Skip to content

E
edx-platform
Commit c1b84728 by Carson Gee
Options

Merge pull request #1930 from carsongee/cg/ssl-check-header 

Check that SSL certificate is passed before redirecting to SSL authentication.
parents 8261f2b4 cec79368
Showing with 14 additions and 5 deletions
common/djangoapps/external_auth/tests/test_ssl.py
...@@ -199,6 +199,13 @@ class SSLClientTest(TestCase): ...@@ -199,6 +199,13 @@ class SSLClientTest(TestCase):
that user doesn't get presented with the login page if they that user doesn't get presented with the login page if they
have a certificate. have a certificate.
""" """
# Test that they do signin if they don't have a cert
response = self.client.get(reverse('signin_user'))
self.assertEqual(200, response.status_code)
self.assertTrue('login_form' in response.content
or 'login-form' in response.content)
# And get directly logged in otherwise
response = self.client.get( response = self.client.get(
reverse('signin_user'), follow=True, reverse('signin_user'), follow=True,
SSL_CLIENT_S_DN=self.AUTH_DN.format(self.USER_NAME, self.USER_EMAIL)) SSL_CLIENT_S_DN=self.AUTH_DN.format(self.USER_NAME, self.USER_EMAIL))
......
common/djangoapps/external_auth/views.py
...@@ -330,7 +330,7 @@ def _ssl_dn_extract_info(dn_string): ...@@ -330,7 +330,7 @@ def _ssl_dn_extract_info(dn_string):
return (user, email, fullname) return (user, email, fullname)
def _ssl_get_cert_from_request(request): def ssl_get_cert_from_request(request):
""" """
Extract user information from certificate, if it exists, returning (user, email, fullname). Extract user information from certificate, if it exists, returning (user, email, fullname).
Else return None. Else return None.
...@@ -369,7 +369,7 @@ def ssl_login_shortcut(fn): ...@@ -369,7 +369,7 @@ def ssl_login_shortcut(fn):
if request.user and request.user.is_authenticated(): # don't re-authenticate if request.user and request.user.is_authenticated(): # don't re-authenticate
return fn(*args, **kwargs) return fn(*args, **kwargs)
cert = _ssl_get_cert_from_request(request) cert = ssl_get_cert_from_request(request)
if not cert: # no certificate information - show normal login window if not cert: # no certificate information - show normal login window
return fn(*args, **kwargs) return fn(*args, **kwargs)
...@@ -411,7 +411,7 @@ def ssl_login(request): ...@@ -411,7 +411,7 @@ def ssl_login(request):
if not settings.FEATURES['AUTH_USE_MIT_CERTIFICATES']: if not settings.FEATURES['AUTH_USE_MIT_CERTIFICATES']:
return HttpResponseForbidden() return HttpResponseForbidden()
cert = _ssl_get_cert_from_request(request) cert = ssl_get_cert_from_request(request)
if not cert: if not cert:
# no certificate information - go onward to main index # no certificate information - go onward to main index
......
common/djangoapps/student/views.py
...@@ -239,9 +239,11 @@ def signin_user(request): ...@@ -239,9 +239,11 @@ def signin_user(request):
""" """
This view will display the non-modal login form This view will display the non-modal login form
""" """
if settings.FEATURES['AUTH_USE_MIT_CERTIFICATES']: if (settings.FEATURES['AUTH_USE_MIT_CERTIFICATES'] and
external_auth.views.ssl_get_cert_from_request(request)):
# SSL login doesn't require a view, so redirect # SSL login doesn't require a view, so redirect
# branding and allow that to process the login. # branding and allow that to process the login if it
# is enabled and the header is in the request.
return redirect(reverse('root')) return redirect(reverse('root'))
if request.user.is_authenticated(): if request.user.is_authenticated():
return redirect(reverse('dashboard')) return redirect(reverse('dashboard'))
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment