From 3794faeca9c70823661f0021a3909d7d26e0f2f4 Mon Sep 17 00:00:00 2001 From: Terence Tuhinanshu Date: Tue, 22 Feb 2022 21:14:51 +0000 Subject: [PATCH 1/3] Inherit backend from Django's BaseBackend Rather than a simple object, to make it more compliant with other backends. --- src/mmw/apps/user/backends.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/mmw/apps/user/backends.py b/src/mmw/apps/user/backends.py index c5c3df69d..ebad1a65e 100644 --- a/src/mmw/apps/user/backends.py +++ b/src/mmw/apps/user/backends.py @@ -1,11 +1,12 @@ # -*- coding: utf-8 -*- from django.core.exceptions import ObjectDoesNotExist +from django.contrib.auth.backends import BaseBackend from django.contrib.auth.models import User from apps.user.models import ItsiUser, ConcordUser -class SSOAuthenticationBackend(object): +class SSOAuthenticationBackend(BaseBackend): """ A custom authentication back-end for Single Sign On providers. From 83ceca04758c6546c41d5bc7f96583d838f25e11 Mon Sep 17 00:00:00 2001 From: Terence Tuhinanshu Date: Tue, 22 Feb 2022 21:15:34 +0000 Subject: [PATCH 2/3] Add request parameter to backend.authenticate Without this, the signature of our custom backend does not match that of the function call. This signature is tested in django.contrib.auth.authenticate here: https://github.com/django/django/blob/fdf209eab8949ddc345aa0212b349c79fc6fdebb/django/contrib/auth/__init__.py#L69 and `request` was added to that signature in Django 1.11 in https://github.com/django/django/commit/4b9330ccc04575f9e5126529ec355a450d12e77c. With this, the Concord users are authenticated correctly. --- src/mmw/apps/user/backends.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/mmw/apps/user/backends.py b/src/mmw/apps/user/backends.py index ebad1a65e..7197f3b01 100644 --- a/src/mmw/apps/user/backends.py +++ b/src/mmw/apps/user/backends.py @@ -21,7 +21,7 @@ def __init__(self, model, field): self.SSOUserModel = model self.SSOField = field - def authenticate(self, sso_id=None): + def authenticate(self, request=None, sso_id=None): if sso_id is not None: try: query = {self.SSOField: sso_id} From f5f990c526539ee6da50fc089a3d8a5e52e3bf4f Mon Sep 17 00:00:00 2001 From: Terence Tuhinanshu Date: Tue, 22 Feb 2022 21:22:43 +0000 Subject: [PATCH 3/3] Fix Rollbar error reporting Previously we assumed that the error would have a message attribute. This is not always the case. Now we only access that when it is available. --- src/mmw/apps/user/views.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/mmw/apps/user/views.py b/src/mmw/apps/user/views.py index 94f13c5c4..abb9f7b14 100644 --- a/src/mmw/apps/user/views.py +++ b/src/mmw/apps/user/views.py @@ -283,7 +283,11 @@ def concord_auth(request): concord_user = session.get_user() except Exception as e: # Report OAuth error - rollbar.report_message(f'Concord OAuth Error: {e.message}', 'error') + message = 'Concord OAuth Error' + if hasattr(e, 'message'): + message += f': {e.message}' + + rollbar.report_message(message, 'error') return redirect('/error/sso') user = authenticate(sso_id=concord_user['id'])