darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-02-05 10:53:28 -05:00
Code Issues Packages Projects Releases Wiki Activity

add check for government email addresses

Browse Source
This commit is contained in:
Kenneth Kehl
2024-05-13 13:39:51 -07:00
parent b5c7a71215
commit d47f9933d2
3 changed files with 70 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
app/main/views/register.py
View File

@@ -146,6 +146,26 @@ def check_invited_user_email_address_matches_expected(
debug_msg("invited user email did not match expected email, abort(403)")
flash("You cannot accept an invite for another person.")
abort(403)
check_for_gov_email_address(user_email)
def check_for_gov_email_address(user_email):
# We could try to check that it is a government email at the time the invite is
# sent, but due to the way login.gov allows multiple emails, it would not be effective.
# We track the login.gov user by their uuid, so if they have a login.gov account
# with a .gov email address and a .com email address, the .com address will work without
# having a check here.
if (
user_email.lower().endswith(".gov")
or user_email.lower().endswith(".mil")
or user_email.lower().endswith(".si.edu")
):
# everything is good, proceed
pass
else:
debug_msg("invited user has a non-government email address.")
flash("You must use a government email address.")
abort(403)
@main.route("/set-up-your-profile", methods=["GET", "POST"])

31
app/main/views/sign_in.py
View File

@@ -4,7 +4,16 @@ import uuid
import jwt
import requests
from flask import Response, current_app, redirect, render_template, request, url_for
from flask import (
Response,
abort,
current_app,
flash,
redirect,
render_template,
request,
url_for,
)
from flask_login import current_user
from notifications_utils.url_safe_token import generate_token
@@ -88,6 +97,7 @@ def _do_login_dot_gov():
try:
access_token = _get_access_token(code, state)
user_email, user_uuid = _get_user_email_and_uuid(access_token)
check_for_gov_email_address(user_email)
redirect_url = request.args.get("next")
user = user_api_client.get_user_by_uuid_or_email(user_uuid, user_email)
@@ -171,3 +181,22 @@ def sign_in():
@login_manager.unauthorized_handler
def sign_in_again():
return redirect(url_for("main.sign_in", next=request.path))
def check_for_gov_email_address(user_email):
# We could try to check that it is a government email at the time the invite is
# sent, but due to the way login.gov allows multiple emails, it would not be effective.
# We track the login.gov user by their uuid, so if they have a login.gov account
# with a .gov email address and a .com email address, the .com address will work without
# having a check here.
if (
user_email.lower().endswith(".gov")
or user_email.lower().endswith(".mil")
or user_email.lower().endswith(".si.edu")
):
# everything is good, proceed
pass
else:
current_app.logger.warning("invited user has a non-government email address.")
flash("You must use a government email address.")
abort(403)

20
tests/app/main/views/test_register.py
View File

@@ -401,6 +401,26 @@ def test_check_invited_user_email_address_doesnt_match_expected(mocker):
mock_abort.assert_called_once_with(403)
def test_check_user_email_address_fails_if_not_government_address(mocker):
mock_flash = mocker.patch("app.main.views.register.flash")
mock_abort = mocker.patch("app.main.views.register.abort")
check_invited_user_email_address_matches_expected(
"fake@fake.bogus", "Fake@Fake.BOGUS"
)
mock_flash.assert_called_once_with("You must use a government email address.")
mock_abort.assert_called_once_with(403)
def test_check_user_email_address_succeeds_if_government_address(mocker):
mock_flash = mocker.patch("app.main.views.register.flash")
mock_abort = mocker.patch("app.main.views.register.abort")
check_invited_user_email_address_matches_expected("fake@fake.mil", "Fake@Fake.MIL")
mock_flash.assert_not_called()
mock_abort.assert_not_called()
def decode_invite_data(state):
state = state.encode("utf8")
state = base64.b64decode(state)