feature flag, consumer displayed, logging

- provider placed behind separate feature flag - domain of openid consumer displayed in login page - added logging for successful login, changed log messages to include "OpenID"
2012-08-15 19:49:53 -04:00
parent 4b6694a4ce
commit 6de28fc592
5 changed files with 26 additions and 8 deletions
--- a/common/djangoapps/external_auth/views.py
+++ b/common/djangoapps/external_auth/views.py
@@ -317,7 +317,7 @@ def provider_login(request):
    server = Server(store, endpoint)

    # handle OpenID request
-    query = get_dict_for_openid(request.GET or request.POST)
+    query = get_dict_for_openid(request.REQUEST)
    error = False
    if 'openid.mode' in request.GET or 'openid.mode' in request.POST:
        # decode request
@@ -358,7 +358,7 @@ def provider_login(request):
            user = User.objects.get(email=email)
        except User.DoesNotExist:
            request.session['openid_error'] = True
-            log.warning("Login failed - Unknown user email: {0}".format(email))
+            log.warning("OpenID login failed - Unknown user email: {0}".format(email))
            return HttpResponseRedirect(openid_request['url'])

        # attempt to authenticate user
@@ -366,7 +366,7 @@ def provider_login(request):
        user = authenticate(username=username, password=password)
        if user is None:
            request.session['openid_error'] = True
-            log.warning("Login failed - password for {0} is invalid".format(email))
+            log.warning("OpenID login failed - password for {0} is invalid".format(email))
            return HttpResponseRedirect(openid_request['url'])

        # authentication succeeded, so log user in
@@ -377,6 +377,7 @@ def provider_login(request):

            # fullname field comes from user profile
            profile = UserProfile.objects.get(user=user)
+            log.info("OpenID login success - {0} ({1})".format(user.username, user.email))

            # redirect user to return_to location
            response = openid_request['request'].answer(True, None, endpoint + urlquote(user.username))
@@ -389,9 +390,16 @@ def provider_login(request):
        log.warning("Login failed - Account not active for user {0}".format(username))
        return HttpResponseRedirect(openid_request['url'])

+    # determine consumer domain if applicable
+    return_to = ''
+    if 'openid.return_to' in request.REQUEST:
+        matches = re.match(r'\w+:\/\/([\w\.-]+)', request.REQUEST['openid.return_to'])
+        return_to = matches.group(1)
+
    # display login page
    response = render_to_response('provider_login.html', {
-        'error': error
+        'error': error,
+        'return_to': return_to
    })

    # custom XRDS header necessary for discovery process
--- a/lms/envs/common.py
+++ b/lms/envs/common.py
@@ -77,7 +77,7 @@ MITX_FEATURES = {
    'ACCESS_REQUIRE_STAFF_FOR_COURSE': False,
    'AUTH_USE_OPENID': False,
    'AUTH_USE_MIT_CERTIFICATES' : False,
-
+    'AUTH_USE_OPENID_PROVIDER': False,
 }

 # Used for A/B testing
--- a/lms/envs/dev.py
+++ b/lms/envs/dev.py
@@ -17,6 +17,7 @@ MITX_FEATURES['DISABLE_START_DATES'] = True
 MITX_FEATURES['ENABLE_SQL_TRACKING_LOGS'] = True
 MITX_FEATURES['SUBDOMAIN_COURSE_LISTINGS'] = False  # Enable to test subdomains--otherwise, want all courses to show up
 MITX_FEATURES['SUBDOMAIN_BRANDING'] = True
+MITX_FEATURES['AUTH_USE_OPENID_PROVIDER'] = True

 WIKI_ENABLED = True

--- a/lms/templates/provider_login.html
+++ b/lms/templates/provider_login.html
@@ -11,6 +11,11 @@
    top: 0;
 }

+.openid-login input[type=submit] {
+    white-space: normal;
+    height: auto !important;
+}
+
 </style>

 <section id="login-modal" class="modal login-modal openid-login">
@@ -21,14 +26,14 @@
    </header>
    <form id="login_form" class="login_form" method="post" action="/openid/provider/login/">
 %if error:
-          <div id="login_error" class="modal-form-error" style="display: block;">Email or password is incorrect.</div>
+      <div id="login_error" class="modal-form-error" style="display: block;">Email or password is incorrect.</div>
 %endif
      <label>E-mail</label>
      <input type="text" name="email" placeholder="E-mail" tabindex="1" />
      <label>Password</label>
      <input type="password" name="password" placeholder="Password" tabindex="2" />
      <div class="submit">
-        <input name="submit" type="submit" value="Access My Courses" tabindex="3" />
+        <input name="submit" type="submit" value="Access My Courses and Return To ${return_to}" tabindex="3" />
      </div>
    </form>
  </div>
--- a/lms/urls.py
+++ b/lms/urls.py
@@ -217,11 +217,15 @@ if settings.MITX_FEATURES.get('AUTH_USE_OPENID'):
        url(r'^openid/login/$', 'django_openid_auth.views.login_begin', name='openid-login'),
        url(r'^openid/complete/$', 'external_auth.views.edXauth_openid_login_complete', name='openid-complete'),
        url(r'^openid/logo.gif$', 'django_openid_auth.views.logo', name='openid-logo'),
+    )
+
+if settings.MITX_FEATURES.get('AUTH_USE_OPENID_PROVIDER'):
+    urlpatterns += (
        url(r'^openid/provider/login/$', 'external_auth.views.provider_login', name='openid-provider-login'),
        url(r'^openid/provider/login/(?:[\w%\. ]+)$', 'external_auth.views.provider_identity', name='openid-provider-login-identity'),
        url(r'^openid/provider/identity/$', 'external_auth.views.provider_identity', name='openid-provider-identity'),
        url(r'^openid/provider/xrds/$', 'external_auth.views.provider_xrds', name='openid-provider-xrds')
-        )
+    )

 if settings.MITX_FEATURES.get('ENABLE_LMS_MIGRATION'):
    urlpatterns += (