From 0f16e8a358a70838df67aaf0e414304a0e66503f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Carlos=20Andr=C3=A9s=20Rocha?= <rocha@edx.org>
Date: Sun, 14 Oct 2012 19:45:22 -0400
Subject: [PATCH 1/3] Return only username on OpenID provider requests.

Temporarily return username also as the email and fullname fields of
the response using OpenID's simple registration extension.
---
 common/djangoapps/external_auth/views.py | 25 +++++++++++++++++-------
 1 file changed, 18 insertions(+), 7 deletions(-)

diff --git a/common/djangoapps/external_auth/views.py b/common/djangoapps/external_auth/views.py
index 6f1e0bc5c4..9bb464f1f9 100644
--- a/common/djangoapps/external_auth/views.py
+++ b/common/djangoapps/external_auth/views.py
@@ -293,6 +293,8 @@ def add_openid_simple_registration(request, response, data):
                 sreg_data['email'] = data['email']
             elif field == 'fullname' and 'fullname' in data:
                 sreg_data['fullname'] = data['fullname']
+            elif field == 'nickname' and 'nickname' in data:
+                sreg_data['nickname'] = data['nickname']
 
         # construct sreg response
         sreg_response = sreg.SRegResponse.extractResponse(sreg_request,
@@ -486,13 +488,22 @@ def provider_login(request):
             url = endpoint + urlquote(user.username)
             response = openid_request.answer(True, None, url)
 
-            return provider_respond(server,
-                                    openid_request,
-                                    response,
-                                    {
-                                        'fullname': profile.name,
-                                        'email': user.email
-                                    })
+            # TODO: for CS50 we are forcibly returning only the
+            # username. Following the OpenID simple registration
+            # extension, we don't have to return any fields we don't
+            # want to, even if they were marked as required by the
+            # Consumer. The behavior of what to do when there are
+            # missing fields is up to the Consumer. The proper change
+            # will only return the username, however this will likely
+            # break the CS50 client. Temporarily we will be returning
+            # username filling in for email and fullname in addition
+            # to username as sreg nickname.
+            results = {
+                'nickname': user.username,
+                'email': user.username,
+                'fullname': user.username
+                }
+            return provider_respond(server, openid_request, response, results)
 
         request.session['openid_error'] = True
         msg = "Login failed - Account not active for user {0}".format(username)

From a88a857723733e008ae3d9e7d7d3fec7554fcbd7 Mon Sep 17 00:00:00 2001
From: John Hess <mgojohn@gmail.com>
Date: Mon, 15 Oct 2012 12:55:39 -0300
Subject: [PATCH 2/3] Adjusted to return email address

Per update from CS50 team, their client will break if not given addresses.
---
 common/djangoapps/external_auth/views.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/common/djangoapps/external_auth/views.py b/common/djangoapps/external_auth/views.py
index 9bb464f1f9..cdb55fdb13 100644
--- a/common/djangoapps/external_auth/views.py
+++ b/common/djangoapps/external_auth/views.py
@@ -500,7 +500,7 @@ def provider_login(request):
             # to username as sreg nickname.
             results = {
                 'nickname': user.username,
-                'email': user.username,
+                'email': user.email,
                 'fullname': user.username
                 }
             return provider_respond(server, openid_request, response, results)

From f495f219cf33089ec569f734e7a12b3b8dfe03d4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Carlos=20Andr=C3=A9s=20Rocha?= <carlos.rocha@gmail.com>
Date: Mon, 15 Oct 2012 13:28:54 -0300
Subject: [PATCH 3/3] Update common/djangoapps/external_auth/views.py

Corrected comments on OpenID temporal fix
---
 common/djangoapps/external_auth/views.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/common/djangoapps/external_auth/views.py b/common/djangoapps/external_auth/views.py
index cdb55fdb13..5c895d5609 100644
--- a/common/djangoapps/external_auth/views.py
+++ b/common/djangoapps/external_auth/views.py
@@ -488,16 +488,16 @@ def provider_login(request):
             url = endpoint + urlquote(user.username)
             response = openid_request.answer(True, None, url)
 
-            # TODO: for CS50 we are forcibly returning only the
-            # username. Following the OpenID simple registration
+            # TODO: for CS50 we are forcibly returning the username
+            # instead of fullname. In the OpenID simple registration
             # extension, we don't have to return any fields we don't
             # want to, even if they were marked as required by the
             # Consumer. The behavior of what to do when there are
             # missing fields is up to the Consumer. The proper change
-            # will only return the username, however this will likely
+            # should only return the username, however this will likely
             # break the CS50 client. Temporarily we will be returning
-            # username filling in for email and fullname in addition
-            # to username as sreg nickname.
+            # username filling in for fullname in addition to username 
+            # as sreg nickname.
             results = {
                 'nickname': user.username,
                 'email': user.email,