Allows admins to configure same oauth backend for multiple sites.
This change includes site_id in KEY_FIELDS for oauth configuration
provider allowing a backend configuration for each site.
We would like to catch an error in SAML auth so that
we can handle it better in our observability. This
catches the original generic error and raises it as a more
specific one.
https://github.com/edx/edx-arch-experiments/issues/154
This commit avoids raising AuthEntryError when auth_entry is None.
At some point of the authentication flow, when the auth_entry is
missing from the auth URL (eg. auth/login/tpa-saml/?idp=idp), the
request session stores auth_entry: None causing this edited line to fail
which stops the login from completing.
* feat: choose signing cert explicitly in saml metadata
when parsing, we want to explicitly choose the use='signing' cert instead of accidentally choosing the encryption one
ENT-677
* test: test for parse_metadata_xml
* feat: also address case when signing key is absent
in this case we consider the 'use'-less keydescriptior as if it's for both signing and encryption
* test: test case for missing use=signing attribute
* test: fix test failure
Modify the existing login api in a way that
it will allow the user to login via username as well.
currently it is only allowing email to log the user in.
VAN-445
Modify the existing login api in a way that
it will allow the user to login via username as well.
currently it is only allowing email to log the user in.
VAN-445
This change associates users signing in using oauth providers when tpa is required, verifying that only a single database user is associated with the email.
For more information as to why this was added in a separate pipeline, check edx-platform#25935.
* Remove authentication, including SessionAuthentication, to fix CSRF
exemption by dropping CSRF check of SessionAuthentication.
* Several changes to make it more clear that only POST is supported and
clean up GET method testing.
* Removed the temporary 403 error logging that wasn't working.
* Removed test_single_access_token which was written for DOP, but
doesn't work with DOT. See
[MA-2122](https://openedx.atlassian.net/browse/MA-2122) for a ticket
about implementing this for DOT, although it doesn't seem to be a
priority. NOTE: A comment was added to the ticket explaining that this
test was removed.
* GET now returns default error for methods not allowed.
ARCHBOM-1667
