Canonical SSO provider

Merge lp:~canonical-isd-hackers/canonical-identity-provider/721318-enhance-merge into lp:~canonical-isd-hackers/canonical-identity-provider/stable

  1. 721318-enhance-merge
  2. Merge into stable
Proposed by David Owen
Status: Merged
Approved by: Ricardo Kirkner
Approved revision: no longer in the source branch.
Merged at revision: 95
Proposed branch: lp:~canonical-isd-hackers/canonical-identity-provider/721318-enhance-merge
Merge into: lp:~canonical-isd-hackers/canonical-identity-provider/stable
Diff against target: 90 lines (+32/-13)
3 files modified
identityprovider/bin/accounts_merge.py (+23/-9)
identityprovider/models/account.py (+2/-2)
wsgiserver.py (+7/-2)
To merge this branch: bzr merge lp:~canonical-isd-hackers/canonical-identity-provider/721318-enhance-merge
Reviewer Review Type Date Requested Status
Michael Nelson (community) Approve
Review via email: mp+50957@code.launchpad.net

Commit message

Display a more informative error message when the source account has been used to log in to RPs, and display those RPs.

Description of the change

Added a more informative error message when the source account has been used to log in to RPs, also explaining that this is a problem because any accounts at those RPs will become inaccessible by the user. Also, display a list of the RPs so the action can be verified with the user.

During testing, the test consumer would block when making an API call---the WSGI server was serving only a single request at a time. This is strange because I thought the wsgiserver script was added in order to run multi-threaded to test the test consumer. Nevertheless, all the docs I could find seemed to indicate it was single-threaded, single-process, not select-based, &c., unless explicitly configured to be so.

To post a comment you must log in.
Revision history for this message
David Owen (dsowen) wrote :

Set to merge into stable as this is needed in production to satisfy a pending RT.

Revision history for this message
Michael Nelson (michael.nelson) wrote :

Hi David - the changes for the better error look great.

Regarding the wsgi server change, I don't quite understand... you didn't add any tests in this branch, which implies that the test must have been hanging in trunk?

If wsgiserver.py is only used for testing/dev env., then fine, otherwise, please check the annotation and chat with whoever added it to see if you comment above is correct.
Thanks!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'identityprovider/bin/accounts_merge.py'
2--- identityprovider/bin/accounts_merge.py 2011-02-16 15:09:40 +0000
3+++ identityprovider/bin/accounts_merge.py 2011-02-23 17:01:36 +0000
4@@ -26,9 +26,20 @@
5
6 used_to_log_in = self.account_was_used_to_log_in(source)
7 if used_to_log_in and not self.skip_safety_warnings:
8- self.error("E03: Source account was used to log in to other "
9- "services. Use --skip-safety-warnings to merge "
10- "those accounts.")
11+ sites = source.last_authenticated_sites(limit=None)
12+ urls = [s.trust_root for s in sites]
13+ self.error(
14+"""E03: Source account was used to log in to other services. Merging
15+accounts will make it so the user could no longer access those other
16+services using the old SSO account. The user may lose access to
17+history or important information. Please confirm this with the user
18+before continuing.
19+
20+The other services are:
21+
22+%s
23+
24+Use --skip-safety-warnings to merge the accounts anyway.""" % '\n'.join(urls))
25
26 if source.pk == destination.pk:
27 self.error("E08: Trying to merge account with itself")
28@@ -282,12 +293,15 @@
29 from unittest import main
30 main(argv=["AccountMergerTestCase"])
31 else:
32- if options.dry_run:
33- print "Dry run, no changes will be saved to DB."
34- account_merger = AccountMerger(options.dry_run,
35- options.skip_safety_warnings)
36- account_merger.merge(options.destination, options.source)
37- print "%s merged into %s" % (options.source, options.destination)
38+ if options.source is None or options.destination is None:
39+ parser.print_help()
40+ else:
41+ if options.dry_run:
42+ print "Dry run, no changes will be saved to DB."
43+ account_merger = AccountMerger(options.dry_run,
44+ options.skip_safety_warnings)
45+ account_merger.merge(options.destination, options.source)
46+ print "%s merged into %s" % (options.source, options.destination)
47
48
49
50
51=== modified file 'identityprovider/models/account.py'
52--- identityprovider/models/account.py 2011-01-11 15:50:14 +0000
53+++ identityprovider/models/account.py 2011-02-23 17:01:36 +0000
54@@ -114,8 +114,8 @@
55 return email.order_by('email')
56
57 def last_authenticated_sites(self, limit=10):
58- sites = self.openidrpsummary_set.order_by('date_last_used')
59- return sites.reverse()[:limit]
60+ sites = self.openidrpsummary_set.order_by('-date_last_used')
61+ return sites if limit is None else sites[:limit]
62
63 def sites_with_active_sessions(self, age_hours=24):
64 """
65
66=== modified file 'scripts/merge-accounts' (properties changed: -x to +x)
67=== modified file 'wsgiserver.py'
68--- wsgiserver.py 2010-04-21 15:29:24 +0000
69+++ wsgiserver.py 2011-02-23 17:01:36 +0000
70@@ -1,13 +1,18 @@
71 # Copyright 2010 Canonical Ltd. This software is licensed under the
72 # GNU Affero General Public License version 3 (see the file LICENSE).
73
74-from wsgiref.simple_server import make_server
75+from SocketServer import ThreadingMixIn
76+from wsgiref.simple_server import WSGIServer, make_server
77
78 import os
79 os.environ['DJANGO_SETTINGS_MODULE'] = 'settings'
80
81 from identityprovider.wsgi import make_app
82-httpd = make_server('', 8000, make_app())
83+
84+class ThreadedWSGIServer(ThreadingMixIn, WSGIServer):
85+ pass
86+
87+httpd = make_server('', 8000, make_app(), server_class=ThreadedWSGIServer)
88
89
90 print "Serving HTTP on port 8000..."

Subscribers

People subscribed via source and target branches