Merge pull request #106 from edx/ahsan/Single-sign-out

Added single signout

Author: Ahsan Ulhaq

credentials/apps/api/tests/test_views.py

@@ -1,6 +1,7 @@
 """
 Tests for credentials service views.
 """
+# pylint: disable=no-member
 from __future__ import unicode_literals
 import json
 
@@ -31,7 +32,7 @@ def setUp(self):
         super(UserCredentialViewSetTests, self).setUp()
 
         self.user = factories.UserFactory()
-        self.client.force_authenticate(self.user)  # pylint: disable=no-member
+        self.client.force_authenticate(self.user)
 
         self.program_cert = factories.ProgramCertificateFactory()
         self.program_id = self.program_cert.program_id
@@ -43,7 +44,6 @@ def setUp(self):
 
     def _add_permission(self, perm):
         """ DRY helper to add usercredential model permissions to self.user """
-        # pylint: disable=no-member
         self.user.user_permissions.add(Permission.objects.get(codename='{}_usercredential'.format(perm)))
 
     def _attempt_update_user_credential(self, data):
@@ -55,7 +55,6 @@ def _attempt_update_user_credential(self, data):
         Returns:
           Response: HTTP response from the API.
         """
-        # pylint: disable=no-member
         self._add_permission('change')
         path = reverse("api:v1:usercredential-detail", args=[self.user_credential.id])
         return self.client.patch(path=path, data=json.dumps(data), content_type=JSON_CONTENT_TYPE)
@@ -120,7 +119,6 @@ def _attempt_create_user_credentials(self, data):
         Returns:
           Response: HTTP response from the API.
         """
-        # pylint: disable=no-member
         self._add_permission('add')
         path = self.list_path
         return self.client.post(path=path, data=json.dumps(data), content_type=JSON_CONTENT_TYPE)
@@ -457,7 +455,6 @@ class UserCredentialViewSetPermissionsTests(APITestCase):
 
     def make_user(self, group=None, perm=None, **kwargs):
         """ DRY helper to create users with specific groups and/or permissions. """
-        # pylint: disable=no-member
         user = factories.UserFactory(**kwargs)
         if group:
             user.groups.add(Group.objects.get(name=group))
@@ -482,7 +479,7 @@ def test_list(self, user_kwargs, expected_status):
         """
         list_path = reverse("api:v1:usercredential-list")
 
-        self.client.force_authenticate(self.make_user(**user_kwargs))  # pylint: disable=no-member
+        self.client.force_authenticate(self.make_user(**user_kwargs))
         response = self.client.get(list_path, {'username': 'test-user'})
         self.assertEqual(response.status_code, expected_status)
 
@@ -509,7 +506,7 @@ def test_create(self, user_kwargs, expected_status):
             'attributes': [],
         }
 
-        self.client.force_authenticate(self.make_user(**user_kwargs))  # pylint: disable=no-member
+        self.client.force_authenticate(self.make_user(**user_kwargs))
         response = self.client.post(list_path, data=json.dumps(post_data), content_type=JSON_CONTENT_TYPE)
         self.assertEqual(response.status_code, expected_status)
 
@@ -533,7 +530,7 @@ def test_retrieve(self, user_kwargs, expected_status):
         user_credential = factories.UserCredentialFactory.create(credential=program_cert, username='test-user')
         detail_path = reverse("api:v1:usercredential-detail", args=[user_credential.id])
 
-        self.client.force_authenticate(self.make_user(**user_kwargs))  # pylint: disable=no-member
+        self.client.force_authenticate(self.make_user(**user_kwargs))
         response = self.client.get(detail_path)
         self.assertEqual(response.status_code, expected_status)
 
@@ -560,7 +557,7 @@ def test_partial_update(self, user_kwargs, expected_status):
             },
             'attributes': [{'name': 'dummy-attr-name', 'value': 'dummy-attr-value'}],
         }
-        self.client.force_authenticate(self.make_user(**user_kwargs))  # pylint: disable=no-member
+        self.client.force_authenticate(self.make_user(**user_kwargs))
         response = self.client.patch(path=detail_path, data=json.dumps(post_data), content_type=JSON_CONTENT_TYPE)
         self.assertEqual(response.status_code, expected_status)
 
@@ -574,18 +571,17 @@ class CredentialViewSetTests(APITestCase):
     def setUp(self):
         super(CredentialViewSetTests, self).setUp()
 
-        # pylint: disable=no-member
         self.user = factories.UserFactory()
         self.user.groups.add(Group.objects.get(name=Role.ADMINS))
-        self.client.force_authenticate(self.user)  # pylint: disable=no-member
+        self.client.force_authenticate(self.user)
         self.request = APIRequestFactory().get('/')
 
     def assert_permission_required(self, data):
         """
         Ensure access to these APIs is restricted to those with explicit model
         permissions.
         """
-        self.client.force_authenticate(user=factories.UserFactory())  # pylint: disable=no-member
+        self.client.force_authenticate(user=factories.UserFactory())
         response = self.client.get(self.list_path, data)
         self.assertEqual(response.status_code, 403)
 

credentials/settings/base.py

@@ -230,6 +230,7 @@
 SOCIAL_AUTH_EDX_OIDC_KEY = 'replace-me'
 SOCIAL_AUTH_EDX_OIDC_SECRET = 'replace-me'
 SOCIAL_AUTH_EDX_OIDC_URL_ROOT = 'replace-me'
+SOCIAL_AUTH_EDX_OIDC_LOGOUT_URL = 'replace-me'
 SOCIAL_AUTH_EDX_OIDC_ID_TOKEN_DECRYPTION_KEY = SOCIAL_AUTH_EDX_OIDC_SECRET
 
 # Request the user's permissions in the ID token

credentials/urls.py

@@ -15,37 +15,25 @@
 
 import os
 
+from auth_backends.urls import auth_urlpatterns
 from django.conf import settings
 from django.conf.urls import include, url
 from django.conf.urls.static import static
 from django.contrib import admin
-from django.contrib.auth.views import logout
-from django.core.urlresolvers import reverse_lazy
-from django.views.generic import RedirectView
 
 from credentials.apps.core import views as core_views
 
 admin.autodiscover()
 
-# pylint: disable=invalid-name
-# Always login via edX OpenID Connect
-login = RedirectView.as_view(url=reverse_lazy('social:begin', args=['edx-oidc']), permanent=False, query_string=True)
 
-AUTH_URLS = [
-    url(r'^login/$', login, name='login'),
-    url(r'^logout/$', logout, name='logout'),
-]
-
-urlpatterns = [
-    url(r'^accounts/', include(AUTH_URLS)),
+urlpatterns = auth_urlpatterns + [
     url(r'^admin/', include(admin.site.urls)),
     url(r'^api/', include('credentials.apps.api.urls', namespace='api')),
-    url(r'^api-auth/', include(AUTH_URLS, namespace='rest_framework')),
+    url(r'^api-auth/', include(auth_urlpatterns, namespace='rest_framework')),
     url(r'^auto_auth/$', core_views.AutoAuth.as_view(), name='auto_auth'),
     url(r'^credentials/', include('credentials.apps.credentials.urls', namespace='credentials')),
     url(r'^health/$', core_views.health, name='health'),
     url(r'^jsi18n/$', 'django.views.i18n.javascript_catalog', ''),
-    url('', include('social.apps.django_app.urls', namespace='social')),
 ]
 
 handler500 = 'credentials.apps.core.views.render_500'

requirements/base.txt

@@ -9,7 +9,7 @@ djangorestframework==3.2.3
 djangorestframework-jwt==1.7.2
 django-rest-swagger==0.3.4
 django-storages==1.1.8
-edx-auth-backends==0.2.3
+edx-auth-backends==0.5.0
 edx-drf-extensions==0.5.1
 edx-opaque-keys==0.3.1
 edx-rest-api-client==1.4.0