zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-05-15 09:07:02 +02:00
Code Issues Projects Releases Packages Wiki Activity

change StateMismatch to inherit AuthenticationFailed

Browse source
This commit is contained in:
Rachid Mrad 2024-03-20 12:29:12 -04:00
parent 3ea0d90853
commit d2c6a2df8b
No known key found for this signature in database
2 changed files with 8 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/djangooidc/exceptions.py
View file

@ -33,7 +33,7 @@ class AuthenticationFailed(OIDCException):
friendly_message = "This login attempt didn't work." friendly_message = "This login attempt didn't work."
class StateMismatch(OIDCException): class StateMismatch(AuthenticationFailed):
friendly_message = "State mismatch. This login attempt didn't work." friendly_message = "State mismatch. This login attempt didn't work."

12
src/djangooidc/tests/test_views.py
View file

@ -132,10 +132,11 @@ class ViewsTest(TestCase):
"""If the local session does not match the OP session, """If the local session does not match the OP session,
we do not throw an exception. Rather, we attempt to login again.""" we do not throw an exception. Rather, we attempt to login again."""
with less_console_noise(): with less_console_noise():
# MOCK # MOCK get_default_acr_value and the callback to raise StateMismatch
# error when called
mock_client.get_default_acr_value.side_effect = self.create_acr mock_client.get_default_acr_value.side_effect = self.create_acr
mock_client.callback.side_effect = StateMismatch() mock_client.callback.side_effect = StateMismatch()
# TEST # TEST receiving a response from login.gov
response = self.client.get(reverse("openid_login_callback")) response = self.client.get(reverse("openid_login_callback"))
# ASSERT # ASSERT
self.assertEqual(response.status_code, 302) self.assertEqual(response.status_code, 302)
@ -146,16 +147,17 @@ class ViewsTest(TestCase):
def test_login_callback_with_no_session_state_attempt_again_only_once(self, mock_client): def test_login_callback_with_no_session_state_attempt_again_only_once(self, mock_client):
"""We only attempt to relogin once. After that, it's the error page for you.""" """We only attempt to relogin once. After that, it's the error page for you."""
with less_console_noise(): with less_console_noise():
# MOCK # MOCK get_default_acr_value, redirect_attempted to True and the callback
# to raise StateMismatch error when called
mock_client.get_default_acr_value.side_effect = self.create_acr mock_client.get_default_acr_value.side_effect = self.create_acr
mock_client.callback.side_effect = StateMismatch() mock_client.callback.side_effect = StateMismatch()
session = self.client.session session = self.client.session
session["redirect_attempted"] = True session["redirect_attempted"] = True
session.save() session.save()
# TEST # TEST receiving a response from login.gov
response = self.client.get(reverse("openid_login_callback")) response = self.client.get(reverse("openid_login_callback"))
# ASSERT # ASSERT
self.assertEqual(response.status_code, 500) self.assertEqual(response.status_code, 401)
def test_login_callback_reads_next(self, mock_client): def test_login_callback_reads_next(self, mock_client):
"""If the next value is set in the session, test that login_callback returns """If the next value is set in the session, test that login_callback returns