Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ca1f76cedb030dac503aa7a2d5ccd8dcaf187cfd
edx-platform/common/djangoapps/third_party_auth/middleware.py
Jesse Shapiro fc814aee95 Add data sharing consent features for EnterpriseCustomer
2016-12-12 09:30:38 -05:00

57 lines
2.5 KiB
Python
Raw Blame History

"""Middleware classes for third_party_auth."""
from social.apps.django_app.middleware import SocialAuthExceptionMiddleware
from . import pipeline
class ExceptionMiddleware(SocialAuthExceptionMiddleware):
"""Custom middleware that handles conditional redirection."""
def get_redirect_uri(self, request, exception):
# Fall back to django settings's SOCIAL_AUTH_LOGIN_ERROR_URL.
redirect_uri = super(ExceptionMiddleware, self).get_redirect_uri(request, exception)
# Safe because it's already been validated by
# pipeline.parse_query_params. If that pipeline step ever moves later
# in the pipeline stack, we'd need to validate this value because it
# would be an injection point for attacker data.
auth_entry = request.session.get(pipeline.AUTH_ENTRY_KEY)
# Check if we have an auth entry key we can use instead
if auth_entry and auth_entry in pipeline.AUTH_DISPATCH_URLS:
redirect_uri = pipeline.AUTH_DISPATCH_URLS[auth_entry]
return redirect_uri
class PipelineQuarantineMiddleware(object):
"""
Middleware flushes the session if a user agent with a quarantined session
attempts to leave the quarantined set of views.
"""
def process_view(self, request, view_func, view_args, view_kwargs): # pylint: disable=unused-argument
"""
Check the session to see if we've quarantined the user to a particular
step of the authentication pipeline; if so, look up which modules the
user is allowed to browse to without breaking the pipeline. If the view
that's been requested is outside those modules, then flush the session.
In general, this middleware should be used in cases where allowing the
user to exit the running pipeline would be undesirable, and where it'd
be better to flush the session state rather than allow it. Pipeline
quarantining is utilized by the Enterprise application to enforce
collection of user consent for sharing data with a linked third-party
authentication provider.
"""
running_pipeline = request.session.get('partial_pipeline')
if not running_pipeline:
return
view_module = view_func.__module__
quarantined_modules = request.session.get('third_party_auth_quarantined_modules', None)
if quarantined_modules is not None and not any(view_module.startswith(mod) for mod in quarantined_modules):
request.session.flush()
Reference in New Issue View Git Blame Copy Permalink