From cec2d7ea0237d144f1370010f26639c79ffe6e45 Mon Sep 17 00:00:00 2001
From: Kenneth Kehl <@kkehl@flexion.us>
Date: Fri, 15 Dec 2023 12:07:54 -0800
Subject: [PATCH] reformat private key

---
 app/main/views/sign_in.py            | 17 +++++++++++++++--
 tests/app/main/views/test_sign_in.py | 11 +++++++++++
 2 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/app/main/views/sign_in.py b/app/main/views/sign_in.py
index 586431d46..94bcc9a9a 100644
--- a/app/main/views/sign_in.py
+++ b/app/main/views/sign_in.py
@@ -22,15 +22,28 @@ from app.main import main
 from app.main.forms import LoginForm
 from app.main.views.verify import activate_user
 from app.models.user import InvitedUser, User
-from app.utils import hide_from_search_engines, hilite
+from app.utils import hide_from_search_engines
 from app.utils.login import is_safe_redirect_url
 
 
+def _reformulate_keystring(orig):
+    new_keystring = orig.replace("-----BEGIN PRIVATE KEY-----", "")
+    new_keystring = new_keystring.replace("-----END PRIVATE KEY-----", "")
+    new_keystring = new_keystring.strip()
+    new_keystring = "\n".join(
+        ["-----BEGIN PRIVATE KEY-----", new_keystring, "-----END PRIVATE KEY-----"]
+    )
+    new_keystring = f"{new_keystring}\n"
+    return new_keystring
+
+
 def _get_access_token(code, state):
     client_id = os.getenv("LOGIN_DOT_GOV_CLIENT_ID")
     access_token_url = os.getenv("LOGIN_DOT_GOV_ACCESS_TOKEN_URL")
     keystring = os.getenv("LOGIN_PEM")
-    print(hilite(f"LOGIN_PEM:  START{keystring}FINISH"))  # noqa temp
+    if " " in keystring:
+        keystring = _reformulate_keystring(keystring)
+
     payload = {
         "iss": client_id,
         "sub": client_id,
diff --git a/tests/app/main/views/test_sign_in.py b/tests/app/main/views/test_sign_in.py
index 018321fbe..50ac0b226 100644
--- a/tests/app/main/views/test_sign_in.py
+++ b/tests/app/main/views/test_sign_in.py
@@ -3,6 +3,7 @@ import uuid
 import pytest
 from flask import url_for
 
+from app.main.views.sign_in import _reformulate_keystring
 from app.models.user import User
 from tests.conftest import SERVICE_ONE_ID, normalize_spaces
 
@@ -39,6 +40,16 @@ def test_render_sign_in_template_with_next_link_for_password_reset(client_reques
     )
 
 
+def test_reformulate_keystring():
+    orig = "-----BEGIN PRIVATE KEY----- blahblahblah -----END PRIVATE KEY-----"
+    expected = """-----BEGIN PRIVATE KEY-----
+blahblahblah
+-----END PRIVATE KEY-----
+"""
+    reformulated = _reformulate_keystring(orig)
+    assert reformulated == expected
+
+
 def test_sign_in_explains_session_timeout(client_request):
     client_request.logout()
     page = client_request.get("main.sign_in", next="/foo")