Merge branch 'release/sprint-18' of https://github.com/fecgov/fecfile…

…-web-api into release/sprint-18
fecgov · Jan 6, 2023 · 18b5a5d · 18b5a5d
2 parents b7b24f6 + ef3e892
commit 18b5a5d
Show file tree

Hide file tree

Showing 5 changed files with 52 additions and 5 deletions.
diff --git a/django-backend/fecfiler/authentication/test_views.py b/django-backend/fecfiler/authentication/test_views.py
@@ -1,19 +1,22 @@
 from unittest.mock import Mock
-
 from django.test import RequestFactory, TestCase
 from fecfiler.authentication.models import Account
 from fecfiler.authentication.views import (handle_invalid_login,
                                            handle_valid_login,
                                            update_last_login_time)
 
-from .views import generate_username, login_dot_gov_logout
+from .views import (generate_username,
+                    login_dot_gov_logout,
+                    login_redirect,
+                    logout_redirect)
 
 
 class AuthenticationTest(TestCase):
     fixtures = ["test_accounts"]
     acc = None
 
     def setUp(self):
+        self.user = Account.objects.get(cmtee_id="C12345678")
         self.factory = RequestFactory()
         self.acc = Account.objects.get(email="[email protected]")
 
@@ -32,6 +35,17 @@ def test_login_dot_gov_logout_happy_path(self):
                                   '&post_logout_redirect_uri=None'
                                   '&state=test_state'))
 
+    def test_login_dot_gov_login_redirect(self):
+        request = self.factory.get("/")
+        request.user = self.user
+        request.session = {}
+        retval = login_redirect(request)
+        self.assertEqual(retval.status_code, 302)
+
+    def test_login_dot_gov_logout_redirect(self):
+        retval = logout_redirect(self.factory.get('/'))
+        self.assertEqual(retval.status_code, 302)
+
     def test_generate_username(self):
         test_uuid = 'test_uuid'
         retval = generate_username(test_uuid)

diff --git a/django-backend/fecfiler/authentication/views.py b/django-backend/fecfiler/authentication/views.py
@@ -118,6 +118,13 @@ def handle_invalid_login(username):
     )
 
 
+def delete_user_logged_in_cookies(response):
+    response.delete_cookie(FFAPI_COMMITTEE_ID_COOKIE_NAME, domain=FFAPI_COOKIE_DOMAIN)
+    response.delete_cookie(FFAPI_EMAIL_COOKIE_NAME, domain=FFAPI_COOKIE_DOMAIN)
+    response.delete_cookie("oidc_state", domain=FFAPI_COOKIE_DOMAIN)
+    response.delete_cookie("csrftoken", domain=FFAPI_COOKIE_DOMAIN)
+
+
 @api_view(["GET"])
 @require_http_methods(["GET"])
 def login_redirect(request):
@@ -140,11 +147,10 @@ def login_redirect(request):
 
 @api_view(["GET"])
 @require_http_methods(["GET"])
+@permission_classes([])
 def logout_redirect(request):
     response = HttpResponseRedirect(LOGIN_REDIRECT_CLIENT_URL)
-    response.delete_cookie(FFAPI_COMMITTEE_ID_COOKIE_NAME, domain=FFAPI_COOKIE_DOMAIN)
-    response.delete_cookie(FFAPI_EMAIL_COOKIE_NAME, domain=FFAPI_COOKIE_DOMAIN)
-    response.delete_cookie("csrftoken", domain=FFAPI_COOKIE_DOMAIN)
+    delete_user_logged_in_cookies(response)
     return response
 
 

diff --git a/django-backend/fecfiler/contacts/test_views.py b/django-backend/fecfiler/contacts/test_views.py
@@ -33,6 +33,14 @@ def setUp(self):
         self.user = Account.objects.get(cmtee_id="C12345678")
         self.factory = RequestFactory()
 
+    def test_committee_lookup_no_auth(self):
+        self.assertEqual(True, True)
+        request = self.factory.get("/api/v1/contacts/committee_lookup")
+
+        response = ContactViewSet.as_view({"get": "committee_lookup"})(request)
+
+        self.assertEqual(response.status_code, 403)
+
     @mock.patch("requests.get", side_effect=mocked_requests_get)
     def test_committee_lookup_no_q(self, mock_get):
         self.assertEqual(True, True)

diff --git a/django-backend/fecfiler/settings/base.py b/django-backend/fecfiler/settings/base.py
@@ -205,6 +205,7 @@
     "DEFAULT_SCHEMA_CLASS": "drf_spectacular.openapi.AutoSchema",
     "DEFAULT_PAGINATION_CLASS": "rest_framework.pagination.PageNumberPagination",
     "PAGE_SIZE": 10,
+    'EXCEPTION_HANDLER': 'fecfiler.utils.custom_exception_handler',
 }
 
 LOGGING = {

diff --git a/django-backend/fecfiler/utils.py b/django-backend/fecfiler/utils.py
@@ -0,0 +1,18 @@
+from fecfiler.authentication.views import delete_user_logged_in_cookies
+from rest_framework.views import exception_handler
+
+
+def custom_exception_handler(exc, context):
+    # Call REST framework's default exception handler first,
+    # to get the standard error response.
+    response = exception_handler(exc, context)
+
+    # Delete user cookies on forbidden http response.
+    # this will ensure that when the user is redirected
+    # to the login page due to the 403, any cookies
+    # (such as indicating committee id) are removed to
+    # allow for a clean new login.
+    if response is not None and response.status_code == 403:
+        delete_user_logged_in_cookies(response)
+
+    return response