Skip to content

E
edx-platform
Commit 8cbe263c by Carson Gee
Options

Rename of feature AUTH_USE_MIT_CERTIFICATES to AUTH_USE_CERTIFICATES across platform. 

Caution! This is backwards incompatible
parent f33c3089
Showing with 27 additions and 24 deletions
cms/djangoapps/contentstore/views/public.py
...@@ -23,7 +23,7 @@ def signup(request): ...@@ -23,7 +23,7 @@ def signup(request):
csrf_token = csrf(request)['csrf_token'] csrf_token = csrf(request)['csrf_token']
if request.user.is_authenticated(): if request.user.is_authenticated():
return redirect('/course') return redirect('/course')
if settings.FEATURES.get('AUTH_USE_MIT_CERTIFICATES_IMMEDIATE_SIGNUP'): if settings.FEATURES.get('AUTH_USE_CERTIFICATES_IMMEDIATE_SIGNUP'):
# Redirect to course to login to process their certificate if SSL is enabled # Redirect to course to login to process their certificate if SSL is enabled
# and registration is disabled. # and registration is disabled.
return redirect(reverse('login')) return redirect(reverse('login'))
...@@ -38,7 +38,7 @@ def login_page(request): ...@@ -38,7 +38,7 @@ def login_page(request):
Display the login form. Display the login form.
""" """
csrf_token = csrf(request)['csrf_token'] csrf_token = csrf(request)['csrf_token']
if (settings.FEATURES['AUTH_USE_MIT_CERTIFICATES'] and if (settings.FEATURES['AUTH_USE_CERTIFICATES'] and
ssl_get_cert_from_request(request)): ssl_get_cert_from_request(request)):
# SSL login doesn't require a login view, so redirect # SSL login doesn't require a login view, so redirect
# to course now that the user is authenticated via # to course now that the user is authenticated via
......
cms/envs/common.py
...@@ -43,7 +43,7 @@ FEATURES = { ...@@ -43,7 +43,7 @@ FEATURES = {
'ENABLE_DISCUSSION_SERVICE': False, 'ENABLE_DISCUSSION_SERVICE': False,
'AUTH_USE_MIT_CERTIFICATES': False, 'AUTH_USE_CERTIFICATES': False,
# email address for studio staff (eg to request course creation) # email address for studio staff (eg to request course creation)
'STUDIO_REQUEST_EMAIL': '', 'STUDIO_REQUEST_EMAIL': '',
......
cms/envs/dev_ike.py
...@@ -9,7 +9,7 @@ ...@@ -9,7 +9,7 @@
from .common import * from .common import *
from .dev import * from .dev import *
FEATURES['AUTH_USE_MIT_CERTIFICATES'] = True FEATURES['AUTH_USE_CERTIFICATES'] = True
FEATURES['USE_DJANGO_PIPELINE'] = False # don't recompile scss FEATURES['USE_DJANGO_PIPELINE'] = False # don't recompile scss
......
common/djangoapps/external_auth/tests/test_ssl.py
...@@ -21,13 +21,14 @@ from edxmako.middleware import MakoMiddleware ...@@ -21,13 +21,14 @@ from edxmako.middleware import MakoMiddleware
from external_auth.models import ExternalAuthMap from external_auth.models import ExternalAuthMap
import external_auth.views import external_auth.views
from student.tests.factories import UserFactory from student.tests.factories import UserFactory
from xmodule.modulestore.exceptions import InsufficientSpecificationError
FEATURES_WITH_SSL_AUTH = settings.FEATURES.copy() FEATURES_WITH_SSL_AUTH = settings.FEATURES.copy()
FEATURES_WITH_SSL_AUTH['AUTH_USE_MIT_CERTIFICATES'] = True FEATURES_WITH_SSL_AUTH['AUTH_USE_CERTIFICATES'] = True
FEATURES_WITH_SSL_AUTH_IMMEDIATE_SIGNUP = FEATURES_WITH_SSL_AUTH.copy() FEATURES_WITH_SSL_AUTH_IMMEDIATE_SIGNUP = FEATURES_WITH_SSL_AUTH.copy()
FEATURES_WITH_SSL_AUTH_IMMEDIATE_SIGNUP['AUTH_USE_MIT_CERTIFICATES_IMMEDIATE_SIGNUP'] = True FEATURES_WITH_SSL_AUTH_IMMEDIATE_SIGNUP['AUTH_USE_CERTIFICATES_IMMEDIATE_SIGNUP'] = True
FEATURES_WITHOUT_SSL_AUTH = settings.FEATURES.copy() FEATURES_WITHOUT_SSL_AUTH = settings.FEATURES.copy()
FEATURES_WITHOUT_SSL_AUTH['AUTH_USE_MIT_CERTIFICATES'] = False FEATURES_WITHOUT_SSL_AUTH['AUTH_USE_CERTIFICATES'] = False
@override_settings(FEATURES=FEATURES_WITH_SSL_AUTH) @override_settings(FEATURES=FEATURES_WITH_SSL_AUTH)
...@@ -192,7 +193,8 @@ class SSLClientTest(TestCase): ...@@ -192,7 +193,8 @@ class SSLClientTest(TestCase):
the user doesn't get presented with the registration page. the user doesn't get presented with the registration page.
""" """
# Expect a NotImplementError from course page as we don't have anything else built # Expect a NotImplementError from course page as we don't have anything else built
with self.assertRaisesRegexp(NotImplementedError, 'coming soon'): with self.assertRaisesRegexp(InsufficientSpecificationError,
'Must provide one of url, version_guid, package_id'):
self.client.get( self.client.get(
reverse('signup'), follow=True, reverse('signup'), follow=True,
SSL_CLIENT_S_DN=self.AUTH_DN.format(self.USER_NAME, self.USER_EMAIL)) SSL_CLIENT_S_DN=self.AUTH_DN.format(self.USER_NAME, self.USER_EMAIL))
...@@ -200,7 +202,8 @@ class SSLClientTest(TestCase): ...@@ -200,7 +202,8 @@ class SSLClientTest(TestCase):
self.assertIn('_auth_user_id', self.client.session) self.assertIn('_auth_user_id', self.client.session)
# Now that we are logged in, make sure we don't see the registration page # Now that we are logged in, make sure we don't see the registration page
with self.assertRaisesRegexp(NotImplementedError, 'coming soon'): with self.assertRaisesRegexp(InsufficientSpecificationError,
'Must provide one of url, version_guid, package_id'):
self.client.get(reverse('signup'), follow=True) self.client.get(reverse('signup'), follow=True)
@unittest.skipUnless(settings.ROOT_URLCONF == 'lms.urls', 'Test only valid in lms') @unittest.skipUnless(settings.ROOT_URLCONF == 'lms.urls', 'Test only valid in lms')
......
common/djangoapps/external_auth/views.py
...@@ -253,7 +253,7 @@ def _signup(request, eamap, retfun=None): ...@@ -253,7 +253,7 @@ def _signup(request, eamap, retfun=None):
# save this for use by student.views.create_account # save this for use by student.views.create_account
request.session['ExternalAuthMap'] = eamap request.session['ExternalAuthMap'] = eamap
if settings.FEATURES.get('AUTH_USE_MIT_CERTIFICATES_IMMEDIATE_SIGNUP', ''): if settings.FEATURES.get('AUTH_USE_CERTIFICATES_IMMEDIATE_SIGNUP', ''):
# do signin immediately, by calling create_account, instead of asking # do signin immediately, by calling create_account, instead of asking
# student to fill in form. MIT students already have information filed. # student to fill in form. MIT students already have information filed.
username = eamap.external_email.split('@', 1)[0] username = eamap.external_email.split('@', 1)[0]
...@@ -362,7 +362,7 @@ def ssl_login_shortcut(fn): ...@@ -362,7 +362,7 @@ def ssl_login_shortcut(fn):
call. call.
""" """
if not settings.FEATURES['AUTH_USE_MIT_CERTIFICATES']: if not settings.FEATURES['AUTH_USE_CERTIFICATES']:
return fn(*args, **kwargs) return fn(*args, **kwargs)
request = args[0] request = args[0]
...@@ -394,7 +394,7 @@ def ssl_login_shortcut(fn): ...@@ -394,7 +394,7 @@ def ssl_login_shortcut(fn):
def ssl_login(request): def ssl_login(request):
""" """
This is called by branding.views.index when This is called by branding.views.index when
FEATURES['AUTH_USE_MIT_CERTIFICATES'] = True FEATURES['AUTH_USE_CERTIFICATES'] = True
Used for MIT user authentication. This presumes the web server Used for MIT user authentication. This presumes the web server
(nginx) has been configured to require specific client (nginx) has been configured to require specific client
...@@ -408,7 +408,7 @@ def ssl_login(request): ...@@ -408,7 +408,7 @@ def ssl_login(request):
Else continues on with student.views.index, and no authentication. Else continues on with student.views.index, and no authentication.
""" """
# Just to make sure we're calling this only at MIT: # Just to make sure we're calling this only at MIT:
if not settings.FEATURES['AUTH_USE_MIT_CERTIFICATES']: if not settings.FEATURES['AUTH_USE_CERTIFICATES']:
return HttpResponseForbidden() return HttpResponseForbidden()
cert = ssl_get_cert_from_request(request) cert = ssl_get_cert_from_request(request)
......
common/djangoapps/student/views.py
...@@ -330,7 +330,7 @@ def signin_user(request): ...@@ -330,7 +330,7 @@ def signin_user(request):
""" """
This view will display the non-modal login form This view will display the non-modal login form
""" """
if (settings.FEATURES['AUTH_USE_MIT_CERTIFICATES'] and if (settings.FEATURES['AUTH_USE_CERTIFICATES'] and
external_auth.views.ssl_get_cert_from_request(request)): external_auth.views.ssl_get_cert_from_request(request)):
# SSL login doesn't require a view, so redirect # SSL login doesn't require a view, so redirect
# branding and allow that to process the login if it # branding and allow that to process the login if it
...@@ -357,7 +357,7 @@ def register_user(request, extra_context=None): ...@@ -357,7 +357,7 @@ def register_user(request, extra_context=None):
""" """
if request.user.is_authenticated(): if request.user.is_authenticated():
return redirect(reverse('dashboard')) return redirect(reverse('dashboard'))
if settings.FEATURES.get('AUTH_USE_MIT_CERTIFICATES_IMMEDIATE_SIGNUP'): if settings.FEATURES.get('AUTH_USE_CERTIFICATES_IMMEDIATE_SIGNUP'):
# Redirect to branding to process their certificate if SSL is enabled # Redirect to branding to process their certificate if SSL is enabled
# and registration is disabled. # and registration is disabled.
return redirect(reverse('root')) return redirect(reverse('root'))
...@@ -645,7 +645,7 @@ def accounts_login(request): ...@@ -645,7 +645,7 @@ def accounts_login(request):
""" """
if settings.FEATURES.get('AUTH_USE_CAS'): if settings.FEATURES.get('AUTH_USE_CAS'):
return redirect(reverse('cas-login')) return redirect(reverse('cas-login'))
if settings.FEATURES['AUTH_USE_MIT_CERTIFICATES']: if settings.FEATURES['AUTH_USE_CERTIFICATES']:
# SSL login doesn't require a view, so redirect # SSL login doesn't require a view, so redirect
# to branding and allow that to process the login. # to branding and allow that to process the login.
return redirect(reverse('root')) return redirect(reverse('root'))
......
lms/djangoapps/branding/views.py
...@@ -23,7 +23,7 @@ def index(request): ...@@ -23,7 +23,7 @@ def index(request):
if settings.COURSEWARE_ENABLED and request.user.is_authenticated(): if settings.COURSEWARE_ENABLED and request.user.is_authenticated():
return redirect(reverse('dashboard')) return redirect(reverse('dashboard'))
if settings.FEATURES.get('AUTH_USE_MIT_CERTIFICATES'): if settings.FEATURES.get('AUTH_USE_CERTIFICATES'):
from external_auth.views import ssl_login from external_auth.views import ssl_login
return ssl_login(request) return ssl_login(request)
......
lms/djangoapps/dashboard/management/commands/tests/test_git_add_course.py
...@@ -26,7 +26,7 @@ TEST_MONGODB_LOG = { ...@@ -26,7 +26,7 @@ TEST_MONGODB_LOG = {
} }
FEATURES_WITH_SSL_AUTH = settings.FEATURES.copy() FEATURES_WITH_SSL_AUTH = settings.FEATURES.copy()
FEATURES_WITH_SSL_AUTH['AUTH_USE_MIT_CERTIFICATES'] = True FEATURES_WITH_SSL_AUTH['AUTH_USE_CERTIFICATES'] = True
@override_settings(MODULESTORE=TEST_DATA_MONGO_MODULESTORE) @override_settings(MODULESTORE=TEST_DATA_MONGO_MODULESTORE)
......
lms/djangoapps/dashboard/sysadmin.py
...@@ -160,7 +160,7 @@ class Users(SysadminDashboardView): ...@@ -160,7 +160,7 @@ class Users(SysadminDashboardView):
email_domain = getattr(settings, 'SSL_AUTH_EMAIL_DOMAIN', 'MIT.EDU') email_domain = getattr(settings, 'SSL_AUTH_EMAIL_DOMAIN', 'MIT.EDU')
msg = u'' msg = u''
if settings.FEATURES['AUTH_USE_MIT_CERTIFICATES']: if settings.FEATURES['AUTH_USE_CERTIFICATES']:
if not '@' in uname: if not '@' in uname:
email = '{0}@{1}'.format(uname, email_domain) email = '{0}@{1}'.format(uname, email_domain)
else: else:
...@@ -202,7 +202,7 @@ class Users(SysadminDashboardView): ...@@ -202,7 +202,7 @@ class Users(SysadminDashboardView):
profile.name = name profile.name = name
profile.save() profile.save()
if settings.FEATURES['AUTH_USE_MIT_CERTIFICATES']: if settings.FEATURES['AUTH_USE_CERTIFICATES']:
credential_string = getattr(settings, 'SSL_AUTH_DN_FORMAT_STRING', credential_string = getattr(settings, 'SSL_AUTH_DN_FORMAT_STRING',
'/C=US/ST=Massachusetts/O=Massachusetts Institute of Technology/OU=Client CA v1/CN={0}/emailAddress={1}') '/C=US/ST=Massachusetts/O=Massachusetts Institute of Technology/OU=Client CA v1/CN={0}/emailAddress={1}')
credentials = credential_string.format(name, email) credentials = credential_string.format(name, email)
......
lms/djangoapps/dashboard/tests/test_sysadmin.py
...@@ -37,7 +37,7 @@ TEST_MONGODB_LOG = { ...@@ -37,7 +37,7 @@ TEST_MONGODB_LOG = {
} }
FEATURES_WITH_SSL_AUTH = settings.FEATURES.copy() FEATURES_WITH_SSL_AUTH = settings.FEATURES.copy()
FEATURES_WITH_SSL_AUTH['AUTH_USE_MIT_CERTIFICATES'] = True FEATURES_WITH_SSL_AUTH['AUTH_USE_CERTIFICATES'] = True
class SysadminBaseTestCase(ModuleStoreTestCase): class SysadminBaseTestCase(ModuleStoreTestCase):
......
lms/envs/cms/dev.py
...@@ -8,7 +8,7 @@ Settings for the LMS that runs alongside the CMS on AWS ...@@ -8,7 +8,7 @@ Settings for the LMS that runs alongside the CMS on AWS
from ..dev import * from ..dev import *
FEATURES['AUTH_USE_MIT_CERTIFICATES'] = False FEATURES['AUTH_USE_CERTIFICATES'] = False
SUBDOMAIN_BRANDING['edge'] = 'edge' SUBDOMAIN_BRANDING['edge'] = 'edge'
SUBDOMAIN_BRANDING['preview.edge'] = 'edge' SUBDOMAIN_BRANDING['preview.edge'] = 'edge'
......
lms/envs/common.py
...@@ -97,7 +97,7 @@ FEATURES = { ...@@ -97,7 +97,7 @@ FEATURES = {
# extrernal access methods # extrernal access methods
'ACCESS_REQUIRE_STAFF_FOR_COURSE': False, 'ACCESS_REQUIRE_STAFF_FOR_COURSE': False,
'AUTH_USE_OPENID': False, 'AUTH_USE_OPENID': False,
'AUTH_USE_MIT_CERTIFICATES': False, 'AUTH_USE_CERTIFICATES': False,
'AUTH_USE_OPENID_PROVIDER': False, 'AUTH_USE_OPENID_PROVIDER': False,
# Even though external_auth is in common, shib assumes the LMS views / urls, so it should only be enabled # Even though external_auth is in common, shib assumes the LMS views / urls, so it should only be enabled
# in LMS # in LMS
......
lms/envs/dev.py
...@@ -202,7 +202,7 @@ OPENID_PROVIDER_TRUSTED_ROOTS = ['*'] ...@@ -202,7 +202,7 @@ OPENID_PROVIDER_TRUSTED_ROOTS = ['*']
######################## MIT Certificates SSL Auth ############################ ######################## MIT Certificates SSL Auth ############################
FEATURES['AUTH_USE_MIT_CERTIFICATES'] = False FEATURES['AUTH_USE_CERTIFICATES'] = False
################################# CELERY ###################################### ################################# CELERY ######################################
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment