
edxmako.shortcuts
import
render_to_response
from
external_auth.views
import
ssl_login_shortcut
from
external_auth.views
import
ssl_login_shortcut
,
ssl_get_cert_from_request
from
microsite_configuration.middleware
import
MicrositeConfiguration
__all__
=
[
'signup'
,
'login_page'
,
'howitworks'
]
...
...
@@ -21,6 +21,13 @@ def signup(request):
Display the signup form.
"""
csrf_token
=
csrf
(
request
)[
'csrf_token'
]
if
request
.
user
.
is_authenticated
():
return
redirect
(
'/course'
)
if
settings
.
FEATURES
.
get
(
'AUTH_USE_MIT_CERTIFICATES_IMMEDIATE_SIGNUP'
):
# Redirect to course to login to process their certificate if SSL is enabled
# and registration is disabled.
return
redirect
(
reverse
(
'login'
))
return
render_to_response
(
'signup.html'
,
{
'csrf'
:
csrf_token
})
...
...
@@ -31,6 +38,12 @@ def login_page(request):
Display the login form.
"""
csrf_token
=
csrf
(
request
)[
'csrf_token'
]
if
(
settings
.
FEATURES
[
'AUTH_USE_MIT_CERTIFICATES'
]
and
ssl_get_cert_from_request
(
request
)):
# SSL login doesn't require a login view, so redirect
# to course now that the user is authenticated via
# the decorator.
return
redirect
(
'/course'
)
return
render_to_response
(
'login.html'
,
{
...
...
This diff is collapsed.
Click to expand it.
cms/envs/test.py
View file @
2bf6df23
...
...
@@ -146,6 +146,9 @@ CACHES = {
}
# Add external_auth to Installed apps for testing
INSTALLED_APPS
+=
(
'external_auth'
,
)
# hide ratelimit warnings while running tests
filterwarnings
(
'ignore'
,
message
=
'No request passed to the backend, unable to rate-limit'
)
...
...
This diff is collapsed.
Click to expand it.
cms/templates/register.html
0 → 120000
View file @
2bf6df23
signup.html
\ No newline at end of file
This diff is collapsed.
Click to expand it.
common/djangoapps/external_auth/tests/test_ssl.py
View file @
2bf6df23
...
...
@@ -90,15 +90,10 @@ class SSLClientTest(TestCase):
User
.
objects
.
get
(
email
=
self
.
USER_EMAIL
)
@unittest.skipUnless
(
settings
.
ROOT_URLCONF
==
'cms.urls'
,
'Test only valid in cms'
)
@unittest.skip
def
test_ssl_login_with_signup_cms
(
self
):
"""
Validate that an SSL login creates an eamap user and
redirects them to the signup page on CMS.
This currently is failing and should be resolved to passing at
some point. using skip here instead of expectFailure because
of an issue with nose.
"""
self
.
client
.
get
(
reverse
(
'contentstore.views.login_page'
),
...
...
@@ -135,21 +130,19 @@ class SSLClientTest(TestCase):
@unittest.skipUnless
(
settings
.
ROOT_URLCONF
==
'cms.urls'
,
'Test only valid in cms'
)
@override_settings
(
FEATURES
=
FEATURES_WITH_SSL_AUTH_IMMEDIATE_SIGNUP
)
@unittest.skip
def
test_ssl_login_without_signup_cms
(
self
):
"""
Test IMMEDIATE_SIGNUP feature flag and ensure the user account is
automatically created on CMS.
This currently is failing and should be resolved to passing at
some point. using skip here instead of expectFailure because
of an issue with nose.
automatically created on CMS, and that we are redirected
to courses.
"""
self
.
client
.
get
(
response
=
self
.
client
.
get
(
reverse
(
'contentstore.views.login_page'
),
SSL_CLIENT_S_DN
=
self
.
AUTH_DN
.
format
(
self
.
USER_NAME
,
self
.
USER_EMAIL
)
)
self
.
assertEqual
(
response
.
status_code
,
302
)
self
.
assertIn
(
'/course'
,
response
[
'location'
])
# Assert our user exists in both eamap and Users, and that we are logged in
try
:
...
...
@@ -191,6 +184,25 @@ class SSLClientTest(TestCase):
self
.
assertIn
(
reverse
(
'dashboard'
),
response
[
'location'
])
self
.
assertIn
(
'_auth_user_id'
,
self
.
client
.
session
)
@unittest.skipUnless
(
settings
.
ROOT_URLCONF
==
'cms.urls'
,
'Test only valid in cms'
)
@override_settings
(
FEATURES
=
FEATURES_WITH_SSL_AUTH_IMMEDIATE_SIGNUP
)
def
test_cms_registration_page_bypass
(
self
):
"""
This tests to make sure when immediate signup is on that
the user doesn't get presented with the registration page.
"""
# Expect a NotImplementError from course page as we don't have anything else built
with
self
.
assertRaisesRegexp
(
NotImplementedError
,
'coming soon'
):
self
.
client
.
get
(
reverse
(
'signup'
),
follow
=
True
,
SSL_CLIENT_S_DN
=
self
.
AUTH_DN
.
format
(
self
.
USER_NAME
,
self
.
USER_EMAIL
))
# assert that we are logged in
self
.
assertIn
(
'_auth_user_id'
,
self
.
client
.
session
)
# Now that we are logged in, make sure we don't see the registration page
with
self
.
assertRaisesRegexp
(
NotImplementedError
,
'coming soon'
):
self
.
client
.
get
(
reverse
(
'signup'
),
follow
=
True
)
@unittest.skipUnless
(
settings
.
ROOT_URLCONF
==
'lms.urls'
,
'Test only valid in lms'
)
@override_settings
(
FEATURES
=
FEATURES_WITH_SSL_AUTH_IMMEDIATE_SIGNUP
)
def
test_signin_page_bypass
(
self
):
...
...
@@ -212,6 +224,7 @@ class SSLClientTest(TestCase):
self
.
assertIn
(
reverse
(
'dashboard'
),
response
[
'location'
])
self
.
assertIn
(
'_auth_user_id'
,
self
.
client
.
session
)
@unittest.skipUnless
(
settings
.
ROOT_URLCONF
==
'lms.urls'
,
'Test only valid in lms'
)
@override_settings
(
FEATURES
=
FEATURES_WITH_SSL_AUTH_IMMEDIATE_SIGNUP
)
def
test_ssl_bad_eamap
(
self
):
...
...
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment