Rename of feature AUTH_USE_MIT_CERTIFICATES to AUTH_USE_CERTIFICATES across platform.
Caution! This is backwards incompatible
This commit is contained in:
Carson Gee
@@ -23,7 +23,7 @@ def signup(request):
|
||||
csrf_token = csrf(request)['csrf_token']
|
||||
if request.user.is_authenticated():
|
||||
return redirect('/course')
|
||||
if settings.FEATURES.get('AUTH_USE_MIT_CERTIFICATES_IMMEDIATE_SIGNUP'):
|
||||
if settings.FEATURES.get('AUTH_USE_CERTIFICATES_IMMEDIATE_SIGNUP'):
|
||||
# Redirect to course to login to process their certificate if SSL is enabled
|
||||
# and registration is disabled.
|
||||
return redirect(reverse('login'))
|
||||
@@ -38,7 +38,7 @@ def login_page(request):
|
||||
Display the login form.
|
||||
"""
|
||||
csrf_token = csrf(request)['csrf_token']
|
||||
if (settings.FEATURES['AUTH_USE_MIT_CERTIFICATES'] and
|
||||
if (settings.FEATURES['AUTH_USE_CERTIFICATES'] and
|
||||
ssl_get_cert_from_request(request)):
|
||||
# SSL login doesn't require a login view, so redirect
|
||||
# to course now that the user is authenticated via
|
||||
|
||||
@@ -43,7 +43,7 @@ FEATURES = {
|
||||
|
||||
'ENABLE_DISCUSSION_SERVICE': False,
|
||||
|
||||
'AUTH_USE_MIT_CERTIFICATES': False,
|
||||
'AUTH_USE_CERTIFICATES': False,
|
||||
|
||||
# email address for studio staff (eg to request course creation)
|
||||
'STUDIO_REQUEST_EMAIL': '',
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
from .common import *
|
||||
from .dev import *
|
||||
|
||||
FEATURES['AUTH_USE_MIT_CERTIFICATES'] = True
|
||||
FEATURES['AUTH_USE_CERTIFICATES'] = True
|
||||
|
||||
FEATURES['USE_DJANGO_PIPELINE'] = False # don't recompile scss
|
||||
|
||||
|
||||
@@ -21,13 +21,14 @@ from edxmako.middleware import MakoMiddleware
|
||||
from external_auth.models import ExternalAuthMap
|
||||
import external_auth.views
|
||||
from student.tests.factories import UserFactory
|
||||
from xmodule.modulestore.exceptions import InsufficientSpecificationError
|
||||
|
||||
FEATURES_WITH_SSL_AUTH = settings.FEATURES.copy()
|
||||
FEATURES_WITH_SSL_AUTH['AUTH_USE_MIT_CERTIFICATES'] = True
|
||||
FEATURES_WITH_SSL_AUTH['AUTH_USE_CERTIFICATES'] = True
|
||||
FEATURES_WITH_SSL_AUTH_IMMEDIATE_SIGNUP = FEATURES_WITH_SSL_AUTH.copy()
|
||||
FEATURES_WITH_SSL_AUTH_IMMEDIATE_SIGNUP['AUTH_USE_MIT_CERTIFICATES_IMMEDIATE_SIGNUP'] = True
|
||||
FEATURES_WITH_SSL_AUTH_IMMEDIATE_SIGNUP['AUTH_USE_CERTIFICATES_IMMEDIATE_SIGNUP'] = True
|
||||
FEATURES_WITHOUT_SSL_AUTH = settings.FEATURES.copy()
|
||||
FEATURES_WITHOUT_SSL_AUTH['AUTH_USE_MIT_CERTIFICATES'] = False
|
||||
FEATURES_WITHOUT_SSL_AUTH['AUTH_USE_CERTIFICATES'] = False
|
||||
|
||||
|
||||
@override_settings(FEATURES=FEATURES_WITH_SSL_AUTH)
|
||||
@@ -192,7 +193,8 @@ class SSLClientTest(TestCase):
|
||||
the user doesn't get presented with the registration page.
|
||||
"""
|
||||
# Expect a NotImplementError from course page as we don't have anything else built
|
||||
with self.assertRaisesRegexp(NotImplementedError, 'coming soon'):
|
||||
with self.assertRaisesRegexp(InsufficientSpecificationError,
|
||||
'Must provide one of url, version_guid, package_id'):
|
||||
self.client.get(
|
||||
reverse('signup'), follow=True,
|
||||
SSL_CLIENT_S_DN=self.AUTH_DN.format(self.USER_NAME, self.USER_EMAIL))
|
||||
@@ -200,7 +202,8 @@ class SSLClientTest(TestCase):
|
||||
self.assertIn('_auth_user_id', self.client.session)
|
||||
|
||||
# Now that we are logged in, make sure we don't see the registration page
|
||||
with self.assertRaisesRegexp(NotImplementedError, 'coming soon'):
|
||||
with self.assertRaisesRegexp(InsufficientSpecificationError,
|
||||
'Must provide one of url, version_guid, package_id'):
|
||||
self.client.get(reverse('signup'), follow=True)
|
||||
|
||||
@unittest.skipUnless(settings.ROOT_URLCONF == 'lms.urls', 'Test only valid in lms')
|
||||
|
||||
@@ -253,7 +253,7 @@ def _signup(request, eamap, retfun=None):
|
||||
# save this for use by student.views.create_account
|
||||
request.session['ExternalAuthMap'] = eamap
|
||||
|
||||
if settings.FEATURES.get('AUTH_USE_MIT_CERTIFICATES_IMMEDIATE_SIGNUP', ''):
|
||||
if settings.FEATURES.get('AUTH_USE_CERTIFICATES_IMMEDIATE_SIGNUP', ''):
|
||||
# do signin immediately, by calling create_account, instead of asking
|
||||
# student to fill in form. MIT students already have information filed.
|
||||
username = eamap.external_email.split('@', 1)[0]
|
||||
@@ -362,7 +362,7 @@ def ssl_login_shortcut(fn):
|
||||
call.
|
||||
"""
|
||||
|
||||
if not settings.FEATURES['AUTH_USE_MIT_CERTIFICATES']:
|
||||
if not settings.FEATURES['AUTH_USE_CERTIFICATES']:
|
||||
return fn(*args, **kwargs)
|
||||
request = args[0]
|
||||
|
||||
@@ -394,7 +394,7 @@ def ssl_login_shortcut(fn):
|
||||
def ssl_login(request):
|
||||
"""
|
||||
This is called by branding.views.index when
|
||||
FEATURES['AUTH_USE_MIT_CERTIFICATES'] = True
|
||||
FEATURES['AUTH_USE_CERTIFICATES'] = True
|
||||
|
||||
Used for MIT user authentication. This presumes the web server
|
||||
(nginx) has been configured to require specific client
|
||||
@@ -408,7 +408,7 @@ def ssl_login(request):
|
||||
Else continues on with student.views.index, and no authentication.
|
||||
"""
|
||||
# Just to make sure we're calling this only at MIT:
|
||||
if not settings.FEATURES['AUTH_USE_MIT_CERTIFICATES']:
|
||||
if not settings.FEATURES['AUTH_USE_CERTIFICATES']:
|
||||
return HttpResponseForbidden()
|
||||
|
||||
cert = ssl_get_cert_from_request(request)
|
||||
|
||||
@@ -330,7 +330,7 @@ def signin_user(request):
|
||||
"""
|
||||
This view will display the non-modal login form
|
||||
"""
|
||||
if (settings.FEATURES['AUTH_USE_MIT_CERTIFICATES'] and
|
||||
if (settings.FEATURES['AUTH_USE_CERTIFICATES'] and
|
||||
external_auth.views.ssl_get_cert_from_request(request)):
|
||||
# SSL login doesn't require a view, so redirect
|
||||
# branding and allow that to process the login if it
|
||||
@@ -357,7 +357,7 @@ def register_user(request, extra_context=None):
|
||||
"""
|
||||
if request.user.is_authenticated():
|
||||
return redirect(reverse('dashboard'))
|
||||
if settings.FEATURES.get('AUTH_USE_MIT_CERTIFICATES_IMMEDIATE_SIGNUP'):
|
||||
if settings.FEATURES.get('AUTH_USE_CERTIFICATES_IMMEDIATE_SIGNUP'):
|
||||
# Redirect to branding to process their certificate if SSL is enabled
|
||||
# and registration is disabled.
|
||||
return redirect(reverse('root'))
|
||||
@@ -645,7 +645,7 @@ def accounts_login(request):
|
||||
"""
|
||||
if settings.FEATURES.get('AUTH_USE_CAS'):
|
||||
return redirect(reverse('cas-login'))
|
||||
if settings.FEATURES['AUTH_USE_MIT_CERTIFICATES']:
|
||||
if settings.FEATURES['AUTH_USE_CERTIFICATES']:
|
||||
# SSL login doesn't require a view, so redirect
|
||||
# to branding and allow that to process the login.
|
||||
return redirect(reverse('root'))
|
||||
|
||||
@@ -23,7 +23,7 @@ def index(request):
|
||||
if settings.COURSEWARE_ENABLED and request.user.is_authenticated():
|
||||
return redirect(reverse('dashboard'))
|
||||
|
||||
if settings.FEATURES.get('AUTH_USE_MIT_CERTIFICATES'):
|
||||
if settings.FEATURES.get('AUTH_USE_CERTIFICATES'):
|
||||
from external_auth.views import ssl_login
|
||||
return ssl_login(request)
|
||||
|
||||
|
||||
@@ -26,7 +26,7 @@ TEST_MONGODB_LOG = {
|
||||
}
|
||||
|
||||
FEATURES_WITH_SSL_AUTH = settings.FEATURES.copy()
|
||||
FEATURES_WITH_SSL_AUTH['AUTH_USE_MIT_CERTIFICATES'] = True
|
||||
FEATURES_WITH_SSL_AUTH['AUTH_USE_CERTIFICATES'] = True
|
||||
|
||||
|
||||
@override_settings(MODULESTORE=TEST_DATA_MONGO_MODULESTORE)
|
||||
|
||||
@@ -160,7 +160,7 @@ class Users(SysadminDashboardView):
|
||||
email_domain = getattr(settings, 'SSL_AUTH_EMAIL_DOMAIN', 'MIT.EDU')
|
||||
|
||||
msg = u''
|
||||
if settings.FEATURES['AUTH_USE_MIT_CERTIFICATES']:
|
||||
if settings.FEATURES['AUTH_USE_CERTIFICATES']:
|
||||
if not '@' in uname:
|
||||
email = '{0}@{1}'.format(uname, email_domain)
|
||||
else:
|
||||
@@ -202,7 +202,7 @@ class Users(SysadminDashboardView):
|
||||
profile.name = name
|
||||
profile.save()
|
||||
|
||||
if settings.FEATURES['AUTH_USE_MIT_CERTIFICATES']:
|
||||
if settings.FEATURES['AUTH_USE_CERTIFICATES']:
|
||||
credential_string = getattr(settings, 'SSL_AUTH_DN_FORMAT_STRING',
|
||||
'/C=US/ST=Massachusetts/O=Massachusetts Institute of Technology/OU=Client CA v1/CN={0}/emailAddress={1}')
|
||||
credentials = credential_string.format(name, email)
|
||||
|
||||
@@ -37,7 +37,7 @@ TEST_MONGODB_LOG = {
|
||||
}
|
||||
|
||||
FEATURES_WITH_SSL_AUTH = settings.FEATURES.copy()
|
||||
FEATURES_WITH_SSL_AUTH['AUTH_USE_MIT_CERTIFICATES'] = True
|
||||
FEATURES_WITH_SSL_AUTH['AUTH_USE_CERTIFICATES'] = True
|
||||
|
||||
|
||||
class SysadminBaseTestCase(ModuleStoreTestCase):
|
||||
|
||||
@@ -8,7 +8,7 @@ Settings for the LMS that runs alongside the CMS on AWS
|
||||
|
||||
from ..dev import *
|
||||
|
||||
FEATURES['AUTH_USE_MIT_CERTIFICATES'] = False
|
||||
FEATURES['AUTH_USE_CERTIFICATES'] = False
|
||||
|
||||
SUBDOMAIN_BRANDING['edge'] = 'edge'
|
||||
SUBDOMAIN_BRANDING['preview.edge'] = 'edge'
|
||||
|
||||
@@ -97,7 +97,7 @@ FEATURES = {
|
||||
# extrernal access methods
|
||||
'ACCESS_REQUIRE_STAFF_FOR_COURSE': False,
|
||||
'AUTH_USE_OPENID': False,
|
||||
'AUTH_USE_MIT_CERTIFICATES': False,
|
||||
'AUTH_USE_CERTIFICATES': False,
|
||||
'AUTH_USE_OPENID_PROVIDER': False,
|
||||
# Even though external_auth is in common, shib assumes the LMS views / urls, so it should only be enabled
|
||||
# in LMS
|
||||
|
||||
@@ -202,7 +202,7 @@ OPENID_PROVIDER_TRUSTED_ROOTS = ['*']
|
||||
|
||||
######################## MIT Certificates SSL Auth ############################
|
||||
|
||||
FEATURES['AUTH_USE_MIT_CERTIFICATES'] = False
|
||||
FEATURES['AUTH_USE_CERTIFICATES'] = False
|
||||
|
||||
################################# CELERY ######################################
|
||||
|
||||
|
||||
Reference in New Issue
Block a user