Merge lp://staging/~mhall119/django-openid-auth/strict-username-requirements into lp://staging/~django-openid-auth/django-openid-auth/trunk

Proposed by Michael Hall
Status: Merged
Approved by: James Henstridge
Approved revision: 81
Merged at revision: 80
Proposed branch: lp://staging/~mhall119/django-openid-auth/strict-username-requirements
Merge into: lp://staging/~django-openid-auth/django-openid-auth/trunk
Diff against target: 147 lines (+82/-2)
3 files modified
README.txt (+10/-0)
django_openid_auth/auth.py (+13/-2)
django_openid_auth/tests/test_views.py (+59/-0)
To merge this branch: bzr merge lp://staging/~mhall119/django-openid-auth/strict-username-requirements
Reviewer Review Type Date Requested Status
James Henstridge Approve
Anthony Lenton Approve
Review via email: mp+54065@code.staging.launchpad.net

This proposal supersedes a proposal from 2010-10-15.

Description of the change

Adds an extra OPENID_STRICT_USERNAMES setting that will cause the authentication to fail if the OpenID response does not contain a nickname (used for User.username in Django), or if a Django User with that username already exists but doesn't have the same OpenID identity_url

To post a comment you must log in.
Revision history for this message
Anthony Lenton (elachuni) wrote : Posted in a previous version of this proposal

Tests would be nice, but it looks ok to me :)

review: Approve
Revision history for this message
James Henstridge (jamesh) wrote : Posted in a previous version of this proposal

I agree with Anthony here.

Here is a quick sketch for the test:

1. add a test to test_views.py. Using test_login_create_users() as a base would probably be easiest.
2. create a User and UserOpenID object with a given nickname and identity.
3. set OPENID_STRICT_USERNAMES, and try to log in using a different identity URL but the same nickname
4. verify that the login has failed.

After adding the test, this change looks fine.

review: Needs Fixing
Revision history for this message
Anthony Lenton (elachuni) wrote :

Hi Michael,

With the tests this now looks fine. Could you add a brief snippet to README.txt to mention this new setting and what it does?

81. By Michael Hall

Added notes about the new settings option to README.txt

Revision history for this message
Anthony Lenton (elachuni) :
review: Approve
Revision history for this message
James Henstridge (jamesh) wrote :

Looks good. In test_strict_username_no_nickname, I'd leave out the nickname from the SReg response entirely though, since that is what you'd see from a provider that doesn't support nicknames.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
The diff is not available at this time. You can reload the page or download it.

Subscribers

People subscribed via source and target branches