Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
E
edx-platform
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
edx
edx-platform
Commits
c98651fa
Commit
c98651fa
authored
Jun 27, 2013
by
Diana Huang
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add in the ability to handle malformed return urls.
parent
c6fa4873
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
35 additions
and
2 deletions
+35
-2
common/djangoapps/external_auth/tests/test_openid_provider.py
+33
-0
common/djangoapps/external_auth/views.py
+2
-2
No files found.
common/djangoapps/external_auth/tests/test_openid_provider.py
View file @
c98651fa
...
...
@@ -9,6 +9,7 @@ from urlparse import parse_qs
from
django.conf
import
settings
from
django.test
import
TestCase
,
LiveServerTestCase
from
django.test.utils
import
override_settings
# from django.contrib.auth.models import User
from
django.core.urlresolvers
import
reverse
from
django.test.client
import
RequestFactory
...
...
@@ -208,6 +209,38 @@ class OpenIdProviderTest(TestCase):
"got code {0} for url '{1}'. Expected code {2}"
.
format
(
resp
.
status_code
,
url
,
code
))
@override_settings
(
OPENID_PROVIDER_TRUSTED_ROOTS
=
[
'http://apps.cs50.edx.org'
])
def
test_invalid_return_url
(
self
):
""" Test for 403 error code when the url"""
if
not
settings
.
MITX_FEATURES
.
get
(
'AUTH_USE_OPENID_PROVIDER'
):
return
url
=
reverse
(
'openid-provider-login'
)
post_args
=
{
"openid.mode"
:
"checkid_setup"
,
"openid.return_to"
:
"http://apps.cs50.edx.or"
,
"openid.assoc_handle"
:
"{HMAC-SHA1}{50ff8120}{rh87+Q==}"
,
"openid.claimed_id"
:
"http://specs.openid.net/auth/2.0/identifier_select"
,
"openid.ns"
:
"http://specs.openid.net/auth/2.0"
,
"openid.realm"
:
"http://testserver/"
,
"openid.identity"
:
"http://specs.openid.net/auth/2.0/identifier_select"
,
"openid.ns.ax"
:
"http://openid.net/srv/ax/1.0"
,
"openid.ax.mode"
:
"fetch_request"
,
"openid.ax.required"
:
"email,fullname,old_email,firstname,old_nickname,lastname,old_fullname,nickname"
,
"openid.ax.type.fullname"
:
"http://axschema.org/namePerson"
,
"openid.ax.type.lastname"
:
"http://axschema.org/namePerson/last"
,
"openid.ax.type.firstname"
:
"http://axschema.org/namePerson/first"
,
"openid.ax.type.nickname"
:
"http://axschema.org/namePerson/friendly"
,
"openid.ax.type.email"
:
"http://axschema.org/contact/email"
,
"openid.ax.type.old_email"
:
"http://schema.openid.net/contact/email"
,
"openid.ax.type.old_nickname"
:
"http://schema.openid.net/namePerson/friendly"
,
"openid.ax.type.old_fullname"
:
"http://schema.openid.net/namePerson"
,
}
resp
=
self
.
client
.
post
(
url
,
post_args
)
code
=
403
self
.
assertEqual
(
resp
.
status_code
,
code
,
"got code {0} for url '{1}'. Expected code {2}"
.
format
(
resp
.
status_code
,
url
,
code
))
class
OpenIdProviderLiveServerTest
(
LiveServerTestCase
):
"""
...
...
common/djangoapps/external_auth/views.py
View file @
c98651fa
...
...
@@ -36,7 +36,7 @@ import django_openid_auth.views as openid_views
from
django_openid_auth
import
auth
as
openid_auth
from
openid.consumer.consumer
import
SUCCESS
from
openid.server.server
import
Server
,
ProtocolError
from
openid.server.server
import
Server
,
ProtocolError
,
UntrustedReturnURL
from
openid.server.trustroot
import
TrustRoot
from
openid.extensions
import
ax
,
sreg
...
...
@@ -642,7 +642,7 @@ def provider_login(request):
# decode request
try
:
openid_request
=
server
.
decodeRequest
(
querydict
)
except
ProtocolError
:
except
(
UntrustedReturnURL
,
ProtocolError
)
:
return
default_render_failure
(
request
,
"Invalid OpenID request"
)
if
not
openid_request
:
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment