Add additional check signin to make sure an SSL certificate is passed

before redirecting to SSL authentication.

Add additional check signin to make sure an SSL certificate is passed
before redirecting to SSL authentication.
cec79368 · Carson Gee · 8261f2b4 · cec79368 · cec79368 · cec79368
Commit cec79368 authored Dec 12, 2013 by Carson Gee
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 5 deletions

common/djangoapps/external_auth/tests/test_ssl.py
+7 -0

common/djangoapps/external_auth/views.py
+3 -3

common/djangoapps/student/views.py
+4 -2

No files found.
--- a/common/djangoapps/external_auth/tests/test_ssl.py
+++ b/common/djangoapps/external_auth/tests/test_ssl.py
@@ -199,6 +199,13 @@ class SSLClientTest(TestCase):
        that user doesn't get presented with the login page if they
        have a certificate.
        """
+        # Test that they do signin if they don't have a cert
+        response = self.client.get(reverse('signin_user'))
+        self.assertEqual(200, response.status_code)
+        self.assertTrue('login_form' in response.content
+                        or 'login-form' in response.content)
+
+        # And get directly logged in otherwise
        response = self.client.get(
            reverse('signin_user'), follow=True,
            SSL_CLIENT_S_DN=self.AUTH_DN.format(self.USER_NAME, self.USER_EMAIL))

--- a/common/djangoapps/external_auth/views.py
+++ b/common/djangoapps/external_auth/views.py
@@ -330,7 +330,7 @@ def _ssl_dn_extract_info(dn_string):
    return (user, email, fullname)


-def _ssl_get_cert_from_request(request):
+def ssl_get_cert_from_request(request):
    """
    Extract user information from certificate, if it exists, returning (user, email, fullname).
    Else return None.
@@ -369,7 +369,7 @@ def ssl_login_shortcut(fn):
        if request.user and request.user.is_authenticated():  # don't re-authenticate
            return fn(*args, **kwargs)

-        cert = _ssl_get_cert_from_request(request)
+        cert = ssl_get_cert_from_request(request)
        if not cert:		# no certificate information - show normal login window
            return fn(*args, **kwargs)

@@ -411,7 +411,7 @@ def ssl_login(request):
    if not settings.FEATURES['AUTH_USE_MIT_CERTIFICATES']:
        return HttpResponseForbidden()

-    cert = _ssl_get_cert_from_request(request)
+    cert = ssl_get_cert_from_request(request)

    if not cert:
        # no certificate information - go onward to main index

--- a/common/djangoapps/student/views.py
+++ b/common/djangoapps/student/views.py
@@ -239,9 +239,11 @@ def signin_user(request):
    """
    This view will display the non-modal login form
    """
-    if settings.FEATURES['AUTH_USE_MIT_CERTIFICATES']:
+    if (settings.FEATURES['AUTH_USE_MIT_CERTIFICATES'] and
+            external_auth.views.ssl_get_cert_from_request(request)):
        # SSL login doesn't require a view, so redirect
-        # branding and allow that to process the login.
+        # branding and allow that to process the login if it
+        # is enabled and the header is in the request.
        return redirect(reverse('root'))
    if request.user.is_authenticated():
        return redirect(reverse('dashboard'))