Launchpad itself

Merge lp:~deryck/launchpad/email-update-login-stuck-1036267 into lp:launchpad

  1. email-update-login-stuck-1036267
  2. Merge into devel
Proposed by Deryck Hodge
Status: Merged
Approved by: Deryck Hodge
Approved revision: no longer in the source branch.
Merged at revision: 15799
Proposed branch: lp:~deryck/launchpad/email-update-login-stuck-1036267
Merge into: lp:launchpad
Diff against target: 87 lines (+34/-4)
2 files modified
lib/lp/services/webapp/login.py (+14/-3)
lib/lp/services/webapp/tests/test_login.py (+20/-1)
To merge this branch: bzr merge lp:~deryck/launchpad/email-update-login-stuck-1036267
Reviewer Review Type Date Requested Status
Deryck Hodge (community) Approve
Review via email: mp+119381@code.launchpad.net

Commit message

The code for requiring re-authentication when editing emails was only partially merged. This completes the merge to have fully working re-auth when editing emails.

Description of the change

This change has already landed once, been reverted, and partially landed again. This branch is to complete the merge of the work I did to force re-authentication when editing email addresses. I'm self reviewing since it's all been reviewed twice now, but the merge was messed up somehow.

To post a comment you must log in.
Revision history for this message
Deryck Hodge (deryck) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'lib/lp/services/webapp/login.py'
--- lib/lp/services/webapp/login.py 2012-08-10 18:16:36 +0000
+++ lib/lp/services/webapp/login.py 2012-08-13 16:30:41 +0000
@@ -16,7 +16,10 @@
16 FAILURE,16 FAILURE,
17 SUCCESS,17 SUCCESS,
18 )18 )
19from openid.extensions import sreg19from openid.extensions import (
20 pape,
21 sreg,
22 )
20from openid.fetchers import (23from openid.fetchers import (
21 setDefaultFetcher,24 setDefaultFetcher,
22 Urllib2Fetcher,25 Urllib2Fetcher,
@@ -168,7 +171,10 @@
168 return Consumer(session, openid_store)171 return Consumer(session, openid_store)
169172
170 def render(self):173 def render(self):
171 if self.account is not None:174 # Reauthentication is called for by a query string parameter.
175 reauth_qs = self.request.query_string_params.get('reauth', ['0'])
176 do_reauth = int(reauth_qs[0])
177 if self.account is not None and not do_reauth:
172 return AlreadyLoggedInView(self.context, self.request)()178 return AlreadyLoggedInView(self.context, self.request)()
173179
174 # Allow unauthenticated users to have sessions for the OpenID180 # Allow unauthenticated users to have sessions for the OpenID
@@ -189,6 +195,11 @@
189 self.openid_request.addExtension(195 self.openid_request.addExtension(
190 sreg.SRegRequest(required=['email', 'fullname']))196 sreg.SRegRequest(required=['email', 'fullname']))
191197
198 # Force the Open ID handshake to re-authenticate, using
199 # pape extension's max_auth_age, if the URL indicates it.
200 if do_reauth:
201 self.openid_request.addExtension(pape.Request(max_auth_age=0))
202
192 assert not self.openid_request.shouldSendRedirect(), (203 assert not self.openid_request.shouldSendRedirect(), (
193 "Our fixed OpenID server should not need us to redirect.")204 "Our fixed OpenID server should not need us to redirect.")
194 # Once the user authenticates with the OpenID provider they will be205 # Once the user authenticates with the OpenID provider they will be
@@ -216,7 +227,7 @@
216 def starting_url(self):227 def starting_url(self):
217 starting_url = self.request.getURL(1)228 starting_url = self.request.getURL(1)
218 query_string = "&".join([arg for arg in self.form_args])229 query_string = "&".join([arg for arg in self.form_args])
219 if query_string:230 if query_string and query_string != 'reauth=1':
220 starting_url += "?%s" % query_string231 starting_url += "?%s" % query_string
221 return starting_url232 return starting_url
222233
223234
=== modified file 'lib/lp/services/webapp/tests/test_login.py'
--- lib/lp/services/webapp/tests/test_login.py 2012-08-08 13:41:05 +0000
+++ lib/lp/services/webapp/tests/test_login.py 2012-08-13 16:30:41 +0000
@@ -28,7 +28,10 @@
28 FAILURE,28 FAILURE,
29 SUCCESS,29 SUCCESS,
30 )30 )
31from openid.extensions import sreg31from openid.extensions import (
32 pape,
33 sreg,
34 )
32from openid.yadis.discover import DiscoveryFailure35from openid.yadis.discover import DiscoveryFailure
33from testtools.matchers import Contains36from testtools.matchers import Contains
34from zope.component import getUtility37from zope.component import getUtility
@@ -731,6 +734,22 @@
731 self.assertEquals(sorted(sreg_extension.required),734 self.assertEquals(sorted(sreg_extension.required),
732 sorted(sreg_extension.allRequestedFields()))735 sorted(sreg_extension.allRequestedFields()))
733736
737 def test_pape_extension_added_with_reauth_query(self):
738 # We can signal that a request should be reauthenticated via
739 # a reauth URL parameter, which should add PAPE extension's
740 # max_auth_age paramter.
741 request = LaunchpadTestRequest(QUERY_STRING='reauth=1')
742 # This is a hack to make the request.getURL(1) call issued by the view
743 # not raise an IndexError.
744 request._app_names = ['foo']
745 view = StubbedOpenIDLogin(object(), request)
746 view()
747 extensions = view.openid_request.extensions
748 self.assertIsNot(None, extensions)
749 pape_extension = extensions[1]
750 self.assertIsInstance(pape_extension, pape.Request)
751 self.assertEqual(0, pape_extension.max_auth_age)
752
734 def test_logs_to_timeline(self):753 def test_logs_to_timeline(self):
735 # Beginning an OpenID association makes an HTTP request to the754 # Beginning an OpenID association makes an HTTP request to the
736 # OP, so it's a potentially long action. It is logged to the755 # OP, so it's a potentially long action. It is logged to the