zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-05-16 09:37:03 +02:00
Code Issues Projects Releases Packages Wiki Activity

More oidc tests test_login_callback_requires_step_up_auth and test_login_callback_no_step_up_auth, lint

Browse source
This commit is contained in:
Rachid Mrad 2023-12-07 16:33:35 -05:00
parent 1a2b16a3da
commit 1001454a85
No known key found for this signature in database
GPG key ID: EF38E4CEC4A8F3CF
5 changed files with 82 additions and 57 deletions
Download patch file Download diff file Expand all files Collapse all files

12
src/djangooidc/views.py
View file

@ -70,13 +70,10 @@ def login_callback(request):
userinfo = CLIENT.callback(query, request.session)
# test for need for identity verification and if it is satisfied
# if not satisfied, redirect user to login with stepped up acr_value
logger.info('login_callback start')
if requires_step_up_auth(userinfo):
# add acr_value to request.session
logger.info('login_callback inside requires_step_up_auth')
request.session["acr_value"] = CLIENT.get_step_up_acr_value()
logger.info('login_callback after get_step_up_acr_value')
# return CLIENT.create_authn_request(request.session)
return CLIENT.create_authn_request(request.session)
user = authenticate(request=request, **userinfo)
if user:
login(request, user)
@ -87,15 +84,17 @@ def login_callback(request):
except Exception as err:
return error_page(request, err)
def requires_step_up_auth(userinfo):
""" if User.needs_identity_verification and step_up_acr_value not in
ial returned from callback, return True """
"""if User.needs_identity_verification and step_up_acr_value not in
ial returned from callback, return True"""
step_up_acr_value = CLIENT.get_step_up_acr_value()
acr_value = userinfo.get("ial", "")
uuid = userinfo.get("sub", "")
email = userinfo.get("email", "")
return User.needs_identity_verification(email, uuid) and acr_value != step_up_acr_value
def logout(request, next_page=None):
"""Redirect the user to the authentication provider (OP) logout page."""
try:
@ -125,6 +124,7 @@ def logout(request, next_page=None):
if next_page:
request.session["next"] = next_page
def logout_callback(request):
"""Simple redirection view: after logout, redirect to `next`."""
next = request.session.get("next", "/")