From d573c5459bcfc241e0611939f0cb4d6151d3f5b1 Mon Sep 17 00:00:00 2001
From: dandds <dan-ctr@friends.dds.mil>
Date: Mon, 11 Jun 2018 16:24:08 -0400
Subject: [PATCH] provide dev access to app

---
 atst/app.py          | 40 +++++++++++++++++++++++++---------------
 atst/handler.py      |  1 +
 atst/handlers/dev.py | 13 +++++++++++++
 tests/test_auth.py   |  9 ++++++++-
 4 files changed, 47 insertions(+), 16 deletions(-)
 create mode 100644 atst/handlers/dev.py

diff --git a/atst/app.py b/atst/app.py
index 07f35cc2..25721153 100644
--- a/atst/app.py
+++ b/atst/app.py
@@ -8,29 +8,39 @@ from atst.handlers.login import Login
 from atst.handlers.workspace import Workspace
 from atst.handlers.request import Request
 from atst.handlers.request_new import RequestNew
+from atst.handlers.dev import Dev
 from atst.home import home
 from atst.api_client import ApiClient
 
 
+routes = [
+    url(r"/", Login, {"page": "login"}, name="main"),
+    url(r"/login", Login, {"page": "login"}, name="login"),
+    url(r"/home", MainHandler, {"page": "home"}, name="home"),
+    url(r"/workspaces", Workspace, {"page": "workspaces"}, name="workspaces"),
+    url(r"/requests", Request, {"page": "requests"}, name="requests"),
+    url(r"/requests/new", RequestNew, {"page": "requests_new"}, name="request_new"),
+    url(
+        r"/requests/new/([0-9])",
+        RequestNew,
+        {"page": "requests_new"},
+        name="request_form",
+    ),
+    url(r"/users", MainHandler, {"page": "users"}, name="users"),
+    url(r"/reports", MainHandler, {"page": "reports"}, name="reports"),
+    url(r"/calculator", MainHandler, {"page": "calculator"}, name="calculator"),
+]
+
+env = os.getenv("TORNADO_ENV", "development")
+if not env == "production":
+    routes += [url(r"/login-dev", Dev, {"action": "login"}, name="dev-login")]
+
 def make_app(config):
 
     authz_client = ApiClient(config['default']['AUTHZ_BASE_URL'])
 
-    app = tornado.web.Application([
-            url( r"/",           Login, {'page': 'login'},      name='main' ),
-            url( r"/login",      Login, {'page': 'login'},      name='login' ),
-            url( r"/home",       MainHandler, {'page': 'home'},       name='home' ),
-            url( r"/workspaces",
-                 Workspace,
-                 {'page': 'workspaces', 'authz_client': authz_client},
-                 name='workspaces'),
-            url( r"/requests",   Request,     {'page': 'requests'},   name='requests' ),
-            url( r"/requests/new",         RequestNew, {'page': 'requests_new'},   name='request_new' ),
-            url( r"/requests/new/([0-9])", RequestNew, {'page': 'requests_new'},   name='request_form' ),
-            url( r"/users",      MainHandler, {'page': 'users'},      name='users' ),
-            url( r"/reports",    MainHandler, {'page': 'reports'},    name='reports' ),
-            url( r"/calculator", MainHandler, {'page': 'calculator'}, name='calculator' ),
-        ],
+    app = tornado.web.Application(
+        routes,
         template_path = home.child('templates'),
         static_path   = home.child('static'),
         debug=config['default'].getboolean('DEBUG')
diff --git a/atst/handler.py b/atst/handler.py
index 8af83bf3..446c8df9 100644
--- a/atst/handler.py
+++ b/atst/handler.py
@@ -56,5 +56,6 @@ class BaseHandler(tornado.web.RequestHandler):
         else:
             False
 
+    # this is a temporary implementation until we have real sessions
     def _start_session(self):
         self.set_secure_cookie('atst', 'valid-user-session')
diff --git a/atst/handlers/dev.py b/atst/handlers/dev.py
new file mode 100644
index 00000000..e6aee9f3
--- /dev/null
+++ b/atst/handlers/dev.py
@@ -0,0 +1,13 @@
+from atst.handler import BaseHandler, authenticated
+
+class Dev(BaseHandler):
+    def initialize(self, action):
+        self.action = action
+
+    def get(self):
+        if self.action == 'login':
+            self._login()
+
+    def _login(self):
+        self._start_session()
+        self.redirect("/home")
diff --git a/tests/test_auth.py b/tests/test_auth.py
index edcd356e..756e9c00 100644
--- a/tests/test_auth.py
+++ b/tests/test_auth.py
@@ -11,7 +11,6 @@ def test_redirects_when_not_logged_in(http_client, base_url):
     assert response.error
     assert response.headers["Location"] == "/login"
 
-
 @pytest.mark.gen_test
 def test_login_with_valid_bearer_token(app, monkeypatch, http_client, base_url):
     monkeypatch.setattr("atst.handler.validate_login_token", lambda t: True)
@@ -22,6 +21,14 @@ def test_login_with_valid_bearer_token(app, monkeypatch, http_client, base_url):
     assert response.code == 200
     assert not response.error
 
+@pytest.mark.gen_test
+def test_login_with_via_dev_endpoint(app, monkeypatch, http_client, base_url):
+    response = yield http_client.fetch(
+        base_url + "/login-dev", raise_error=False, follow_redirects=False
+    )
+    assert response.headers['Set-Cookie'].startswith('atst')
+    assert response.code == 302
+    assert response.headers["Location"] == "/home"
 
 @pytest.mark.gen_test
 @pytest.mark.skip(reason="need to work out auth error user paths")