implement authentication redirect

atst/domain/auth.py

@@ -0,0 +1,18 @@
+from functools import wraps
+from flask import g, request, redirect, url_for, session
+
+from atst.domain.users import Users
+
+
+def login_required(f):
+
+    @wraps(f)
+    def decorated_function(*args, **kwargs):
+        if session.get("user_id"):
+            g.user = Users.get(session.get("user_id"))
+            return f(*args, **kwargs)
+
+        else:
+            return redirect(url_for("atst.root"))
+
+    return decorated_function

atst/routes/__init__.py

@@ -1,9 +1,11 @@
 from flask import Blueprint, render_template, g, redirect, session, url_for, request
+from flask import current_app as app
 import pendulum
 
 from atst.domain.requests import Requests
 from atst.domain.users import Users
 from atst.domain.authnid.utils import parse_sdn
+from atst.domain.auth import login_required
 
 bp = Blueprint("atst", __name__)
 
@@ -14,16 +16,19 @@ def root():
 
 
 @bp.route("/home")
+@login_required
 def home():
     return render_template("home.html")
 
 
 @bp.route("/styleguide")
+@login_required
 def styleguide():
     return render_template("styleguide.html")
 
 
 @bp.route('/<path:path>')
+@login_required
 def catch_all(path):
     return render_template("{}.html".format(path))
 
@@ -58,8 +63,3 @@ def is_valid_certificate(request):
         return result
     else:
         return False
-
-def construct_redirect(uuid):
-    access_token = app.token_manager.token(uuid)
-    url = f'{app.config["ATST_REDIRECT"]}?bearer-token={access_token}'
-    return app.make_response(redirect(url))

atst/routes/dev.py

@@ -46,7 +46,7 @@ _DEV_USERS = {
 
 
 @bp.route("/login-dev")
-def get():
+def login_dev():
     role = request.args.get("username", "amanda")
     user_data = _DEV_USERS[role]
     user = _set_user_permissions(user_data["dod_id"], user_data["atat_role"])

config/base.ini

@@ -6,7 +6,7 @@ AUTHNID_BASE_URL= https://localhost:8001
 COOKIE_SECRET = some-secret-please-replace
 SECRET = change_me_into_something_secret
 SECRET_KEY = change_me_into_something_secret
-CAC_URL = https://localhost:8001
+CAC_URL = http://localhost:8000/login-redirect
 PE_NUMBER_CSV_URL = http://c95e1ebb198426ee57b8-174bb05a294821bedbf46b6384fe9b1f.r31.cf5.rackcdn.com/penumbers.csv
 REDIS_URI = redis://localhost:6379
 SESSION_TTL_SECONDS = 600
@@ -17,6 +17,5 @@ PGUSER = postgres
 PGPASSWORD = postgres
 PGDATABASE = atat
 SESSION_TYPE = redis
-SESSION_COOKIE_DOMAIN= atat.codes
+SESSION_COOKIE_NAME=atat
-SESSION_COOKIE_SECURE = True
 SESSION_USE_SIGNER = True

config/prod.ini

@@ -0,0 +1,2 @@
+[default]
+SESSION_COOKIE_SECURE=True

templates/root.html

@@ -17,7 +17,7 @@
 
   <h1 class="usa-display">JEDI</h1>
 
-  <a class="usa-button" href='{{ config.get('cac_url','https://cac.atat.codes') }}'><span>Sign In with CAC</span></a>
+  <a class="usa-button" href='{{ config.get('CAC_URL','https://cac.atat.codes') }}'><span>Sign In with CAC</span></a>
   <button class="usa-button" disabled>Sign In via MFA</button>
   {% if g.dev %}
     <a class="usa-button usa-button-secondary" href='/login-dev'><span>DEV Login</span></a>