From 2c3de8ba3103dd931bcafe5bd89dcd1ddc6d93dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabi=C3=A1n=20Ezequiel=20Gallina?= Date: Wed, 23 Apr 2014 10:52:18 -0300 Subject: Django 1.6 compatibility + Added installation notes about the SESSION_SERIALIZER setting. + Included tox.ini section for Python 2.7 + Django 1.6. + New decorator override_session_serializer enforces pickle session serialization in tests. + Added test checking Django version defaults for SESSION_SERIALIZER. --- README.txt | 15 ++++++++----- django_openid_auth/tests/__init__.py | 5 +++-- django_openid_auth/tests/helpers.py | 5 +++++ django_openid_auth/tests/test_auth.py | 3 +++ django_openid_auth/tests/test_settings.py | 35 +++++++++++++++++++++++++++++++ django_openid_auth/tests/test_views.py | 5 ++++- tox.ini | 8 ++++++- 7 files changed, 67 insertions(+), 9 deletions(-) create mode 100644 django_openid_auth/tests/helpers.py create mode 100644 django_openid_auth/tests/test_settings.py diff --git a/README.txt b/README.txt index 7df7110..46b5c07 100644 --- a/README.txt +++ b/README.txt @@ -8,13 +8,18 @@ single signon systems. == Basic Installation == - 1. Install the Jan Rain Python OpenID library. It can be found at: + 0. Install the Jan Rain Python OpenID library. It can be found at: http://openidenabled.com/python-openid/ It can also be found in most Linux distributions packaged as "python-openid". You will need version 2.2.0 or later. + 1. If you are using Django 1.6, configure your project to use the + pickle based session serializer: + + SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer' + 2. Add 'django_openid_auth' to INSTALLED_APPS for your application. At a minimum, you'll need the following in there: @@ -143,8 +148,8 @@ If you require openid authentication into the admin application, add the followi OPENID_USE_AS_ADMIN_LOGIN = True -It is worth noting that a user needs to be be marked as a "staff user" to be able to access the admin interface. A new openid user will not normally be a "staff user". -The easiest way to resolve this is to use traditional authentication (OPENID_USE_AS_ADMIN_LOGIN = False) to sign in as your first user with a password and authorise your +It is worth noting that a user needs to be be marked as a "staff user" to be able to access the admin interface. A new openid user will not normally be a "staff user". +The easiest way to resolve this is to use traditional authentication (OPENID_USE_AS_ADMIN_LOGIN = False) to sign in as your first user with a password and authorise your openid user to be staff. == Change Django usernames if the nickname changes on the provider == @@ -162,7 +167,7 @@ If the user has already been renamed to nickname+1 due to a conflict, and the ni If you must have a valid, unique nickname in order to create a user accont, add the following setting: OPENID_STRICT_USERNAMES = True - + This will cause an OpenID login attempt to fail if the provider does not return a 'nickname' (username) for the user, or if the nickname conflicts with an existing user with a different openid identiy url. Without this setting, logins without a nickname will be given the username 'openiduser', and upon conflicts with existing username, an incrementing number will be appended to the username until it is unique. @@ -171,7 +176,7 @@ Without this setting, logins without a nickname will be given the username 'open If your users should use a physical multi-factor authentication method, such as RSA tokens or YubiKey, add the following setting: OPENID_PHYSICAL_MULTIFACTOR_REQUIRED = True - + If the user's OpenID provider supports the PAPE extension and provides the Physical Multifactor authentication policy, this will cause the OpenID login to fail if the user does not provide valid physical authentication to the provider. diff --git a/django_openid_auth/tests/__init__.py b/django_openid_auth/tests/__init__.py index 5b3964a..70bcb36 100644 --- a/django_openid_auth/tests/__init__.py +++ b/django_openid_auth/tests/__init__.py @@ -28,6 +28,7 @@ import unittest from test_views import * +from test_settings import * from test_store import * from test_auth import * from test_admin import * @@ -35,8 +36,8 @@ from test_admin import * def suite(): suite = unittest.TestSuite() - for name in ['test_auth', 'test_models', 'test_store', 'test_views', - 'test_admin']: + for name in ['test_auth', 'test_models', 'test_settings', 'test_store', + 'test_views', 'test_admin']: mod = __import__('%s.%s' % (__name__, name), {}, {}, ['suite']) suite.addTest(mod.suite()) return suite diff --git a/django_openid_auth/tests/helpers.py b/django_openid_auth/tests/helpers.py new file mode 100644 index 0000000..b663c5b --- /dev/null +++ b/django_openid_auth/tests/helpers.py @@ -0,0 +1,5 @@ +from django.test.utils import override_settings + + +override_session_serializer = override_settings( + SESSION_SERIALIZER='django.contrib.sessions.serializers.PickleSerializer') diff --git a/django_openid_auth/tests/test_auth.py b/django_openid_auth/tests/test_auth.py index 87536d1..ef70a7d 100644 --- a/django_openid_auth/tests/test_auth.py +++ b/django_openid_auth/tests/test_auth.py @@ -39,6 +39,7 @@ from django.test import TestCase from django_openid_auth.auth import OpenIDBackend from django_openid_auth.models import UserOpenID from django_openid_auth.teams import ns_uri as TEAMS_NS +from django_openid_auth.tests.helpers import override_session_serializer from openid.consumer.consumer import SuccessResponse from openid.consumer.discover import OpenIDServiceEndpoint from openid.message import Message, OPENID2_NS @@ -47,6 +48,8 @@ from openid.message import Message, OPENID2_NS SREG_NS = "http://openid.net/sreg/1.0" AX_NS = "http://openid.net/srv/ax/1.0" + +@override_session_serializer class OpenIDBackendTests(TestCase): def setUp(self): diff --git a/django_openid_auth/tests/test_settings.py b/django_openid_auth/tests/test_settings.py new file mode 100644 index 0000000..5704ffa --- /dev/null +++ b/django_openid_auth/tests/test_settings.py @@ -0,0 +1,35 @@ +from unittest import skipIf, TestLoader + +from django import VERSION +from django.conf import settings +from django.test import TestCase + + +class SessionSerializerTest(TestCase): + """Django 1.6 changed the default session serializer to use JSON + instead of pickle for security reasons[0]. Unfortunately the + openid module on which we rely stores objects which are not JSON + serializable[1], so until this is fixed upstream (or we decide to + create a wrapper serializer) we are recommending Django 1.6 users + to fallback to the PickleSerializer. + + [0] https://bit.ly/1myzetd + [1] https://github.com/openid/python-openid/issues/17 + """ + @skipIf(VERSION >= (1, 6, 0), "Old versions used the pickle serializer.") + def test_not_using_json_session_serializer(self): + # We use getattr because this setting did not exist in Django + # 1.4 (pickle serialization was hard coded) + serializer = getattr(settings, 'SESSION_SERIALIZER', '') + self.assertNotEqual( + serializer, 'django.contrib.sessions.serializers.JSONSerializer') + + @skipIf(VERSION < (1, 6, 0), "Newer versions use JSON by default.") + def test_using_json_session_serializer(self): + serializer = getattr(settings, 'SESSION_SERIALIZER', '') + self.assertEqual( + serializer, 'django.contrib.sessions.serializers.JSONSerializer') + + +def suite(): + return TestLoader().loadTestsFromName(__name__) diff --git a/django_openid_auth/tests/test_views.py b/django_openid_auth/tests/test_views.py index 47187b2..239e08e 100644 --- a/django_openid_auth/tests/test_views.py +++ b/django_openid_auth/tests/test_views.py @@ -47,6 +47,7 @@ from openid.message import IDENTIFIER_SELECT from django_openid_auth import teams from django_openid_auth.models import UserOpenID +from django_openid_auth.tests.helpers import override_session_serializer from django_openid_auth.views import ( sanitise_redirect_url, make_consumer, @@ -161,6 +162,8 @@ class DummyDjangoRequest(object): return request REQUEST = property(_combined_request) + +@override_session_serializer class RelyingPartyTests(TestCase): urls = 'django_openid_auth.tests.urls' @@ -1354,7 +1357,6 @@ class RelyingPartyTests(TestCase): self.assertTrue(group3 not in user.groups.all()) def test_login_teams_staff_not_defined(self): - delattr(settings, 'OPENID_LAUNCHPAD_STAFF_TEAMS') user = User.objects.create_user('testuser', 'someone@example.com') user.is_staff = True user.save() @@ -1433,6 +1435,7 @@ class RelyingPartyTests(TestCase): openid_login_complete.disconnect(login_callback) +@override_session_serializer class HelperFunctionsTest(TestCase): def test_sanitise_redirect_url(self): settings.ALLOWED_EXTERNAL_OPENID_REDIRECT_DOMAINS = [ diff --git a/tox.ini b/tox.ini index 40d7727..28b8703 100644 --- a/tox.ini +++ b/tox.ini @@ -1,6 +1,6 @@ [tox] envlist = - py2.7-django1.4, py2.7-django1.5 + py2.7-django1.4, py2.7-django1.5, py2.7-django1.6 [testenv] commands = make check @@ -17,3 +17,9 @@ basepython = python2.7 deps = django >= 1.5, < 1.6 python-openid south + +[testenv:py2.7-django1.6] +basepython = python2.7 +deps = django >= 1.6, < 1.7 + python-openid + south -- cgit v1.2.3