Merge pull request #41 from edx/clintonb/authorize-cookie

Storing cookie with logged in clients
edx · Jun 6, 2016 · fb2f29a · fb2f29a
2 parents b054b68 + 5194fea
commit fb2f29a
Show file tree

Hide file tree

Showing 13 changed files with 61 additions and 30 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -2,13 +2,12 @@ sudo: false
 language: python
 python:
   - "2.7"
-# command to install dependencies
+
 install:
-    - "pip install coveralls"
-    - "pip install -r requirements.txt"
-    - "pip install -r test_requirements.txt"
-# command to run tests
-script: coverage run ./manage.py test
+    - pip install -U coveralls pip wheel
+    - make requirements
+
+script: make test
 
 after_success: coveralls
 

diff --git a/Makefile b/Makefile
@@ -0,0 +1,6 @@
+requirements:
+	pip install -r requirements.txt
+
+test:
+	coverage run ./manage.py test
+	coverage report
diff --git a/edx_oauth2_provider/__init__.py b/edx_oauth2_provider/__init__.py
@@ -3,3 +3,4 @@
 for the edx-platform.
 
 """
+__version__ = '1.1.0'
diff --git a/edx_oauth2_provider/constants.py b/edx_oauth2_provider/constants.py
@@ -82,3 +82,5 @@
 
 provider.oauth2.forms.SCOPES = SCOPES
 provider.oauth2.forms.SCOPE_NAMES = SCOPE_NAMES
+
+AUTHORIZED_CLIENTS_SESSION_KEY = getattr(settings, 'OAUTH_OIDC_AUTHORIZED_CLIENTS_SESSION_KEY', 'authorized_clients')
diff --git a/edx_oauth2_provider/tests/__init__.py b/edx_oauth2_provider/tests/__init__.py
@@ -2,4 +2,4 @@
 
 from .base import OAuth2TestCase, IDTokenTestCase
 from .test_userinfo import UserInfoTestCase
-from .handlers import TestHandler
+from .handlers import DummyHandler
diff --git a/edx_oauth2_provider/tests/base.py b/edx_oauth2_provider/tests/base.py
@@ -10,6 +10,7 @@
 
 import provider.scope
 
+from ..constants import AUTHORIZED_CLIENTS_SESSION_KEY
 from ..models import TrustedClient
 from .util import normpath
 from .factories import (
@@ -49,14 +50,15 @@ class OAuth2TestCase(BaseTestCase):
     def setUp(self):
         super(OAuth2TestCase, self).setUp()
 
-    def login_and_authorize(self, scope=None, claims=None, trusted=False):
+    def login_and_authorize(self, scope=None, claims=None, trusted=False, validate_session=True):
         """ Login into client using OAuth2 authorization flow. """
 
         self.set_trusted(self.auth_client, trusted)
         self.client.login(username=self.user.username, password=self.password)
 
+        client_id = self.auth_client.client_id
         payload = {
-            'client_id': self.auth_client.client_id,
+            'client_id': client_id,
             'redirect_uri': self.auth_client.redirect_uri,
             'response_type': 'code',
             'state': 'some_state',
@@ -68,6 +70,9 @@ def login_and_authorize(self, scope=None, claims=None, trusted=False):
 
         response = self.client.get(reverse('oauth2:authorize'), payload)
 
+        if validate_session:
+            self.assertListEqual(self.client.session[AUTHORIZED_CLIENTS_SESSION_KEY], [client_id])
+
         return response
 
     def get_access_token_response(self, scope=None, claims=None):

diff --git a/edx_oauth2_provider/tests/handlers.py b/edx_oauth2_provider/tests/handlers.py
@@ -1,4 +1,4 @@
-class TestHandler(object):
+class DummyHandler(object):
     def scope_profile(self, data):
         return ['test']
 

diff --git a/edx_oauth2_provider/tests/test_trusted.py b/edx_oauth2_provider/tests/test_trusted.py
@@ -15,7 +15,7 @@ def test_trusted_client(self):
         self.assertEqual(reverse('oauth2:redirect'), normpath(response['Location']))
 
     def test_untrusted_client(self):
-        response = self.login_and_authorize(trusted=False)
+        response = self.login_and_authorize(trusted=False, validate_session=False)
 
         # Check if consent form is being shown
         form_action = 'action="{}"'.format(normpath(reverse("oauth2:authorize")))

diff --git a/edx_oauth2_provider/views.py b/edx_oauth2_provider/views.py
@@ -6,20 +6,18 @@
 
 from django.http import HttpResponse
 from django.views.generic import View
-
-import provider.oauth2.views
 import provider.oauth2.forms
-import provider.scope
 from provider.oauth2.models import AccessToken
+import provider.oauth2.views
 from provider.oauth2.views import OAuthError, Capture, Redirect  # pylint: disable=unused-import
+import provider.scope
 
-from . import oidc
-from . import constants
-from .forms import PasswordGrantForm
-from .models import TrustedClient
+from . import constants, oidc
 from .backends import PublicPasswordBackend
-from .forms import (AuthorizationRequestForm, AuthorizationForm,
-                    RefreshTokenGrantForm, AuthorizationCodeGrantForm)
+from .forms import (
+    PasswordGrantForm, AuthorizationRequestForm, AuthorizationForm, RefreshTokenGrantForm, AuthorizationCodeGrantForm
+)
+from .models import TrustedClient
 
 
 # pylint: disable=abstract-method
@@ -42,6 +40,21 @@ def get_authorization_form(self, _request, client, data, client_data):
         form = AuthorizationForm(data)
         return form
 
+    def handle(self, request, post_data=None):
+        response = super(Authorize, self).handle(request, post_data)
+
+        if response.status_code < 400:
+            # Store the ID of the client being used for authorization. We will use
+            # this later to determine which clients to log out.
+            client_id = request.session.get('oauth:client', {}).get('client_id')
+
+            if client_id:
+                client_ids = set(request.session.get(constants.AUTHORIZED_CLIENTS_SESSION_KEY, []))
+                client_ids.add(client_id)
+                request.session[constants.AUTHORIZED_CLIENTS_SESSION_KEY] = list(client_ids)
+
+        return response
+
 
 # pylint: disable=abstract-method
 class AccessTokenView(provider.oauth2.views.AccessTokenView):

diff --git a/requirements.txt b/requirements.txt
@@ -1,3 +1,6 @@
-django>=1.8.7,<1.9
-edx-django-oauth2-provider>=0.3.0,<2.0.0
-PyJWT>=1.4.0,<2.0.0
+-e .
+coverage==4.1
+ddt==1.1.0
+django-nose==1.4.3
+factory_boy==2.7.0
+mock==2.0.0
diff --git a/setup.py b/setup.py
@@ -2,9 +2,11 @@
 
 from setuptools import setup, find_packages
 
+import edx_oauth2_provider
+
 setup(
     name='edx-oauth2-provider',
-    version='1.0.1',
+    version=edx_oauth2_provider.__version__,
     description='Provide OAuth2 access to edX installations',
     author='edX',
     url='https://github.com/edx/edx-oauth2-provider',
@@ -20,6 +22,7 @@
     ],
     packages=find_packages(exclude=['tests']),
     install_requires=[
+        'django>=1.8.7,<1.9',
         'edx-django-oauth2-provider>=0.3.0,<2.0.0',
         'PyJWT>=1.4.0,<2.0.0'
     ]

diff --git a/test_requirements.txt b/test_requirements.txt
diff --git a/tests/settings.py b/tests/settings.py
@@ -78,20 +78,23 @@
     'edx_oauth2_provider',
     'provider',
     'provider.oauth2',
+    'django_nose',
 )
 
+TEST_RUNNER = 'django_nose.NoseTestSuiteRunner'
+
 OAUTH_OIDC_ISSUER = 'https://example.com/oauth2'
 
 OAUTH_OIDC_ID_TOKEN_HANDLERS = (
     'edx_oauth2_provider.oidc.handlers.BasicIDTokenHandler',
     'edx_oauth2_provider.oidc.handlers.ProfileHandler',
     'edx_oauth2_provider.oidc.handlers.EmailHandler',
-    'edx_oauth2_provider.tests.handlers.TestHandler'
+    'edx_oauth2_provider.tests.handlers.DummyHandler'
 )
 
 OAUTH_OIDC_USERINFO_HANDLERS = (
     'edx_oauth2_provider.oidc.handlers.BasicUserInfoHandler',
     'edx_oauth2_provider.oidc.handlers.ProfileHandler',
     'edx_oauth2_provider.oidc.handlers.EmailHandler',
-    'edx_oauth2_provider.tests.handlers.TestHandler'
+    'edx_oauth2_provider.tests.handlers.DummyHandler'
 )