Disabled csrf and made auto_login page toggleable with setting

lms/djangoapps/branding/views.py

@@ -49,3 +49,21 @@ def courses(request):
         return courseware.views.courses(request)
 
     return courseware.views.university_profile(request, university)
+
+
+def auto_auth(request):
+    """
+    Automatically logs the anonymous user in with a generated random credentials
+    This view is only accessible when settings.AUTOMATIC_AUTH_FOR_LOAD_TESTING is
+    true.
+    """
+
+    # log the user in
+    student.views.create_account(request)
+
+    # activate account
+    request.user.is_active = True
+    request.user.save()
+
+    # redirect to home-page
+    return redirect('root')

lms/envs/common.py

@@ -37,9 +37,14 @@ PLATFORM_NAME = "edX"
 COURSEWARE_ENABLED = True
 ENABLE_JASMINE = False
 
+AUTOMATIC_AUTH_FOR_LOAD_TESTING = True
+
 GENERATE_RANDOM_USER_CREDENTIALS = False
 PERFSTATS = False
 
+# automatic_auth should turn on random_cred of it needs to
+GENERATE_RANDOM_USER_CREDENTIALS = GENERATE_RANDOM_USER_CREDENTIALS or AUTOMATIC_AUTH_FOR_LOAD_TESTING
+
 DISCUSSION_SETTINGS = {
     'MAX_COMMENT_DEPTH': 2,
 }
@@ -214,7 +219,6 @@ TEMPLATE_CONTEXT_PROCESSORS = (
     'django.contrib.messages.context_processors.messages',
     #'django.core.context_processors.i18n',
     'django.contrib.auth.context_processors.auth',  # this is required for admin
-    'django.core.context_processors.csrf',  # necessary for csrf protection
 
     # Added for django-wiki
     'django.core.context_processors.media',
@@ -227,6 +231,10 @@ TEMPLATE_CONTEXT_PROCESSORS = (
     'mitxmako.shortcuts.marketing_link_context_processor',
 )
 
+# add csrf support unless disabled for load testing
+if not AUTOMATIC_AUTH_FOR_LOAD_TESTING:
+    TEMPLATE_CONTEXT_PROCESSORS += ('django.core.context_processors.csrf',)  # necessary for csrf protection
+
 STUDENT_FILEUPLOAD_MAX_SIZE = 4 * 1000 * 1000  # 4 MB
 MAX_FILEUPLOADS_PER_INPUT = 20
 
@@ -463,7 +471,6 @@ MIDDLEWARE_CLASSES = (
     'django_comment_client.middleware.AjaxExceptionMiddleware',
     'django.middleware.common.CommonMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
-    'django.middleware.csrf.CsrfViewMiddleware',
 
     # Instead of AuthenticationMiddleware, we use a cached backed version
     #'django.contrib.auth.middleware.AuthenticationMiddleware',
@@ -482,6 +489,10 @@ MIDDLEWARE_CLASSES = (
     'codejail.django_integration.ConfigureCodeJailMiddleware',
 )
 
+# add in csrf middleware unless disabled for load testing
+if not AUTOMATIC_AUTH_FOR_LOAD_TESTING:
+    MIDDLEWARE_CLASSES = MIDDLEWARE_CLASSES + ('django.middleware.csrf.CsrfViewMiddleware',)
+
 ############################### Pipeline #######################################
 
 STATICFILES_STORAGE = 'pipeline.storage.PipelineCachedStorage'

lms/urls.py

@@ -439,6 +439,12 @@ urlpatterns = patterns(*urlpatterns)
 if settings.DEBUG:
     urlpatterns += static(settings.STATIC_URL, document_root=settings.STATIC_ROOT)
 
+# enable automatic login
+if settings.AUTOMATIC_AUTH_FOR_LOAD_TESTING:
+    urlpatterns += (
+        url(r'^auto_auth$', 'branding.views.auto_auth'),
+    )
+
 #Custom error pages
 handler404 = 'static_template_view.views.render_404'
 handler500 = 'static_template_view.views.render_500'