feature flag, consumer displayed, logging

- provider placed behind separate feature flag
- domain of openid consumer displayed in login page
- added logging for successful login, changed log messages to include
  "OpenID"

common/djangoapps/external_auth/views.py

@@ -317,7 +317,7 @@ def provider_login(request):
     server = Server(store, endpoint)
 
     # handle OpenID request
-    query = get_dict_for_openid(request.GET or request.POST)
+    query = get_dict_for_openid(request.REQUEST)
     error = False
     if 'openid.mode' in request.GET or 'openid.mode' in request.POST:
         # decode request
@@ -358,7 +358,7 @@ def provider_login(request):
             user = User.objects.get(email=email)
         except User.DoesNotExist:
             request.session['openid_error'] = True
-            log.warning("Login failed - Unknown user email: {0}".format(email))
+            log.warning("OpenID login failed - Unknown user email: {0}".format(email))
             return HttpResponseRedirect(openid_request['url'])
 
         # attempt to authenticate user
@@ -366,7 +366,7 @@ def provider_login(request):
         user = authenticate(username=username, password=password)
         if user is None:
             request.session['openid_error'] = True
-            log.warning("Login failed - password for {0} is invalid".format(email))
+            log.warning("OpenID login failed - password for {0} is invalid".format(email))
             return HttpResponseRedirect(openid_request['url'])
 
         # authentication succeeded, so log user in
@@ -377,6 +377,7 @@ def provider_login(request):
 
             # fullname field comes from user profile
             profile = UserProfile.objects.get(user=user)
+            log.info("OpenID login success - {0} ({1})".format(user.username, user.email))
 
             # redirect user to return_to location
             response = openid_request['request'].answer(True, None, endpoint + urlquote(user.username))
@@ -389,9 +390,16 @@ def provider_login(request):
         log.warning("Login failed - Account not active for user {0}".format(username))
         return HttpResponseRedirect(openid_request['url'])
 
+    # determine consumer domain if applicable
+    return_to = ''
+    if 'openid.return_to' in request.REQUEST:
+        matches = re.match(r'\w+:\/\/([\w\.-]+)', request.REQUEST['openid.return_to'])
+        return_to = matches.group(1)
+
     # display login page
     response = render_to_response('provider_login.html', {
-        'error': error
+        'error': error,
+        'return_to': return_to
     })
 
     # custom XRDS header necessary for discovery process

lms/envs/common.py

@@ -77,7 +77,7 @@ MITX_FEATURES = {
     'ACCESS_REQUIRE_STAFF_FOR_COURSE': False,
     'AUTH_USE_OPENID': False,
     'AUTH_USE_MIT_CERTIFICATES' : False,
-
+    'AUTH_USE_OPENID_PROVIDER': False,
 }
 
 # Used for A/B testing

lms/envs/dev.py

@@ -17,6 +17,7 @@ MITX_FEATURES['DISABLE_START_DATES'] = True
 MITX_FEATURES['ENABLE_SQL_TRACKING_LOGS'] = True
 MITX_FEATURES['SUBDOMAIN_COURSE_LISTINGS'] = False  # Enable to test subdomains--otherwise, want all courses to show up
 MITX_FEATURES['SUBDOMAIN_BRANDING'] = True
+MITX_FEATURES['AUTH_USE_OPENID_PROVIDER'] = True
 
 WIKI_ENABLED = True
 

lms/templates/provider_login.html

@@ -11,6 +11,11 @@
     top: 0;
 }
 
+.openid-login input[type=submit] {
+    white-space: normal;
+    height: auto !important;
+}
+
 </style>
 
 <section id="login-modal" class="modal login-modal openid-login">
@@ -21,14 +26,14 @@
     </header>
     <form id="login_form" class="login_form" method="post" action="/openid/provider/login/">
 %if error:
-          <div id="login_error" class="modal-form-error" style="display: block;">Email or password is incorrect.</div>
+      <div id="login_error" class="modal-form-error" style="display: block;">Email or password is incorrect.</div>
 %endif
       <label>E-mail</label>
       <input type="text" name="email" placeholder="E-mail" tabindex="1" />
       <label>Password</label>
       <input type="password" name="password" placeholder="Password" tabindex="2" />
       <div class="submit">
-        <input name="submit" type="submit" value="Access My Courses" tabindex="3" />
+        <input name="submit" type="submit" value="Access My Courses and Return To ${return_to}" tabindex="3" />
       </div>
     </form>
   </div>

lms/urls.py

@@ -217,11 +217,15 @@ if settings.MITX_FEATURES.get('AUTH_USE_OPENID'):
         url(r'^openid/login/$', 'django_openid_auth.views.login_begin', name='openid-login'),
         url(r'^openid/complete/$', 'external_auth.views.edXauth_openid_login_complete', name='openid-complete'),
         url(r'^openid/logo.gif$', 'django_openid_auth.views.logo', name='openid-logo'),
+    )
+
+if settings.MITX_FEATURES.get('AUTH_USE_OPENID_PROVIDER'):
+    urlpatterns += (
         url(r'^openid/provider/login/$', 'external_auth.views.provider_login', name='openid-provider-login'),
         url(r'^openid/provider/login/(?:[\w%\. ]+)$', 'external_auth.views.provider_identity', name='openid-provider-login-identity'),
         url(r'^openid/provider/identity/$', 'external_auth.views.provider_identity', name='openid-provider-identity'),
         url(r'^openid/provider/xrds/$', 'external_auth.views.provider_xrds', name='openid-provider-xrds')
-        )
+    )
 
 if settings.MITX_FEATURES.get('ENABLE_LMS_MIGRATION'):
     urlpatterns += (