Canonical SSO provider

Merge lp:~nataliabidart/canonical-identity-provider/no-django-modelbackend-auth into lp:canonical-identity-provider/release

  1. no-django-modelbackend-auth
  2. Merge into trunk
Proposed by Natalia Bidart
Status: Merged
Approved by: Natalia Bidart
Approved revision: no longer in the source branch.
Merged at revision: 1338
Proposed branch: lp:~nataliabidart/canonical-identity-provider/no-django-modelbackend-auth
Merge into: lp:canonical-identity-provider/release
Diff against target: 123 lines (+11/-28)
6 files modified
django_project/settings_base.py (+0/-3)
src/api/v20/auth.py (+1/-2)
src/identityprovider/auth.py (+5/-2)
src/identityprovider/login.py (+0/-10)
src/identityprovider/tests/test_admin.py (+4/-3)
src/identityprovider/tests/test_models_account.py (+1/-8)
To merge this branch: bzr merge lp:~nataliabidart/canonical-identity-provider/no-django-modelbackend-auth
Reviewer Review Type Date Requested Status
Ricardo Kirkner (community) Approve
Review via email: mp+274027@code.launchpad.net

Commit message

- Disable django.contrib.auth.backends.ModelBackend as one of the AUTHENTICATION_BACKENDS.
- Removed extra logging to debug LP: #1476225.

To post a comment you must log in.
Revision history for this message
Ricardo Kirkner (ricardokirkner) wrote :

LGTM.

Looks like a possible next step would be to start using the custom user model support in django?

review: Approve
Revision history for this message
Natalia Bidart (nataliabidart) wrote :

> LGTM.
>
> Looks like a possible next step would be to start using the custom user model
> support in django?

Indeed!

The thing we need to think carefully is that we still have some Old-format tokens, which use the Consumer from oauth_backend, and that model has a FK to User.
Same for UserOpenID -- the main issue I see is how to remap the exiting FK to the proper account.

Any ideas?

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'django_project/settings_base.py'
--- django_project/settings_base.py 2015-10-01 19:21:34 +0000
+++ django_project/settings_base.py 2015-10-09 20:18:42 +0000
@@ -43,9 +43,6 @@
43APP_SERVERS = []43APP_SERVERS = []
44AUTHENTICATION_BACKENDS = [44AUTHENTICATION_BACKENDS = [
45 'identityprovider.auth.LaunchpadBackend',45 'identityprovider.auth.LaunchpadBackend',
46 # Once we debug LP: # 1476255, we should remove the ModelBackend
47 # from this list
48 'django.contrib.auth.backends.ModelBackend',
49 'django_openid_auth.auth.OpenIDBackend',46 'django_openid_auth.auth.OpenIDBackend',
50]47]
51AUTH_USER_MODEL = 'auth.User'48AUTH_USER_MODEL = 'auth.User'
5249
=== modified file 'src/api/v20/auth.py'
--- src/api/v20/auth.py 2015-09-23 21:22:12 +0000
+++ src/api/v20/auth.py 2015-10-09 20:18:42 +0000
@@ -46,8 +46,7 @@
46 perm = 'identityprovider.api_view_account_details'46 perm = 'identityprovider.api_view_account_details'
47 else:47 else:
48 perm = 'identityprovider.api_edit_account_details'48 perm = 'identityprovider.api_edit_account_details'
49 account = request.user49 result = request.user.has_perm(perm)
50 result = account.user.has_perm(perm)
5150
52 return result51 return result
5352
5453
=== modified file 'src/identityprovider/auth.py'
--- src/identityprovider/auth.py 2015-10-05 22:09:03 +0000
+++ src/identityprovider/auth.py 2015-10-09 20:18:42 +0000
@@ -8,6 +8,7 @@
8import logging8import logging
99
10from django.conf import settings10from django.conf import settings
11from django.contrib.auth.backends import ModelBackend
11from django.contrib.auth.hashers import BCryptPasswordHasher12from django.contrib.auth.hashers import BCryptPasswordHasher
12from django.contrib.auth.models import (13from django.contrib.auth.models import (
13 check_password,14 check_password,
@@ -188,8 +189,7 @@
188 self.password_dirty = True189 self.password_dirty = True
189190
190 def get_user(self, user_id):191 def get_user(self, user_id):
191 """Returns a Launchpad Account object instead of Django's built-in192 """Return the Account object instead of Django's User object."""
192 User object. """
193 return get_object_or_none(Account.objects.select_related(), pk=user_id)193 return get_object_or_none(Account.objects.select_related(), pk=user_id)
194194
195 def supports_anonymous_user(self):195 def supports_anonymous_user(self):
@@ -198,6 +198,9 @@
198 def supports_object_permissions(self):198 def supports_object_permissions(self):
199 return False199 return False
200200
201 def has_perm(self, account, *args, **kwargs):
202 return ModelBackend().has_perm(account.user, *args, **kwargs)
203
201204
202def decode(value):205def decode(value):
203 # try to decode as UTF-8206 # try to decode as UTF-8
204207
=== modified file 'src/identityprovider/login.py'
--- src/identityprovider/login.py 2015-10-06 22:41:40 +0000
+++ src/identityprovider/login.py 2015-10-09 20:18:42 +0000
@@ -76,16 +76,6 @@
7676
77 raise AuthenticationError(LOGIN_INCORRECT)77 raise AuthenticationError(LOGIN_INCORRECT)
7878
79 # Adding debug information for LP: #1476255
80 # AttributeError: 'User' object has no attribute 'person_in_team'
81 if not isinstance(account, Account):
82 logger.warning(
83 'authenticate_user: call to auth.authenticate returned a non '
84 'Account instance (%s, id: %r, backend: %r) for email %r, '
85 'and rpconfig %r.',
86 account.__class__.__name__, getattr(account, 'id', None),
87 getattr(account, 'backend', None), email, rpconfig)
88
89 validate_policy = get_password_validator(account=account, request=request)79 validate_policy = get_password_validator(account=account, request=request)
90 try:80 try:
91 validate_policy(password)81 validate_policy(password)
9282
=== modified file 'src/identityprovider/tests/test_admin.py'
--- src/identityprovider/tests/test_admin.py 2015-09-16 15:33:26 +0000
+++ src/identityprovider/tests/test_admin.py 2015-10-09 20:18:42 +0000
@@ -318,14 +318,15 @@
318318
319class RPAdminTestCase(SSOBaseTestCase):319class RPAdminTestCase(SSOBaseTestCase):
320320
321 fixtures = ["admin"]
322
323 def setUp(self):321 def setUp(self):
324 super(RPAdminTestCase, self).setUp()322 super(RPAdminTestCase, self).setUp()
325323
326 OpenIDRPConfig.objects.create(trust_root="test", displayname="test",324 OpenIDRPConfig.objects.create(trust_root="test", displayname="test",
327 description="test")325 description="test")
328 self.client.login(username="admin", password="admin007")326 admin = self.factory.make_account(
327 is_superuser=True, password="admin007")
328 assert self.client.login(
329 username=admin.user.email, password="admin007")
329330
330 def _get_form(self):331 def _get_form(self):
331 path = reverse("admin:identityprovider_openidrpconfig_add")332 path = reverse("admin:identityprovider_openidrpconfig_add")
332333
=== modified file 'src/identityprovider/tests/test_models_account.py'
--- src/identityprovider/tests/test_models_account.py 2015-10-06 22:41:40 +0000
+++ src/identityprovider/tests/test_models_account.py 2015-10-09 20:18:42 +0000
@@ -1285,14 +1285,7 @@
1285 self.assertEqual(ctx.exception.account, self.account)1285 self.assertEqual(ctx.exception.account, self.account)
12861286
1287 def test_non_account_instance(self):1287 def test_non_account_instance(self):
1288 mock_logger = self._apply_patch('identityprovider.login.logger')
1289 user = User.objects.create_user(username='test', password='12345678')1288 user = User.objects.create_user(username='test', password='12345678')
12901289
1291 with self.assertRaises(AttributeError):1290 with self.assertRaises(AuthenticationError):
1292 authenticate_user(user.username, '12345678')1291 authenticate_user(user.username, '12345678')
1293
1294 mock_logger.warning.assert_called_once_with(
1295 'authenticate_user: call to auth.authenticate returned a non '
1296 'Account instance (%s, id: %r, backend: %r) for email %r, and '
1297 'rpconfig %r.', 'User', user.id,
1298 'django.contrib.auth.backends.ModelBackend', 'test', None)