From a020464a41c8e833d31474f8976a4740dd1eb747 Mon Sep 17 00:00:00 2001 From: Omar Khan Date: Mon, 8 Feb 2016 14:32:12 +0700 Subject: [PATCH] Keep SAML configuration check --- common/djangoapps/third_party_auth/saml.py | 12 +++++------- common/djangoapps/third_party_auth/urls.py | 3 ++- common/djangoapps/third_party_auth/views.py | 12 +++++++++++- 3 files changed, 18 insertions(+), 9 deletions(-) diff --git a/common/djangoapps/third_party_auth/saml.py b/common/djangoapps/third_party_auth/saml.py index 68898434e4..61f7e0d8f5 100644 --- a/common/djangoapps/third_party_auth/saml.py +++ b/common/djangoapps/third_party_auth/saml.py @@ -2,7 +2,6 @@ Slightly customized python-social-auth backend for SAML 2.0 support """ import logging -from django.http import Http404 from social.backends.saml import SAMLAuth, OID_EDU_PERSON_ENTITLEMENT from social.exceptions import AuthForbidden, AuthMissingParameter @@ -26,6 +25,9 @@ class SAMLAuthBackend(SAMLAuth): # pylint: disable=abstract-method if not hasattr(self, '_config'): from .models import SAMLConfiguration self._config = SAMLConfiguration.current() # pylint: disable=attribute-defined-outside-init + if not self._config.enabled: + from django.core.exceptions import ImproperlyConfigured + raise ImproperlyConfigured("SAML Authentication is not enabled.") try: return self._config.get_setting(name) except KeyError: @@ -33,18 +35,14 @@ class SAMLAuthBackend(SAMLAuth): # pylint: disable=abstract-method def auth_url(self): """ - Check that SAML is enabled and that the request includes an 'idp' - parameter before getting the URL to which we must redirect in order to - authenticate the user. + Check that the request includes an 'idp' parameter before getting the + URL to which we must redirect in order to authenticate the user. - raise Http404 if SAML is disabled raise AuthMissingParameter if the 'idp' parameter is missing. TODO: remove this method once the fix is merged upstream: https://github.com/omab/python-social-auth/pull/821 """ - if not self._config.enabled: - raise Http404 if 'idp' not in self.strategy.request_data(): raise AuthMissingParameter(self, 'idp') return super(SAMLAuthBackend, self).auth_url() diff --git a/common/djangoapps/third_party_auth/urls.py b/common/djangoapps/third_party_auth/urls.py index a85226f52b..de0fee8ec2 100644 --- a/common/djangoapps/third_party_auth/urls.py +++ b/common/djangoapps/third_party_auth/urls.py @@ -2,7 +2,7 @@ from django.conf.urls import include, patterns, url -from .views import inactive_user_view, saml_metadata_view, lti_login_and_complete_view, post_to_custom_auth_form +from .views import inactive_user_view, saml_metadata_view, lti_login_and_complete_view, post_to_custom_auth_form, login urlpatterns = patterns( '', @@ -10,5 +10,6 @@ urlpatterns = patterns( url(r'^auth/custom_auth_entry', post_to_custom_auth_form, name='tpa_post_to_custom_auth_form'), url(r'^auth/saml/metadata.xml', saml_metadata_view), url(r'^auth/login/(?Plti)/$', lti_login_and_complete_view), + url(r'^auth/login/(?P[^/]+)/$', login), url(r'^auth/', include('social.apps.django_app.urls', namespace='social')), ) diff --git a/common/djangoapps/third_party_auth/views.py b/common/djangoapps/third_party_auth/views.py index 56d34dd178..43600432f4 100644 --- a/common/djangoapps/third_party_auth/views.py +++ b/common/djangoapps/third_party_auth/views.py @@ -7,7 +7,7 @@ from django.http import HttpResponse, HttpResponseServerError, Http404, HttpResp from django.shortcuts import redirect, render from django.views.decorators.csrf import csrf_exempt import social -from social.apps.django_app.views import complete +from social.apps.django_app.views import auth, complete from social.apps.django_app.utils import load_strategy, load_backend from social.utils import setting_name from .models import SAMLConfiguration @@ -61,6 +61,16 @@ def lti_login_and_complete_view(request, backend, *args, **kwargs): return complete(request, backend, *args, **kwargs) +def login(*args, **kwargs): + """ + Wraps the python social auth login view to return a 404 if third party + auth is disabled. + """ + if not SAMLConfiguration.is_enabled(): + raise Http404 + return auth(*args, **kwargs) + + def post_to_custom_auth_form(request): """ Redirect to a custom login/register page.