Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #11358 from edx/release

Browse Source 
Hotfix for MA-1981 and safe sessions
This commit is contained in:
Nimisha Asthagiri
2016-01-27 15:53:20 -05:00
parent 806048d4bb 233deb27be
commit 08a2bc9620
26 changed files with 1348 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
common/djangoapps/cache_toolbox/middleware.py
View File

@@ -81,10 +81,15 @@ choice for most environments but you may be happy with the trade-offs of the
from django.contrib.auth import SESSION_KEY
from django.contrib.auth.models import User
from django.contrib.auth.middleware import AuthenticationMiddleware
from logging import getLogger
from openedx.core.djangoapps.safe_sessions.middleware import SafeSessionMiddleware
from .model import cache_model
log = getLogger(__name__)
class CacheBackedAuthenticationMiddleware(AuthenticationMiddleware):
def __init__(self):
cache_model(User)
@@ -92,7 +97,16 @@ class CacheBackedAuthenticationMiddleware(AuthenticationMiddleware):
def process_request(self, request):
try:
# Try and construct a User instance from data stored in the cache
request.user = User.get_cached(request.session[SESSION_KEY])
session_user_id = SafeSessionMiddleware.get_user_id_from_session(request)
request.user = User.get_cached(session_user_id) # pylint: disable=no-member
if request.user.id != session_user_id:
log.error(
"CacheBackedAuthenticationMiddleware cached user '%s' does not match requested user '%s'.",
request.user.id,
session_user_id,
)
# Raise an exception to fall through to the except clause below.
raise Exception
except:
# Fallback to constructing the User from the database.
super(CacheBackedAuthenticationMiddleware, self).process_request(request)

9
common/djangoapps/student/models.py
View File

@@ -1758,10 +1758,11 @@ def log_successful_login(sender, request, user, **kwargs): # pylint: disable=un
@receiver(user_logged_out)
def log_successful_logout(sender, request, user, **kwargs): # pylint: disable=unused-argument
"""Handler to log when logouts have occurred successfully."""
if settings.FEATURES['SQUELCH_PII_IN_LOGS']:
AUDIT_LOG.info(u"Logout - user.id: {0}".format(request.user.id))
else:
AUDIT_LOG.info(u"Logout - {0}".format(request.user))
if hasattr(request, 'user'):
if settings.FEATURES['SQUELCH_PII_IN_LOGS']:
AUDIT_LOG.info(u"Logout - user.id: {0}".format(request.user.id)) # pylint: disable=logging-format-interpolation
else:
AUDIT_LOG.info(u"Logout - {0}".format(request.user)) # pylint: disable=logging-format-interpolation
@receiver(user_logged_in)

3
common/djangoapps/student/tests/test_auto_auth.py
View File

@@ -59,6 +59,7 @@ class AutoAuthEnabledTestCase(UrlResetMixin, TestCase):
Test to make sure multiple users are created.
"""
self._auto_auth()
self.client.logout()
self._auto_auth()
self.assertEqual(User.objects.all().count(), 2)
@@ -138,6 +139,7 @@ class AutoAuthEnabledTestCase(UrlResetMixin, TestCase):
self.assertEqual(len(user_roles), 1)
self.assertEqual(user_roles[0], course_roles[FORUM_ROLE_STUDENT])
self.client.logout()
self._auto_auth({'username': 'a_moderator', 'course_id': course_id, 'roles': 'Moderator'})
user = User.objects.get(username='a_moderator')
user_roles = user.roles.all()
@@ -147,6 +149,7 @@ class AutoAuthEnabledTestCase(UrlResetMixin, TestCase):
course_roles[FORUM_ROLE_MODERATOR]]))
# check multiple roles work.
self.client.logout()
self._auto_auth({
'username': 'an_admin', 'course_id': course_id,
'roles': '{},{}'.format(FORUM_ROLE_MODERATOR, FORUM_ROLE_ADMINISTRATOR)

8
common/djangoapps/util/testing.py
View File

@@ -159,3 +159,11 @@ def patch_testcase():
# pylint: disable=protected-access
TestCase._enter_atomics = enter_atomics_wrapper(TestCase._enter_atomics)
TestCase._rollback_atomics = rollback_atomics_wrapper(TestCase._rollback_atomics)
def patch_sessions():
"""
Override the Test Client's session and login to support safe cookies.
"""
from openedx.core.djangoapps.safe_sessions.testing import safe_cookie_test_session_patch
safe_cookie_test_session_patch()