Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
19,363 Commits 1 Branch 0 Tags
e8f067de8f2be4c7864ad1bdf4e0794de175e0dc
Commit Graph

57 Commits

Author SHA1 Message Date
Brian Wilson
07f94d46a6 Move Pearson courseware imports to function level. 2013-09-27 12:43:27 -04:00
Jason Bau
b48e3a9661 fix some shib signup session related bugs 2013-09-20 11:53:32 -07:00
Jason Bau
11ecd162d4 fix _flatten_to_ascii for str inputs 2013-09-20 11:53:09 -07:00
Jason Bau
7b9c6fbe5f remove spaces from usename suggestion 2013-09-10 10:42:19 -07:00
Jason Bau
9dac2eff90 actually flatten username suggestion to ascii 2013-09-08 20:26:21 -07:00
Jason Bau
6a850e27bb Address @brianhw review comments 
* Fix open redirect vulnerability
* Add Logging To AUDIT_LOG : Note I had to change existing tests
  that mocked AUDIT_LOG with this
* Use external_auth.views.SHIBBOLETH_DOMAIN_PREFIX in student.views
* Add a bunch of documentation
* PEP8 / Pylint
 2013-09-06 15:37:27 -07:00
Jason Bau
948c07c493 Revamped + Enhanced Shibboleth support 
* If a shib users type in their email on the regular login page,
  redirects them to /shib-login/
* Modify student.views.accounts_login to handle redirects
  generated by @login_required for courses that use shib for
  access control.
  Redirect those logins to /shib-login/?next=
 2013-09-06 15:36:22 -07:00
Don Mitchell
0848360436 Merge pull request #844 from edx/dhm/editable_metadata 
refactoring of platform to xblock 0.3 w/ refactoring of inheritance in the platform to a consistent representation.
 2013-09-06 11:58:36 -07:00
Calen Pennington
8201b1412e Use XBlock 0.3 2013-09-06 09:45:59 -04:00
Chris Dodge
0847bc5e2b pep8/pylint violations fixes 2013-09-04 11:34:35 -04:00
ichuang
00710f75d2 add CAS authentication via django_cas and mods to external_auth 2013-09-04 10:56:45 -04:00
Diana Huang
c867be7961 Limit the rate of logins. 2013-08-02 11:23:59 -04:00
Brian Wilson
635d36fcf9 Add audit log definition, and use for logging of logins in external_auth and student apps. Move test_login to student app. Improve conditional tests for Shibboleth login logic. (Does not include reconfiguring log settings.) 2013-07-31 13:32:21 -04:00
Jason Bau
e7bb85dee1 Merge pull request #259 from edx/features/jbau/stanford-shib 
Bugfix for stanford shib
 2013-07-12 10:19:58 -07:00
Diana Huang
f33bfd1c6c Address code review feedback 2013-06-28 15:03:44 -04:00
Diana Huang
c98651fadb Add in the ability to handle malformed return urls. 2013-06-27 18:02:23 -04:00
Diana Huang
c6fa4873b1 Handle issues decoding requests more gracefully 
Clean up some pep8/pylint violations as well
 2013-06-27 18:02:23 -04:00
Jason Bau
3e38327f7f External_auth.views.login_or_signup fix codepath that didn't set uname 
which caused UnboundLocalError.  Added tests for this case
 2013-06-24 17:55:33 -07:00
Ned Batchelder
e045860cb6 Pylint complains if you use string, even if you use it for what its still meant to be used for. 2013-06-21 16:35:47 -04:00
Jason Bau
aa4e27f775 Shib PR responses to @cpennington and @ormsbee comments 
* Changed unicode test cases to ascii encoding
* Removed 'stanford' hardcoding in TOS logic in lieu of
  'SHIB_DISABLE_TOS' MIT_FEATURES flag
* made 'external_auth' always an installed_app in lms
* log.exception changd to log.error where appropriate

But: did not change skipping tests to changing settings, for
reasons stated here:
https://github.com/edx/edx-platform/pull/67#issuecomment-19790330
 2013-06-20 18:12:20 -07:00
Jason Bau
084160c1c9 Finishing up tests/modifications per @ormsbee feedback 2013-06-19 00:48:18 -07:00
Jason Bau
ca649d3c33 Turn off Agreement to Terms of Service for Stanford shib 
As stipulated by Stanford's office of general counsel
 2013-06-19 00:48:18 -07:00
Jason Bau
a39a384ed2 Handle the case where an existing user has email returned by shib 
By linking the users
 2013-06-19 00:48:18 -07:00
Jason Bau
824fb9a311 The bulk of Shibboleth authentication for Stanford 
Highlights:
* The url '/shib-login/' interfaces with apache/mod_shib via
  request.META to handle shibboleth login and registrations
* Courses can designate 'enrollment_domains' to limit enrollment
  to users with a linked ExternalAuthMap verified by a particular
  identity provider
* Tests
* Logging

 Changes to be committed:

	new file:   common/djangoapps/external_auth/migrations/0001_initial.py
	new file:   common/djangoapps/external_auth/migrations/__init__.py
	new file:   common/djangoapps/external_auth/tests/test_shib.py
	modified:   common/djangoapps/external_auth/views.py
	modified:   common/djangoapps/student/views.py
	modified:   common/lib/xmodule/xmodule/course_module.py
	modified:   lms/djangoapps/courseware/access.py
	modified:   lms/djangoapps/courseware/tests/test_access.py
	modified:   lms/envs/common.py
	modified:   lms/envs/dev.py
	modified:   lms/envs/test.py
	modified:   lms/templates/courseware/course_about.html
	modified:   lms/templates/dashboard.html
	modified:   lms/templates/extauth_failure.html
	modified:   lms/templates/navigation.html
	modified:   lms/templates/register.html
	modified:   lms/templates/signup_modal.html
	modified:   lms/urls.py
	renamed:    lms/wsgi_apache.py -> lms/wsgi_apache_lms.py
 2013-06-19 00:48:18 -07:00
Diana Huang
886e74342d Move the testcenter login to external_auth 
* hide the login behind a setting that is turned off by default
* clean out some of the outdated settings and hardcoded test strings
 2013-04-25 11:12:19 -04:00
Calen Pennington
cfae1cdf62 Pep8 autofixes 2013-02-06 11:13:50 -05:00
Brian Wilson
ba62a657bf Merge remote-tracking branch 'origin/master' into bugfix/brian/openid_provider_post 2013-01-22 23:50:38 -05:00
Brian Wilson
6da9c7bd9a get (openId) provider_login to work with POST requests 2013-01-18 18:37:24 -05:00
Calen Pennington
b52ed48221 Merge remote-tracking branch 'origin/master' into feature/cale/cms-master 
Conflicts:
	common/lib/capa/capa/responsetypes.py
	common/lib/xmodule/xmodule/js/src/html/display.coffee
	lms/envs/common.py
 2012-10-23 13:38:11 -04:00
Carlos Andrés Rocha
f495f219cf Update common/djangoapps/external_auth/views.py 
Corrected comments on OpenID temporal fix
 2012-10-15 13:28:54 -03:00
John Hess
a88a857723 Adjusted to return email address 
Per update from CS50 team, their client will break if not given addresses.
 2012-10-15 12:55:39 -03:00
Carlos Andrés Rocha
0f16e8a358 Return only username on OpenID provider requests. 
Temporarily return username also as the email and fullname fields of
the response using OpenID's simple registration extension.
 2012-10-14 19:45:22 -04:00
ichuang
09d7d6d688 add AUTH_USE_MIT_CERTIFICATES feature flag to CMS, and @ssl_login_shortcut 2012-10-14 16:40:04 -04:00
Carlos Andrés Rocha
e62968d5e1 Get OpenID XRDS url host from request 
Replaced the previous method of getting it from HTTP_POST to use
django's mechanism, which may or may not use HTTP_HOST. However if an
attacker changes the request header, there is not much he can do since
he cannot recreate the association nonce.
 2012-10-03 17:16:22 -04:00
Carlos Andrés Rocha
4840de8c88 Create Django cache backed OpenID provider store 2012-10-03 16:54:07 -04:00
Carlos Andrés Rocha
327b3a4648 [34078525] Log openid root_trust validation failures as errors 2012-08-31 06:43:28 -04:00
Carlos Andrés Rocha
0a81684ac3 [34078525] Fix error saving open_id request in session 2012-08-31 06:43:08 -04:00
Carlos Andrés Rocha
d702082daa [34078525] Add test settings for openid 2012-08-31 06:31:18 -04:00
Carlos Andrés Rocha
27fe80d57c [34078525] Use system random to generate passwords 2012-08-31 06:29:07 -04:00
Carlos Andrés Rocha
902a887e79 [34078525] pep8 renaming of some extern_auth functions 2012-08-29 18:46:35 -04:00
Carlos Andrés Rocha
cd4aab13fb [34078525] Added OPENID_PROVIDER_TRUSTED_ROOTS django setting 
Added OPENID_PROVIDER_TRUSTED_ROOTS django setting. It should be a
list of glob matching patterns: ['*.cs50.net', '*.other.net']

Also did some minor refactoring and cleanup.
 2012-08-29 18:40:12 -04:00
Nate Hardison
c97db851fb Getting rid of unneeded variables 2012-08-29 15:28:44 -04:00
Carlos Andrés Rocha
cb67af5959 [34078525] OpenID provider cleanup and minor fixes 2012-08-29 12:43:08 -04:00
Nate Hardison
4126f3a29a Validating OpenID request trust roots to only come from *.cs50.net 2012-08-29 11:57:41 -04:00
Tommy MacWilliam
6de28fc592 feature flag, consumer displayed, logging 
- provider placed behind separate feature flag
- domain of openid consumer displayed in login page
- added logging for successful login, changed log messages to include
  "OpenID"
 2012-08-29 10:37:02 -04:00
Tommy MacWilliam
4b6694a4ce OpenID provider implementation 
- endpoint supports both SReg and AX
- identity taken from edX username
- sreg fullname and ax http://axschema.org/namePerson taken from edX
  name
- sreg email and ax http://axschema.org/contact/email taken from edX
  email
 2012-08-29 10:29:42 -04:00
Calen Pennington
5ca636e606 Use the university profile page for courses and index if we are in a branded subdomain. N.B. THIS DOESN'T WORK WITH MIT_SSL_AUTH 2012-08-22 14:43:49 -04:00
David Ormsbee
346d5b91a1 implement subdomain-based course displays 2012-08-15 11:53:20 -04:00
ichuang
553f7046b4 suggested username for ssl auth is conjoined name with no spaces 2012-08-05 21:12:56 -04:00
ichuang
3eff9ffecd match external_domain as well when retrieving ExternalAuthMap objects 2012-08-02 13:28:52 -04:00