Launchpad itself

Merge lp:~deryck/launchpad/email-update-login-stuck-1036267 into lp:launchpad

email-update-login-stuck-1036267
Merge into devel

Proposed by Deryck Hodge on 2012-08-13

Status:

Merged

Approved by:

Deryck Hodge on 2012-08-13

Approved revision:

no longer in the source branch.

Merged at revision:

15799

Proposed branch:

lp:~deryck/launchpad/email-update-login-stuck-1036267

Merge into:

lp:launchpad

Diff against target:

87 lines (+34/-4)

2 files modified

lib/lp/services/webapp/login.py (+14/-3)
lib/lp/services/webapp/tests/test_login.py (+20/-1)

To merge this branch:

bzr merge lp:~deryck/launchpad/email-update-login-stuck-1036267

Critical

Fix Released

Link a bug report

Reviewer	Review Type	Date Requested	Status
Deryck Hodge (community)			Approve on 2012-08-13
Review via email: mp+119381@code.launchpad.net

Commit message

The code for requiring re-authentication when editing emails was only partially merged. This completes the merge to have fully working re-auth when editing emails.

Description of the change

This change has already landed once, been reverted, and partially landed again. This branch is to complete the merge of the work I did to force re-authentication when editing email addresses. I'm self reviewing since it's all been reviewed twice now, but the merge was messed up somehow.

Revision history for this message

Deryck Hodge (deryck) on 2012-08-13:

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Barki Mustapha

Celso Providelo

Christian Reis

Christy Awad

Colin Watson

Deryck Hodge

Harpianto,ANDI

James Troup

John A Meinel

Kevin bush

Launchpad code reviewers

Launchpad code reviewers from Canonical

Matthew Tanner

Maximiliano Bertacchini

Oguz Ersoz

Simon Brakhane

Ubuntu-BR DevOps

William Grant

alhawiti

api.ng

pedro cavazos

todaioan

wenjingwen

to status/vote changes:

Tzaddi

Tzaddi Belding

 === modified file 'lib/lp/services/webapp/login.py'
 --- lib/lp/services/webapp/login.py	2012-08-10 18:16:36 +0000
 +++ lib/lp/services/webapp/login.py	2012-08-13 16:30:41 +0000
@@ -16,7 +16,10 @@
      FAILURE,
      SUCCESS,
+     )
--from openid.extensions import sreg
++from openid.extensions import (
++    pape,
++    sreg,
++    )
  from openid.fetchers import (
      setDefaultFetcher,
      Urllib2Fetcher,
@@ -168,7 +171,10 @@
          return Consumer(session, openid_store)
      def render(self):
--        if self.account is not None:
++        # Reauthentication is called for by a query string parameter.
++        reauth_qs = self.request.query_string_params.get('reauth', ['0'])
++        do_reauth = int(reauth_qs[0])
++        if self.account is not None and not do_reauth:
              return AlreadyLoggedInView(self.context, self.request)()
          # Allow unauthenticated users to have sessions for the OpenID
@@ -189,6 +195,11 @@
          self.openid_request.addExtension(
              sreg.SRegRequest(required=['email', 'fullname']))
++        # Force the Open ID handshake to re-authenticate, using
++        # pape extension's max_auth_age, if the URL indicates it.
++        if do_reauth:
++            self.openid_request.addExtension(pape.Request(max_auth_age=0))
++
          assert not self.openid_request.shouldSendRedirect(), (
              "Our fixed OpenID server should not need us to redirect.")
          # Once the user authenticates with the OpenID provider they will be
@@ -216,7 +227,7 @@
      def starting_url(self):
          starting_url = self.request.getURL(1)
          query_string = "&".join([arg for arg in self.form_args])
--        if query_string:
++        if query_string and query_string != 'reauth=1':
              starting_url += "?%s" % query_string
          return starting_url
 === modified file 'lib/lp/services/webapp/tests/test_login.py'
 --- lib/lp/services/webapp/tests/test_login.py	2012-08-08 13:41:05 +0000
 +++ lib/lp/services/webapp/tests/test_login.py	2012-08-13 16:30:41 +0000
@@ -28,7 +28,10 @@
      FAILURE,
      SUCCESS,
+     )
--from openid.extensions import sreg
++from openid.extensions import (
++    pape,
++    sreg,
++    )
  from openid.yadis.discover import DiscoveryFailure
  from testtools.matchers import Contains
  from zope.component import getUtility
@@ -731,6 +734,22 @@
          self.assertEquals(sorted(sreg_extension.required),
                            sorted(sreg_extension.allRequestedFields()))
++    def test_pape_extension_added_with_reauth_query(self):
++        # We can signal that a request should be reauthenticated via
++        # a reauth URL parameter, which should add PAPE extension's
++        # max_auth_age paramter.
++        request = LaunchpadTestRequest(QUERY_STRING='reauth=1')
++        # This is a hack to make the request.getURL(1) call issued by the view
++        # not raise an IndexError.
++        request._app_names = ['foo']
++        view = StubbedOpenIDLogin(object(), request)
++        view()
++        extensions = view.openid_request.extensions
++        self.assertIsNot(None, extensions)
++        pape_extension = extensions[1]
++        self.assertIsInstance(pape_extension, pape.Request)
++        self.assertEqual(0, pape_extension.max_auth_age)
++
      def test_logs_to_timeline(self):
          # Beginning an OpenID association makes an HTTP request to the
          # OP, so it's a potentially long action. It is logged to the