MIDRC-1071 Enforce user registration #1286
Conversation
Pull Request Test Coverage Report for Build 17286237580Details
💛 - Coveralls |
Please find the detailed integration test report here (login here first) |
Please find the detailed integration test report here (login here first) |
| blueprint = flask.Blueprint("register", __name__) | ||
|
|
||
|
|
||
| def xor_with_user_email(form, field): |
There was a problem hiding this comment.
Can't use this anymore when flask.g.user is not set anymore
| return f"flask.request.remote_addr={flask.request.remote_addr} x_forwarded_headers={x_forwarded_headers}" | ||
|
|
||
|
|
||
| def login_user( |
There was a problem hiding this comment.
I split login_user into _identify_user_and_update_database and login_user_unless_unregistered
fence/templates/register_user.html
Outdated
| {% endif %} | ||
| </li> | ||
| </ul> | ||
| <p>By registering and submitting this form, you hereby acknowledge and consent to be bound by our <a href="/dashboard/Public/documentation/DUA.html">data use agreement (DUA)</a>.</p><br> |
| config["OPENID_CONNECT"]["mock_idp"] = {"enable_idp_users_registration": False} | ||
|
|
||
|
|
||
| def test_login_existing_user_without_registration(app, db_session): |
There was a problem hiding this comment.
Registration-specific tests moved from tests/login/test_base.py, renamed for clarity, and fixed (see this):
test_login_existing_user
test_login_with_registration
test_login_with_missing_email
test_login_redirect_to_registration_page
test_login_redirect_after_authentication
|
|
||
|
|
||
| @pytest.fixture | ||
| def mocks_for_idp_oauth2_callbacks(idp, rsa_private_key, mock_arborist_requests): |
There was a problem hiding this comment.
moved from tests/test_metrics.py for reusability
| "generic_additional_params", | ||
| ] | ||
| # some tests run on all the IdPs for which a login blueprint exists | ||
| def all_available_idps(): |
There was a problem hiding this comment.
This results in fewer tests than LOGIN_IDPS and the same coverage (the generic implementation was tested multiple times).
The multiple generic logins with different configs are only needed in this test, which has its own parametrization
nss10
left a comment
There was a problem hiding this comment.
I’ve completed my first pass of the review, but I still need to go through the unit tests. Sharing my comments now so I don’t block you in the meantime
| def get_registered_users(): | ||
| """ | ||
| DEPRECATED: This endpoint is deprecated and will be removed in a future release. | ||
There was a problem hiding this comment.
If this function is no longer deprecated, this warning should be removed as well.
logger.warning(
f"Deprecated endpoint accessed: {request.path}. This endpoint is deprecated and will be removed in a future release."
)| user_is_logged_in, | ||
| ) | ||
|
|
||
| if flask.session.get("redirect"): |
There was a problem hiding this comment.
Any reason we did not choose
if "redirect" in flask.session:Just wanted to confirm—was it intentional to filter out both a missing 'redirect' key and an empty session['redirect']?
There was a problem hiding this comment.
this is existing code 🤷♀️ i see no reason to change it since the current version catches more cases
nss10
left a comment
There was a problem hiding this comment.
I’ve reviewed the rest of the changes — almost everything looks good. I just have a few small questions, that’s all.
tests/login/test_conftest_idps.py
Outdated
| from tests.conftest import all_available_idps | ||
|
|
||
|
|
||
| def test_contfest_idps(): |
There was a problem hiding this comment.
| def test_contfest_idps(): | |
| def test_conftest_idps(): |
There was a problem hiding this comment.
I can make this change too. No worries.
tests/login/test_conftest_idps.py
Outdated
| OPENID_CONNECT, or the new file names do not match the convention and | ||
| cannot be parsed by this test. | ||
| If you added an IdP and this test fails, DO NOT edit this test. Either the | ||
| new IdP should be added to test-fence-config.yaml's OPENID_CONNECT+LOGIN_OPTIONS, |
There was a problem hiding this comment.
| new IdP should be added to test-fence-config.yaml's OPENID_CONNECT+LOGIN_OPTIONS, | |
| new IdP should be added to test-fence-config.yaml's OPENID_CONNECT and LOGIN_OPTIONS, |
| enable_registration = ( | ||
| hasattr(request, "param") and request.param.get("enable_registration") | ||
| ) or True |
There was a problem hiding this comment.
Doesn't this always evaluate to True? Was that intentional. Could you explain the reason behind writing it this way?
There was a problem hiding this comment.
Oops, the goal was to default to True if request.param["enable_registration"] is None or not set. I think this does what i want:
enable_registration = (
request.param.get("enable_registration", True) if hasattr(request, "param") else True
)
I haven't checked auto_register_users but i assume i made the same mistake
There was a problem hiding this comment.
Got it, thanks. I think we can just use:
enable_registration = getattr(request, "param", {}).get("enable_registration", True)
For auto_register_users, it already works fine since it defaults to False. If it’s overridden in the request as True, then True or False will evaluate to True.
That said, I’d prefer we keep both of them consistent for readability.
Please find the detailed integration test report here |
Please find the detailed integration test report here |
Link to JIRA ticket if there is one: https://ctds-planx.atlassian.net/browse/MIDRC-1071
Closes #1149
New Features
Breaking Changes
Bug Fixes
Improvements
Dependency updates
Deployment changes