From 735d01283e9807a9e893d9b329601dbeca0324ca Mon Sep 17 00:00:00 2001
From: Binod Pant <bpant@edx.org>
Date: Tue, 27 Apr 2021 11:33:00 -0400
Subject: [PATCH] ENT-4383 fix the hinted login page experience when enterprise
 login enables hinted login (#27431)

* fix: :bug: Correctly check that saml provider is available using tpa_hint in next param

This fixes the issue of 404 when an enterprise customer sends a tpa_hint in next, but that param is not correctly checked to disable auth MFE. The hinted login page now works with this change.

ENT-4383

* feat: comment update

comment update

ENT-4383
---
 .../djangoapps/user_authn/views/login_form.py   | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/openedx/core/djangoapps/user_authn/views/login_form.py b/openedx/core/djangoapps/user_authn/views/login_form.py
index 4f43efb9c5..bc45dd955f 100644
--- a/openedx/core/djangoapps/user_authn/views/login_form.py
+++ b/openedx/core/djangoapps/user_authn/views/login_form.py
@@ -164,6 +164,7 @@ def login_and_registration_form(request, initial_mode="login"):
     # Our ?next= URL may itself contain a parameter 'tpa_hint=x' that we need to check.
     # If present, we display a login page focused on third-party auth with that provider.
     third_party_auth_hint = None
+    tpa_hint_provider = None
     if '?' in redirect_to:  # lint-amnesty, pylint: disable=too-many-nested-blocks
         try:
             next_args = urllib.parse.parse_qs(urllib.parse.urlparse(redirect_to).query)
@@ -186,16 +187,26 @@ def login_and_registration_form(request, initial_mode="login"):
         except (KeyError, ValueError, IndexError) as ex:
             log.exception("Unknown tpa_hint provider: %s", ex)
 
-    # Redirect to authn MFE if it is enabled or user is not an enterprise user or not coming from a SAML IDP.
+    # Redirect to authn MFE if it is enabled
+    # AND
+    #   user is not an enterprise user
+    # AND
+    #   tpa_hint_provider is not available
+    # AND
+    #   user is not coming from a SAML IDP.
     saml_provider = False
     running_pipeline = pipeline.get(request)
-    enterprise_customer = enterprise_customer_for_request(request)
     if running_pipeline:
         saml_provider, __ = third_party_auth.utils.is_saml_provider(
             running_pipeline.get('backend'), running_pipeline.get('kwargs')
         )
 
-    if should_redirect_to_authn_microfrontend() and not enterprise_customer and not saml_provider:
+    enterprise_customer = enterprise_customer_for_request(request)
+
+    if should_redirect_to_authn_microfrontend() and \
+            not enterprise_customer and \
+            not tpa_hint_provider and \
+            not saml_provider:
 
         # This is to handle a case where a logged-in cookie is not present but the user is authenticated.
         # Note: If we don't handle this learner is redirected to authn MFE and then back to dashboard