feat!: Remove django-admin default login (#29876)

* feat!: Remove django-admin default login
2022-03-01 17:38:36 +05:00
parent 5d4aa3af8b
commit fe57074dab
9 changed files with 98 additions and 22 deletions
--- a/cms/djangoapps/contentstore/tests/test_admin.py
+++ b/cms/djangoapps/contentstore/tests/test_admin.py
@@ -0,0 +1,32 @@
+"""
+Tests that verify that the admin view loads.
+
+This is not inside a django app because it is a global property of the system.
+"""
+import ddt
+from django.test import TestCase
+from django.urls import reverse
+from edx_toggles.toggles.testutils import override_waffle_flag
+
+from openedx.core.djangoapps.user_authn.config.waffle import ADMIN_AUTH_REDIRECT_TO_LMS
+
+
+@ddt.ddt
+class TestAdminView(TestCase):
+    """
+    Tests of the admin view.
+    """
+    @override_waffle_flag(ADMIN_AUTH_REDIRECT_TO_LMS, True)
+    @ddt.data('/admin/', '/admin/login', reverse('admin:login'))
+    def test_admin_login_redirect(self, admin_url):
+        """Admin login will redirect towards the site login page."""
+        response = self.client.get(admin_url, follow=True)
+        assert any('/login/edx-oauth2/?next=' in r[0] for r in response.redirect_chain)
+
+    def test_admin_login_default(self):
+        """Without flag Admin login will redirect towards the admin default login page."""
+        response = self.client.get('/admin/', follow=True)
+        assert response.status_code == 200
+        self.assertIn('/admin/login/?next=/admin/', response.redirect_chain[0])
+        assert len(response.redirect_chain) == 1
+        assert response.template_name == ['admin/login.html']
--- a/cms/djangoapps/contentstore/views/public.py
+++ b/cms/djangoapps/contentstore/views/public.py
@@ -7,12 +7,17 @@ from django.conf import settings
 from django.shortcuts import redirect
 from urllib.parse import quote_plus  # lint-amnesty, pylint: disable=wrong-import-order
 from waffle.decorators import waffle_switch
+from django.contrib import admin

 from common.djangoapps.edxmako.shortcuts import render_to_response
+from openedx.core.djangoapps.user_authn.config.waffle import ADMIN_AUTH_REDIRECT_TO_LMS

 from ..config import waffle

-__all__ = ['register_redirect_to_lms', 'login_redirect_to_lms', 'howitworks', 'accessibility']
+__all__ = [
+    'register_redirect_to_lms', 'login_redirect_to_lms', 'howitworks', 'accessibility',
+    'redirect_to_lms_login_for_admin',
+]


 def register_redirect_to_lms(request):
@@ -39,6 +44,16 @@ def login_redirect_to_lms(request):
    return redirect(login_url)


+def redirect_to_lms_login_for_admin(request):
+    """
+    This view redirect the admin/login url to the site's login page.
+    """
+    if ADMIN_AUTH_REDIRECT_TO_LMS.is_enabled():
+        return redirect('/login?next=/admin')
+    else:
+        return admin.site.login(request)
+
+
 def _build_next_param(request):
    """ Returns the next param to be used with login or register. """
    next_url = request.GET.get('next')
--- a/cms/djangoapps/course_creators/tests/test_admin.py
+++ b/cms/djangoapps/course_creators/tests/test_admin.py
@@ -176,18 +176,3 @@ class CourseCreatorAdminTest(TestCase):

        self.request.user = self.user
        self.assertFalse(self.creator_admin.has_change_permission(self.request))
-
-    def test_rate_limit_login(self):
-        with mock.patch.dict('django.conf.settings.FEATURES', {'ENABLE_CREATOR_GROUP': True}):
-            post_params = {'username': self.user.username, 'password': 'wrong_password'}
-            # try logging in 30 times, the default limit in the number of failed
-            # login attempts in one 5 minute period before the rate gets limited
-            for _ in range(30):
-                response = self.client.post('/admin/login/', post_params)
-                self.assertEqual(response.status_code, 200)
-
-            response = self.client.post('/admin/login/', post_params)
-            # Since we are using the default rate limit behavior, we are
-            # expecting this to return a 403 error to indicate that there have
-            # been too many attempts
-            self.assertEqual(response.status_code, 403)
--- a/cms/templates/admin/base_site.html
+++ b/cms/templates/admin/base_site.html
@@ -1,5 +1,6 @@
 {% extends "admin/base.html" %}
 {% load i18n admin_urls %}
+{% load waffle_tags %}
 {% block title %}{{ title }} | {{ site_title|default:_('Django site admin') }}{% endblock %}
 {% block branding %}
 <h1 id="site-name"><a href="{% url 'admin:index' %}">{{ site_header|default:_('Django administration') }}</a></h1>
@@ -15,5 +16,11 @@
            <a href="{{ docsroot }}">{% trans 'Documentation' as tmsg %} {{tmsg|force_escape}}</a> /
        {% endif %}
    {% endif %}
-    <a href="{% url 'admin:logout' %}">{% trans 'Log out' as tmsg %} {{tmsg|force_escape}}</a>
+
+    {% flag "user_authn.admin_auth_redirect_to_lms" %}
+        <a href="/logout/">{% trans 'Log out' as tmsg %} {{tmsg|force_escape}}</a>
+    {% else %}
+        <a href="{% url 'admin:logout' %}">{% trans 'Log out' as tmsg %} {{tmsg|force_escape}}</a>
+    {% endflag %}
+
 {% endblock %}
--- a/cms/urls.py
+++ b/cms/urls.py
@@ -230,6 +230,9 @@ if settings.FEATURES.get('ENABLE_SERVICE_STATUS'):
 if not settings.FEATURES.get('ENABLE_CHANGE_USER_PASSWORD_ADMIN'):
    urlpatterns.append(re_path(r'^admin/auth/user/\d+/password/$', handler404))
 urlpatterns.append(path('admin/password_change/', handler404))
+urlpatterns.append(
+    path('admin/login/', contentstore_views.redirect_to_lms_login_for_admin, name='redirect_to_lms_login_for_admin')
+)
 urlpatterns.append(path('admin/', admin.site.urls))

 # enable entrance exams