Adds redirects for login pages and the registration page so that

they go through the SSL login process in branding when that feature is enabled.

Adds redirects for login pages and the registration page so that
they go through the SSL login process in branding when that feature is enabled.
484602ad · Carson Gee · d5bff2e2 · 484602ad · 484602ad
Commit 484602ad authored Dec 10, 2013 by Carson Gee
Hide whitespace changes
Inline Side-by-side

Showing with 56 additions and 0 deletions

common/djangoapps/external_auth/tests/test_ssl.py
+44 -0

common/djangoapps/student/views.py
+12 -0

No files found.
--- a/common/djangoapps/external_auth/tests/test_ssl.py
+++ b/common/djangoapps/external_auth/tests/test_ssl.py
@@ -140,3 +140,47 @@ class SSLClientTest(TestCase):
            User.objects.get(email=self.USER_EMAIL)
        except ExternalAuthMap.DoesNotExist, ex:
            self.fail('User did not get properly added to internal users, exception was {0}'.format(str(ex)))
+    @unittest.skipUnless(settings.ROOT_URLCONF == 'lms.urls', 'Test only valid in lms')
+    @override_settings(FEATURES=FEATURES_WITH_SSL_AUTH_IMMEDIATE_SIGNUP)
+    def test_default_login_decorator_ssl(self):
+        """
+        Make sure that SSL login happens if it is enabled on protected
+        views instead of showing the login form.
+        """
+        response = self.client.get(reverse('dashboard'), follows=True)
+        self.assertEqual(response.status_code, 302)
+        self.assertIn(reverse('accounts_login'), response['location'])
+        response = self.client.get(
+            reverse('dashboard'), follow=True,
+            SSL_CLIENT_S_DN=self.AUTH_DN.format(self.USER_NAME, self.USER_EMAIL))
+        self.assertIn(reverse('dashboard'), response['location'])
+        self.assertIn('_auth_user_id', self.client.session)
+    @unittest.skipUnless(settings.ROOT_URLCONF == 'lms.urls', 'Test only valid in lms')
+    @override_settings(FEATURES=FEATURES_WITH_SSL_AUTH_IMMEDIATE_SIGNUP)
+    def test_registration_page_bypass(self):
+        """
+        This tests to make sure when immediate signup is on that
+        the user doesn't get presented with the registration page.
+        """
+        response = self.client.get(
+            reverse('register_user'), follow=True,
+            SSL_CLIENT_S_DN=self.AUTH_DN.format(self.USER_NAME, self.USER_EMAIL))
+        self.assertIn(reverse('dashboard'), response['location'])
+        self.assertIn('_auth_user_id', self.client.session)
+    @unittest.skipUnless(settings.ROOT_URLCONF == 'lms.urls', 'Test only valid in lms')
+    @override_settings(FEATURES=FEATURES_WITH_SSL_AUTH_IMMEDIATE_SIGNUP)
+    def test_signin_page_bypass(self):
+        """
+        This tests to make sure when ssl authentication is on
+        that user doesn't get presented with the login page if they
+        have a certificate.
+        """
+        response = self.client.get(
+            reverse('signin_user'), follow=True,
+            SSL_CLIENT_S_DN=self.AUTH_DN.format(self.USER_NAME, self.USER_EMAIL))
+        self.assertIn(reverse('dashboard'), response['location'])
+        self.assertIn('_auth_user_id', self.client.session)
--- a/common/djangoapps/student/views.py
+++ b/common/djangoapps/student/views.py
@@ -239,6 +239,10 @@ def signin_user(request):
    """
    This view will display the non-modal login form
    """
+    if settings.FEATURES['AUTH_USE_MIT_CERTIFICATES']:
+        # SSL login doesn't require a view, so redirect
+        # branding and allow that to process the login.
+        return redirect(reverse('root'))
    if request.user.is_authenticated():
        return redirect(reverse('dashboard'))
@@ -256,6 +260,10 @@ def register_user(request, extra_context=None):
    """
    if request.user.is_authenticated():
        return redirect(reverse('dashboard'))
+    if settings.FEATURES.get('AUTH_USE_MIT_CERTIFICATES_IMMEDIATE_SIGNUP'):
+        # Redirect to branding to process their certificate if SSL is enabled
+        # and registration is disabled.
+        return redirect(reverse('root'))
    context = {
        'course_id': request.GET.get('course_id'),
@@ -518,6 +526,10 @@ def accounts_login(request):
    """
    if settings.FEATURES.get('AUTH_USE_CAS'):
        return redirect(reverse('cas-login'))
+    if settings.FEATURES['AUTH_USE_MIT_CERTIFICATES']:
+        # SSL login doesn't require a view, so redirect
+        # to branding and allow that to process the login.
+        return redirect(reverse('root'))
    # see if the "next" parameter has been set, whether it has a course context, and if so, whether
    # there is a course-specific place to redirect
    redirect_to = request.GET.get('next')