zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-05-15 17:17:02 +02:00
Code Issues Projects Releases Packages Wiki Activity

updated comments to reflect tests; made logic more readable in needs_identity_verification

Browse source
This commit is contained in:
David Kennedy 2023-12-08 17:32:25 -05:00
parent 0ed0cb6c37
commit f7fdecfd33
No known key found for this signature in database
GPG key ID: 6528A5386E66B96B
4 changed files with 18 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

12
src/djangooidc/tests/test_views.py
View file

@ -99,7 +99,10 @@ class ViewsTest(TestCase):
) as mock_create_authn_request:
login_callback(request)
# Assert that get_step_up_acr_value was called and session was updated
# create_authn_request only gets called when requires_step_up_auth is True
# and it changes this acr_value in request.session
# Assert that acr_value is no longer empty string
self.assertNotEqual(request.session["acr_value"], "")
# And create_authn_request was called again
mock_create_authn_request.assert_called_once()
@ -120,9 +123,12 @@ class ViewsTest(TestCase):
) as mock_create_authn_request:
login_callback(request)
# Assert that get_step_up_acr_value was NOT called and session was NOT updated
# create_authn_request only gets called when requires_step_up_auth is True
# and it changes this acr_value in request.session
# Assert that acr_value is NOT updated by testing that it is still an empty string
self.assertEqual(request.session["acr_value"], "")
# create_authn_request was not called
# Assert create_authn_request was not called
mock_create_authn_request.assert_not_called()
@patch("djangooidc.views.authenticate")

9
src/djangooidc/views.py
View file

@ -92,7 +92,14 @@ def requires_step_up_auth(userinfo):
acr_value = userinfo.get("ial", "")
uuid = userinfo.get("sub", "")
email = userinfo.get("email", "")
return User.needs_identity_verification(email, uuid) and acr_value != step_up_acr_value
if acr_value != step_up_acr_value:
# The acr of this attempt is not at the highest level
# so check if the user needs the higher level
return User.needs_identity_verification(email, uuid)
else:
# This attempt already came back at the highest level
# so does not require step up
return False
def logout(request, next_page=None):