diff --git a/common/djangoapps/external_auth/tests/test_ssl.py b/common/djangoapps/external_auth/tests/test_ssl.py index 13f5b9a73d12..d72fb00b288c 100644 --- a/common/djangoapps/external_auth/tests/test_ssl.py +++ b/common/djangoapps/external_auth/tests/test_ssl.py @@ -140,3 +140,47 @@ def test_ssl_login_without_signup_cms(self): User.objects.get(email=self.USER_EMAIL) except ExternalAuthMap.DoesNotExist, ex: self.fail('User did not get properly added to internal users, exception was {0}'.format(str(ex))) + + @unittest.skipUnless(settings.ROOT_URLCONF == 'lms.urls', 'Test only valid in lms') + @override_settings(FEATURES=FEATURES_WITH_SSL_AUTH_IMMEDIATE_SIGNUP) + def test_default_login_decorator_ssl(self): + """ + Make sure that SSL login happens if it is enabled on protected + views instead of showing the login form. + """ + response = self.client.get(reverse('dashboard'), follows=True) + self.assertEqual(response.status_code, 302) + self.assertIn(reverse('accounts_login'), response['location']) + + response = self.client.get( + reverse('dashboard'), follow=True, + SSL_CLIENT_S_DN=self.AUTH_DN.format(self.USER_NAME, self.USER_EMAIL)) + self.assertIn(reverse('dashboard'), response['location']) + self.assertIn('_auth_user_id', self.client.session) + + @unittest.skipUnless(settings.ROOT_URLCONF == 'lms.urls', 'Test only valid in lms') + @override_settings(FEATURES=FEATURES_WITH_SSL_AUTH_IMMEDIATE_SIGNUP) + def test_registration_page_bypass(self): + """ + This tests to make sure when immediate signup is on that + the user doesn't get presented with the registration page. + """ + response = self.client.get( + reverse('register_user'), follow=True, + SSL_CLIENT_S_DN=self.AUTH_DN.format(self.USER_NAME, self.USER_EMAIL)) + self.assertIn(reverse('dashboard'), response['location']) + self.assertIn('_auth_user_id', self.client.session) + + @unittest.skipUnless(settings.ROOT_URLCONF == 'lms.urls', 'Test only valid in lms') + @override_settings(FEATURES=FEATURES_WITH_SSL_AUTH_IMMEDIATE_SIGNUP) + def test_signin_page_bypass(self): + """ + This tests to make sure when ssl authentication is on + that user doesn't get presented with the login page if they + have a certificate. + """ + response = self.client.get( + reverse('signin_user'), follow=True, + SSL_CLIENT_S_DN=self.AUTH_DN.format(self.USER_NAME, self.USER_EMAIL)) + self.assertIn(reverse('dashboard'), response['location']) + self.assertIn('_auth_user_id', self.client.session) diff --git a/common/djangoapps/student/views.py b/common/djangoapps/student/views.py index 878630272a8e..dffc51fbcb99 100644 --- a/common/djangoapps/student/views.py +++ b/common/djangoapps/student/views.py @@ -239,6 +239,10 @@ def signin_user(request): """ This view will display the non-modal login form """ + if settings.FEATURES['AUTH_USE_MIT_CERTIFICATES']: + # SSL login doesn't require a view, so redirect + # branding and allow that to process the login. + return redirect(reverse('root')) if request.user.is_authenticated(): return redirect(reverse('dashboard')) @@ -256,6 +260,10 @@ def register_user(request, extra_context=None): """ if request.user.is_authenticated(): return redirect(reverse('dashboard')) + if settings.FEATURES.get('AUTH_USE_MIT_CERTIFICATES_IMMEDIATE_SIGNUP'): + # Redirect to branding to process their certificate if SSL is enabled + # and registration is disabled. + return redirect(reverse('root')) context = { 'course_id': request.GET.get('course_id'), @@ -518,6 +526,10 @@ def accounts_login(request): """ if settings.FEATURES.get('AUTH_USE_CAS'): return redirect(reverse('cas-login')) + if settings.FEATURES['AUTH_USE_MIT_CERTIFICATES']: + # SSL login doesn't require a view, so redirect + # to branding and allow that to process the login. + return redirect(reverse('root')) # see if the "next" parameter has been set, whether it has a course context, and if so, whether # there is a course-specific place to redirect redirect_to = request.GET.get('next')