Merge pull request #16923 from edx/LEARNER-3557

LEARNER-3557 Add is_enterprise cookie on login page to be checked on basket page

Merge pull request #16923 from edx/LEARNER-3557
LEARNER-3557 Add is_enterprise cookie on login page to be checked on basket page
6ea32b7a · Matthew Piatetsky · GitHub · 70566b5d · 4a226296 · 6ea32b7a
Unverified Commit 6ea32b7a authored Dec 18, 2017 by Matthew Piatetsky Committed by GitHub Dec 18, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 32 additions and 0 deletions

common/djangoapps/student/cookies.py
+26 -0

lms/djangoapps/student_account/views.py
+6 -0

No files found.
--- a/common/djangoapps/student/cookies.py
+++ b/common/djangoapps/student/cookies.py
@@ -118,6 +118,32 @@ def set_user_info_cookie(response, request):
    )


+def set_experiments_is_enterprise_cookie(request, response, experiments_is_enterprise):
+    """ Sets the experiments_is_enterprise cookie on the response.
+    This cookie can be used for tests or minor features,
+    but should not be used for payment related or other critical work
+    since users can edit their cookies
+    """
+    cookie_settings = standard_cookie_settings(request)
+    # In production, TLS should be enabled so that this cookie is encrypted
+    # when we send it.  We also need to set "secure" to True so that the browser
+    # will transmit it only over secure connections.
+    #
+    # In non-production environments (acceptance tests, devstack, and sandboxes),
+    # we still want to set this cookie.  However, we do NOT want to set it to "secure"
+    # because the browser won't send it back to us.  This can cause an infinite redirect
+    # loop in the third-party auth flow, which calls `is_logged_in_cookie_set` to determine
+    # whether it needs to set the cookie or continue to the next pipeline stage.
+    cookie_is_secure = request.is_secure()
+
+    response.set_cookie(
+        'experiments_is_enterprise',
+        json.dumps(experiments_is_enterprise),
+        secure=cookie_is_secure,
+        **cookie_settings
+    )
+
+
 def get_user_info_cookie_data(request):
    """ Returns information that wil populate the user info cookie. """
    user = request.user

--- a/lms/djangoapps/student_account/views.py
+++ b/lms/djangoapps/student_account/views.py
@@ -40,6 +40,7 @@ from openedx.core.djangoapps.user_api.errors import (
 from openedx.core.lib.edx_api_utils import get_edx_api_data
 from openedx.core.lib.time_zone_utils import TIME_ZONE_CHOICES
 from openedx.features.enterprise_support.api import enterprise_customer_for_request, get_enterprise_learner_data
+from student.cookies import set_experiments_is_enterprise_cookie
 from student.helpers import destroy_oauth_tokens, get_next_url_for_login_page
 from student.models import UserProfile
 from student.views import register_user as old_register_view
@@ -162,6 +163,11 @@ def login_and_registration_form(request, initial_mode="login"):

    response = render_to_response('student_account/login_and_register.html', context)

+    # This cookie can be used for tests or minor features,
+    # but should not be used for payment related or other critical work
+    # since users can edit their cookies
+    set_experiments_is_enterprise_cookie(request, response, context['enable_enterprise_sidebar'])
+
    # Remove enterprise cookie so that subsequent requests show default login page.
    response.delete_cookie(
        configuration_helpers.get_value("ENTERPRISE_CUSTOMER_COOKIE_NAME", settings.ENTERPRISE_CUSTOMER_COOKIE_NAME),