fix self enrollment urls for delegated auth

fixes #CNVS-2660 this snippet of code got lost in a refactor. if the account has delegated auth and users are not authenticated, store the location and send them to the login_url, where the delegated auth dance will happen (either they enter the credentials, or it sees they are logged in and sends them back) also put the "should i redirect for auth?" check into its own method for easier reuse lastly, override styles for embedded (popup) self enrollment form to ensure overzealous custom styles don't make it look really bad test plan: 1. set up an account with cas or saml 2. go to a self enrollment url when not logged in 3. it should redirect you to the login form 4. once authenticated, you should be able to self-enroll in the course Change-Id: Ic0277ae0e11300fd43b7efea1c4edda589f42d29 Reviewed-on: https://gerrit.instructure.com/16706 Reviewed-by: Jon Jensen <jon@instructure.com> Tested-by: Jenkins <jenkins@instructure.com> QA-Review: Cam Theriault <cam@instructure.com>
2013-01-10 13:12:39 -07:00 · 2013-01-10 13:12:39 -07:00 · 695182de72
parent 9cf7116818
commit 695182de72
5 changed files with 26 additions and 3 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -279,7 +279,7 @@ class ApplicationController < ActionController::Base
          end
        end

-        @is_delegated = @domain_root_account.delegated_authentication? && !@domain_root_account.ldap_authentication? && !request.params[:canvas_login]
+        @is_delegated = delegated_authentication_url?
        render :template => "shared/unauthorized", :layout => "application", :status => :unauthorized
      }
      format.zip { redirect_to(url_for(params)) }
@ -289,6 +289,12 @@ class ApplicationController < ActionController::Base
    response.headers["Cache-Control"] = "no-cache, no-store, max-age=0, must-revalidate"
  end

+  def delegated_authentication_url?
+    @domain_root_account.delegated_authentication? &&
+    !@domain_root_account.ldap_authentication? &&
+    !params[:canvas_login]
+  end
+
  # To be used as a before_filter, requires controller or controller actions
  # to have their urls scoped to a context in order to be valid.
  # So /courses/5/assignments or groups/1/assignments would be valid, but
--- a/app/controllers/pseudonym_sessions_controller.rb
+++ b/app/controllers/pseudonym_sessions_controller.rb
@ -44,7 +44,7 @@ class PseudonymSessionsController < ApplicationController

    @pseudonym_session = PseudonymSession.new
    @headers = false
-    @is_delegated = @domain_root_account.delegated_authentication? && !@domain_root_account.ldap_authentication? && !params[:canvas_login]
+    @is_delegated = delegated_authentication_url?
    @is_cas = @domain_root_account.cas_authentication? && @is_delegated
    @is_saml = @domain_root_account.saml_authentication? && @is_delegated
    if @is_cas && !params[:no_auto]
@ -226,7 +226,7 @@ class PseudonymSessionsController < ApplicationController
    flash[:logged_out] = true
    respond_to do |format|
      session.delete(:return_to)
-      if @domain_root_account.delegated_authentication? && !@domain_root_account.ldap_authentication?
+      if delegated_authentication_url?
        format.html { redirect_to login_url(:no_auto=>'true') }
      else
        format.html { redirect_to login_url }
--- a/app/controllers/self_enrollments_controller.rb
+++ b/app/controllers/self_enrollments_controller.rb
@ -23,6 +23,12 @@ class SelfEnrollmentsController < ApplicationController
  include Api::V1::Course

  def new
+    if !@current_user && delegated_authentication_url?
+      store_location
+      flash[:notice] = t('notices.login_required', "Please log in to join this course.")
+      return redirect_to login_url
+    end
+
    js_env :USER => {:MIN_AGE => @course.self_enrollment_min_age || User.self_enrollment_min_age}
  end

--- a/app/stylesheets/base/_layout.sass
+++ b/app/stylesheets/base/_layout.sass
@ -40,6 +40,10 @@ body
      .controls
        margin-left: 15px
        margin-right: 15px
+    #modal-box
+      background: #fff !important
+      color: #333 !important
+      height: auto !important
    background: #fff

 // so we don't get the non-interactionable content
--- a/spec/controllers/self_enrollments_controller_spec.rb
+++ b/spec/controllers/self_enrollments_controller_spec.rb
@ -30,6 +30,13 @@ describe SelfEnrollmentsController do
      response.should be_success
    end

+    it "should do the delegated auth dance" do
+      account = account_with_cas({:account => Account.default})
+      
+      get 'new', :self_enrollment_code => @course.self_enrollment_code
+      response.should redirect_to login_url
+    end
+
    it "should not render for an incorrect code" do
      lambda {
        get 'new', :self_enrollment_code => 'abc'