diff --git a/common/djangoapps/third_party_auth/urls.py b/common/djangoapps/third_party_auth/urls.py index 58be91558b..76ea17d10a 100644 --- a/common/djangoapps/third_party_auth/urls.py +++ b/common/djangoapps/third_party_auth/urls.py @@ -10,6 +10,6 @@ urlpatterns = [ url(r'^auth/custom_auth_entry', post_to_custom_auth_form, name='tpa_post_to_custom_auth_form'), url(r'^auth/saml/metadata.xml', saml_metadata_view), url(r'^auth/login/(?Plti)/$', lti_login_and_complete_view), - url(r'^auth/idp_redirect/(?P.*)', IdPRedirectView.as_view(), name="idp_redirect"), + url(r'^auth/idp_redirect/(?P[\w-]+)', IdPRedirectView.as_view(), name="idp_redirect"), url(r'^auth/', include('social_django.urls', namespace='social')), ] diff --git a/common/djangoapps/third_party_auth/views.py b/common/djangoapps/third_party_auth/views.py index 87ae9ffa2f..b13ff7bda0 100644 --- a/common/djangoapps/third_party_auth/views.py +++ b/common/djangoapps/third_party_auth/views.py @@ -115,7 +115,34 @@ def post_to_custom_auth_form(request): class IdPRedirectView(View): + """ + Redirect to an IdP's login page if the IdP exists; otherwise, return a 404. + + Example usage: + + GET auth/idp_redirect/saml-default + + """ def get(self, request, *args, **kwargs): + """ + Return either a redirect to the login page of an identity provider that + corresponds to the provider_slug keyword argument or a 404 if the + provider_slug does not correspond to an identity provider. + + Args: + request (HttpRequest) + + Keyword Args: + provider_slug (str): a slug corresponding to a configured identity provider + + Returns: + HttpResponse: 302 to a provider's login url if the provider_slug kwarg matches an identity provider + HttpResponse: 404 if the provider_slug kwarg does not match an identity provider + """ + # this gets the url to redirect to after login/registration/third_party_auth + # it also handles checking the safety of the redirect url (next query parameter) + # it checks against settings.LOGIN_REDIRECT_WHITELIST, so be sure to add the url + # to this setting next_destination_url = get_next_url_for_login_page(request) try: