More fully integrate and test ssl external auth in CMS

2013-12-23 13:11:14 -05:00
parent 7e075eece1
commit 2bf6df23c8
4 changed files with 44 additions and 14 deletions
--- a/cms/djangoapps/contentstore/views/public.py
+++ b/cms/djangoapps/contentstore/views/public.py
@@ -3,13 +3,13 @@ Public views
 """
 from django_future.csrf import ensure_csrf_cookie
 from django.core.context_processors import csrf
+from django.core.urlresolvers import reverse
 from django.shortcuts import redirect
 from django.conf import settings

 from edxmako.shortcuts import render_to_response

-from external_auth.views import ssl_login_shortcut
-
+from external_auth.views import ssl_login_shortcut, ssl_get_cert_from_request
 from microsite_configuration.middleware import MicrositeConfiguration

 __all__ = ['signup', 'login_page', 'howitworks']
@@ -21,6 +21,13 @@ def signup(request):
    Display the signup form.
    """
    csrf_token = csrf(request)['csrf_token']
+    if request.user.is_authenticated():
+        return redirect('/course')
+    if settings.FEATURES.get('AUTH_USE_MIT_CERTIFICATES_IMMEDIATE_SIGNUP'):
+        # Redirect to course to login to process their certificate if SSL is enabled
+        # and registration is disabled.
+        return redirect(reverse('login'))
+
    return render_to_response('signup.html', {'csrf': csrf_token})


@@ -31,6 +38,12 @@ def login_page(request):
    Display the login form.
    """
    csrf_token = csrf(request)['csrf_token']
+    if (settings.FEATURES['AUTH_USE_MIT_CERTIFICATES'] and
+            ssl_get_cert_from_request(request)):
+        # SSL login doesn't require a login view, so redirect
+        # to course now that the user is authenticated via
+        # the decorator.
+        return redirect('/course')
    return render_to_response(
        'login.html',
        {
--- a/cms/envs/test.py
+++ b/cms/envs/test.py
@@ -146,6 +146,9 @@ CACHES = {

 }

+# Add external_auth to Installed apps for testing
+INSTALLED_APPS += ('external_auth', )
+
 # hide ratelimit warnings while running tests
 filterwarnings('ignore', message='No request passed to the backend, unable to rate-limit')

--- a/cms/templates/register.html
+++ b/cms/templates/register.html
@@ -0,0 +1 @@
+signup.html
--- a/common/djangoapps/external_auth/tests/test_ssl.py
+++ b/common/djangoapps/external_auth/tests/test_ssl.py
@@ -90,15 +90,10 @@ class SSLClientTest(TestCase):
            User.objects.get(email=self.USER_EMAIL)

    @unittest.skipUnless(settings.ROOT_URLCONF == 'cms.urls', 'Test only valid in cms')
-    @unittest.skip
    def test_ssl_login_with_signup_cms(self):
        """
        Validate that an SSL login creates an eamap user and
        redirects them to the signup page on CMS.
-
-        This currently is failing and should be resolved to passing at
-        some point.  using skip here instead of expectFailure because
-        of an issue with nose.
        """
        self.client.get(
            reverse('contentstore.views.login_page'),
@@ -135,21 +130,19 @@ class SSLClientTest(TestCase):

    @unittest.skipUnless(settings.ROOT_URLCONF == 'cms.urls', 'Test only valid in cms')
    @override_settings(FEATURES=FEATURES_WITH_SSL_AUTH_IMMEDIATE_SIGNUP)
-    @unittest.skip
    def test_ssl_login_without_signup_cms(self):
        """
        Test IMMEDIATE_SIGNUP feature flag and ensure the user account is
-        automatically created on CMS.
-
-        This currently is failing and should be resolved to passing at
-        some point.  using skip here instead of expectFailure because
-        of an issue with nose.
+        automatically created on CMS, and that we are redirected
+        to courses.
        """

-        self.client.get(
+        response = self.client.get(
            reverse('contentstore.views.login_page'),
            SSL_CLIENT_S_DN=self.AUTH_DN.format(self.USER_NAME, self.USER_EMAIL)
        )
+        self.assertEqual(response.status_code, 302)
+        self.assertIn('/course', response['location'])

        # Assert our user exists in both eamap and Users, and that we are logged in
        try:
@@ -191,6 +184,25 @@ class SSLClientTest(TestCase):
        self.assertIn(reverse('dashboard'), response['location'])
        self.assertIn('_auth_user_id', self.client.session)

+    @unittest.skipUnless(settings.ROOT_URLCONF == 'cms.urls', 'Test only valid in cms')
+    @override_settings(FEATURES=FEATURES_WITH_SSL_AUTH_IMMEDIATE_SIGNUP)
+    def test_cms_registration_page_bypass(self):
+        """
+        This tests to make sure when immediate signup is on that
+        the user doesn't get presented with the registration page.
+        """
+        # Expect a NotImplementError from course page as we don't have anything else built
+        with self.assertRaisesRegexp(NotImplementedError, 'coming soon'):
+            self.client.get(
+                reverse('signup'), follow=True,
+                SSL_CLIENT_S_DN=self.AUTH_DN.format(self.USER_NAME, self.USER_EMAIL))
+        # assert that we are logged in
+        self.assertIn('_auth_user_id', self.client.session)
+
+        # Now that we are logged in, make sure we don't see the registration page
+        with self.assertRaisesRegexp(NotImplementedError, 'coming soon'):
+            self.client.get(reverse('signup'), follow=True)
+
    @unittest.skipUnless(settings.ROOT_URLCONF == 'lms.urls', 'Test only valid in lms')
    @override_settings(FEATURES=FEATURES_WITH_SSL_AUTH_IMMEDIATE_SIGNUP)
    def test_signin_page_bypass(self):
@@ -212,6 +224,7 @@ class SSLClientTest(TestCase):
        self.assertIn(reverse('dashboard'), response['location'])
        self.assertIn('_auth_user_id', self.client.session)

+
    @unittest.skipUnless(settings.ROOT_URLCONF == 'lms.urls', 'Test only valid in lms')
    @override_settings(FEATURES=FEATURES_WITH_SSL_AUTH_IMMEDIATE_SIGNUP)
    def test_ssl_bad_eamap(self):