Disabled csrf and made auto_login page toggleable with setting

66eb47fb · ihoover · 978d33ba · 66eb47fb · 66eb47fb · 66eb47fb
Commit 66eb47fb authored Jul 16, 2013 by ihoover
Hide whitespace changes
Inline Side-by-side

Showing with 37 additions and 2 deletions

lms/djangoapps/branding/views.py
+18 -0

lms/envs/common.py
+13 -2

lms/urls.py
+6 -0

No files found.
--- a/lms/djangoapps/branding/views.py
+++ b/lms/djangoapps/branding/views.py
@@ -49,3 +49,21 @@ def courses(request):
        return courseware.views.courses(request)
    return courseware.views.university_profile(request, university)
+def auto_auth(request):
+    """
+    Automatically logs the anonymous user in with a generated random credentials
+    This view is only accessible when settings.AUTOMATIC_AUTH_FOR_LOAD_TESTING is
+    true.
+    """
+    # log the user in
+    student.views.create_account(request)
+    # activate account
+    request.user.is_active = True
+    request.user.save()
+    # redirect to home-page
+    return redirect('root')
--- a/lms/envs/common.py
+++ b/lms/envs/common.py
@@ -37,9 +37,14 @@ PLATFORM_NAME = "edX"
 COURSEWARE_ENABLED = True
 ENABLE_JASMINE = False
+AUTOMATIC_AUTH_FOR_LOAD_TESTING = True
 GENERATE_RANDOM_USER_CREDENTIALS = False
 PERFSTATS = False
+# automatic_auth should turn on random_cred of it needs to
+GENERATE_RANDOM_USER_CREDENTIALS = GENERATE_RANDOM_USER_CREDENTIALS or AUTOMATIC_AUTH_FOR_LOAD_TESTING
 DISCUSSION_SETTINGS = {
    'MAX_COMMENT_DEPTH': 2,
 }
@@ -214,7 +219,6 @@ TEMPLATE_CONTEXT_PROCESSORS = (
    'django.contrib.messages.context_processors.messages',
    #'django.core.context_processors.i18n',
    'django.contrib.auth.context_processors.auth',  # this is required for admin
-    'django.core.context_processors.csrf',  # necessary for csrf protection
    # Added for django-wiki
    'django.core.context_processors.media',
@@ -227,6 +231,10 @@ TEMPLATE_CONTEXT_PROCESSORS = (
    'mitxmako.shortcuts.marketing_link_context_processor',
 )
+# add csrf support unless disabled for load testing
+if not AUTOMATIC_AUTH_FOR_LOAD_TESTING:
+    TEMPLATE_CONTEXT_PROCESSORS += ('django.core.context_processors.csrf',)  # necessary for csrf protection
 STUDENT_FILEUPLOAD_MAX_SIZE = 4 * 1000 * 1000  # 4 MB
 MAX_FILEUPLOADS_PER_INPUT = 20
@@ -463,7 +471,6 @@ MIDDLEWARE_CLASSES = (
    'django_comment_client.middleware.AjaxExceptionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
-    'django.middleware.csrf.CsrfViewMiddleware',
    # Instead of AuthenticationMiddleware, we use a cached backed version
    #'django.contrib.auth.middleware.AuthenticationMiddleware',
@@ -482,6 +489,10 @@ MIDDLEWARE_CLASSES = (
    'codejail.django_integration.ConfigureCodeJailMiddleware',
 )
+# add in csrf middleware unless disabled for load testing
+if not AUTOMATIC_AUTH_FOR_LOAD_TESTING:
+    MIDDLEWARE_CLASSES = MIDDLEWARE_CLASSES + ('django.middleware.csrf.CsrfViewMiddleware',)
 ############################### Pipeline #######################################
 STATICFILES_STORAGE = 'pipeline.storage.PipelineCachedStorage'

--- a/lms/urls.py
+++ b/lms/urls.py
@@ -439,6 +439,12 @@ urlpatterns = patterns(*urlpatterns)
 if settings.DEBUG:
    urlpatterns += static(settings.STATIC_URL, document_root=settings.STATIC_ROOT)
+# enable automatic login
+if settings.AUTOMATIC_AUTH_FOR_LOAD_TESTING:
+    urlpatterns += (
+        url(r'^auto_auth$', 'branding.views.auto_auth'),
+    )
 #Custom error pages
 handler404 = 'static_template_view.views.render_404'
 handler500 = 'static_template_view.views.render_500'