health check to /health, updated testing of /health, cleaned up extraneous debug logging

2025-05-15 17:17:02 +02:00 · 2024-02-07 13:08:26 -05:00 · 2024-02-07 13:08:26 -05:00 · 2a676260c6
commit 2a676260c6
parent 7b64929d60
6 changed files with 39 additions and 20 deletions
--- a/src/djangooidc/oidc.py
+++ b/src/djangooidc/oidc.py
@ -27,7 +27,6 @@ class Client(oic.Client):
        """Step 1: Configure the OpenID Connect client."""
        logger.debug("Initializing the OpenID Connect client...")
        try:
-            logger.debug("__init__ first try")
            provider = settings.OIDC_PROVIDERS[op]
            verify_ssl = getattr(settings, "OIDC_VERIFY_SSL", True)
        except Exception as err:
@ -36,7 +35,6 @@ class Client(oic.Client):
            raise o_e.InternalError()

        try:
-            logger.debug("__init__ second try")
            # prepare private key for authentication method of private_key_jwt
            key_bundle = keyio.KeyBundle()
            rsa_key = importKey(provider["client_registration"]["sp_private_key"])
@ -53,7 +51,6 @@ class Client(oic.Client):
            raise o_e.InternalError()

        try:
-            logger.debug("__init__ third try")
            # create the oic client instance
            super().__init__(
                client_id=None,
@ -73,7 +70,6 @@ class Client(oic.Client):
            raise o_e.InternalError()

        try:
-            logger.debug("__init__ fourth try")
            # discover and store the provider (OP) urls, etc
            self.provider_config(provider["srv_discovery_url"])
            self.store_registration_info(RegistrationResponse(**provider["client_registration"]))
@ -84,7 +80,6 @@ class Client(oic.Client):
                provider["srv_discovery_url"],
            )
            raise o_e.InternalError()
-        logger.debug("__init__ finished initializing")

    def create_authn_request(
        self,
--- a/src/djangooidc/views.py
+++ b/src/djangooidc/views.py
@ -16,7 +16,6 @@ from registrar.models import User
 logger = logging.getLogger(__name__)

 try:
-    logger.debug("oidc views initializing provider")
    # Initialize provider using pyOICD
    OP = getattr(settings, "OIDC_ACTIVE_PROVIDER")
    CLIENT = Client(OP)
@ -56,7 +55,6 @@ def error_page(request, error):

 def openid(request):
    """Redirect the user to an authentication provider (OP)."""
-    logger.debug("in openid")
    # If the session reset because of a server restart, attempt to login again
    request.session["acr_value"] = CLIENT.get_default_acr_value()

@ -70,7 +68,6 @@ def openid(request):

 def login_callback(request):
    """Analyze the token returned by the authentication provider (OP)."""
-    logger.debug("in login_callback")
    try:
        query = parse_qs(request.GET.urlencode())
        userinfo = CLIENT.callback(query, request.session)
--- a/src/registrar/config/settings.py
+++ b/src/registrar/config/settings.py
@ -437,7 +437,7 @@ LOGGING = {
            "formatter": "verbose",
        },
        "django.server": {
-            "level": "DEBUG",
+            "level": "INFO",
            "class": "logging.StreamHandler",
            "formatter": "django.server",
        },
@ -451,37 +451,37 @@ LOGGING = {
        # Django's generic logger
        "django": {
            "handlers": ["console"],
-            "level": "DEBUG",
+            "level": "INFO",
            "propagate": False,
        },
        # Django's template processor
        "django.template": {
            "handlers": ["console"],
-            "level": "DEBUG",
+            "level": "INFO",
            "propagate": False,
        },
        # Django's runserver
        "django.server": {
            "handlers": ["django.server"],
-            "level": "DEBUG",
+            "level": "INFO",
            "propagate": False,
        },
        # Django's runserver requests
        "django.request": {
            "handlers": ["django.server"],
-            "level": "DEBUG",
+            "level": "INFO",
            "propagate": False,
        },
        # OpenID Connect logger
        "oic": {
            "handlers": ["console"],
-            "level": "DEBUG",
+            "level": "INFO",
            "propagate": False,
        },
        # Django wrapper for OpenID Connect
        "djangooidc": {
            "handlers": ["console"],
-            "level": "DEBUG",
+            "level": "INFO",
            "propagate": False,
        },
        # Our app!
@ -516,7 +516,6 @@ LOGIN_URL = "/openid/login"
 # the initial login requests without erroring.
 LOGIN_REQUIRED_IGNORE_PATHS = [
    r"/openid/(.+)$",
-    r"/health(.*)$",
 ]

 # where to go after logging out
--- a/src/registrar/config/urls.py
+++ b/src/registrar/config/urls.py
@ -74,7 +74,7 @@ urlpatterns = [
        views.ApplicationWithdrawn.as_view(),
        name="application-withdrawn",
    ),
-    path("health/", views.health),
+    path("health", views.health, name="health"),
    path("openid/", include("djangooidc.urls")),
    path("request/", include((application_urls, APPLICATION_NAMESPACE))),
    path("api/v1/available/", available, name="available"),
--- a/src/registrar/tests/test_url_auth.py
+++ b/src/registrar/tests/test_url_auth.py
@ -114,6 +114,13 @@ class TestURLAuth(TestCase):
        "/api/v1/available/",
        "/api/v1/get-report/current-federal",
        "/api/v1/get-report/current-full",
+        "/health",
+    ]
+
+    # We will test that the following URLs are not protected by auth
+    # and that the url returns a 200 response
+    NO_AUTH_URLS = [
+        "/health",
    ]

    def assertURLIsProtectedByAuth(self, url):
@ -147,9 +154,33 @@ class TestURLAuth(TestCase):
                f"GET {url} returned HTTP {code}, but should redirect to login or deny access",
            )
        
+    def assertURLIsNotProtectedByAuth(self, url):
+        """
+        Make a GET request to the given URL, and ensure that it returns 200.
+        """
+
+        try:
+            with less_console_noise():
+                response = self.client.get(url)
+        except Exception as e:
+            # It'll be helpful to provide information on what URL was being
+            # accessed at the time the exception occurred.  Python 3 will
+            # also include a full traceback of the original exception, so
+            # we don't need to worry about hiding the original cause.
+            raise AssertionError(f'Accessing {url} raised "{e}"', e)
+
+        code = response.status_code
+        if code != 200:
+            raise AssertionError(
+                f"GET {url} returned HTTP {code}, but should return 200 OK",
+            )
+
    def test_login_required_all_urls(self):
        """All URLs redirect to the login view."""
        for viewname, url in iter_sample_urls(registrar.config.urls):
            if url not in self.IGNORE_URLS:
                with self.subTest(viewname=viewname):
                    self.assertURLIsProtectedByAuth(url)
+            elif url in self.NO_AUTH_URLS:
+                with self.subTest(viewname=viewname):
+                    self.assertURLIsNotProtectedByAuth(url)
--- a/src/registrar/views/health.py
+++ b/src/registrar/views/health.py
@ -1,13 +1,10 @@
-import logging
 from django.http import HttpResponse

 from login_required import login_not_required

-logger = logging.getLogger(__name__)

 # the health check endpoint needs to be globally available so that the
 # PaaS orchestrator can make sure the app has come up properly
@login_not_required
 def health(request):
-    logger.debug("in health check view")
    return HttpResponse('<html lang="en"><head><title>OK - Get.gov</title></head><body>OK</body>')