Remove anonymous caching when SSL is enabled

681b9a5e · Carson Gee · 372e52bf · 681b9a5e · 681b9a5e
Commit 681b9a5e authored Apr 29, 2015 by Carson Gee
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 1 deletions

common/djangoapps/external_auth/tests/test_ssl.py
+4 -0

common/djangoapps/util/cache.py
+9 -1

No files found.
--- a/common/djangoapps/external_auth/tests/test_ssl.py
+++ b/common/djangoapps/external_auth/tests/test_ssl.py
@@ -2,6 +2,7 @@
 Provides unit tests for SSL based authentication portions
 of the external_auth app.
 """
+import copy
 import unittest

 from django.conf import settings
@@ -31,9 +32,12 @@ FEATURES_WITH_SSL_AUTH_AUTO_ACTIVATE = FEATURES_WITH_SSL_AUTH_IMMEDIATE_SIGNUP.c
 FEATURES_WITH_SSL_AUTH_AUTO_ACTIVATE['BYPASS_ACTIVATION_EMAIL_FOR_EXTAUTH'] = True
 FEATURES_WITHOUT_SSL_AUTH = settings.FEATURES.copy()
 FEATURES_WITHOUT_SSL_AUTH['AUTH_USE_CERTIFICATES'] = False
+CACHES_ENABLE_GENERAL = copy.deepcopy(settings.CACHES)
+CACHES_ENABLE_GENERAL['general']['BACKEND'] = 'django.core.cache.backends.locmem.LocMemCache'


 @override_settings(FEATURES=FEATURES_WITH_SSL_AUTH)
+@override_settings(CACHES=CACHES_ENABLE_GENERAL)
 class SSLClientTest(ModuleStoreTestCase):
    """
    Tests SSL Authentication code sections of external_auth

--- a/common/djangoapps/util/cache.py
+++ b/common/djangoapps/util/cache.py
@@ -8,6 +8,7 @@ not migrating so as not to inconvenience users by logging them all out.
 import urllib
 from functools import wraps

+from django.conf import settings
 from django.core import cache


@@ -49,7 +50,14 @@ def cache_if_anonymous(*get_parameters):
        @wraps(view_func)
        def wrapper(request, *args, **kwargs):
            """The inner wrapper, which wraps the view function."""
-            if not request.user.is_authenticated():
+            # Certificate authentication uses anonymous pages,
+            # specifically the branding index, to do authentication.
+            # If that page is cached the authentication doesn't
+            # happen, so we disable the cache when that feature is enabled.
+            if (
+                not request.user.is_authenticated() and
+                not settings.FEATURES['AUTH_USE_CERTIFICATES']
+            ):
                # Use the cache. The same view accessed through different domain names may
                # return different things, so include the domain name in the key.
                domain = str(request.META.get('HTTP_HOST')) + '.'