Merge pull request #1747 from cisagov/dk/1127-handling-identity-down

Issue #1127: divorce health check from dependence on identity provider
2025-08-06 09:45:23 +02:00 · 2024-02-13 08:52:25 -05:00 · 2024-02-13 08:52:25 -05:00 · a0494c1c21
commit a0494c1c21
parent 75220c5ecb d4c47cc365
4 changed files with 33 additions and 3 deletions
--- a/src/djangooidc/views.py
+++ b/src/djangooidc/views.py
@ -55,7 +55,6 @@ def error_page(request, error):

 def openid(request):
    """Redirect the user to an authentication provider (OP)."""
-
    # If the session reset because of a server restart, attempt to login again
    request.session["acr_value"] = CLIENT.get_default_acr_value()

--- a/src/registrar/config/urls.py
+++ b/src/registrar/config/urls.py
@ -74,7 +74,7 @@ urlpatterns = [
        views.ApplicationWithdrawn.as_view(),
        name="application-withdrawn",
    ),
-    path("health/", views.health),
+    path("health", views.health, name="health"),
    path("openid/", include("djangooidc.urls")),
    path("request/", include((application_urls, APPLICATION_NAMESPACE))),
    path("api/v1/available/", available, name="available"),
--- a/src/registrar/tests/test_url_auth.py
+++ b/src/registrar/tests/test_url_auth.py
@ -114,6 +114,13 @@ class TestURLAuth(TestCase):
        "/api/v1/available/",
        "/api/v1/get-report/current-federal",
        "/api/v1/get-report/current-full",
+        "/health",
+    ]
+
+    # We will test that the following URLs are not protected by auth
+    # and that the url returns a 200 response
+    NO_AUTH_URLS = [
+        "/health",
    ]

    def assertURLIsProtectedByAuth(self, url):
@ -147,9 +154,33 @@ class TestURLAuth(TestCase):
                f"GET {url} returned HTTP {code}, but should redirect to login or deny access",
            )

+    def assertURLIsNotProtectedByAuth(self, url):
+        """
+        Make a GET request to the given URL, and ensure that it returns 200.
+        """
+
+        try:
+            with less_console_noise():
+                response = self.client.get(url)
+        except Exception as e:
+            # It'll be helpful to provide information on what URL was being
+            # accessed at the time the exception occurred.  Python 3 will
+            # also include a full traceback of the original exception, so
+            # we don't need to worry about hiding the original cause.
+            raise AssertionError(f'Accessing {url} raised "{e}"', e)
+
+        code = response.status_code
+        if code != 200:
+            raise AssertionError(
+                f"GET {url} returned HTTP {code}, but should return 200 OK",
+            )
+
    def test_login_required_all_urls(self):
        """All URLs redirect to the login view."""
        for viewname, url in iter_sample_urls(registrar.config.urls):
            if url not in self.IGNORE_URLS:
                with self.subTest(viewname=viewname):
                    self.assertURLIsProtectedByAuth(url)
+            elif url in self.NO_AUTH_URLS:
+                with self.subTest(viewname=viewname):
+                    self.assertURLIsNotProtectedByAuth(url)
--- a/src/registrar/tests/test_views.py
+++ b/src/registrar/tests/test_views.py
@ -23,7 +23,7 @@ class TestViews(TestCase):
        self.client = Client()

    def test_health_check_endpoint(self):
-        response = self.client.get("/health/")
+        response = self.client.get("/health")
        self.assertContains(response, "OK", status_code=200)

    def test_home_page(self):