Merge pull request #11988 from mitocw/fix/aq/cas_profile_not_found_mitocw#102

Fixed 500 error in case of user's profile not found when login/logout with CAS.

Merge pull request #11988 from mitocw/fix/aq/cas_profile_not_found_mitocw#102
Fixed 500 error in case of user's profile not found when login/logout with CAS.
33568cb4 · John Eskew · 05b8a77a · 9220c4d8 · 33568cb4 · 33568cb4
Commit 33568cb4 authored Apr 05, 2016 by John Eskew
Hide whitespace changes
Inline Side-by-side

Showing with 52 additions and 4 deletions

common/djangoapps/external_auth/views.py
+4 -3

common/djangoapps/student/models.py
+6 -1

common/djangoapps/student/tests/test_login.py
+42 -0

No files found.
--- a/common/djangoapps/external_auth/views.py
+++ b/common/djangoapps/external_auth/views.py
@@ -478,9 +478,10 @@ def cas_login(request, next_page=None, required=False):
    if request.user.is_authenticated():
        user = request.user
-        if not UserProfile.objects.filter(user=user):
+        UserProfile.objects.get_or_create(
-            user_profile = UserProfile(name=user.username, user=user)
+            user=user,
-            user_profile.save()
+            defaults={'name': user.username}
+        )
    return ret

--- a/common/djangoapps/student/models.py
+++ b/common/djangoapps/student/models.py
@@ -1827,7 +1827,12 @@ def enforce_single_login(sender, request, user, signal, **kwargs):    # pylint: 
        else:
            key = None
        if user:
-            user.profile.set_login_session(key)
+            user_profile, __ = UserProfile.objects.get_or_create(
+                user=user,
+                defaults={'name': user.username}
+            )
+            if user_profile:
+                user.profile.set_login_session(key)
 class DashboardConfiguration(ConfigurationModel):

--- a/common/djangoapps/student/tests/test_login.py
+++ b/common/djangoapps/student/tests/test_login.py
@@ -273,6 +273,48 @@ class LoginTest(TestCase):
        self.assertEqual(response.status_code, 302)
    @patch.dict("django.conf.settings.FEATURES", {'PREVENT_CONCURRENT_LOGINS': True})
+    def test_single_session_with_no_user_profile(self):
+        """
+        Assert that user login with cas (Central Authentication Service) is
+        redirect to dashboard in case of lms or upload_transcripts in case of
+        cms
+        """
+        user = UserFactory.build(username='tester', email='tester@edx.org')
+        user.set_password('test_password')
+        user.save()
+        # Assert that no profile is created.
+        self.assertFalse(hasattr(user, 'profile'))
+        creds = {'email': 'tester@edx.org', 'password': 'test_password'}
+        client1 = Client()
+        client2 = Client()
+        response = client1.post(self.url, creds)
+        self._assert_response(response, success=True)
+        # Reload the user from the database
+        user = User.objects.get(pk=user.pk)
+        # Assert that profile is created.
+        self.assertTrue(hasattr(user, 'profile'))
+        # second login should log out the first
+        response = client2.post(self.url, creds)
+        self._assert_response(response, success=True)
+        try:
+            # this test can be run with either lms or studio settings
+            # since studio does not have a dashboard url, we should
+            # look for another url that is login_required, in that case
+            url = reverse('dashboard')
+        except NoReverseMatch:
+            url = reverse('upload_transcripts')
+        response = client1.get(url)
+        # client1 will be logged out
+        self.assertEqual(response.status_code, 302)
+    @patch.dict("django.conf.settings.FEATURES", {'PREVENT_CONCURRENT_LOGINS': True})
    def test_single_session_with_url_not_having_login_required_decorator(self):
        # accessing logout url as it does not have login-required decorator it will avoid redirect
        # and go inside the enforce_single_login