zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-05-16 09:37:03 +02:00
Code Issues Projects Releases Packages Wiki Activity

health check to /health, updated testing of /health, cleaned up extraneous debug logging

Browse source
This commit is contained in:
David Kennedy 2024-02-07 13:08:26 -05:00
parent 7b64929d60
commit 2a676260c6
No known key found for this signature in database
GPG key ID: 6528A5386E66B96B
6 changed files with 39 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/djangooidc/oidc.py
View file

@ -27,7 +27,6 @@ class Client(oic.Client):
"""Step 1: Configure the OpenID Connect client.""" """Step 1: Configure the OpenID Connect client."""
logger.debug("Initializing the OpenID Connect client...") logger.debug("Initializing the OpenID Connect client...")
try: try:
logger.debug("__init__ first try")
provider = settings.OIDC_PROVIDERS[op] provider = settings.OIDC_PROVIDERS[op]
verify_ssl = getattr(settings, "OIDC_VERIFY_SSL", True) verify_ssl = getattr(settings, "OIDC_VERIFY_SSL", True)
except Exception as err: except Exception as err:
@ -36,7 +35,6 @@ class Client(oic.Client):
raise o_e.InternalError() raise o_e.InternalError()
try: try:
logger.debug("__init__ second try")
# prepare private key for authentication method of private_key_jwt # prepare private key for authentication method of private_key_jwt
key_bundle = keyio.KeyBundle() key_bundle = keyio.KeyBundle()
rsa_key = importKey(provider["client_registration"]["sp_private_key"]) rsa_key = importKey(provider["client_registration"]["sp_private_key"])
@ -53,7 +51,6 @@ class Client(oic.Client):
raise o_e.InternalError() raise o_e.InternalError()
try: try:
logger.debug("__init__ third try")
# create the oic client instance # create the oic client instance
super().__init__( super().__init__(
client_id=None, client_id=None,
@ -73,7 +70,6 @@ class Client(oic.Client):
raise o_e.InternalError() raise o_e.InternalError()
try: try:
logger.debug("__init__ fourth try")
# discover and store the provider (OP) urls, etc # discover and store the provider (OP) urls, etc
self.provider_config(provider["srv_discovery_url"]) self.provider_config(provider["srv_discovery_url"])
self.store_registration_info(RegistrationResponse(**provider["client_registration"])) self.store_registration_info(RegistrationResponse(**provider["client_registration"]))
@ -84,7 +80,6 @@ class Client(oic.Client):
provider["srv_discovery_url"], provider["srv_discovery_url"],
) )
raise o_e.InternalError() raise o_e.InternalError()
logger.debug("__init__ finished initializing")
def create_authn_request( def create_authn_request(
self, self,

3
src/djangooidc/views.py
View file

@ -16,7 +16,6 @@ from registrar.models import User
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
try: try:
logger.debug("oidc views initializing provider")
# Initialize provider using pyOICD # Initialize provider using pyOICD
OP = getattr(settings, "OIDC_ACTIVE_PROVIDER") OP = getattr(settings, "OIDC_ACTIVE_PROVIDER")
CLIENT = Client(OP) CLIENT = Client(OP)
@ -56,7 +55,6 @@ def error_page(request, error):
def openid(request): def openid(request):
"""Redirect the user to an authentication provider (OP).""" """Redirect the user to an authentication provider (OP)."""
logger.debug("in openid")
# If the session reset because of a server restart, attempt to login again # If the session reset because of a server restart, attempt to login again
request.session["acr_value"] = CLIENT.get_default_acr_value() request.session["acr_value"] = CLIENT.get_default_acr_value()
@ -70,7 +68,6 @@ def openid(request):
def login_callback(request): def login_callback(request):
"""Analyze the token returned by the authentication provider (OP).""" """Analyze the token returned by the authentication provider (OP)."""
logger.debug("in login_callback")
try: try:
query = parse_qs(request.GET.urlencode()) query = parse_qs(request.GET.urlencode())
userinfo = CLIENT.callback(query, request.session) userinfo = CLIENT.callback(query, request.session)

15
src/registrar/config/settings.py
View file

@ -437,7 +437,7 @@ LOGGING = {
"formatter": "verbose", "formatter": "verbose",
}, },
"django.server": { "django.server": {
"level": "DEBUG", "level": "INFO",
"class": "logging.StreamHandler", "class": "logging.StreamHandler",
"formatter": "django.server", "formatter": "django.server",
}, },
@ -451,37 +451,37 @@ LOGGING = {
# Django's generic logger # Django's generic logger
"django": { "django": {
"handlers": ["console"], "handlers": ["console"],
"level": "DEBUG", "level": "INFO",
"propagate": False, "propagate": False,
}, },
# Django's template processor # Django's template processor
"django.template": { "django.template": {
"handlers": ["console"], "handlers": ["console"],
"level": "DEBUG", "level": "INFO",
"propagate": False, "propagate": False,
}, },
# Django's runserver # Django's runserver
"django.server": { "django.server": {
"handlers": ["django.server"], "handlers": ["django.server"],
"level": "DEBUG", "level": "INFO",
"propagate": False, "propagate": False,
}, },
# Django's runserver requests # Django's runserver requests
"django.request": { "django.request": {
"handlers": ["django.server"], "handlers": ["django.server"],
"level": "DEBUG", "level": "INFO",
"propagate": False, "propagate": False,
}, },
# OpenID Connect logger # OpenID Connect logger
"oic": { "oic": {
"handlers": ["console"], "handlers": ["console"],
"level": "DEBUG", "level": "INFO",
"propagate": False, "propagate": False,
}, },
# Django wrapper for OpenID Connect # Django wrapper for OpenID Connect
"djangooidc": { "djangooidc": {
"handlers": ["console"], "handlers": ["console"],
"level": "DEBUG", "level": "INFO",
"propagate": False, "propagate": False,
}, },
# Our app! # Our app!
@ -516,7 +516,6 @@ LOGIN_URL = "/openid/login"
# the initial login requests without erroring. # the initial login requests without erroring.
LOGIN_REQUIRED_IGNORE_PATHS = [ LOGIN_REQUIRED_IGNORE_PATHS = [
r"/openid/(.+)$", r"/openid/(.+)$",
r"/health(.*)$",
] ]
# where to go after logging out # where to go after logging out

2
src/registrar/config/urls.py
View file

@ -74,7 +74,7 @@ urlpatterns = [
views.ApplicationWithdrawn.as_view(), views.ApplicationWithdrawn.as_view(),
name="application-withdrawn", name="application-withdrawn",
), ),
path("health/", views.health), path("health", views.health, name="health"),
path("openid/", include("djangooidc.urls")), path("openid/", include("djangooidc.urls")),
path("request/", include((application_urls, APPLICATION_NAMESPACE))), path("request/", include((application_urls, APPLICATION_NAMESPACE))),
path("api/v1/available/", available, name="available"), path("api/v1/available/", available, name="available"),

31
src/registrar/tests/test_url_auth.py
View file

@ -114,6 +114,13 @@ class TestURLAuth(TestCase):
"/api/v1/available/", "/api/v1/available/",
"/api/v1/get-report/current-federal", "/api/v1/get-report/current-federal",
"/api/v1/get-report/current-full", "/api/v1/get-report/current-full",
"/health",
]
# We will test that the following URLs are not protected by auth
# and that the url returns a 200 response
NO_AUTH_URLS = [
"/health",
] ]
def assertURLIsProtectedByAuth(self, url): def assertURLIsProtectedByAuth(self, url):
@ -147,9 +154,33 @@ class TestURLAuth(TestCase):
f"GET {url} returned HTTP {code}, but should redirect to login or deny access", f"GET {url} returned HTTP {code}, but should redirect to login or deny access",
) )
def assertURLIsNotProtectedByAuth(self, url):
"""
Make a GET request to the given URL, and ensure that it returns 200.
"""
try:
with less_console_noise():
response = self.client.get(url)
except Exception as e:
# It'll be helpful to provide information on what URL was being
# accessed at the time the exception occurred. Python 3 will
# also include a full traceback of the original exception, so
# we don't need to worry about hiding the original cause.
raise AssertionError(f'Accessing {url} raised "{e}"', e)
code = response.status_code
if code != 200:
raise AssertionError(
f"GET {url} returned HTTP {code}, but should return 200 OK",
)
def test_login_required_all_urls(self): def test_login_required_all_urls(self):
"""All URLs redirect to the login view.""" """All URLs redirect to the login view."""
for viewname, url in iter_sample_urls(registrar.config.urls): for viewname, url in iter_sample_urls(registrar.config.urls):
if url not in self.IGNORE_URLS: if url not in self.IGNORE_URLS:
with self.subTest(viewname=viewname): with self.subTest(viewname=viewname):
self.assertURLIsProtectedByAuth(url) self.assertURLIsProtectedByAuth(url)
elif url in self.NO_AUTH_URLS:
with self.subTest(viewname=viewname):
self.assertURLIsNotProtectedByAuth(url)

3
src/registrar/views/health.py
View file

@ -1,13 +1,10 @@
import logging
from django.http import HttpResponse from django.http import HttpResponse
from login_required import login_not_required from login_required import login_not_required
logger = logging.getLogger(__name__)
# the health check endpoint needs to be globally available so that the # the health check endpoint needs to be globally available so that the
# PaaS orchestrator can make sure the app has come up properly # PaaS orchestrator can make sure the app has come up properly
@login_not_required @login_not_required
def health(request): def health(request):
logger.debug("in health check view")
return HttpResponse('<html lang="en"><head><title>OK - Get.gov</title></head><body>OK</body>') return HttpResponse('<html lang="en"><head><title>OK - Get.gov</title></head><body>OK</body>')