apply authentication to the whole app, track exceptions

2018-08-06 14:06:06 -04:00
parent 0a754d72a3
commit d693db7dbb
8 changed files with 33 additions and 39 deletions
--- a/tests/test_auth.py
+++ b/tests/test_auth.py
@@ -15,8 +15,7 @@ def test_successful_login_redirect(client, monkeypatch):
    resp = client.get(
        "/login-redirect",
        environ_base={
-            "HTTP_X_SSL_CLIENT_VERIFY": "SUCCESS",
-            "HTTP_X_SSL_CLIENT_S_DN": DOD_SDN,
+            "HTTP_X_SSL_CLIENT_VERIFY": "SUCCESS", "HTTP_X_SSL_CLIENT_S_DN": DOD_SDN
        },
    )

@@ -32,9 +31,10 @@ def test_unsuccessful_login_redirect(client, monkeypatch):
    assert "unauthorized" in resp.headers["Location"]
    assert "user_id" not in session

-UNPROTECTED_ROUTES = ["/", "/login-dev", "/login-redirect", "/unauthorized"]

 # checks that all of the routes in the app are protected by auth
+
+
 def test_routes_are_protected(client, app):
    for rule in app.url_map.iter_rules():
        args = [1] * len(rule.arguments)
@@ -54,10 +54,14 @@ def test_routes_are_protected(client, app):
            assert resp.headers["Location"] == "http://localhost/"


+UNPROTECTED_ROUTES = ["/", "/login-dev", "/login-redirect", "/unauthorized"]
+
 # this implicitly relies on the test config and test CRL in tests/fixtures/crl
+
+
 def test_crl_validation_on_login(client):
-    good_cert = open('ssl/client-certs/atat.mil.crt', 'rb').read()
-    bad_cert = open('ssl/client-certs/bad-atat.mil.crt', 'rb').read()
+    good_cert = open("ssl/client-certs/atat.mil.crt", "rb").read()
+    bad_cert = open("ssl/client-certs/bad-atat.mil.crt", "rb").read()

    # bad cert is on the test CRL
    resp = client.get(
@@ -65,7 +69,7 @@ def test_crl_validation_on_login(client):
        environ_base={
            "HTTP_X_SSL_CLIENT_VERIFY": "SUCCESS",
            "HTTP_X_SSL_CLIENT_S_DN": DOD_SDN,
-            "HTTP_X_SSL_CLIENT_CERT": bad_cert.decode()
+            "HTTP_X_SSL_CLIENT_CERT": bad_cert.decode(),
        },
    )
    assert resp.status_code == 302
@@ -78,10 +82,9 @@ def test_crl_validation_on_login(client):
        environ_base={
            "HTTP_X_SSL_CLIENT_VERIFY": "SUCCESS",
            "HTTP_X_SSL_CLIENT_S_DN": DOD_SDN,
-            "HTTP_X_SSL_CLIENT_CERT": good_cert.decode()
+            "HTTP_X_SSL_CLIENT_CERT": good_cert.decode(),
        },
    )
    assert resp.status_code == 302
    assert "home" in resp.headers["Location"]
    assert session["user_id"]
-