Merge pull request #637 from SUNET/lundberg_signup_fix

error early if user is logged in during signup flow
SUNET · Jun 17, 2024 · f3c090e · f3c090e
2 parents d124178 + 3e3308b
commit f3c090e
Show file tree

Hide file tree

Showing 7 changed files with 263 additions and 92 deletions.
diff --git a/src/eduid/webapp/common/api/decorators.py b/src/eduid/webapp/common/api/decorators.py
@@ -63,6 +63,22 @@ def require_eppn_decorator(*args: Any, **kwargs: Any) -> EduidViewReturnType:
     return require_eppn_decorator
 
 
+def require_not_logged_in(f: EduidRouteCallable) -> EduidRouteCallable:
+    """
+    Decorator for views that require the user not to be logged in.
+
+    Because it can return a FluxData, this decorator must come after the MarshalWith decorator.
+    """
+
+    @wraps(f)
+    def require_eppn_decorator(*args: Any, **kwargs: Any) -> EduidViewReturnType:
+        if session.common.is_logged_in:
+            return error_response(message=CommonMsg.logout_required)
+        return f(*args, **kwargs)
+
+    return require_eppn_decorator
+
+
 TRequireUserResult = TypeVar("TRequireUserResult")
 
 

diff --git a/src/eduid/webapp/common/api/messages.py b/src/eduid/webapp/common/api/messages.py
@@ -43,6 +43,8 @@ class CommonMsg(TranslatableMsg):
     nin_invalid = "nin needs to be formatted as 18|19|20yymmddxxxx"
     # Email address validation error
     email_invalid = "email needs to be formatted according to RFC2822"
+    # user must log out
+    logout_required = "logout_required"
     # TODO: These _should_ be unused now - check and remove
     csrf_try_again = "csrf.try_again"
     csrf_missing = "csrf.missing"

diff --git a/src/eduid/webapp/common/api/testing.py b/src/eduid/webapp/common/api/testing.py
@@ -71,6 +71,8 @@
             "saml2": {"level": "WARNING"},
             "xmlsec": {"level": "INFO"},
             "urllib3": {"level": "INFO"},
+            "pymongo.serverSelection": {"level": "INFO"},
+            "pymongo.command": {"level": "INFO"},
             "eduid.webapp.common.session": {"level": "INFO"},
             "eduid.userdb.userdb.extra_debug": {"level": "INFO"},
             "eduid.userdb.db.extra_debug": {"level": "INFO"},

diff --git a/src/eduid/webapp/common/session/namespaces.py b/src/eduid/webapp/common/session/namespaces.py
@@ -34,7 +34,7 @@
 
 class SessionNSBase(BaseModel, ABC):
     def to_dict(self) -> dict[str, Any]:
-        return self.dict()
+        return self.model_dump()
 
     @classmethod
     def from_dict(cls: type[TSessionNSSubclass], data: Mapping[str, Any]) -> TSessionNSSubclass:
@@ -51,6 +51,12 @@ def _from_dict_transform(cls: type[SessionNSBase], data: Mapping[str, Any]) -> d
         _data = deepcopy(data)  # do not modify callers data
         return dict(_data)
 
+    def clear(self):
+        """
+        Clears all session namespace data.
+        """
+        self.__dict__ = self.model_construct(_cls=self.__class__, field_set={}).__dict__
+
 
 TSessionNSSubclass = TypeVar("TSessionNSSubclass", bound=SessionNSBase)
 

diff --git a/src/eduid/webapp/common/session/tests/test_namespaces.py b/src/eduid/webapp/common/session/tests/test_namespaces.py
@@ -102,6 +102,26 @@ def test_to_dict_from_dict_with_timestamp(self):
         assert second.idp.sso_cookie_val == first.idp.sso_cookie_val
         assert second.idp.ts == first.idp.ts
 
+    def test_clear_namespace(self):
+        _meta = SessionMeta.new(app_secret="secret")
+        base_session = self.app.session_interface.manager.get_session(meta=_meta, new=True)
+        first = EduidSession(app=self.app, meta=_meta, base_session=base_session, new=True)
+        first.signup.email.address = "[email protected]"
+        first.signup.email.verification_code = "123456"
+        first.persist()
+        # load session again and clear it
+        base_session = self.app.session_interface.manager.get_session(meta=_meta, new=False)
+        second = EduidSession(self.app, _meta, base_session, new=False)
+        assert second.signup.email.address == "[email protected]"
+        assert second.signup.email.verification_code == "123456"
+        second.signup.clear()
+        second.signup.email.address = "[email protected]"
+        second.persist()
+        # load session one more time and make sure verification_code is empty
+        base_session = self.app.session_interface.manager.get_session(meta=_meta, new=False)
+        third = EduidSession(self.app, _meta, base_session, new=False)
+        assert third.signup.email.address == "[email protected]"
+        assert third.signup.email.verification_code is None
 
 class TestAuthnNamespace(EduidAPITestCase):
     app: SessionTestApp