From 78d4ed31a10fe73c7517eb245c1c087faf758ee6 Mon Sep 17 00:00:00 2001 From: Omar Khan Date: Tue, 9 Feb 2016 15:40:27 +0700 Subject: [PATCH] Revert "Keep SAML configuration check" This reverts commit a020464a41c8e833d31474f8976a4740dd1eb747. --- common/djangoapps/third_party_auth/saml.py | 12 +++++++----- common/djangoapps/third_party_auth/urls.py | 3 +-- common/djangoapps/third_party_auth/views.py | 12 +----------- 3 files changed, 9 insertions(+), 18 deletions(-) diff --git a/common/djangoapps/third_party_auth/saml.py b/common/djangoapps/third_party_auth/saml.py index 61f7e0d8f5..68898434e4 100644 --- a/common/djangoapps/third_party_auth/saml.py +++ b/common/djangoapps/third_party_auth/saml.py @@ -2,6 +2,7 @@ Slightly customized python-social-auth backend for SAML 2.0 support """ import logging +from django.http import Http404 from social.backends.saml import SAMLAuth, OID_EDU_PERSON_ENTITLEMENT from social.exceptions import AuthForbidden, AuthMissingParameter @@ -25,9 +26,6 @@ class SAMLAuthBackend(SAMLAuth): # pylint: disable=abstract-method if not hasattr(self, '_config'): from .models import SAMLConfiguration self._config = SAMLConfiguration.current() # pylint: disable=attribute-defined-outside-init - if not self._config.enabled: - from django.core.exceptions import ImproperlyConfigured - raise ImproperlyConfigured("SAML Authentication is not enabled.") try: return self._config.get_setting(name) except KeyError: @@ -35,14 +33,18 @@ class SAMLAuthBackend(SAMLAuth): # pylint: disable=abstract-method def auth_url(self): """ - Check that the request includes an 'idp' parameter before getting the - URL to which we must redirect in order to authenticate the user. + Check that SAML is enabled and that the request includes an 'idp' + parameter before getting the URL to which we must redirect in order to + authenticate the user. + raise Http404 if SAML is disabled raise AuthMissingParameter if the 'idp' parameter is missing. TODO: remove this method once the fix is merged upstream: https://github.com/omab/python-social-auth/pull/821 """ + if not self._config.enabled: + raise Http404 if 'idp' not in self.strategy.request_data(): raise AuthMissingParameter(self, 'idp') return super(SAMLAuthBackend, self).auth_url() diff --git a/common/djangoapps/third_party_auth/urls.py b/common/djangoapps/third_party_auth/urls.py index de0fee8ec2..a85226f52b 100644 --- a/common/djangoapps/third_party_auth/urls.py +++ b/common/djangoapps/third_party_auth/urls.py @@ -2,7 +2,7 @@ from django.conf.urls import include, patterns, url -from .views import inactive_user_view, saml_metadata_view, lti_login_and_complete_view, post_to_custom_auth_form, login +from .views import inactive_user_view, saml_metadata_view, lti_login_and_complete_view, post_to_custom_auth_form urlpatterns = patterns( '', @@ -10,6 +10,5 @@ urlpatterns = patterns( url(r'^auth/custom_auth_entry', post_to_custom_auth_form, name='tpa_post_to_custom_auth_form'), url(r'^auth/saml/metadata.xml', saml_metadata_view), url(r'^auth/login/(?Plti)/$', lti_login_and_complete_view), - url(r'^auth/login/(?P[^/]+)/$', login), url(r'^auth/', include('social.apps.django_app.urls', namespace='social')), ) diff --git a/common/djangoapps/third_party_auth/views.py b/common/djangoapps/third_party_auth/views.py index 43600432f4..56d34dd178 100644 --- a/common/djangoapps/third_party_auth/views.py +++ b/common/djangoapps/third_party_auth/views.py @@ -7,7 +7,7 @@ from django.http import HttpResponse, HttpResponseServerError, Http404, HttpResp from django.shortcuts import redirect, render from django.views.decorators.csrf import csrf_exempt import social -from social.apps.django_app.views import auth, complete +from social.apps.django_app.views import complete from social.apps.django_app.utils import load_strategy, load_backend from social.utils import setting_name from .models import SAMLConfiguration @@ -61,16 +61,6 @@ def lti_login_and_complete_view(request, backend, *args, **kwargs): return complete(request, backend, *args, **kwargs) -def login(*args, **kwargs): - """ - Wraps the python social auth login view to return a 404 if third party - auth is disabled. - """ - if not SAMLConfiguration.is_enabled(): - raise Http404 - return auth(*args, **kwargs) - - def post_to_custom_auth_form(request): """ Redirect to a custom login/register page.