pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

401 unauthorized page for bad logins

Browse Source
This commit is contained in:
dandds 2018-08-03 15:04:23 -04:00
parent 2ff5c604e1
commit 6dce89df1b
3 changed files with 30 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
atst/routes/__init__.py
View File

@ -29,25 +29,26 @@ def catch_all(path):
@bp.route('/login-redirect') @bp.route('/login-redirect')
def log_in_user(): def login_redirect():
# FIXME: Find or create user based on the X-Ssl-Client-S-Dn header
# TODO: Store/log the X-Ssl-Client-Cert in case it's needed?
if request.environ.get('HTTP_X_SSL_CLIENT_VERIFY') == 'SUCCESS' and is_valid_certificate(request): if request.environ.get('HTTP_X_SSL_CLIENT_VERIFY') == 'SUCCESS' and is_valid_certificate(request):
sdn = request.environ.get('HTTP_X_SSL_CLIENT_S_DN') sdn = request.environ.get('HTTP_X_SSL_CLIENT_S_DN')
# TODO: error handling for bad SDN, database errors, etc
sdn_parts = parse_sdn(sdn) sdn_parts = parse_sdn(sdn)
user = Users.get_or_create_by_dod_id(**sdn_parts) user = Users.get_or_create_by_dod_id(**sdn_parts)
session["user_id"] = user.id session["user_id"] = user.id
return redirect(url_for("atst.home")) return redirect(url_for("atst.home"))
else: else:
template = render_template('not_authorized.html', atst_url=app.config['ATST_PASSTHROUGH']) return redirect(url_for("atst.unauthorized"))
response = app.make_response(template)
response.status_code = 403
@bp.route("/unauthorized")
def unauthorized():
template = render_template('unauthorized.html')
response = app.make_response(template)
response.status_code = 401
return response return response
def is_valid_certificate(request): def is_valid_certificate(request):
cert = request.environ.get('HTTP_X_SSL_CLIENT_CERT') cert = request.environ.get('HTTP_X_SSL_CLIENT_CERT')
if cert: if cert:

12
templates/unauthorized.html Normal file
View File

@ -0,0 +1,12 @@
{% extends "base.html" %}
{% block content %}
<main class="usa-section usa-content">
<h1>Unauthorized</h1>
</main>
{% endblock %}

10
tests/test_auth.py
View File

@ -14,7 +14,7 @@ def _fetch_user_info(c, t):
return MOCK_USER return MOCK_USER
def test_login(client, monkeypatch): def test_successful_login_redirect(client, monkeypatch):
monkeypatch.setattr("atst.routes.is_valid_certificate", lambda *args: True) monkeypatch.setattr("atst.routes.is_valid_certificate", lambda *args: True)
resp = client.get( resp = client.get(
@ -28,3 +28,11 @@ def test_login(client, monkeypatch):
assert resp.status_code == 302 assert resp.status_code == 302
assert "home" in resp.headers["Location"] assert "home" in resp.headers["Location"]
assert session["user_id"] assert session["user_id"]
def test_unsuccessful_login_redirect(client, monkeypatch):
resp = client.get("/login-redirect")
assert resp.status_code == 302
assert "unauthorized" in resp.headers["Location"]
assert "user_id" not in session