zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-05-29 08:50:01 +02:00
Code Issues Projects Releases Packages Wiki Activity

Rename requires_biometric to requires step up

Browse source
This commit is contained in:
zandercymatics 2024-05-21 11:44:26 -06:00
parent 2fab655012
commit c779255b28
No known key found for this signature in database
GPG key ID: FF4636ABEC9682B7
3 changed files with 22 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/djangooidc/oidc.py
View file

@ -85,7 +85,7 @@ class Client(oic.Client):
def create_authn_request( def create_authn_request(
self, self,
session, session,
do_biometric_auth=False, do_step_up_auth=False,
extra_args=None, extra_args=None,
): ):
"""Step 2: Construct a login URL at OP's domain and send the user to it.""" """Step 2: Construct a login URL at OP's domain and send the user to it."""
@ -103,7 +103,7 @@ class Client(oic.Client):
"nonce": session["nonce"], "nonce": session["nonce"],
"redirect_uri": self.registration_response["redirect_uris"][0], "redirect_uri": self.registration_response["redirect_uris"][0],
} }
if do_biometric_auth: if do_step_up_auth:
self._set_args_for_biometric_auth_request(session, request_args) self._set_args_for_biometric_auth_request(session, request_args)
else: else:
request_args["acr_values"] = self.behaviour.get("acr_value") request_args["acr_values"] = self.behaviour.get("acr_value")

34
src/djangooidc/tests/test_views.py
View file

@ -184,7 +184,7 @@ class ViewsTest(TestCase):
# patch that the request does not require step up auth # patch that the request does not require step up auth
# TEST # TEST
# test the login callback url # test the login callback url
with patch("djangooidc.views._requires_biometric_auth", return_value=False): with patch("djangooidc.views._requires_step_up_auth", return_value=False):
response = self.client.get(reverse("openid_login_callback")) response = self.client.get(reverse("openid_login_callback"))
# ASSERTIONS # ASSERTIONS
# assert the redirect url is the same as the 'next' value set in session # assert the redirect url is the same as the 'next' value set in session
@ -224,7 +224,7 @@ class ViewsTest(TestCase):
# mock that callback returns user_info; this is the expected behavior # mock that callback returns user_info; this is the expected behavior
mock_client.callback.side_effect = self.user_info mock_client.callback.side_effect = self.user_info
# patch that the request does not require step up auth # patch that the request does not require step up auth
with patch("djangooidc.views._requires_biometric_auth", return_value=False): with patch("djangooidc.views._requires_step_up_auth", return_value=False):
with patch("djangooidc.views._initialize_client") as mock_init_client: with patch("djangooidc.views._initialize_client") as mock_init_client:
with patch("djangooidc.views._client_is_none") as mock_client_is_none: with patch("djangooidc.views._client_is_none") as mock_client_is_none:
# mock the client to initially be None # mock the client to initially be None
@ -252,7 +252,7 @@ class ViewsTest(TestCase):
# mock that callback returns user_info; this is the expected behavior # mock that callback returns user_info; this is the expected behavior
mock_client.callback.side_effect = self.user_info mock_client.callback.side_effect = self.user_info
# patch that the request does not require step up auth # patch that the request does not require step up auth
with patch("djangooidc.views._requires_biometric_auth", return_value=False), patch( with patch("djangooidc.views._requires_step_up_auth", return_value=False), patch(
"djangooidc.views._initialize_client" "djangooidc.views._initialize_client"
) as mock_init_client: ) as mock_init_client:
with patch("djangooidc.views._client_is_none", return_value=True): with patch("djangooidc.views._client_is_none", return_value=True):
@ -285,7 +285,7 @@ class ViewsTest(TestCase):
# mock that callback returns user_info; this is the expected behavior # mock that callback returns user_info; this is the expected behavior
mock_client.callback.side_effect = self.user_info mock_client.callback.side_effect = self.user_info
# patch that the request does not require step up auth # patch that the request does not require step up auth
with patch("djangooidc.views._requires_biometric_auth", return_value=False), patch( with patch("djangooidc.views._requires_step_up_auth", return_value=False), patch(
"djangooidc.views._initialize_client" "djangooidc.views._initialize_client"
) as mock_init_client: ) as mock_init_client:
with patch("djangooidc.views._client_is_none", return_value=True): with patch("djangooidc.views._client_is_none", return_value=True):
@ -319,7 +319,7 @@ class ViewsTest(TestCase):
td, _ = TransitionDomain.objects.get_or_create(username="test@example.com", domain_name="test123.gov") td, _ = TransitionDomain.objects.get_or_create(username="test@example.com", domain_name="test123.gov")
# patch that the request does not require step up auth # patch that the request does not require step up auth
with patch("djangooidc.views._requires_biometric_auth", return_value=False), patch( with patch("djangooidc.views._requires_step_up_auth", return_value=False), patch(
"djangooidc.views._initialize_client" "djangooidc.views._initialize_client"
) as mock_init_client: ) as mock_init_client:
with patch("djangooidc.views._client_is_none", return_value=True): with patch("djangooidc.views._client_is_none", return_value=True):
@ -353,7 +353,7 @@ class ViewsTest(TestCase):
vip, _ = VerifiedByStaff.objects.get_or_create(email="test@example.com") vip, _ = VerifiedByStaff.objects.get_or_create(email="test@example.com")
# patch that the request does not require step up auth # patch that the request does not require step up auth
with patch("djangooidc.views._requires_biometric_auth", return_value=False), patch( with patch("djangooidc.views._requires_step_up_auth", return_value=False), patch(
"djangooidc.views._initialize_client" "djangooidc.views._initialize_client"
) as mock_init_client: ) as mock_init_client:
with patch("djangooidc.views._client_is_none", return_value=True): with patch("djangooidc.views._client_is_none", return_value=True):
@ -374,7 +374,7 @@ class ViewsTest(TestCase):
self.assertEqual(created_user.verification_type, User.VerificationTypeChoices.VERIFIED_BY_STAFF) self.assertEqual(created_user.verification_type, User.VerificationTypeChoices.VERIFIED_BY_STAFF)
def test_login_callback_no_step_up_auth(self, mock_client): def test_login_callback_no_step_up_auth(self, mock_client):
"""Walk through login_callback when _requires_biometric_auth returns False """Walk through login_callback when _requires_step_up_auth returns False
and assert that we have a redirect to /""" and assert that we have a redirect to /"""
with less_console_noise(): with less_console_noise():
# SETUP # SETUP
@ -386,7 +386,7 @@ class ViewsTest(TestCase):
# patch that the request does not require step up auth # patch that the request does not require step up auth
# TEST # TEST
# test the login callback url # test the login callback url
with patch("djangooidc.views._requires_biometric_auth", return_value=False): with patch("djangooidc.views._requires_step_up_auth", return_value=False):
response = self.client.get(reverse("openid_login_callback")) response = self.client.get(reverse("openid_login_callback"))
# ASSERTIONS # ASSERTIONS
# assert that redirect is to / when no 'next' is set # assert that redirect is to / when no 'next' is set
@ -403,7 +403,7 @@ class ViewsTest(TestCase):
# Ensure that the CLIENT instance used in login_callback is the mock # Ensure that the CLIENT instance used in login_callback is the mock
# patch _requires_step_up_auth to return True # patch _requires_step_up_auth to return True
with patch("djangooidc.views._requires_biometric_auth", return_value=True), patch( with patch("djangooidc.views._requires_step_up_auth", return_value=True), patch(
"djangooidc.views.CLIENT.create_authn_request" "djangooidc.views.CLIENT.create_authn_request"
) as mock_create_authn_request: ) as mock_create_authn_request:
# TEST # TEST
@ -411,7 +411,7 @@ class ViewsTest(TestCase):
login_callback(request) login_callback(request)
# ASSERTIONS # ASSERTIONS
# create_authn_request only gets called when _requires_biometric_auth is True. # create_authn_request only gets called when _requires_step_up_auth is True.
# The acr_value should be blank here # The acr_value should be blank here
self.assertEqual(request.session["acr_value"], "") self.assertEqual(request.session["acr_value"], "")
self.assertEqual(request.session["needs_biometric_validation"], True) self.assertEqual(request.session["needs_biometric_validation"], True)
@ -419,26 +419,26 @@ class ViewsTest(TestCase):
# And create_authn_request was called again # And create_authn_request was called again
mock_create_authn_request.assert_called_once() mock_create_authn_request.assert_called_once()
def test_login_callback_does_not_requires_biometric_auth(self, mock_client): def test_login_callback_does_not_requires_step_up_auth(self, mock_client):
"""Invoke login_callback passing it a request when _requires_biometric_auth returns False """Invoke login_callback passing it a request when _requires_step_up_auth returns False
and assert that session is not updated and create_authn_request (mock) is not called. and assert that session is not updated and create_authn_request (mock) is not called.
Possibly redundant with test_login_callback_requires_biometric_auth""" Possibly redundant with test_login_callback_requires_step_up_auth"""
with less_console_noise(): with less_console_noise():
# MOCK # MOCK
# Create a mock request # Create a mock request
request = self.factory.get("/some-url") request = self.factory.get("/some-url")
request.session = {"acr_value": ""} request.session = {"acr_value": ""}
# Ensure that the CLIENT instance used in login_callback is the mock # Ensure that the CLIENT instance used in login_callback is the mock
# patch _requires_biometric_auth to return False # patch _requires_step_up_auth to return False
with patch("djangooidc.views._requires_biometric_auth", return_value=False), patch( with patch("djangooidc.views._requires_step_up_auth", return_value=False), patch(
"djangooidc.views.CLIENT.create_authn_request", return_value=MagicMock() "djangooidc.views.CLIENT.create_authn_request", return_value=MagicMock()
) as mock_create_authn_request: ) as mock_create_authn_request:
# TEST # TEST
# test the login callback # test the login callback
login_callback(request) login_callback(request)
# ASSERTIONS # ASSERTIONS
# create_authn_request only gets called when _requires_biometric_auth is True # create_authn_request only gets called when _requires_step_up_auth is True
# and it changes this acr_value in request.session # and it changes this acr_value in request.session
# Assert that acr_value is NOT updated by testing that it is still an empty string # Assert that acr_value is NOT updated by testing that it is still an empty string
self.assertEqual(request.session["acr_value"], "") self.assertEqual(request.session["acr_value"], "")
@ -454,7 +454,7 @@ class ViewsTest(TestCase):
mock_client.callback.side_effect = self.user_info mock_client.callback.side_effect = self.user_info
mock_auth.return_value = None mock_auth.return_value = None
# TEST # TEST
with patch("djangooidc.views._requires_biometric_auth", return_value=False): with patch("djangooidc.views._requires_step_up_auth", return_value=False):
response = self.client.get(reverse("openid_login_callback")) response = self.client.get(reverse("openid_login_callback"))
# ASSERTIONS # ASSERTIONS
self.assertEqual(response.status_code, 401) self.assertEqual(response.status_code, 401)

6
src/djangooidc/views.py
View file

@ -97,12 +97,12 @@ def login_callback(request):
# Tests for the presence of the vtm/vtr values in the userinfo object. # Tests for the presence of the vtm/vtr values in the userinfo object.
# If they are there, then we can set a flag in our session for tracking purposes. # If they are there, then we can set a flag in our session for tracking purposes.
needs_biometric_validation = _requires_biometric_auth(userinfo) needs_biometric_validation = _requires_step_up_auth(userinfo)
request.session["needs_biometric_validation"] = needs_biometric_validation request.session["needs_biometric_validation"] = needs_biometric_validation
# Return a redirect request to a new auth url that does biometric validation # Return a redirect request to a new auth url that does biometric validation
if needs_biometric_validation: if needs_biometric_validation:
return CLIENT.create_authn_request(request.session, do_biometric_auth=True) return CLIENT.create_authn_request(request.session, do_step_up_auth=True)
user = authenticate(request=request, **userinfo) user = authenticate(request=request, **userinfo)
if user: if user:
@ -145,7 +145,7 @@ def login_callback(request):
return error_page(request, err) return error_page(request, err)
def _requires_biometric_auth(userinfo) -> bool: def _requires_step_up_auth(userinfo) -> bool:
""" """
Checks for the presence of the key 'vtm' and 'vtr' in the provided `userinfo` object. Checks for the presence of the key 'vtm' and 'vtr' in the provided `userinfo` object.