From 80b977fff4b7570c4a9b349263701ed268829efd Mon Sep 17 00:00:00 2001 From: Felipe Montoya Date: Wed, 20 Feb 2019 16:48:46 -0500 Subject: [PATCH 1/4] Make the studio login over the lms optional using a feature flag --- cms/envs/production.py | 4 ++++ cms/templates/widgets/header.html | 11 +++++++++-- cms/templates/widgets/user_dropdown.html | 10 ++++++++-- 3 files changed, 21 insertions(+), 4 deletions(-) diff --git a/cms/envs/production.py b/cms/envs/production.py index 536483983e98..a99cb1810206 100644 --- a/cms/envs/production.py +++ b/cms/envs/production.py @@ -298,6 +298,10 @@ def get_env_setting(setting): HEARTBEAT_EXTENDED_CHECKS = ENV_TOKENS.get('HEARTBEAT_EXTENDED_CHECKS', HEARTBEAT_EXTENDED_CHECKS) HEARTBEAT_CELERY_TIMEOUT = ENV_TOKENS.get('HEARTBEAT_CELERY_TIMEOUT', HEARTBEAT_CELERY_TIMEOUT) +# Login using the LMS as the identity provider +if FEATURES.get('DISABLE_STUDIO_SSO_OVER_LMS', False): + LOGIN_URL = EDX_ROOT_URL + '/signin' + # Specific setting for the File Upload Service to store media in a bucket. FILE_UPLOAD_STORAGE_BUCKET_NAME = ENV_TOKENS.get('FILE_UPLOAD_STORAGE_BUCKET_NAME', FILE_UPLOAD_STORAGE_BUCKET_NAME) FILE_UPLOAD_STORAGE_PREFIX = ENV_TOKENS.get('FILE_UPLOAD_STORAGE_PREFIX', FILE_UPLOAD_STORAGE_PREFIX) diff --git a/cms/templates/widgets/header.html b/cms/templates/widgets/header.html index 11229321f2e1..45cfface4253 100644 --- a/cms/templates/widgets/header.html +++ b/cms/templates/widgets/header.html @@ -230,8 +230,15 @@

${_("Account Navigation")}

@@ -245,7 +252,7 @@

${_("Account Navigation")}

% endif diff --git a/cms/templates/widgets/user_dropdown.html b/cms/templates/widgets/user_dropdown.html index 1b05fb24cfe3..1eb87dcd8e74 100644 --- a/cms/templates/widgets/user_dropdown.html +++ b/cms/templates/widgets/user_dropdown.html @@ -40,7 +40,13 @@

<% - logout_url = settings.LMS_ROOT_URL + '/logout' + if settings.FEATURES.get('DISABLE_STUDIO_SSO_OVER_LMS', False): + logout_url = reverse('logout') + else: + logout_url = '{lms_root_url}/logout?next={next_url}'.format( + lms_root_url=settings.LMS_ROOT_URL, + next_url=current_site_url, + ) %>
@@ -54,7 +60,7 @@

% endif

From 14b4223b5e80fbb12b5ebf559fe425d6fa8e8a59 Mon Sep 17 00:00:00 2001 From: Felipe Montoya Date: Tue, 26 Feb 2019 12:41:23 -0500 Subject: [PATCH 2/4] Addressing feedback --- cms/envs/common.py | 3 +++ cms/envs/production.py | 10 ++++++++-- cms/templates/widgets/header.html | 10 +--------- cms/templates/widgets/user_dropdown.html | 11 +---------- openedx/core/djangoapps/user_authn/views/logout.py | 6 +++++- 5 files changed, 18 insertions(+), 22 deletions(-) diff --git a/cms/envs/common.py b/cms/envs/common.py index 43ddc3415023..864cc33bed44 100644 --- a/cms/envs/common.py +++ b/cms/envs/common.py @@ -439,6 +439,9 @@ LMS_ENROLLMENT_API_PATH = "/api/enrollment/v1/" ENTERPRISE_API_URL = LMS_INTERNAL_ROOT_URL + '/enterprise/api/v1/' ENTERPRISE_CONSENT_API_URL = LMS_INTERNAL_ROOT_URL + '/consent/api/v1/' +FRONTEND_LOGIN_URL = LOGIN_URL +FRONTEND_LOGOUT_URL = lambda settings: settings.LMS_ROOT_URL + '/logout' +derived('FRONTEND_LOGOUT_URL') # List of logout URIs for each IDA that the learner should be logged out of when they logout of # Studio. Only applies to IDA for which the social auth flow uses DOT (Django OAuth Toolkit). diff --git a/cms/envs/production.py b/cms/envs/production.py index a99cb1810206..0bbc460665e7 100644 --- a/cms/envs/production.py +++ b/cms/envs/production.py @@ -13,6 +13,7 @@ from path import Path as path from xmodule.modulestore.modulestore_settings import convert_module_store_setting_if_needed from openedx.core.djangoapps.plugins import plugin_settings, constants as plugin_constants +from django.core.urlresolvers import reverse_lazy from django.core.exceptions import ImproperlyConfigured from .common import * @@ -298,9 +299,14 @@ def get_env_setting(setting): HEARTBEAT_EXTENDED_CHECKS = ENV_TOKENS.get('HEARTBEAT_EXTENDED_CHECKS', HEARTBEAT_EXTENDED_CHECKS) HEARTBEAT_CELERY_TIMEOUT = ENV_TOKENS.get('HEARTBEAT_CELERY_TIMEOUT', HEARTBEAT_CELERY_TIMEOUT) -# Login using the LMS as the identity provider +# Login using the LMS as the identity provider. +# Turning the flag to True means that the LMS will NOT be used as the Identity Provider (idp) if FEATURES.get('DISABLE_STUDIO_SSO_OVER_LMS', False): - LOGIN_URL = EDX_ROOT_URL + '/signin' + LOGIN_URL = reverse_lazy('login') + FRONTEND_LOGIN_URL = LOGIN_URL + FRONTEND_LOGOUT_URL = reverse_lazy('logout') + +LOGIN_REDIRECT_WHITELIST = [reverse_lazy('home')] # Specific setting for the File Upload Service to store media in a bucket. FILE_UPLOAD_STORAGE_BUCKET_NAME = ENV_TOKENS.get('FILE_UPLOAD_STORAGE_BUCKET_NAME', FILE_UPLOAD_STORAGE_BUCKET_NAME) diff --git a/cms/templates/widgets/header.html b/cms/templates/widgets/header.html index 45cfface4253..1b69f2411ea8 100644 --- a/cms/templates/widgets/header.html +++ b/cms/templates/widgets/header.html @@ -231,14 +231,6 @@

${_("Account Navigation")}

@@ -252,7 +244,7 @@

${_("Account Navigation")}

% endif diff --git a/cms/templates/widgets/user_dropdown.html b/cms/templates/widgets/user_dropdown.html index 1eb87dcd8e74..a59fc3b75bd5 100644 --- a/cms/templates/widgets/user_dropdown.html +++ b/cms/templates/widgets/user_dropdown.html @@ -39,15 +39,6 @@

- <% - if settings.FEATURES.get('DISABLE_STUDIO_SSO_OVER_LMS', False): - logout_url = reverse('logout') - else: - logout_url = '{lms_root_url}/logout?next={next_url}'.format( - lms_root_url=settings.LMS_ROOT_URL, - next_url=current_site_url, - ) - %>
diff --git a/openedx/core/djangoapps/user_authn/views/logout.py b/openedx/core/djangoapps/user_authn/views/logout.py index 3b58aaf5cb82..9dea83a5b7b3 100644 --- a/openedx/core/djangoapps/user_authn/views/logout.py +++ b/openedx/core/djangoapps/user_authn/views/logout.py @@ -57,7 +57,11 @@ def dispatch(self, request, *args, **kwargs): logout(request) - response = super(LogoutView, self).dispatch(request, *args, **kwargs) + # If we don't need to deal with OIDC logouts, just redirect the user. + if self.oauth_client_ids: + response = super(LogoutView, self).dispatch(request, *args, **kwargs) + else: + response = redirect(self.target) # Clear the cookie used by the edx.org marketing site delete_logged_in_cookies(response) From 9195ec9f30ddf585609d965cb793b0687a899c62 Mon Sep 17 00:00:00 2001 From: Felipe Montoya Date: Mon, 11 Mar 2019 12:32:42 -0500 Subject: [PATCH 3/4] Addressing second feedback about redirect logic on logout behing feature flag --- cms/envs/production.py | 2 +- openedx/core/djangoapps/user_authn/views/logout.py | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/cms/envs/production.py b/cms/envs/production.py index 0bbc460665e7..906756b0b487 100644 --- a/cms/envs/production.py +++ b/cms/envs/production.py @@ -13,8 +13,8 @@ from path import Path as path from xmodule.modulestore.modulestore_settings import convert_module_store_setting_if_needed from openedx.core.djangoapps.plugins import plugin_settings, constants as plugin_constants -from django.core.urlresolvers import reverse_lazy from django.core.exceptions import ImproperlyConfigured +from django.core.urlresolvers import reverse_lazy from .common import * diff --git a/openedx/core/djangoapps/user_authn/views/logout.py b/openedx/core/djangoapps/user_authn/views/logout.py index 9dea83a5b7b3..e2cc9be27a8c 100644 --- a/openedx/core/djangoapps/user_authn/views/logout.py +++ b/openedx/core/djangoapps/user_authn/views/logout.py @@ -57,11 +57,11 @@ def dispatch(self, request, *args, **kwargs): logout(request) - # If we don't need to deal with OIDC logouts, just redirect the user. - if self.oauth_client_ids: - response = super(LogoutView, self).dispatch(request, *args, **kwargs) - else: + # If we are using studio logout directly and there is not OIDC logouts we can just redirect the user + if settings.FEATURES.get('DISABLE_STUDIO_SSO_OVER_LMS', False) and not self.oauth_client_ids: response = redirect(self.target) + else: + response = super(LogoutView, self).dispatch(request, *args, **kwargs) # Clear the cookie used by the edx.org marketing site delete_logged_in_cookies(response) From 923a91734d4ff4e5ca7da12b4b19a61aadf15b54 Mon Sep 17 00:00:00 2001 From: Felipe Montoya Date: Thu, 14 Mar 2019 15:21:03 -0500 Subject: [PATCH 4/4] Fixing lettuce tests --- lms/envs/test.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lms/envs/test.py b/lms/envs/test.py index 120acfb57a70..b9cd90f45bf0 100644 --- a/lms/envs/test.py +++ b/lms/envs/test.py @@ -551,6 +551,10 @@ LMS_ROOT_URL = "http://localhost:8000" +# TODO (felipemontoya): This key is only needed during lettuce tests. +# To be removed during https://openedx.atlassian.net/browse/DEPR-19 +FRONTEND_LOGOUT_URL = LMS_ROOT_URL + '/logout' + ECOMMERCE_API_URL = 'https://ecommerce.example.com/api/v2/' ENTERPRISE_API_URL = 'http://enterprise.example.com/enterprise/api/v1/' ENTERPRISE_CONSENT_API_URL = 'http://enterprise.example.com/consent/api/v1/'