-
Notifications
You must be signed in to change notification settings - Fork 9
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix: OAuth session checks and events (#1537)
- Loading branch information
Showing
9 changed files
with
175 additions
and
17 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
import logging | ||
|
||
from benefits.core import session | ||
from benefits.core.middleware import VerifierSessionRequired, user_error | ||
|
||
|
||
logger = logging.getLogger(__name__) | ||
|
||
|
||
class VerifierUsesAuthVerificationSessionRequired(VerifierSessionRequired): | ||
"""Middleware raises an exception for sessions lacking an eligibility verifier that uses auth verification.""" | ||
|
||
def process_request(self, request): | ||
result = super().process_request(request) | ||
if result: | ||
# from the base middleware class, the session didn't have a verifier | ||
return result | ||
|
||
if session.verifier(request).uses_auth_verification: | ||
return None | ||
else: | ||
logger.debug("Session not configured with eligibility verifier that uses auth verification") | ||
return user_error(request) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
from django.utils.decorators import decorator_from_middleware | ||
|
||
import pytest | ||
|
||
from benefits.core.middleware import VerifierSessionRequired, TEMPLATE_USER_ERROR | ||
|
||
|
||
@pytest.fixture | ||
def decorated_view(mocked_view): | ||
return decorator_from_middleware(VerifierSessionRequired)(mocked_view) | ||
|
||
|
||
@pytest.mark.django_db | ||
def test_verifier_required_no_verifier(app_request, mocked_view, decorated_view): | ||
response = decorated_view(app_request) | ||
|
||
mocked_view.assert_not_called() | ||
assert response.status_code == 200 | ||
assert response.template_name == TEMPLATE_USER_ERROR | ||
|
||
|
||
@pytest.mark.django_db | ||
@pytest.mark.usefixtures("mocked_session_verifier_oauth") | ||
def test_verifier_required_verifier(app_request, mocked_view, decorated_view): | ||
decorated_view(app_request) | ||
|
||
mocked_view.assert_called_once() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
import pytest | ||
|
||
from benefits.oauth.analytics import OAuthEvent | ||
|
||
|
||
@pytest.mark.django_db | ||
def test_OAuthEvent_checks_verifier_uses_auth_verification(app_request, mocked_session_verifier_auth_required): | ||
mocked_verifier = mocked_session_verifier_auth_required(app_request) | ||
|
||
OAuthEvent(app_request, "event type") | ||
|
||
mocked_verifier.uses_auth_verification.assert_called_once | ||
|
||
|
||
@pytest.mark.django_db | ||
def test_OAuthEvent_verifier_client_name_when_uses_auth_verification(app_request, mocked_session_verifier_auth_required): | ||
mocked_verifier = mocked_session_verifier_auth_required(app_request) | ||
mocked_verifier.auth_provider.client_name = "ClientName" | ||
|
||
event = OAuthEvent(app_request, "event type") | ||
|
||
assert "auth_provider" in event.event_properties | ||
assert event.event_properties["auth_provider"] == mocked_verifier.auth_provider.client_name | ||
|
||
|
||
@pytest.mark.django_db | ||
@pytest.mark.usefixtures("mocked_session_verifier_auth_not_required") | ||
def test_OAuthEvent_verifier_no_client_name_when_does_not_use_auth_verification(app_request): | ||
event = OAuthEvent(app_request, "event type") | ||
|
||
assert "auth_provider" not in event.event_properties |
38 changes: 38 additions & 0 deletions
38
tests/pytest/oauth/test_middleware_authverifier_required.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
from django.utils.decorators import decorator_from_middleware | ||
|
||
import pytest | ||
|
||
from benefits.core.middleware import TEMPLATE_USER_ERROR | ||
from benefits.oauth.middleware import VerifierUsesAuthVerificationSessionRequired | ||
|
||
|
||
@pytest.fixture | ||
def decorated_view(mocked_view): | ||
return decorator_from_middleware(VerifierUsesAuthVerificationSessionRequired)(mocked_view) | ||
|
||
|
||
@pytest.mark.django_db | ||
def test_authverifier_required_no_verifier(app_request, mocked_view, decorated_view): | ||
response = decorated_view(app_request) | ||
|
||
mocked_view.assert_not_called() | ||
assert response.status_code == 200 | ||
assert response.template_name == TEMPLATE_USER_ERROR | ||
|
||
|
||
@pytest.mark.django_db | ||
@pytest.mark.usefixtures("mocked_session_verifier_auth_not_required") | ||
def test_authverifier_required_no_authverifier(app_request, mocked_view, decorated_view): | ||
response = decorated_view(app_request) | ||
|
||
mocked_view.assert_not_called() | ||
assert response.status_code == 200 | ||
assert response.template_name == TEMPLATE_USER_ERROR | ||
|
||
|
||
@pytest.mark.django_db | ||
@pytest.mark.usefixtures("mocked_session_verifier_oauth") | ||
def test_authverifier_required_authverifier(app_request, mocked_view, decorated_view): | ||
decorated_view(app_request) | ||
|
||
mocked_view.assert_called_once() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters