Test AuthenticationContext

2019-03-04 13:47:49 -05:00 · 2019-03-04 13:47:49 -05:00 · 30cd77ff98
commit 30cd77ff98
parent 720859efb6
3 changed files with 25 additions and 5 deletions
--- a/atst/domain/authnid/init.py
+++ b/atst/domain/authnid/init.py
@ -1,7 +1,7 @@
 from atst.domain.exceptions import UnauthenticatedError, NotFoundError
 from atst.domain.users import Users
 from .utils import parse_sdn, email_from_certificate
-from .crl import CRLRevocationException
+from .crl import CRLRevocationException, CRLInvalidException


 class AuthenticationContext:
@ -47,6 +47,8 @@ class AuthenticationContext:
    def _crl_check(self):
        try:
            self.crl_cache.crl_check(self.cert)
+        except CRLInvalidException as exc:
+            raise UnauthenticatedError("CRL expired. " + str(exc))
        except CRLRevocationException as exc:
            raise UnauthenticatedError("CRL check failed. " + str(exc))

--- a/tests/domain/authnid/test_authentication_context.py
+++ b/tests/domain/authnid/test_authentication_context.py
@ -1,7 +1,11 @@
 import pytest

 from atst.domain.authnid import AuthenticationContext
-from atst.domain.authnid.crl import CRLCache, CRLRevocationException
+from atst.domain.authnid.crl import (
+    CRLCache,
+    CRLRevocationException,
+    CRLInvalidException,
+)
 from atst.domain.exceptions import UnauthenticatedError, NotFoundError
 from atst.domain.users import Users

@ -12,12 +16,15 @@ CERT = open("tests/fixtures/{}.crt".format(FIXTURE_EMAIL_ADDRESS)).read()


 class MockCRLCache:
-    def __init__(self, valid=True):
+    def __init__(self, valid=True, expired=False):
        self.valid = valid
+        self.expired = expired

    def crl_check(self, cert):
        if self.valid:
            return True
+        elif self.expired == True:
+            raise CRLInvalidException()

        raise CRLRevocationException()

@ -45,6 +52,17 @@ def test_crl_check_fails():
    assert "CRL check" in message


+def test_expired_crl_check_fails():
+    auth_context = AuthenticationContext(
+        MockCRLCache(valid=False, expired=True), "SUCCESS", DOD_SDN, CERT
+    )
+    with pytest.raises(UnauthenticatedError) as excinfo:
+        assert auth_context.authenticate()
+
+    (message,) = excinfo.value.args
+    assert "CRL expired" in message
+
+
 def test_bad_sdn():
    auth_context = AuthenticationContext(MockCRLCache(), "SUCCESS", "abc123", CERT)
    with pytest.raises(UnauthenticatedError) as excinfo:
--- a/tests/domain/authnid/test_crl.py
+++ b/tests/domain/authnid/test_crl.py
@ -188,7 +188,7 @@ def test_can_dynamically_update_crls(tmpdir):
    assert cache.crl_check(cert)
    # override the original CRL with one that revokes atat.mil.crt
    shutil.copyfile("tests/fixtures/test.der.crl", crl_file)
-    with pytest.raises(CRLRevocationException):
+    with pytest.raises(CRLInvalidException):
        assert cache.crl_check(cert)


@ -197,7 +197,7 @@ def test_throws_error_for_missing_issuer():
    # this cert is self-signed, and so the application does not have a
    # corresponding CRL for it
    cert = open("tests/fixtures/{}.crt".format(FIXTURE_EMAIL_ADDRESS), "rb").read()
-    with pytest.raises(CRLRevocationException) as exc:
+    with pytest.raises(CRLInvalidException) as exc:
        assert cache.crl_check(cert)
    (message,) = exc.value.args
    # objects that the issuer is missing