Merge pull request #1747 from cisagov/dk/1127-handling-identity-down

Issue #1127: divorce health check from dependence on identity provider

src/djangooidc/views.py

@@ -55,7 +55,6 @@ def error_page(request, error):
 
 def openid(request):
     """Redirect the user to an authentication provider (OP)."""
-
     # If the session reset because of a server restart, attempt to login again
     request.session["acr_value"] = CLIENT.get_default_acr_value()
 

src/registrar/config/urls.py

@@ -74,7 +74,7 @@ urlpatterns = [
         views.ApplicationWithdrawn.as_view(),
         name="application-withdrawn",
     ),
-    path("health/", views.health),
+    path("health", views.health, name="health"),
     path("openid/", include("djangooidc.urls")),
     path("request/", include((application_urls, APPLICATION_NAMESPACE))),
     path("api/v1/available/", available, name="available"),

src/registrar/tests/test_url_auth.py

@@ -114,6 +114,13 @@ class TestURLAuth(TestCase):
         "/api/v1/available/",
         "/api/v1/get-report/current-federal",
         "/api/v1/get-report/current-full",
+        "/health",
+    ]
+
+    # We will test that the following URLs are not protected by auth
+    # and that the url returns a 200 response
+    NO_AUTH_URLS = [
+        "/health",
     ]
 
     def assertURLIsProtectedByAuth(self, url):
@@ -147,9 +154,33 @@ class TestURLAuth(TestCase):
                 f"GET {url} returned HTTP {code}, but should redirect to login or deny access",
             )
 
+    def assertURLIsNotProtectedByAuth(self, url):
+        """
+        Make a GET request to the given URL, and ensure that it returns 200.
+        """
+
+        try:
+            with less_console_noise():
+                response = self.client.get(url)
+        except Exception as e:
+            # It'll be helpful to provide information on what URL was being
+            # accessed at the time the exception occurred.  Python 3 will
+            # also include a full traceback of the original exception, so
+            # we don't need to worry about hiding the original cause.
+            raise AssertionError(f'Accessing {url} raised "{e}"', e)
+
+        code = response.status_code
+        if code != 200:
+            raise AssertionError(
+                f"GET {url} returned HTTP {code}, but should return 200 OK",
+            )
+
     def test_login_required_all_urls(self):
         """All URLs redirect to the login view."""
         for viewname, url in iter_sample_urls(registrar.config.urls):
             if url not in self.IGNORE_URLS:
                 with self.subTest(viewname=viewname):
                     self.assertURLIsProtectedByAuth(url)
+            elif url in self.NO_AUTH_URLS:
+                with self.subTest(viewname=viewname):
+                    self.assertURLIsNotProtectedByAuth(url)

src/registrar/tests/test_views.py

@@ -23,7 +23,7 @@ class TestViews(TestCase):
         self.client = Client()
 
     def test_health_check_endpoint(self):
-        response = self.client.get("/health/")
+        response = self.client.get("/health")
         self.assertContains(response, "OK", status_code=200)
 
     def test_home_page(self):