Fully test suite passing on djangos from 1.4 to 1.8.

Author: nessita

.bzrignore

@@ -1,6 +1,5 @@
-./django
-./MANIFEST
-./build
-./dist
-./sqlite.db
-./.tox/
+MANIFEST
+build
+dist
+db.sqlite3
+.tox

Makefile

@@ -1,10 +1,9 @@
 
 check:
-	PYTHONPATH=$(shell pwd) python example_consumer/manage.py test \
-	   --verbosity=2 django_openid_auth
+	PYTHONPATH=$(shell pwd) python manage.py test --verbosity=2 django_openid_auth
 
 run-example-consumer:
-	PYTHONPATH=$(shell pwd) python example_consumer/manage.py syncdb
-	PYTHONPATH=$(shell pwd) python example_consumer/manage.py runserver
+	PYTHONPATH=$(shell pwd) python manage.py syncdb --migrate
+	PYTHONPATH=$(shell pwd) python manage.py runserver
 
 .PHONY: check run-example-consumer

django_openid_auth/__init__.py

@@ -26,4 +26,3 @@
 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
 # ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 # POSSIBILITY OF SUCH DAMAGE.
-

django_openid_auth/admin.py

@@ -27,6 +27,9 @@
 # ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 # POSSIBILITY OF SUCH DAMAGE.
 
+from urllib import urlencode
+from urlparse import parse_qsl, urlparse
+
 from django.conf import settings
 from django.contrib import admin
 from django_openid_auth.models import Nonce, Association, UserOpenID
@@ -69,22 +72,39 @@ class UserOpenIDAdmin(admin.ModelAdmin):
 admin.site.register(UserOpenID, UserOpenIDAdmin)
 
 
-# Support for allowing openid authentication for /admin (django.contrib.admin)
-if getattr(settings, 'OPENID_USE_AS_ADMIN_LOGIN', False):
-    from django.http import HttpResponseRedirect
-    from django_openid_auth import views
-
-    def _openid_login(self, request, error_message='', extra_context=None):
-        if request.user.is_authenticated():
-            if not request.user.is_staff:
-                return views.default_render_failure(
-                    request, "User %s does not have admin access."
-                    % request.user.username)
-            assert error_message, "Unknown Error: %s" % error_message
-        else:
-            # Redirect to openid login path,
-            return HttpResponseRedirect(
-                settings.LOGIN_URL + "?next=" + request.get_full_path())
-
-    # Overide the standard admin login form.
-    admin.sites.AdminSite.login = _openid_login
+# override a single time
+original_admin_login = None
+if original_admin_login is None:
+    original_admin_login = admin.sites.AdminSite.login
+
+
+from django.http import HttpResponseRedirect
+from django_openid_auth import views
+
+
+def _openid_login(instance, request, error_message='', extra_context=None):
+    # Support for allowing openid authentication for /admin
+    # (django.contrib.admin)
+    if not getattr(settings, 'OPENID_USE_AS_ADMIN_LOGIN', False):
+        return original_admin_login(
+            instance, request, extra_context=extra_context)
+
+    if not request.user.is_authenticated():
+        # Redirect to openid login path,
+        _, _, path, _, query, _ = urlparse(request.get_full_path())
+        qs = dict(parse_qsl(query))
+        qs.setdefault('next', path)
+        return HttpResponseRedirect(
+            settings.LOGIN_URL + "?" + urlencode(qs))
+
+    if not request.user.is_staff:
+        return views.default_render_failure(
+            request, "User %s does not have admin/staff access."
+            % request.user.username)
+
+    # No error message was supplied
+    assert error_message, "Unknown Error: %s" % error_message
+
+
+# Overide the standard admin login form.
+admin.sites.AdminSite.login = _openid_login

django_openid_auth/auth.py

@@ -93,8 +93,9 @@ def authenticate(self, **kwargs):
 
         if getattr(settings, 'OPENID_PHYSICAL_MULTIFACTOR_REQUIRED', False):
             pape_response = pape.Response.fromSuccessResponse(openid_response)
-            if pape_response is None or \
-               pape.AUTH_MULTI_FACTOR_PHYSICAL not in pape_response.auth_policies:
+            key = pape.AUTH_MULTI_FACTOR_PHYSICAL
+            if (pape_response is None or
+                    key not in pape_response.auth_policies):
                 raise MissingPhysicalMultiFactor()
 
         teams_response = teams.TeamsResponse.fromSuccessResponse(
@@ -194,12 +195,12 @@ def _get_available_username(self, nickname, identity_url):
             if nickname is None or nickname == '':
                 raise MissingUsernameViolation()
 
-        # If we don't have a nickname, and we're not being strict, use a default
+        # If we don't have a nickname, and we're not being strict, use default
         nickname = nickname or 'openiduser'
 
         # See if we already have this nickname assigned to a username
         try:
-            user = User.objects.get(username__exact=nickname)
+            User.objects.get(username__exact=nickname)
         except User.DoesNotExist:
             # No conflict, we can use this nickname
             return nickname
@@ -231,7 +232,6 @@ def _get_available_username(self, nickname, identity_url):
             # No user associated with this identity_url
             pass
 
-
         if getattr(settings, 'OPENID_STRICT_USERNAMES', False):
             if User.objects.filter(username__exact=nickname).count() > 0:
                 raise DuplicateUsernameViolation(
@@ -248,7 +248,7 @@ def _get_available_username(self, nickname, identity_url):
             if i > 1:
                 username += str(i)
             try:
-                user = User.objects.get(username__exact=username)
+                User.objects.get(username__exact=username)
             except User.DoesNotExist:
                 break
             i += 1
@@ -266,12 +266,12 @@ def create_user_from_openid(self, openid_response):
                     "An attribute required for logging in was not "
                     "returned ({0}).".format(required_attr))
 
-        nickname = self._get_preferred_username(details['nickname'],
-            details['email'])
+        nickname = self._get_preferred_username(
+            details['nickname'], details['email'])
         email = details['email'] or ''
 
-        username = self._get_available_username(nickname,
-            openid_response.identity_url)
+        username = self._get_available_username(
+            nickname, openid_response.identity_url)
 
         user = User.objects.create_user(username, email, password=None)
         self.associate_openid(user, openid_response)
@@ -328,13 +328,16 @@ def update_user_details(self, user, details, openid_response):
             user.save()
 
     def get_teams_mapping(self):
-        teams_mapping_auto = getattr(settings, 'OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO', False)
-        teams_mapping_auto_blacklist = getattr(settings, 'OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO_BLACKLIST', [])
+        teams_mapping_auto = getattr(
+            settings, 'OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO', False)
+        teams_mapping_auto_blacklist = getattr(
+            settings, 'OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO_BLACKLIST', [])
         teams_mapping = getattr(settings, 'OPENID_LAUNCHPAD_TEAMS_MAPPING', {})
         if teams_mapping_auto:
-            #ignore teams_mapping. use all django-groups
+            # ignore teams_mapping. use all django-groups
             teams_mapping = dict()
-            all_groups = Group.objects.exclude(name__in=teams_mapping_auto_blacklist)
+            all_groups = Group.objects.exclude(
+                name__in=teams_mapping_auto_blacklist)
             for group in all_groups:
                 teams_mapping[group.name] = group.name
         return teams_mapping
@@ -344,12 +347,12 @@ def update_groups_from_teams(self, user, teams_response):
         if len(teams_mapping) == 0:
             return
 
-        current_groups = set(user.groups.filter(
-                name__in=teams_mapping.values()))
-        desired_groups = set(Group.objects.filter(
-                name__in=[teams_mapping[lp_team]
-                          for lp_team in teams_response.is_member
-                          if lp_team in teams_mapping]))
+        mapping = [
+            teams_mapping[lp_team] for lp_team in teams_response.is_member
+            if lp_team in teams_mapping]
+        current_groups = set(
+            user.groups.filter(name__in=teams_mapping.values()))
+        desired_groups = set(Group.objects.filter(name__in=mapping))
         for group in current_groups - desired_groups:
             user.groups.remove(group)
         for group in desired_groups - current_groups:

django_openid_auth/exceptions.py

@@ -28,20 +28,25 @@
 
 """Exception classes thrown by OpenID Authentication and Validation."""
 
+
 class DjangoOpenIDException(Exception):
     pass
 
+
 class RequiredAttributeNotReturned(DjangoOpenIDException):
     pass
 
+
 class IdentityAlreadyClaimed(DjangoOpenIDException):
 
     def __init__(self, message=None):
         if message is None:
-            self.message = "Another user already exists for your selected OpenID"
+            self.message = (
+                "Another user already exists for your selected OpenID")
         else:
             self.message = message
 
+
 class DuplicateUsernameViolation(DjangoOpenIDException):
 
     def __init__(self, message=None):
@@ -50,6 +55,7 @@ def __init__(self, message=None):
         else:
             self.message = message
 
+
 class MissingUsernameViolation(DjangoOpenIDException):
 
     def __init__(self, message=None):
@@ -58,11 +64,12 @@ def __init__(self, message=None):
         else:
             self.message = message
 
+
 class MissingPhysicalMultiFactor(DjangoOpenIDException):
 
     def __init__(self, message=None):
         if message is None:
-            self.message = "Login requires physical multi-factor authentication."
+            self.message = (
+                "Login requires physical multi-factor authentication.")
         else:
             self.message = message
-

django_openid_auth/forms.py

@@ -49,6 +49,7 @@ def teams_new_unicode(self):
         return "%s -> %s" % (name, ", ".join(group_teams))
     else:
         return name
+
 Group.unicode_before_teams = Group.__unicode__
 Group.__unicode__ = teams_new_unicode
 
@@ -64,9 +65,11 @@ def clean_groups(self):
         user_groups = self.instance.groups.all()
         for group in data:
             if group.name in known_teams and group not in user_groups:
-                raise forms.ValidationError("""The group %s is mapped to an
-                    external team.  You cannot assign it manually.""" % group.name)
+                raise forms.ValidationError(
+                    "The group %s is mapped to an external team.  "
+                    "You cannot assign it manually." % group.name)
         return data
+
 UserAdmin.form = UserChangeFormWithTeamRestriction
 
 
@@ -78,10 +81,7 @@ class OpenIDLoginForm(forms.Form):
     def clean_openid_identifier(self):
         if 'openid_identifier' in self.cleaned_data:
             openid_identifier = self.cleaned_data['openid_identifier']
-            if xri.identifierScheme(openid_identifier) == 'XRI' and getattr(
-                settings, 'OPENID_DISALLOW_INAMES', False
-                ):
+            if (xri.identifierScheme(openid_identifier) == 'XRI' and
+                    getattr(settings, 'OPENID_DISALLOW_INAMES', False)):
                 raise forms.ValidationError(_('i-names are not supported'))
             return self.cleaned_data['openid_identifier']
-
-