Merge pull request #10 from eduNEXT/cag/fix-request-without-ticket

fix request without ticket

Author: Cristhian Garcia

CHANGELOG.rst

@@ -6,14 +6,21 @@ Change Log
    in this file.  It adheres to the structure of https://keepachangelog.com/ ,
    but in reStructuredText instead of Markdown (for ease of incorporation into
    Sphinx documentation and the PyPI description).
-   
+
    This project adheres to Semantic Versioning (https://semver.org/).
 
 .. There should always be an "Unreleased" section for changes pending release.
 
 Unreleased
 ~~~~~~~~~~
 
+[0.2.3] - 2022-08-11
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Added
+_____
+
+* Added CAS_REDIRECT_WITHOUT_TICKET setting.
 
 [0.2.2] - 2022-07-27
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

README.rst

@@ -49,6 +49,20 @@ The required configuration includes:
         "CAS_SERVICE_URL": "https://LMS_BASE/auth/complete/centralized-auth-service/?next=/"
     }
 
+Optional configuration:
+
+.. code-block:: json
+
+    {
+        "CAS_REDIRECT_WITHOUT_TICKET": true
+    }
+
+This settings allows you to modify the default behavior when the auth/complete backend receives a request without ticket. Usually when the user reset his password in the CAS Server and it's automatically redirected to the LMS.
+
+Expected behavior:
+    - true: Redirects to login automatically
+    - false: Raise an AuthMissingParameter exception
+
 We advise you to use the following third party auth pipeline:
 
 .. code-block:: json

openedx_cas/backends.py

@@ -9,6 +9,7 @@
 
 from django.conf import settings
 from django.contrib.auth import get_user_model
+from django.shortcuts import redirect
 from django_cas_ng.backends import CASBackend
 from django_cas_ng.utils import get_cas_client
 from social_core.backends.base import BaseAuth
@@ -63,7 +64,13 @@ def auth_complete(self, *args, **kwargs):
         ticket = request.GET.get("ticket", None)
 
         if not ticket:
-            raise AuthMissingParameter(self, "ticket")
+            logger.error("Ticket was not found in the request to authenticate user")
+            # The setting is added to allow changing the behavior when there is not
+            # ticket in the request. Usually when the user changes his password.
+            if getattr(settings, "CAS_REDIRECT_WITHOUT_TICKET", None):
+                return redirect(settings.LOGIN_URL)
+            else:
+                raise AuthMissingParameter(self, "ticket")
 
         response = self.cas_validation(request, ticket, settings.CAS_SERVICE_URL)
         kwargs.update({"response": response, "backend": self})

openedx_cas/tests/test_backends.py

@@ -79,6 +79,38 @@ def test_auth_complete_ticket_validated(self, cas_validation):
             backend=self.cas_backend
         )
 
+    @override_settings(CAS_REDIRECT_WITHOUT_TICKET=True)
+    @override_settings(LOGIN_URL="/login")
+    @patch('openedx_cas.backends.redirect')
+    def test_auth_complete_redirect_on_missing_ticket(self, redirect):
+        """
+        This method is used to verify that the flow is valid when the ticket is valid.
+
+        Expected behavior:
+        Response returned by auth_complete should include the correspoding values when the ticket is valid
+        """
+        service_response = {}
+        request = Mock(GET=service_response)
+
+        self.cas_backend.auth_complete(request=request)
+
+        redirect.assert_called_with(
+            settings.LOGIN_URL
+        )
+
+    @override_settings(CAS_REDIRECT_WITHOUT_TICKET=None)
+    def test_auth_complete_raises_on_missing_ticket(self):
+        """
+        This method is used to verify that the flow is valid when the ticket is valid.
+
+        Expected behavior:
+        Response returned by auth_complete should include the correspoding values when the ticket is valid
+        """
+        service_response = {}
+        request = Mock(GET=service_response)
+
+        self.assertRaises(AuthMissingParameter, self.cas_backend.auth_complete, request=request)
+
     @unpack
     @data(
         {