create AuthenticationContext to consolidate auth logic

2018-08-09 09:26:57 -04:00
parent 3a41d9f81c
commit 07ce940650
4 changed files with 87 additions and 26 deletions
--- a/atst/routes/init.py
+++ b/atst/routes/init.py
@@ -4,8 +4,8 @@ import pendulum

 from atst.domain.requests import Requests
 from atst.domain.users import Users
-from atst.domain.authnid.utils import parse_sdn, email_from_certificate
-from atst.domain.exceptions import UnauthenticatedError, NotFoundError
+from atst.domain.authnid import AuthenticationContext
+

 bp = Blueprint("atst", __name__)

@@ -30,29 +30,23 @@ def catch_all(path):
    return render_template("{}.html".format(path))


-# TODO: this should be partly consolidated into a domain function that takes
-# all the necessary UWSGI environment values as args and either returns a user
-# or raises the UnauthenticatedError
+def _make_authentication_context():
+    return AuthenticationContext(
+            crl_validator=app.crl_validator,
+            auth_status=request.environ.get("HTTP_X_SSL_CLIENT_VERIFY"),
+            sdn=request.environ.get("HTTP_X_SSL_CLIENT_S_DN"),
+            cert=request.environ.get("HTTP_X_SSL_CLIENT_CERT")
+    )
+
+
@bp.route('/login-redirect')
 def login_redirect():
-    # raise S_DN parse errors
-    if request.environ.get('HTTP_X_SSL_CLIENT_VERIFY') == 'SUCCESS' and _is_valid_certificate(request):
-        sdn = request.environ.get('HTTP_X_SSL_CLIENT_S_DN')
-        sdn_parts = parse_sdn(sdn)
-        try:
-            user = Users.get_by_dod_id(sdn_parts["dod_id"])
-        except NotFoundError:
-            try:
-                email = email_from_certificate(request.environ.get('HTTP_X_SSL_CLIENT_CERT').encode())
-                sdn_parts["email"] = email
-            except ValueError:
-                pass
-            user = Users.create(**sdn_parts)
-        session["user_id"] = user.id
+    auth_context = _make_authentication_context()
+    auth_context.authenticate()
+    user = auth_context.get_user()
+    session["user_id"] = user.id

-        return redirect(url_for("atst.home"))
-    else:
-        raise UnauthenticatedError()
+    return redirect(url_for("atst.home"))


 def _is_valid_certificate(request):