Canonical SSO provider

Merge lp:~jamestait/canonical-identity-provider/lp1168482 into lp:canonical-identity-provider/release

  1. lp1168482
  2. Merge into trunk
Proposed by James Tait
Status: Merged
Approved by: Ricardo Kirkner
Approved revision: no longer in the source branch.
Merged at revision: 794
Proposed branch: lp:~jamestait/canonical-identity-provider/lp1168482
Merge into: lp:canonical-identity-provider/release
Prerequisite: lp:~jamestait/canonical-identity-provider/lp1167645
Diff against target: 76 lines (+47/-1)
2 files modified
identityprovider/tests/test_views_server.py (+41/-0)
identityprovider/views/server.py (+6/-1)
To merge this branch: bzr merge lp:~jamestait/canonical-identity-provider/lp1168482
Reviewer Review Type Date Requested Status
Ricardo Kirkner (community) Approve
Review via email: mp+158894@code.launchpad.net

Commit message

Ensure that OpenID responses for trusted, auto-auth RPs that result in large postbacks are correctly encoded as an auto-submit HTML form.

Description of the change

Ensure that OpenID responses to trusted, auto-authorize RPs that result
in large postbacks are correctly encoded as an auto-submit HTML form.

To post a comment you must log in.
Revision history for this message
Ricardo Kirkner (ricardokirkner) wrote :

LGTM

review: Approve
Revision history for this message
Ricardo Kirkner (ricardokirkner) wrote :

LGTM

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'identityprovider/tests/test_views_server.py'
2--- identityprovider/tests/test_views_server.py 2013-04-15 16:55:34 +0000
3+++ identityprovider/tests/test_views_server.py 2013-04-15 16:55:34 +0000
4@@ -192,6 +192,47 @@
5 self.assertEqual(query['openid.ax.value.account_verified.1'],
6 'token_via_email')
7
8+ def test_handle_user_response_auto_auth_large_response(self):
9+ # update rp to auto authorize
10+ self.rpconfig.auto_authorize = True
11+ self.rpconfig.allowed_ax = 'fullname,email,account_verified'
12+ self.rpconfig.save()
13+ # Make sure we get a large response
14+ self.account.displayname = 'a' * OPENID1_URL_LIMIT
15+ self.account.save()
16+
17+ self.client.login(username=self.email, password=DEFAULT_USER_PASSWORD)
18+ self.params.update({
19+ 'openid.ns.ax': AXMessage.ns_uri,
20+ 'openid.ax.mode': FetchRequest.mode,
21+ 'openid.ax.type.fullname': AX_URI_FULL_NAME,
22+ 'openid.ax.type.email': AX_URI_EMAIL,
23+ 'openid.ax.type.account_verified': AX_URI_ACCOUNT_VERIFIED,
24+ 'openid.ax.type.language': AX_URI_LANGUAGE,
25+ 'openid.ax.required': 'fullname,email,account_verified,language',
26+ })
27+ response = self.client.post(self.url, self.params)
28+ self.assertEqual('text/html', response['Content-type'].split(';')[0])
29+ self.assertContains(response, 'assoc_handle')
30+ self.assertContains(response, 'openid.sig')
31+ dom = PyQuery(response.content)
32+ root = dom.root.getroot()
33+ self.assertEqual('html', root.tag)
34+ body = root.find('body')
35+ self.assertEqual('document.forms[0].submit();', body.get('onload'))
36+ forms = dom.find('form')
37+ self.assertEqual(len(forms), 1)
38+ expected_fields = (
39+ ('openid.claimed_id', self.account.openid_identity_url),
40+ ('openid.identity', self.account.openid_identity_url),
41+ ('openid.ax.mode', 'fetch_response'),
42+ ('openid.ax.value.email.1', self.email),
43+ ('openid.ax.value.fullname.1', self.account.displayname),
44+ ('openid.ax.value.account_verified.1', 'token_via_email'),
45+ )
46+ for k, v in expected_fields:
47+ self.assertEqual(v, forms[0].fields[k])
48+
49 def test_handle_user_response_openid_is_authorized_idselect(self):
50 # update rp to auto authorize
51 self.rpconfig.auto_authorize = True
52
53=== modified file 'identityprovider/views/server.py'
54--- identityprovider/views/server.py 2013-04-15 16:55:34 +0000
55+++ identityprovider/views/server.py 2013-04-15 16:55:34 +0000
56@@ -12,6 +12,7 @@
57 timedelta,
58 )
59
60+from openid import oidutil
61 from openid.extensions import (
62 ax,
63 pape,
64@@ -530,7 +531,11 @@
65 def _django_response(request, oresponse, auth_success=False, orequest=None):
66 """ Convert an OpenID response into a Django HttpResponse """
67 webresponse = _get_openid_server().encodeResponse(oresponse)
68- response = HttpResponse(webresponse.body, mimetype="text/plain")
69+ if oresponse.renderAsForm():
70+ response = HttpResponse(
71+ oidutil.autoSubmitHTML(webresponse.body), mimetype='text/html')
72+ else:
73+ response = HttpResponse(webresponse.body, mimetype='text/plain')
74 response.status_code = webresponse.code
75 for key, value in webresponse.headers.items():
76 response[key] = value