Skip to content

E
edx-platform
Commit 6de28fc5 by Tommy MacWilliam Committed by Carlos Andrés Rocha
Options

feature flag, consumer displayed, logging 

- provider placed behind separate feature flag
- domain of openid consumer displayed in login page
- added logging for successful login, changed log messages to include
  "OpenID"
parent 4b6694a4
Showing with 24 additions and 6 deletions
common/djangoapps/external_auth/views.py
...@@ -317,7 +317,7 @@ def provider_login(request): ...@@ -317,7 +317,7 @@ def provider_login(request):
server = Server(store, endpoint) server = Server(store, endpoint)
# handle OpenID request # handle OpenID request
query = get_dict_for_openid(request.GET or request.POST) query = get_dict_for_openid(request.REQUEST)
error = False error = False
if 'openid.mode' in request.GET or 'openid.mode' in request.POST: if 'openid.mode' in request.GET or 'openid.mode' in request.POST:
# decode request # decode request
...@@ -358,7 +358,7 @@ def provider_login(request): ...@@ -358,7 +358,7 @@ def provider_login(request):
user = User.objects.get(email=email) user = User.objects.get(email=email)
except User.DoesNotExist: except User.DoesNotExist:
request.session['openid_error'] = True request.session['openid_error'] = True
log.warning("Login failed - Unknown user email: {0}".format(email)) log.warning("OpenID login failed - Unknown user email: {0}".format(email))
return HttpResponseRedirect(openid_request['url']) return HttpResponseRedirect(openid_request['url'])
# attempt to authenticate user # attempt to authenticate user
...@@ -366,7 +366,7 @@ def provider_login(request): ...@@ -366,7 +366,7 @@ def provider_login(request):
user = authenticate(username=username, password=password) user = authenticate(username=username, password=password)
if user is None: if user is None:
request.session['openid_error'] = True request.session['openid_error'] = True
log.warning("Login failed - password for {0} is invalid".format(email)) log.warning("OpenID login failed - password for {0} is invalid".format(email))
return HttpResponseRedirect(openid_request['url']) return HttpResponseRedirect(openid_request['url'])
# authentication succeeded, so log user in # authentication succeeded, so log user in
...@@ -377,6 +377,7 @@ def provider_login(request): ...@@ -377,6 +377,7 @@ def provider_login(request):
# fullname field comes from user profile # fullname field comes from user profile
profile = UserProfile.objects.get(user=user) profile = UserProfile.objects.get(user=user)
log.info("OpenID login success - {0} ({1})".format(user.username, user.email))
# redirect user to return_to location # redirect user to return_to location
response = openid_request['request'].answer(True, None, endpoint + urlquote(user.username)) response = openid_request['request'].answer(True, None, endpoint + urlquote(user.username))
...@@ -389,9 +390,16 @@ def provider_login(request): ...@@ -389,9 +390,16 @@ def provider_login(request):
log.warning("Login failed - Account not active for user {0}".format(username)) log.warning("Login failed - Account not active for user {0}".format(username))
return HttpResponseRedirect(openid_request['url']) return HttpResponseRedirect(openid_request['url'])
# determine consumer domain if applicable
return_to = ''
if 'openid.return_to' in request.REQUEST:
matches = re.match(r'\w+:\/\/([\w\.-]+)', request.REQUEST['openid.return_to'])
return_to = matches.group(1)
# display login page # display login page
response = render_to_response('provider_login.html', { response = render_to_response('provider_login.html', {
'error': error 'error': error,
'return_to': return_to
}) })
# custom XRDS header necessary for discovery process # custom XRDS header necessary for discovery process
......
lms/envs/common.py
...@@ -77,7 +77,7 @@ MITX_FEATURES = { ...@@ -77,7 +77,7 @@ MITX_FEATURES = {
'ACCESS_REQUIRE_STAFF_FOR_COURSE': False, 'ACCESS_REQUIRE_STAFF_FOR_COURSE': False,
'AUTH_USE_OPENID': False, 'AUTH_USE_OPENID': False,
'AUTH_USE_MIT_CERTIFICATES' : False, 'AUTH_USE_MIT_CERTIFICATES' : False,
'AUTH_USE_OPENID_PROVIDER': False,
} }
# Used for A/B testing # Used for A/B testing
......
lms/envs/dev.py
...@@ -17,6 +17,7 @@ MITX_FEATURES['DISABLE_START_DATES'] = True ...@@ -17,6 +17,7 @@ MITX_FEATURES['DISABLE_START_DATES'] = True
MITX_FEATURES['ENABLE_SQL_TRACKING_LOGS'] = True MITX_FEATURES['ENABLE_SQL_TRACKING_LOGS'] = True
MITX_FEATURES['SUBDOMAIN_COURSE_LISTINGS'] = False # Enable to test subdomains--otherwise, want all courses to show up MITX_FEATURES['SUBDOMAIN_COURSE_LISTINGS'] = False # Enable to test subdomains--otherwise, want all courses to show up
MITX_FEATURES['SUBDOMAIN_BRANDING'] = True MITX_FEATURES['SUBDOMAIN_BRANDING'] = True
MITX_FEATURES['AUTH_USE_OPENID_PROVIDER'] = True
WIKI_ENABLED = True WIKI_ENABLED = True
......
lms/templates/provider_login.html
...@@ -11,6 +11,11 @@ ...@@ -11,6 +11,11 @@
top: 0; top: 0;
} }
.openid-login input[type=submit] {
white-space: normal;
height: auto !important;
}
</style> </style>
<section id="login-modal" class="modal login-modal openid-login"> <section id="login-modal" class="modal login-modal openid-login">
...@@ -28,7 +33,7 @@ ...@@ -28,7 +33,7 @@
<label>Password</label> <label>Password</label>
<input type="password" name="password" placeholder="Password" tabindex="2" /> <input type="password" name="password" placeholder="Password" tabindex="2" />
<div class="submit"> <div class="submit">
<input name="submit" type="submit" value="Access My Courses" tabindex="3" /> <input name="submit" type="submit" value="Access My Courses and Return To ${return_to}" tabindex="3" />
</div> </div>
</form> </form>
</div> </div>
......
lms/urls.py
...@@ -217,6 +217,10 @@ if settings.MITX_FEATURES.get('AUTH_USE_OPENID'): ...@@ -217,6 +217,10 @@ if settings.MITX_FEATURES.get('AUTH_USE_OPENID'):
url(r'^openid/login/$', 'django_openid_auth.views.login_begin', name='openid-login'), url(r'^openid/login/$', 'django_openid_auth.views.login_begin', name='openid-login'),
url(r'^openid/complete/$', 'external_auth.views.edXauth_openid_login_complete', name='openid-complete'), url(r'^openid/complete/$', 'external_auth.views.edXauth_openid_login_complete', name='openid-complete'),
url(r'^openid/logo.gif$', 'django_openid_auth.views.logo', name='openid-logo'), url(r'^openid/logo.gif$', 'django_openid_auth.views.logo', name='openid-logo'),
)
if settings.MITX_FEATURES.get('AUTH_USE_OPENID_PROVIDER'):
urlpatterns += (
url(r'^openid/provider/login/$', 'external_auth.views.provider_login', name='openid-provider-login'), url(r'^openid/provider/login/$', 'external_auth.views.provider_login', name='openid-provider-login'),
url(r'^openid/provider/login/(?:[\w%\. ]+)$', 'external_auth.views.provider_identity', name='openid-provider-login-identity'), url(r'^openid/provider/login/(?:[\w%\. ]+)$', 'external_auth.views.provider_identity', name='openid-provider-login-identity'),
url(r'^openid/provider/identity/$', 'external_auth.views.provider_identity', name='openid-provider-identity'), url(r'^openid/provider/identity/$', 'external_auth.views.provider_identity', name='openid-provider-identity'),
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment