Shib PR responses to @cpennington and @ormsbee comments

* Changed unicode test cases to ascii encoding * Removed 'stanford' hardcoding in TOS logic in lieu of 'SHIB_DISABLE_TOS' MIT_FEATURES flag * made 'external_auth' always an installed_app in lms * log.exception changd to log.error where appropriate But: did not change skipping tests to changing settings, for reasons stated here: https://github.com/edx/edx-platform/pull/67#issuecomment-19790330

Shib PR responses to @cpennington and @ormsbee comments
* Changed unicode test cases to ascii encoding * Removed 'stanford' hardcoding in TOS logic in lieu of 'SHIB_DISABLE_TOS' MIT_FEATURES flag * made 'external_auth' always an installed_app in lms * log.exception changd to log.error where appropriate But: did not change skipping tests to changing settings, for reasons stated here: https://github.com/edx/edx-platform/pull/67#issuecomment-19790330
aa4e27f7 · Jason Bau · 084160c1 · aa4e27f7 · aa4e27f7 · aa4e27f7
Commit aa4e27f7 authored Jun 20, 2013 by Jason Bau
Showing with 30 additions and 22 deletions

common/djangoapps/external_auth/tests/test_shib.py
+2 -3

common/djangoapps/external_auth/views.py
+6 -4

common/djangoapps/student/views.py
+13 -12

lms/envs/common.py
+8 -0

lms/envs/test.py
+1 -3

No files found.
--- a/common/djangoapps/external_auth/tests/test_shib.py
+++ b/common/djangoapps/external_auth/tests/test_shib.py
-# coding=utf-8
 """
 Tests for Shibboleth Authentication
 @jbau
@@ -36,8 +35,8 @@ from student.tests.factories import UserFactory
 IDP = 'https://idp.stanford.edu/'
 REMOTE_USER = 'test_user@stanford.edu'
 MAILS = [None, '', 'test_user@stanford.edu']
-GIVENNAMES = [None, '', 'Jason', 'jasön; John; bob']  # At Stanford, the givenNames can be a list delimited by ';'
-SNS = [None, '', 'Bau', '包; smith']  # At Stanford, the sns can be a list delimited by ';'
+GIVENNAMES = [None, '', 'Jason', 'jas\xc3\xb6n; John; bob']  # At Stanford, the givenNames can be a list delimited by ';'
+SNS = [None, '', 'Bau', '\xe5\x8c\x85; smith']  # At Stanford, the sns can be a list delimited by ';'


 def gen_all_identities():

--- a/common/djangoapps/external_auth/views.py
+++ b/common/djangoapps/external_auth/views.py
@@ -245,8 +245,10 @@ def signup(request, eamap=None):
               'ask_for_tos': True,
               }

-    # Can't have terms of service for Stanford users, according to Stanford's Office of General Counsel
-    if settings.MITX_FEATURES['AUTH_USE_SHIB'] and ('stanford' in eamap.external_domain):
+    # Some openEdX instances can't have terms of service for shib users, like
+    # according to Stanford's Office of General Counsel
+    if settings.MITX_FEATURES.get('AUTH_USE_SHIB') and settings.MITX_FEATURES.get('SHIB_DISABLE_TOS') and \
+       ('shib' in eamap.external_domain):
        context['ask_for_tos'] = False

    # detect if full name is blank and ask for it from user
@@ -387,10 +389,10 @@ def shib_login(request):
        """))

    if not request.META.get('REMOTE_USER'):
-        log.exception("SHIB: no REMOTE_USER found in request.META")
+        log.error("SHIB: no REMOTE_USER found in request.META")
        return default_render_failure(request, shib_error_msg)
    elif not request.META.get('Shib-Identity-Provider'):
-        log.exception("SHIB: no Shib-Identity-Provider in request.META")
+        log.error("SHIB: no Shib-Identity-Provider in request.META")
        return default_render_failure(request, shib_error_msg)
    else:
        #if we get here, the user has authenticated properly

--- a/common/djangoapps/student/views.py
+++ b/common/djangoapps/student/views.py
@@ -48,6 +48,8 @@ from courseware.access import has_access
 from courseware.views import get_module_for_descriptor, jump_to
 from courseware.model_data import ModelDataCache

+from external_auth.models import ExternalAuthMap
+
 from statsd import statsd
 from pytz import UTC

@@ -287,12 +289,10 @@ def dashboard(request):
            
    # get info w.r.t ExternalAuthMap
    external_auth_map = None
-    if 'external_auth' in settings.INSTALLED_APPS:
-        from external_auth.models import ExternalAuthMap
-        try:
-            external_auth_map = ExternalAuthMap.objects.get(user=user)
-        except ExternalAuthMap.DoesNotExist:
-            pass
+    try:
+        external_auth_map = ExternalAuthMap.objects.get(user=user)
+    except ExternalAuthMap.DoesNotExist:
+        pass

    context = {'courses': courses,
               'message': message,
@@ -613,10 +613,12 @@ def create_account(request, post_override=None):
        js['field'] = 'honor_code'
        return HttpResponse(json.dumps(js))

-    # Can't have terms of service for Stanford users, according to Stanford's Office of General Counsel
-    if settings.MITX_FEATURES.get("AUTH_USE_SHIB") and DoExternalAuth and ("stanford" in eamap.external_domain):
-        pass
-    else:
+    # Can't have terms of service for certain SHIB users, like at Stanford
+    tos_not_required = settings.MITX_FEATURES.get("AUTH_USE_SHIB") \
+                       and settings.MITX_FEATURES.get('SHIB_DISABLE_TOS') \
+                       and DoExternalAuth and ("shib" in eamap.external_domain)
+
+    if not tos_not_required:
        if post_vars.get('terms_of_service', 'false') != u'true':
            js['value'] = "You must accept the terms of service.".format(field=a)
            js['field'] = 'terms_of_service'
@@ -629,8 +631,7 @@ def create_account(request, post_override=None):
    # TODO: Check password is sane

    required_post_vars = ['username', 'email', 'name', 'password', 'terms_of_service', 'honor_code']
-    if settings.MITX_FEATURES.get("AUTH_USE_SHIB") and DoExternalAuth and ("stanford" in eamap.external_domain):
-        # Can't have terms of service for Stanford users, according to Stanford's Office of General Counsel
+    if tos_not_required:
        required_post_vars =  ['username', 'email', 'name', 'password', 'honor_code']

    for a in required_post_vars:

--- a/lms/envs/common.py
+++ b/lms/envs/common.py
@@ -92,6 +92,10 @@ MITX_FEATURES = {
    'AUTH_USE_MIT_CERTIFICATES': False,
    'AUTH_USE_OPENID_PROVIDER': False,
    'AUTH_USE_SHIB': False,
+
+    # This flag disables the requirement of having to agree to the TOS for users registering
+    # with Shib.  Feature was requested by Stanford's office of general counsel
+    'SHIB_DISABLE_TOS': False,
    
    # Enables ability to restrict enrollment in specific courses by the user account login method
    'RESTRICT_ENROLL_BY_REG_METHOD': False,
@@ -704,6 +708,10 @@ INSTALLED_APPS = (
    'licenses',
    'course_groups',

+    # External auth (OpenID, shib)
+    'external_auth',
+    'django_openid_auth',
+
    #For the wiki
    'wiki',  # The new django-wiki from benjaoming
    'django_notify',

--- a/lms/envs/test.py
+++ b/lms/envs/test.py
@@ -139,6 +139,7 @@ MITX_FEATURES['AUTH_USE_OPENID_PROVIDER'] = True

 ################################## SHIB #######################################
 MITX_FEATURES['AUTH_USE_SHIB'] = True
+MITX_FEATURES['SHIB_DISABLE_TOS'] = True
 MITX_FEATURES['RESTRICT_ENROLL_BY_REG_METHOD'] = True

 OPENID_CREATE_USERS = False
@@ -146,9 +147,6 @@ OPENID_UPDATE_DETAILS_FROM_SREG = True
 OPENID_USE_AS_ADMIN_LOGIN = False
 OPENID_PROVIDER_TRUSTED_ROOTS = ['*']

-INSTALLED_APPS += ('external_auth',)
-INSTALLED_APPS += ('django_openid_auth',)
-
 ################################# CELERY ######################################

 CELERY_ALWAYS_EAGER = True