openedx · nasthagiri · Mar 15, 2019 · Feb 20, 2019 · Feb 26, 2019 · Mar 11, 2019
diff --git a/cms/envs/common.py b/cms/envs/common.py
@@ -439,6 +439,9 @@
 LMS_ENROLLMENT_API_PATH = "/api/enrollment/v1/"
 ENTERPRISE_API_URL = LMS_INTERNAL_ROOT_URL + '/enterprise/api/v1/'
 ENTERPRISE_CONSENT_API_URL = LMS_INTERNAL_ROOT_URL + '/consent/api/v1/'
+FRONTEND_LOGIN_URL = LOGIN_URL
+FRONTEND_LOGOUT_URL = lambda settings: settings.LMS_ROOT_URL + '/logout'
+derived('FRONTEND_LOGOUT_URL')
 
 # List of logout URIs for each IDA that the learner should be logged out of when they logout of
 # Studio. Only applies to IDA for which the social auth flow uses DOT (Django OAuth Toolkit).

@@ -14,6 +14,7 @@
 from xmodule.modulestore.modulestore_settings import convert_module_store_setting_if_needed
 from openedx.core.djangoapps.plugins import plugin_settings, constants as plugin_constants
 from django.core.exceptions import ImproperlyConfigured
+from django.core.urlresolvers import reverse_lazy
 
 from .common import *
 
@@ -298,6 +299,15 @@ def get_env_setting(setting):
 HEARTBEAT_EXTENDED_CHECKS = ENV_TOKENS.get('HEARTBEAT_EXTENDED_CHECKS', HEARTBEAT_EXTENDED_CHECKS)
 HEARTBEAT_CELERY_TIMEOUT = ENV_TOKENS.get('HEARTBEAT_CELERY_TIMEOUT', HEARTBEAT_CELERY_TIMEOUT)
 
+# Login using the LMS as the identity provider.
+# Turning the flag to True means that the LMS will NOT be used as the Identity Provider (idp)
+if FEATURES.get('DISABLE_STUDIO_SSO_OVER_LMS', False):
+    LOGIN_URL = reverse_lazy('login')
+    FRONTEND_LOGIN_URL = LOGIN_URL
+    FRONTEND_LOGOUT_URL = reverse_lazy('logout')
+
+LOGIN_REDIRECT_WHITELIST = [reverse_lazy('home')]
+
 # Specific setting for the File Upload Service to store media in a bucket.
 FILE_UPLOAD_STORAGE_BUCKET_NAME = ENV_TOKENS.get('FILE_UPLOAD_STORAGE_BUCKET_NAME', FILE_UPLOAD_STORAGE_BUCKET_NAME)
 FILE_UPLOAD_STORAGE_PREFIX = ENV_TOKENS.get('FILE_UPLOAD_STORAGE_PREFIX', FILE_UPLOAD_STORAGE_PREFIX)

diff --git a/cms/templates/widgets/header.html b/cms/templates/widgets/header.html
@@ -230,7 +230,6 @@ <h3 class="title"><span class="label"><a href="${get_online_help_info(online_hel
 
     % else:
       <%
-        login_url = settings.LMS_ROOT_URL + '/login'
         register_url = settings.LMS_ROOT_URL + '/register'
       %>
       <nav class="nav-not-signedin nav-pitch" aria-label="${_('Account')}">
@@ -245,7 +244,7 @@ <h2 class="sr-only">${_("Account Navigation")}</h2>
               </li>
           % endif
           <li class="nav-item nav-not-signedin-signin">
-            <a class="action action-signin" href="${login_url}?next=${current_url}">${_("Sign In")}</a>
+            <a class="action action-signin" href="${settings.FRONTEND_LOGIN_URL}?next=${current_url}">${_("Sign In")}</a>
           </li>
         </ol>
       </nav>

diff --git a/cms/templates/widgets/user_dropdown.html b/cms/templates/widgets/user_dropdown.html
@@ -39,9 +39,6 @@ <h3 class="title">
     </span>
     <span class="icon fa fa-caret-down ui-toggle-dd" aria-hidden="true"></span>
   </h3>
-  <%
-    logout_url = settings.LMS_ROOT_URL + '/logout'
-  %>
   <div class="wrapper wrapper-nav-sub">
     <div class="nav-sub">
       <ul>
@@ -54,7 +51,7 @@ <h3 class="title">
         </li>
         % endif
         <li class="nav-item nav-account-signout">
-          <a class="action action-signout" href="${logout_url}?next=${current_site_url}">${_("Sign Out")}</a>
+          <a class="action action-signout" href="${settings.FRONTEND_LOGOUT_URL}">${_("Sign Out")}</a>
         </li>
       </ul>
     </div>

diff --git a/lms/envs/test.py b/lms/envs/test.py
@@ -551,6 +551,10 @@
 
 LMS_ROOT_URL = "http://localhost:8000"
 
+# TODO (felipemontoya): This key is only needed during lettuce tests.
+# To be removed during https://openedx.atlassian.net/browse/DEPR-19
+FRONTEND_LOGOUT_URL = LMS_ROOT_URL + '/logout'
+
 ECOMMERCE_API_URL = 'https://ecommerce.example.com/api/v2/'
 ENTERPRISE_API_URL = 'http://enterprise.example.com/enterprise/api/v1/'
 ENTERPRISE_CONSENT_API_URL = 'http://enterprise.example.com/consent/api/v1/'

@@ -57,7 +57,11 @@ def dispatch(self, request, *args, **kwargs):
 
         logout(request)
 
-        response = super(LogoutView, self).dispatch(request, *args, **kwargs)
+        # If we are using studio logout directly and there is not OIDC logouts we can just redirect the user
+        if settings.FEATURES.get('DISABLE_STUDIO_SSO_OVER_LMS', False) and not self.oauth_client_ids:
+            response = redirect(self.target)
+        else:
+            response = super(LogoutView, self).dispatch(request, *args, **kwargs)
 
         # Clear the cookie used by the edx.org marketing site
         delete_logged_in_cookies(response)