implement authentication redirect

2018-08-03 15:51:44 -04:00 · 2018-08-03 15:51:44 -04:00 · ea5c9732ba
commit ea5c9732ba
parent 9937b77c74
6 changed files with 29 additions and 10 deletions
--- a/atst/domain/auth.py
+++ b/atst/domain/auth.py
@ -0,0 +1,18 @@
+from functools import wraps
+from flask import g, request, redirect, url_for, session
+
+from atst.domain.users import Users
+
+
+def login_required(f):
+
+    @wraps(f)
+    def decorated_function(*args, **kwargs):
+        if session.get("user_id"):
+            g.user = Users.get(session.get("user_id"))
+            return f(*args, **kwargs)
+
+        else:
+            return redirect(url_for("atst.root"))
+
+    return decorated_function
--- a/atst/routes/init.py
+++ b/atst/routes/init.py
@ -1,9 +1,11 @@
 from flask import Blueprint, render_template, g, redirect, session, url_for, request
+from flask import current_app as app
 import pendulum

 from atst.domain.requests import Requests
 from atst.domain.users import Users
 from atst.domain.authnid.utils import parse_sdn
+from atst.domain.auth import login_required

 bp = Blueprint("atst", __name__)

@ -14,16 +16,19 @@ def root():


@bp.route("/home")
+@login_required
 def home():
    return render_template("home.html")


@bp.route("/styleguide")
+@login_required
 def styleguide():
    return render_template("styleguide.html")


@bp.route('/<path:path>')
+@login_required
 def catch_all(path):
    return render_template("{}.html".format(path))

@ -58,8 +63,3 @@ def is_valid_certificate(request):
        return result
    else:
        return False
-
-def construct_redirect(uuid):
-    access_token = app.token_manager.token(uuid)
-    url = f'{app.config["ATST_REDIRECT"]}?bearer-token={access_token}'
-    return app.make_response(redirect(url))
--- a/atst/routes/dev.py
+++ b/atst/routes/dev.py
@ -46,7 +46,7 @@ _DEV_USERS = {


@bp.route("/login-dev")
-def get():
+def login_dev():
    role = request.args.get("username", "amanda")
    user_data = _DEV_USERS[role]
    user = _set_user_permissions(user_data["dod_id"], user_data["atat_role"])
--- a/config/base.ini
+++ b/config/base.ini
@ -6,7 +6,7 @@ AUTHNID_BASE_URL= https://localhost:8001
 COOKIE_SECRET = some-secret-please-replace
 SECRET = change_me_into_something_secret
 SECRET_KEY = change_me_into_something_secret
-CAC_URL = https://localhost:8001
+CAC_URL = http://localhost:8000/login-redirect
 PE_NUMBER_CSV_URL = http://c95e1ebb198426ee57b8-174bb05a294821bedbf46b6384fe9b1f.r31.cf5.rackcdn.com/penumbers.csv
 REDIS_URI = redis://localhost:6379
 SESSION_TTL_SECONDS = 600
@ -17,6 +17,5 @@ PGUSER = postgres
 PGPASSWORD = postgres
 PGDATABASE = atat
 SESSION_TYPE = redis
-SESSION_COOKIE_DOMAIN= atat.codes
-SESSION_COOKIE_SECURE = True
+SESSION_COOKIE_NAME=atat
 SESSION_USE_SIGNER = True
--- a/config/prod.ini
+++ b/config/prod.ini
@ -0,0 +1,2 @@
+[default]
+SESSION_COOKIE_SECURE=True
--- a/templates/root.html
+++ b/templates/root.html
@ -17,7 +17,7 @@

  <h1 class="usa-display">JEDI</h1>

-  <a class="usa-button" href='{{ config.get('cac_url','https://cac.atat.codes') }}'><span>Sign In with CAC</span></a>
+  <a class="usa-button" href='{{ config.get('CAC_URL','https://cac.atat.codes') }}'><span>Sign In with CAC</span></a>
  <button class="usa-button" disabled>Sign In via MFA</button>
  {% if g.dev %}
    <a class="usa-button usa-button-secondary" href='/login-dev'><span>DEV Login</span></a>