Added an own Persona provider that adds a session modification hack t…

…hat existed in the pre-allauth code to work around a session cookie optimization in Zeus for the frontpage.
mdn · Aug 14, 2014 · b1ba2b5 · b1ba2b5
1 parent 4f7cad1
commit b1ba2b5
Show file tree

Hide file tree

Showing 6 changed files with 72 additions and 1 deletion.
diff --git a/kuma/users/providers/persona/__init__.py b/kuma/users/providers/persona/__init__.py
diff --git a/kuma/users/providers/persona/models.py b/kuma/users/providers/persona/models.py
diff --git a/kuma/users/providers/persona/provider.py b/kuma/users/providers/persona/provider.py
@@ -0,0 +1,10 @@
+from allauth.socialaccount import providers
+
+from allauth.socialaccount.providers.persona.provider import PersonaProvider
+
+
+class KumaPersonaProvider(PersonaProvider):
+    package = 'kuma.users.providers.persona'
+
+
+providers.registry.register(KumaPersonaProvider)
diff --git a/kuma/users/providers/persona/urls.py b/kuma/users/providers/persona/urls.py
@@ -0,0 +1,8 @@
+from django.conf.urls import patterns, url
+
+from . import views
+
+urlpatterns = patterns('',
+    url(r'^persona/signin$', views.persona_login, name="persona_login"),
+    url(r'^persona/complete$', views.persona_complete, name="persona_complete"),
+)
diff --git a/kuma/users/providers/persona/views.py b/kuma/users/providers/persona/views.py
@@ -0,0 +1,53 @@
+import requests
+from django.core.exceptions import ImproperlyConfigured
+from django.http import QueryDict
+from django.shortcuts import redirect
+
+from allauth.socialaccount.helpers import complete_social_login
+from allauth.socialaccount.helpers import render_authentication_error
+from allauth.socialaccount.models import SocialLogin
+from allauth.socialaccount import app_settings, providers
+
+from sumo.urlresolvers import reverse
+
+from .provider import PersonaProvider
+
+
+def persona_login(request):
+    """
+    This is a view to work around an optimization in the Zeus load balancer
+    that doesn't allow creating session cookies on the frontpage.
+
+    We're stash the Persona assertion in the session and trigger setting
+    the session cookie by that. We then redirect to the real persona login
+    view called "persona_complete" to complete the Perona steps.
+    """
+    # REDFLAG FIXME TODO GODDAMNIT
+    request.session['sociallogin_assertion'] = request.POST.get('assertion', '')
+    querystring = QueryDict('', mutable=True)
+    for param in ('next', 'process'):
+        querystring[param] = request.POST.get(param, '')
+    return redirect('%s?%s' % (reverse('persona_complete'),
+                               querystring.urlencode('/')))
+
+
+def persona_complete(request):
+    assertion = request.session.pop('sociallogin_assertion', '')
+    settings = app_settings.PROVIDERS.get(PersonaProvider.id, {})
+    audience = settings.get('AUDIENCE', None)
+    if audience is None:
+        raise ImproperlyConfigured("No Persona audience configured. Please "
+                                   "add an AUDIENCE item to the "
+                                   "SOCIALACCOUNT_PROVIDERS['persona'] setting.")
+
+    resp = requests.post('https://verifier.login.persona.org/verify',
+                         {'assertion': assertion,
+                          'audience': audience})
+    if resp.json()['status'] != 'okay':
+        return render_authentication_error(request)
+    extra_data = resp.json()
+    login = providers.registry \
+        .by_id(PersonaProvider.id) \
+        .sociallogin_from_response(request, extra_data)
+    login.state = SocialLogin.state_from_request(request)
+    return complete_social_login(request, login)
diff --git a/settings.py b/settings.py
@@ -487,7 +487,7 @@ def lazy_language_deki_map():
     'allauth',
     'allauth.account',
     'allauth.socialaccount',
-    'allauth.socialaccount.providers.persona',
+    'kuma.users.providers.persona',
     'kuma.users.providers.github',
     'kuma.events',