From 1522c42683ddac08d32e53201f6850d50c788247 Mon Sep 17 00:00:00 2001 From: Montana Date: Wed, 22 Aug 2018 15:11:18 -0400 Subject: [PATCH 1/2] Redirect non-ccpo users to requests after login --- atst/routes/__init__.py | 5 ++++- atst/routes/dev.py | 6 +++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/atst/routes/__init__.py b/atst/routes/__init__.py index 68c83437..19168870 100644 --- a/atst/routes/__init__.py +++ b/atst/routes/__init__.py @@ -46,7 +46,10 @@ def login_redirect(): user = auth_context.get_user() session["user_id"] = user.id - return redirect(url_for("atst.home")) + if user.atat_role.name == "ccpo": + return redirect(url_for("atst.home")) + else: + return redirect(url_for("requests.requests_index")) def _is_valid_certificate(request): diff --git a/atst/routes/dev.py b/atst/routes/dev.py index f66e3f08..554be6fb 100644 --- a/atst/routes/dev.py +++ b/atst/routes/dev.py @@ -61,4 +61,8 @@ def login_dev(): email=user_data["email"] ) session["user_id"] = user.id - return redirect(url_for("atst.home")) + + if user.atat_role.name == "ccpo": + return redirect(url_for("atst.home")) + else: + return redirect(url_for("requests.requests_index")) From 5f0a9e22d6cf9a0e9e3116da00d2f4508b24039c Mon Sep 17 00:00:00 2001 From: Montana Date: Wed, 22 Aug 2018 15:41:33 -0400 Subject: [PATCH 2/2] Fix tests --- tests/test_auth.py | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/tests/test_auth.py b/tests/test_auth.py index 4aa5bc1d..f04837ac 100644 --- a/tests/test_auth.py +++ b/tests/test_auth.py @@ -2,6 +2,7 @@ import pytest from flask import session, url_for from .mocks import DOD_SDN_INFO, DOD_SDN, FIXTURE_EMAIL_ADDRESS from atst.domain.users import Users +from atst.domain.roles import Roles from atst.domain.exceptions import NotFoundError from .factories import UserFactory @@ -13,7 +14,7 @@ def _fetch_user_info(c, t): return MOCK_USER -def test_successful_login_redirect(client, monkeypatch): +def test_successful_login_redirect_non_ccpo(client, monkeypatch): monkeypatch.setattr("atst.domain.authnid.AuthenticationContext.authenticate", lambda *args: True) monkeypatch.setattr("atst.domain.authnid.AuthenticationContext.get_user", lambda *args: UserFactory.create()) @@ -26,6 +27,24 @@ def test_successful_login_redirect(client, monkeypatch): }, ) + assert resp.status_code == 302 + assert "requests" in resp.headers["Location"] + assert session["user_id"] + +def test_successful_login_redirect_ccpo(client, monkeypatch): + monkeypatch.setattr("atst.domain.authnid.AuthenticationContext.authenticate", lambda *args: True) + role = Roles.get("ccpo") + monkeypatch.setattr("atst.domain.authnid.AuthenticationContext.get_user", lambda *args: UserFactory.create(atat_role=role)) + + resp = client.get( + "/login-redirect", + environ_base={ + "HTTP_X_SSL_CLIENT_VERIFY": "SUCCESS", + "HTTP_X_SSL_CLIENT_S_DN": "", + "HTTP_X_SSL_CLIENT_CERT": "", + }, + ) + assert resp.status_code == 302 assert "home" in resp.headers["Location"] assert session["user_id"] @@ -90,7 +109,7 @@ def test_crl_validation_on_login(client): }, ) assert resp.status_code == 302 - assert "home" in resp.headers["Location"] + assert "requests" in resp.headers["Location"] assert session["user_id"]