Canonical SSO provider

Merge lp:~nataliabidart/canonical-identity-provider/no-django-modelbackend-auth into lp:canonical-identity-provider/release

  1. no-django-modelbackend-auth
  2. Merge into trunk
Proposed by Natalia Bidart
Status: Merged
Approved by: Natalia Bidart
Approved revision: no longer in the source branch.
Merged at revision: 1338
Proposed branch: lp:~nataliabidart/canonical-identity-provider/no-django-modelbackend-auth
Merge into: lp:canonical-identity-provider/release
Diff against target: 123 lines (+11/-28)
6 files modified
django_project/settings_base.py (+0/-3)
src/api/v20/auth.py (+1/-2)
src/identityprovider/auth.py (+5/-2)
src/identityprovider/login.py (+0/-10)
src/identityprovider/tests/test_admin.py (+4/-3)
src/identityprovider/tests/test_models_account.py (+1/-8)
To merge this branch: bzr merge lp:~nataliabidart/canonical-identity-provider/no-django-modelbackend-auth
Reviewer Review Type Date Requested Status
Ricardo Kirkner (community) Approve
Review via email: mp+274027@code.launchpad.net

Commit message

- Disable django.contrib.auth.backends.ModelBackend as one of the AUTHENTICATION_BACKENDS.
- Removed extra logging to debug LP: #1476225.

To post a comment you must log in.
Revision history for this message
Ricardo Kirkner (ricardokirkner) wrote :

LGTM.

Looks like a possible next step would be to start using the custom user model support in django?

review: Approve
Revision history for this message
Natalia Bidart (nataliabidart) wrote :

> LGTM.
>
> Looks like a possible next step would be to start using the custom user model
> support in django?

Indeed!

The thing we need to think carefully is that we still have some Old-format tokens, which use the Consumer from oauth_backend, and that model has a FK to User.
Same for UserOpenID -- the main issue I see is how to remap the exiting FK to the proper account.

Any ideas?

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'django_project/settings_base.py'
2--- django_project/settings_base.py 2015-10-01 19:21:34 +0000
3+++ django_project/settings_base.py 2015-10-09 20:18:42 +0000
4@@ -43,9 +43,6 @@
5 APP_SERVERS = []
6 AUTHENTICATION_BACKENDS = [
7 'identityprovider.auth.LaunchpadBackend',
8- # Once we debug LP: # 1476255, we should remove the ModelBackend
9- # from this list
10- 'django.contrib.auth.backends.ModelBackend',
11 'django_openid_auth.auth.OpenIDBackend',
12 ]
13 AUTH_USER_MODEL = 'auth.User'
14
15=== modified file 'src/api/v20/auth.py'
16--- src/api/v20/auth.py 2015-09-23 21:22:12 +0000
17+++ src/api/v20/auth.py 2015-10-09 20:18:42 +0000
18@@ -46,8 +46,7 @@
19 perm = 'identityprovider.api_view_account_details'
20 else:
21 perm = 'identityprovider.api_edit_account_details'
22- account = request.user
23- result = account.user.has_perm(perm)
24+ result = request.user.has_perm(perm)
25
26 return result
27
28
29=== modified file 'src/identityprovider/auth.py'
30--- src/identityprovider/auth.py 2015-10-05 22:09:03 +0000
31+++ src/identityprovider/auth.py 2015-10-09 20:18:42 +0000
32@@ -8,6 +8,7 @@
33 import logging
34
35 from django.conf import settings
36+from django.contrib.auth.backends import ModelBackend
37 from django.contrib.auth.hashers import BCryptPasswordHasher
38 from django.contrib.auth.models import (
39 check_password,
40@@ -188,8 +189,7 @@
41 self.password_dirty = True
42
43 def get_user(self, user_id):
44- """Returns a Launchpad Account object instead of Django's built-in
45- User object. """
46+ """Return the Account object instead of Django's User object."""
47 return get_object_or_none(Account.objects.select_related(), pk=user_id)
48
49 def supports_anonymous_user(self):
50@@ -198,6 +198,9 @@
51 def supports_object_permissions(self):
52 return False
53
54+ def has_perm(self, account, *args, **kwargs):
55+ return ModelBackend().has_perm(account.user, *args, **kwargs)
56+
57
58 def decode(value):
59 # try to decode as UTF-8
60
61=== modified file 'src/identityprovider/login.py'
62--- src/identityprovider/login.py 2015-10-06 22:41:40 +0000
63+++ src/identityprovider/login.py 2015-10-09 20:18:42 +0000
64@@ -76,16 +76,6 @@
65
66 raise AuthenticationError(LOGIN_INCORRECT)
67
68- # Adding debug information for LP: #1476255
69- # AttributeError: 'User' object has no attribute 'person_in_team'
70- if not isinstance(account, Account):
71- logger.warning(
72- 'authenticate_user: call to auth.authenticate returned a non '
73- 'Account instance (%s, id: %r, backend: %r) for email %r, '
74- 'and rpconfig %r.',
75- account.__class__.__name__, getattr(account, 'id', None),
76- getattr(account, 'backend', None), email, rpconfig)
77-
78 validate_policy = get_password_validator(account=account, request=request)
79 try:
80 validate_policy(password)
81
82=== modified file 'src/identityprovider/tests/test_admin.py'
83--- src/identityprovider/tests/test_admin.py 2015-09-16 15:33:26 +0000
84+++ src/identityprovider/tests/test_admin.py 2015-10-09 20:18:42 +0000
85@@ -318,14 +318,15 @@
86
87 class RPAdminTestCase(SSOBaseTestCase):
88
89- fixtures = ["admin"]
90-
91 def setUp(self):
92 super(RPAdminTestCase, self).setUp()
93
94 OpenIDRPConfig.objects.create(trust_root="test", displayname="test",
95 description="test")
96- self.client.login(username="admin", password="admin007")
97+ admin = self.factory.make_account(
98+ is_superuser=True, password="admin007")
99+ assert self.client.login(
100+ username=admin.user.email, password="admin007")
101
102 def _get_form(self):
103 path = reverse("admin:identityprovider_openidrpconfig_add")
104
105=== modified file 'src/identityprovider/tests/test_models_account.py'
106--- src/identityprovider/tests/test_models_account.py 2015-10-06 22:41:40 +0000
107+++ src/identityprovider/tests/test_models_account.py 2015-10-09 20:18:42 +0000
108@@ -1285,14 +1285,7 @@
109 self.assertEqual(ctx.exception.account, self.account)
110
111 def test_non_account_instance(self):
112- mock_logger = self._apply_patch('identityprovider.login.logger')
113 user = User.objects.create_user(username='test', password='12345678')
114
115- with self.assertRaises(AttributeError):
116+ with self.assertRaises(AuthenticationError):
117 authenticate_user(user.username, '12345678')
118-
119- mock_logger.warning.assert_called_once_with(
120- 'authenticate_user: call to auth.authenticate returned a non '
121- 'Account instance (%s, id: %r, backend: %r) for email %r, and '
122- 'rpconfig %r.', 'User', user.id,
123- 'django.contrib.auth.backends.ModelBackend', 'test', None)