def test_get_real_social_auth_no_social(self):
"""
Test that if a UserSocialAuth object hasn't been attached to the pipeline as
`social`, we return none
"""
request = mock.MagicMock(session={'running_pipeline': {'kwargs': {}}})
real_social = pipeline.get_real_social_auth_object(request)
self.assertEqual(real_social, None)
def test_get_real_social_auth_no_pipeline(self):
"""
Test that if there's no running pipeline, we return None when looking
for a database-backed UserSocialAuth object.
"""
request = mock.MagicMock(session={})
real_social = pipeline.get_real_social_auth_object(request)
self.assertEqual(real_social, None)
def test_get_real_social_auth_no_pipeline(self):
"""
Test that if there's no running pipeline, we return None when looking
for a database-backed UserSocialAuth object.
"""
request = mock.MagicMock(session={})
real_social = pipeline.get_real_social_auth_object(request)
self.assertEqual(real_social, None)
def test_get_real_social_auth(self):
"""
Test that trying to get a database-backed UserSocialAuth from an existing
instance returns correctly.
"""
request = mock.MagicMock()
pipeline_partial = {'kwargs': {'social': self.social_auth}}
with mock.patch('third_party_auth.pipeline.get') as get_pipeline:
get_pipeline.return_value = pipeline_partial
real_social = pipeline.get_real_social_auth_object(request)
self.assertEqual(real_social, self.social_auth)
def test_get_real_social_auth_from_dict(self):
"""
Test that we can use a dictionary with a UID entry to retrieve a
database-backed UserSocialAuth object.
"""
request = mock.MagicMock()
pipeline_partial = {'kwargs': {'social': {'uid': 'fake uid'}}}
with mock.patch('third_party_auth.pipeline.get') as get_pipeline:
get_pipeline.return_value = pipeline_partial
real_social = pipeline.get_real_social_auth_object(request)
self.assertEqual(real_social, self.social_auth)
def test_get_real_social_auth(self):
"""
Test that trying to get a database-backed UserSocialAuth from an existing
instance returns correctly.
"""
request = mock.MagicMock(session={
'partial_pipeline': {
'kwargs': {
'social': self.social_auth
}
}
})
real_social = pipeline.get_real_social_auth_object(request)
self.assertEqual(real_social, self.social_auth)
def test_get_real_social_auth_no_social(self):
"""
Test that if a UserSocialAuth object hasn't been attached to the pipeline as
`social`, we return none
"""
request = mock.MagicMock(
session={
'running_pipeline': {
'kwargs': {}
}
}
)
real_social = pipeline.get_real_social_auth_object(request)
self.assertEqual(real_social, None)
def post_account_consent(self, request, consent_provided):
"""
Interpret the account-wide form above, and save it to a UserDataSharingConsentAudit object for later retrieval.
"""
self.lift_quarantine(request)
# Load the linked EnterpriseCustomer for this request.
customer = get_enterprise_customer_for_request(request)
if customer is None:
# If we can't get an EnterpriseCustomer from the pipeline, then we don't really
# have enough state to do anything meaningful. Just send the user to the login
# screen; if they want to sign in with an Enterprise-linked SSO, they can do
# so, and the pipeline will get them back here if they need to be.
return redirect('signin_user')
# Attempt to retrieve a user being manipulated by the third-party auth
# pipeline. Return a 404 if no such user exists.
social_auth = get_real_social_auth_object(request)
user = getattr(social_auth, 'user', None)
if user is None:
raise Http404
if not consent_provided and active_provider_enforces_data_sharing(
request, EnterpriseCustomer.AT_LOGIN):
# Flush the session to avoid the possibility of accidental login and to abort the pipeline.
# pipeline is flushed only if data sharing is enforced, in other cases let the user to login.
request.session.flush()
failure_url = request.POST.get('failure_url') or reverse(
'dashboard')
return redirect(failure_url)
ec_user, __ = EnterpriseCustomerUser.objects.get_or_create(
user_id=user.id,
enterprise_customer=customer,
)
UserDataSharingConsentAudit.objects.update_or_create(
user=ec_user,
defaults={
'state':
(UserDataSharingConsentAudit.ENABLED
if consent_provided else UserDataSharingConsentAudit.DISABLED)
})
# Resume auth pipeline
backend_name = request.session.get('partial_pipeline',
{}).get('backend')
return redirect(get_complete_url(backend_name))
def test_get_real_social_auth_from_dict(self):
"""
Test that we can use a dictionary with a UID entry to retrieve a
database-backed UserSocialAuth object.
"""
request = mock.MagicMock(session={
'partial_pipeline': {
'kwargs': {
'social': {
'uid': 'fake uid'
}
}
}
})
real_social = pipeline.get_real_social_auth_object(request)
self.assertEqual(real_social, self.social_auth)
def test_get_real_social_auth(self):
"""
Test that trying to get a database-backed UserSocialAuth from an existing
instance returns correctly.
"""
request = mock.MagicMock()
pipeline_partial = {
'kwargs': {
'social': self.social_auth
}
}
with mock.patch('third_party_auth.pipeline.get') as get_pipeline:
get_pipeline.return_value = pipeline_partial
real_social = pipeline.get_real_social_auth_object(request)
self.assertEqual(real_social, self.social_auth)
def test_get_real_social_auth(self):
"""
Test that trying to get a database-backed UserSocialAuth from an existing
instance returns correctly.
"""
request = mock.MagicMock(
session={
'partial_pipeline': {
'kwargs': {
'social': self.social_auth
}
}
}
)
real_social = pipeline.get_real_social_auth_object(request)
self.assertEqual(real_social, self.social_auth)
def test_get_real_social_auth_from_dict(self):
"""
Test that we can use a dictionary with a UID entry to retrieve a
database-backed UserSocialAuth object.
"""
request = mock.MagicMock()
pipeline_partial = {
'kwargs': {
'social': {
'uid': 'fake uid'
}
}
}
with mock.patch('third_party_auth.pipeline.get') as get_pipeline:
get_pipeline.return_value = pipeline_partial
real_social = pipeline.get_real_social_auth_object(request)
self.assertEqual(real_social, self.social_auth)
def test_get_real_social_auth_from_dict(self):
"""
Test that we can use a dictionary with a UID entry to retrieve a
database-backed UserSocialAuth object.
"""
request = mock.MagicMock(
session={
'partial_pipeline': {
'kwargs': {
'social': {
'uid': 'fake uid'
}
}
}
}
)
real_social = pipeline.get_real_social_auth_object(request)
self.assertEqual(real_social, self.social_auth)
def post_account_consent(self, request, consent_provided):
"""
Interpret the account-wide form above, and save it to a UserDataSharingConsentAudit object for later retrieval.
"""
self.lift_quarantine(request)
# Load the linked EnterpriseCustomer for this request. Return a 404 if no such EnterpriseCustomer exists
customer = get_enterprise_customer_for_request(request)
if customer is None:
raise Http404
# Attempt to retrieve a user being manipulated by the third-party auth
# pipeline. Return a 404 if no such user exists.
social_auth = get_real_social_auth_object(request)
user = getattr(social_auth, 'user', None)
if user is None:
raise Http404
if not consent_provided and active_provider_enforces_data_sharing(
request, EnterpriseCustomer.AT_LOGIN):
# Flush the session to avoid the possibility of accidental login and to abort the pipeline.
# pipeline is flushed only if data sharing is enforced, in other cases let the user to login.
request.session.flush()
return redirect(reverse('dashboard'))
ec_user, __ = EnterpriseCustomerUser.objects.get_or_create(
user_id=user.id,
enterprise_customer=customer,
)
UserDataSharingConsentAudit.objects.update_or_create(
user=ec_user,
defaults={
'state':
(UserDataSharingConsentAudit.ENABLED
if consent_provided else UserDataSharingConsentAudit.DISABLED)
})
# Resume auth pipeline
backend_name = request.session.get('partial_pipeline',
{}).get('backend')
return redirect(get_complete_url(backend_name))
def post(self, request):
"""
Process the above form.
"""
# Verify that all necessary resources are present
verify_edx_resources()
self.lift_quarantine(request)
customer = get_enterprise_customer_for_request(request)
if customer is None:
raise Http404
consent_provided = request.POST.get('data_sharing_consent', False)
# If the checkbox is unchecked, no value will be sent
user = get_real_social_auth_object(request).user
ec_user, __ = EnterpriseCustomerUser.objects.get_or_create(
user_id=user.id,
enterprise_customer=customer,
)
UserDataSharingConsentAudit.objects.update_or_create(
user=ec_user,
defaults={
'state':
(UserDataSharingConsentAudit.ENABLED
if consent_provided else UserDataSharingConsentAudit.DISABLED)
})
if not consent_provided:
# Flush the session to avoid the possibility of accidental login and to abort the pipeline.
# pipeline is flushed only if data sharing is enforced, in other cases let the user to login.
if active_provider_enforces_data_sharing(
request, EnterpriseCustomer.AT_LOGIN):
request.session.flush()
return redirect(reverse('dashboard'))
# Resume auth pipeline
backend_name = request.session.get('partial_pipeline',
{}).get('backend')
return redirect(get_complete_url(backend_name))
def post_account_consent(self, request, consent_provided):
"""
Interpret the account-wide form above, and save it to a UserDataSharingConsentAudit object for later retrieval.
"""
self.lift_quarantine(request)
# Load the linked EnterpriseCustomer for this request.
customer = get_enterprise_customer_for_request(request)
if customer is None:
# If we can't get an EnterpriseCustomer from the pipeline, then we don't really
# have enough state to do anything meaningful. Just send the user to the login
# screen; if they want to sign in with an Enterprise-linked SSO, they can do
# so, and the pipeline will get them back here if they need to be.
return redirect('signin_user')
# Attempt to retrieve a user being manipulated by the third-party auth
# pipeline. Return a 404 if no such user exists.
social_auth = get_real_social_auth_object(request)
user = getattr(social_auth, 'user', None)
if user is None:
raise Http404
if not consent_provided and active_provider_enforces_data_sharing(
request, EnterpriseCustomer.AT_LOGIN):
# Flush the session to avoid the possibility of accidental login and to abort the pipeline.
# pipeline is flushed only if data sharing is enforced, in other cases let the user to login.
request.session.flush()
failure_url = request.POST.get('failure_url') or reverse(
'dashboard')
return redirect(failure_url)
enterprise_customer_user, __ = EnterpriseCustomerUser.objects.get_or_create(
user_id=user.id,
enterprise_customer=customer,
)
platform_name = configuration_helpers.get_value(
'PLATFORM_NAME', settings.PLATFORM_NAME)
messages.success(
request,
_('{span_start}Account created{span_end} Thank you for creating an account with {platform_name}.'
).format(
platform_name=platform_name,
span_start='<span>',
span_end='</span>',
))
if not user.is_active:
messages.info(
request,
_('{span_start}Activate your account{span_end} Check your inbox for an activation email. '
'You will not be able to log back into your account until you have activated it.'
).format(span_start='<span>', span_end='</span>'))
UserDataSharingConsentAudit.objects.update_or_create(
user=enterprise_customer_user,
defaults={
'state':
(UserDataSharingConsentAudit.ENABLED
if consent_provided else UserDataSharingConsentAudit.DISABLED)
})
# Resume auth pipeline
backend_name = get_partial_pipeline(request).get('backend')
return redirect(get_complete_url(backend_name))
