fix external_auth @ssl_login_shortcut decorator to properly use retfun

2013-08-12 20:41:58 +00:00
parent 74b3a8ab7e
commit e868759ceb
1 changed files with 16 additions and 4 deletions
--- a/common/djangoapps/external_auth/views.py
+++ b/common/djangoapps/external_auth/views.py
@@ -180,7 +180,7 @@ def _external_login_or_signup(request,
                return _signup(request, eamap)
        else:
            log.info('No user for %s yet. doing signup', eamap.external_email)
-            return _signup(request, eamap)
+            return _signup(request, eamap, retfun)

    # We trust shib's authentication, so no need to authenticate using the password again
    uname = internal_user.username
@@ -198,7 +198,7 @@ def _external_login_or_signup(request,
    if user is None:
        # we want to log the failure, but don't want to log the password attempted:
        AUDIT_LOG.warning('External Auth Login failed for "%s"', uname)
-        return _signup(request, eamap)
+        return _signup(request, eamap, retfun)

    if not user.is_active:
        AUDIT_LOG.warning('User "%s" is not active after external login', uname)
@@ -237,7 +237,8 @@ def _flatten_to_ascii(txt):


@ensure_csrf_cookie
-def _signup(request, eamap):
+@cache_if_anonymous
+def _signup(request, eamap, retfun=None):
    """
    Present form to complete for signup via external authentication.
    Even though the user has external credentials, he/she still needs
@@ -246,6 +247,9 @@ def _signup(request, eamap):

    eamap is an ExternalAuthMap object, specifying the external user
    for which to complete the signup.
+    
+    retfun is a function to execute for the return value, if immediate
+    signup is used.  That allows @ssl_login_shortcut() to work.
    """
    # save this for use by student.views.create_account
    request.session['ExternalAuthMap'] = eamap
@@ -352,10 +356,17 @@ def ssl_login_shortcut(fn):
        if not settings.FEATURES['AUTH_USE_MIT_CERTIFICATES']:
            return fn(*args, **kwargs)
        request = args[0]
+
+        if request.user and request.user.is_authenticated():	# don't re-authenticate
+            return fn(*args, **kwargs)
+
        cert = _ssl_get_cert_from_request(request)
        if not cert:		# no certificate information - show normal login window
            return fn(*args, **kwargs)

+        def retfun():
+            return fn(*args, **kwargs)
+
        (_user, email, fullname) = _ssl_dn_extract_info(cert)
        return _external_login_or_signup(
            request,
@@ -363,7 +374,8 @@ def ssl_login_shortcut(fn):
            external_domain="ssl:MIT",
            credentials=cert,
            email=email,
-            fullname=fullname
+            fullname=fullname,
+            retfun=retfun
        )
    return wrapped