Skip to content

Commit

Permalink
feat: ensure saml users have a usable password
Browse files Browse the repository at this point in the history 
FAN-155
  • Loading branch information
@sandroscosta
sandroscosta committed Aug 30, 2023
1 parent 4c5c6bd commit 6bd615c
Show file tree
Hide file tree
Showing 2 changed files with 33 additions and 0 deletions.
32 changes: 32 additions & 0 deletions nau_openedx_extensions/third_party_auth/pipeline.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,18 @@
"""
from __future__ import absolute_import, unicode_literals

import logging

from django.conf import settings

from edx_django_utils.user import generate_password # pylint: disable=import-error,unused-import

from common.djangoapps.student.models import UserAttribute # pylint: disable=import-error,no-name-in-module

from nau_openedx_extensions.custom_registration_form.models import NauUserExtendedModel

log = logging.getLogger(__name__)


def ensure_cartao_cidadao_data(strategy, details, user, uid, *args, **kwargs):
"""
Expand Down Expand Up @@ -45,3 +53,27 @@ def ensure_cartao_cidadao_data(strategy, details, user, uid, *args, **kwargs):

if changed:
user.nauuserextendedmodel.save()


# pylint: disable=unused-argument,keyword-arg-before-vararg
def ensure_new_user_has_usable_password(backend, user=None, **kwargs):

"""
This pipeline function assigns an usable password to an user in case that
the user has an unusable password on user creation. At the creation of new users
through some TPA providers, some of them are created with an unusable password,
a user with an unusable password cannot login properly in the platform if
the common.djangoapps.third_party.pipeline.set_logged_in_cookies step is enabled.
It should run after `social_core.pipeline.user.create_user` on the SOCIAL_AUTH_TPA_SAML_PIPELINE.
"""

is_new = kwargs.get('is_new')

if user and is_new and not user.has_usable_password():
user.set_password(generate_password(length=25))
user.save()

UserAttribute.set_user_attribute(user, 'auto_password_via_tpa_pipeline', 'true')

log.info('Assign a usable password to the user %s on creation', user.username)
1 change: 1 addition & 0 deletions requirements/constraints.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
celery<5.0
Django==2.2.25
edx-opaque-keys[django]==2.2.0
edx-django-utils>=5.1.0
openedx-filters==0.7.0
pip-tools<5.4
click==7.1.2

0 comments on commit 6bd615c

Please sign in to comment.