phil/Gondulf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(auth): require email authentication every login

Browse Source 
CRITICAL SECURITY FIX:
- Email code required EVERY login (authentication, not verification)
- DNS TXT check cached separately (domain verification)
- New auth_sessions table for per-login state
- Codes hashed with SHA-256, constant-time comparison
- Max 3 attempts, 10-minute session expiry
- OAuth params stored server-side (security improvement)

New files:
- services/auth_session.py
- migrations 004, 005
- ADR-010: domain verification vs user authentication

312 tests passing, 86.21% coverage

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Phil Skentelbery
2025-11-22 15:16:26 -07:00
parent 9b50f359a6
commit 9135edfe84
17 changed files with 3457 additions and 529 deletions
Download Patch File Download Diff File Expand all files Collapse all files

520
tests/integration/api/test_authorization_verification.py
View File

@@ -1,10 +1,13 @@
"""
Integration tests for authorization endpoint domain verification.
Tests the security fix that requires domain verification before showing the consent page.
Tests the authentication flow that requires email verification on EVERY login.
See ADR-010 for the architectural decision.
Key principle: Email code is AUTHENTICATION (every login), not domain verification.
"""
from datetime import datetime
from datetime import datetime, timedelta
from unittest.mock import AsyncMock, Mock, patch
import pytest
@@ -25,40 +28,43 @@ def valid_auth_params():
}
def create_mock_verification_service(start_success=True, verify_success=True, start_error="dns_verification_failed"):
"""Create a mock verification service with configurable behavior."""
def create_mock_dns_service(verify_success=True):
"""Create a mock DNS service."""
mock_service = Mock()
if start_success:
mock_service.start_verification.return_value = {
"success": True,
"email": "t***@example.com",
"verification_method": "email"
}
else:
mock_service.start_verification.return_value = {
"success": False,
"error": start_error
}
if verify_success:
mock_service.verify_email_code.return_value = {
"success": True,
"email": "test@example.com"
}
else:
mock_service.verify_email_code.return_value = {
"success": False,
"error": "invalid_code"
}
mock_service.code_storage = Mock()
mock_service.code_storage.get.return_value = "test@example.com"
mock_service.create_authorization_code.return_value = "test_auth_code_12345"
mock_service.verify_txt_record.return_value = verify_success
return mock_service
def create_mock_email_service():
"""Create a mock email service."""
mock_service = Mock()
mock_service.send_verification_code = Mock()
return mock_service
def create_mock_html_fetcher(email="test@example.com"):
"""Create a mock HTML fetcher that returns a page with rel=me email."""
mock_fetcher = Mock()
if email:
html = f'''
<html>
<body>
<a href="mailto:{email}" rel="me">Email</a>
</body>
</html>
'''
else:
html = '<html><body></body></html>'
mock_fetcher.fetch.return_value = html
return mock_fetcher
def create_mock_relme_parser():
"""Create a real RelMeParser (it's simple enough)."""
from gondulf.services.relme_parser import RelMeParser
return RelMeParser()
def create_mock_happ_parser():
"""Create a mock h-app parser."""
from gondulf.services.happ_parser import ClientMetadata
@@ -72,6 +78,55 @@ def create_mock_happ_parser():
return mock_parser
def create_mock_auth_session_service(session_id="test_session_123", code="123456", verified=False):
"""Create a mock auth session service."""
from gondulf.services.auth_session import (
AuthSessionService,
CodeVerificationError,
SessionNotFoundError,
)
mock_service = Mock(spec=AuthSessionService)
mock_service.create_session.return_value = {
"session_id": session_id,
"verification_code": code,
"expires_at": datetime.utcnow() + timedelta(minutes=10)
}
mock_service.get_session.return_value = {
"session_id": session_id,
"me": "https://user.example.com",
"email": "test@example.com",
"code_verified": verified,
"client_id": "https://app.example.com",
"redirect_uri": "https://app.example.com/callback",
"state": "test123",
"code_challenge": "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM",
"code_challenge_method": "S256",
"scope": "",
"response_type": "code"
}
mock_service.verify_code.return_value = {
"session_id": session_id,
"me": "https://user.example.com",
"email": "test@example.com",
"code_verified": True,
"client_id": "https://app.example.com",
"redirect_uri": "https://app.example.com/callback",
"state": "test123",
"code_challenge": "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM",
"code_challenge_method": "S256",
"scope": "",
"response_type": "code"
}
mock_service.is_session_verified.return_value = verified
mock_service.delete_session = Mock()
return mock_service
@pytest.fixture
def configured_app(monkeypatch, tmp_path):
"""Create a fully configured app with fresh database."""
@@ -87,31 +142,50 @@ def configured_app(monkeypatch, tmp_path):
class TestUnverifiedDomainTriggersVerification:
"""Tests that unverified domains trigger the verification flow."""
"""Tests that any login triggers authentication (email code)."""
def test_unverified_domain_shows_verification_form(
self, configured_app, valid_auth_params
):
"""Test that an unverified domain shows the verification code form."""
app, _ = configured_app
from gondulf.dependencies import get_verification_service, get_happ_parser
"""Test that DNS-verified domain STILL shows verification form (email auth required)."""
app, db_path = configured_app
from gondulf.dependencies import (
get_dns_service, get_email_service, get_html_fetcher,
get_relme_parser, get_happ_parser, get_auth_session_service, get_database
)
from gondulf.database.connection import Database
from sqlalchemy import text
mock_service = create_mock_verification_service(start_success=True)
mock_parser = create_mock_happ_parser()
# Setup database with DNS-verified domain
db = Database(f"sqlite:///{db_path}")
db.initialize()
now = datetime.utcnow()
with db.get_engine().begin() as conn:
conn.execute(
text("""
INSERT OR REPLACE INTO domains
(domain, email, verification_code, verified, verified_at, last_checked, two_factor)
VALUES (:domain, '', '', 1, :now, :now, 0)
"""),
{"domain": "user.example.com", "now": now}
)
app.dependency_overrides[get_verification_service] = lambda: mock_service
app.dependency_overrides[get_happ_parser] = lambda: mock_parser
app.dependency_overrides[get_database] = lambda: db
app.dependency_overrides[get_dns_service] = lambda: create_mock_dns_service(True)
app.dependency_overrides[get_email_service] = lambda: create_mock_email_service()
app.dependency_overrides[get_html_fetcher] = lambda: create_mock_html_fetcher("test@example.com")
app.dependency_overrides[get_relme_parser] = create_mock_relme_parser
app.dependency_overrides[get_happ_parser] = lambda: create_mock_happ_parser()
app.dependency_overrides[get_auth_session_service] = lambda: create_mock_auth_session_service()
try:
with TestClient(app) as client:
response = client.get("/authorize", params=valid_auth_params)
assert response.status_code == 200
# Should show verification form, not consent form
# CRITICAL: Even DNS-verified domains require email verification every login
assert "Verify Your Identity" in response.text
assert "verification code" in response.text.lower()
# Should show masked email
assert "t***@example.com" in response.text
finally:
app.dependency_overrides.clear()
@@ -119,89 +193,76 @@ class TestUnverifiedDomainTriggersVerification:
self, configured_app, valid_auth_params
):
"""Test that authorization parameters are preserved in verification form."""
app, _ = configured_app
from gondulf.dependencies import get_verification_service, get_happ_parser
app, db_path = configured_app
from gondulf.dependencies import (
get_dns_service, get_email_service, get_html_fetcher,
get_relme_parser, get_happ_parser, get_auth_session_service, get_database
)
from gondulf.database.connection import Database
from sqlalchemy import text
mock_service = create_mock_verification_service(start_success=True)
mock_parser = create_mock_happ_parser()
db = Database(f"sqlite:///{db_path}")
db.initialize()
now = datetime.utcnow()
with db.get_engine().begin() as conn:
conn.execute(
text("""
INSERT OR REPLACE INTO domains
(domain, email, verification_code, verified, verified_at, last_checked, two_factor)
VALUES (:domain, '', '', 1, :now, :now, 0)
"""),
{"domain": "user.example.com", "now": now}
)
app.dependency_overrides[get_verification_service] = lambda: mock_service
app.dependency_overrides[get_happ_parser] = lambda: mock_parser
app.dependency_overrides[get_database] = lambda: db
app.dependency_overrides[get_dns_service] = lambda: create_mock_dns_service(True)
app.dependency_overrides[get_email_service] = lambda: create_mock_email_service()
app.dependency_overrides[get_html_fetcher] = lambda: create_mock_html_fetcher("test@example.com")
app.dependency_overrides[get_relme_parser] = create_mock_relme_parser
app.dependency_overrides[get_happ_parser] = lambda: create_mock_happ_parser()
app.dependency_overrides[get_auth_session_service] = lambda: create_mock_auth_session_service()
try:
with TestClient(app) as client:
response = client.get("/authorize", params=valid_auth_params)
assert response.status_code == 200
# Check hidden fields contain auth params
assert 'name="client_id"' in response.text
assert 'name="redirect_uri"' in response.text
assert 'name="state"' in response.text
assert 'name="code_challenge"' in response.text
finally:
app.dependency_overrides.clear()
def test_unverified_domain_does_not_show_consent(
self, configured_app, valid_auth_params
):
"""Test that unverified domain does NOT show consent form directly."""
app, _ = configured_app
from gondulf.dependencies import get_verification_service, get_happ_parser
mock_service = create_mock_verification_service(start_success=True)
mock_parser = create_mock_happ_parser()
app.dependency_overrides[get_verification_service] = lambda: mock_service
app.dependency_overrides[get_happ_parser] = lambda: mock_parser
try:
with TestClient(app) as client:
response = client.get("/authorize", params=valid_auth_params)
assert response.status_code == 200
# Should NOT show consent/authorization form
assert "Authorization Request" not in response.text
# New flow uses session_id instead of passing all params
assert 'name="session_id"' in response.text
finally:
app.dependency_overrides.clear()
class TestVerifiedDomainShowsConsent:
"""Tests that verified domains skip verification and show consent."""
"""Tests that verified sessions (email code verified) show consent."""
def test_verified_domain_shows_consent_page(
self, configured_app, valid_auth_params
):
"""Test that a verified domain shows consent page directly."""
"""Test that after email verification, consent page is shown."""
app, db_path = configured_app
from gondulf.dependencies import get_happ_parser, get_database
from gondulf.database.connection import Database
from sqlalchemy import text
from gondulf.dependencies import get_happ_parser, get_auth_session_service
from gondulf.services.auth_session import CodeVerificationError
# Create database and insert verified domain
db = Database(f"sqlite:///{db_path}")
db.initialize()
# Mock auth session that succeeds on verify
mock_session = create_mock_auth_session_service(verified=True)
with db.get_engine().begin() as conn:
conn.execute(
text("""
INSERT INTO domains (domain, email, verification_code, verified, verified_at, two_factor)
VALUES (:domain, :email, '', 1, :verified_at, 1)
"""),
{"domain": "user.example.com", "email": "test@example.com", "verified_at": datetime.utcnow()}
)
# Override database to use same instance
app.dependency_overrides[get_database] = lambda: db
mock_parser = create_mock_happ_parser()
app.dependency_overrides[get_happ_parser] = lambda: mock_parser
app.dependency_overrides[get_auth_session_service] = lambda: mock_session
app.dependency_overrides[get_happ_parser] = lambda: create_mock_happ_parser()
try:
with TestClient(app) as client:
response = client.get("/authorize", params=valid_auth_params)
# Simulate verifying the code
form_data = {
"session_id": "test_session_123",
"code": "123456",
}
response = client.post("/authorize/verify-code", data=form_data)
# Should show consent page
assert response.status_code == 200
assert "Authorization Request" in response.text
assert "Authorization Request" in response.text or "Authorize" in response.text
assert 'action="/authorize/consent"' in response.text
finally:
app.dependency_overrides.clear()
@@ -215,27 +276,19 @@ class TestVerificationCodeValidation:
):
"""Test that valid verification code shows consent page."""
app, _ = configured_app
from gondulf.dependencies import get_verification_service, get_happ_parser
from gondulf.dependencies import get_happ_parser, get_auth_session_service
mock_service = create_mock_verification_service(verify_success=True)
mock_session = create_mock_auth_session_service()
mock_parser = create_mock_happ_parser()
app.dependency_overrides[get_verification_service] = lambda: mock_service
app.dependency_overrides[get_auth_session_service] = lambda: mock_session
app.dependency_overrides[get_happ_parser] = lambda: mock_parser
try:
with TestClient(app) as client:
form_data = {
"domain": "user.example.com",
"session_id": "test_session_123",
"code": "123456",
"client_id": valid_auth_params["client_id"],
"redirect_uri": valid_auth_params["redirect_uri"],
"response_type": valid_auth_params["response_type"],
"state": valid_auth_params["state"],
"code_challenge": valid_auth_params["code_challenge"],
"code_challenge_method": valid_auth_params["code_challenge_method"],
"scope": "",
"me": valid_auth_params["me"],
}
response = client.post("/authorize/verify-code", data=form_data)
@@ -251,27 +304,22 @@ class TestVerificationCodeValidation:
):
"""Test that invalid code shows error and allows retry."""
app, _ = configured_app
from gondulf.dependencies import get_verification_service, get_happ_parser
from gondulf.dependencies import get_happ_parser, get_auth_session_service
from gondulf.services.auth_session import CodeVerificationError
mock_session = create_mock_auth_session_service()
mock_session.verify_code.side_effect = CodeVerificationError("Invalid code")
mock_service = create_mock_verification_service(verify_success=False)
mock_parser = create_mock_happ_parser()
app.dependency_overrides[get_verification_service] = lambda: mock_service
app.dependency_overrides[get_auth_session_service] = lambda: mock_session
app.dependency_overrides[get_happ_parser] = lambda: mock_parser
try:
with TestClient(app) as client:
form_data = {
"domain": "user.example.com",
"session_id": "test_session_123",
"code": "000000",
"client_id": valid_auth_params["client_id"],
"redirect_uri": valid_auth_params["redirect_uri"],
"response_type": valid_auth_params["response_type"],
"state": valid_auth_params["state"],
"code_challenge": valid_auth_params["code_challenge"],
"code_challenge_method": valid_auth_params["code_challenge_method"],
"scope": "",
"me": valid_auth_params["me"],
}
response = client.post("/authorize/verify-code", data=form_data)
@@ -285,45 +333,6 @@ class TestVerificationCodeValidation:
app.dependency_overrides.clear()
class TestDNSFailureHandling:
"""Tests for DNS verification failure scenarios."""
def test_dns_failure_shows_instructions(
self, configured_app, valid_auth_params
):
"""Test that DNS verification failure shows helpful instructions."""
app, db_path = configured_app
from gondulf.dependencies import get_verification_service, get_happ_parser, get_database
from gondulf.database.connection import Database
from sqlalchemy import text
# Clear any pre-existing verified domain to ensure test isolation
db = Database(f"sqlite:///{db_path}")
db.initialize()
with db.get_engine().begin() as conn:
conn.execute(text("DELETE FROM domains WHERE domain = :domain"), {"domain": "user.example.com"})
app.dependency_overrides[get_database] = lambda: db
mock_service = create_mock_verification_service(start_success=False, start_error="dns_verification_failed")
mock_parser = create_mock_happ_parser()
app.dependency_overrides[get_verification_service] = lambda: mock_service
app.dependency_overrides[get_happ_parser] = lambda: mock_parser
try:
with TestClient(app) as client:
response = client.get("/authorize", params=valid_auth_params)
assert response.status_code == 200
# Should show error page with DNS instructions
assert "DNS" in response.text or "dns" in response.text.lower()
assert "TXT" in response.text
assert "_gondulf" in response.text
finally:
app.dependency_overrides.clear()
class TestEmailFailureHandling:
"""Tests for email discovery failure scenarios."""
@@ -332,23 +341,34 @@ class TestEmailFailureHandling:
):
"""Test that email discovery failure shows helpful instructions."""
app, db_path = configured_app
from gondulf.dependencies import get_verification_service, get_happ_parser, get_database
from gondulf.dependencies import (
get_dns_service, get_email_service, get_html_fetcher,
get_relme_parser, get_happ_parser, get_auth_session_service, get_database
)
from gondulf.database.connection import Database
from sqlalchemy import text
# Clear any pre-existing verified domain to ensure test isolation
db = Database(f"sqlite:///{db_path}")
db.initialize()
now = datetime.utcnow()
with db.get_engine().begin() as conn:
conn.execute(text("DELETE FROM domains WHERE domain = :domain"), {"domain": "user.example.com"})
conn.execute(
text("""
INSERT OR REPLACE INTO domains
(domain, email, verification_code, verified, verified_at, last_checked, two_factor)
VALUES (:domain, '', '', 1, :now, :now, 0)
"""),
{"domain": "user.example.com", "now": now}
)
app.dependency_overrides[get_database] = lambda: db
mock_service = create_mock_verification_service(start_success=False, start_error="email_discovery_failed")
mock_parser = create_mock_happ_parser()
app.dependency_overrides[get_verification_service] = lambda: mock_service
app.dependency_overrides[get_happ_parser] = lambda: mock_parser
app.dependency_overrides[get_dns_service] = lambda: create_mock_dns_service(True)
app.dependency_overrides[get_email_service] = lambda: create_mock_email_service()
# HTML fetcher returns page with no email
app.dependency_overrides[get_html_fetcher] = lambda: create_mock_html_fetcher(email=None)
app.dependency_overrides[get_relme_parser] = create_mock_relme_parser
app.dependency_overrides[get_happ_parser] = lambda: create_mock_happ_parser()
app.dependency_overrides[get_auth_session_service] = lambda: create_mock_auth_session_service()
try:
with TestClient(app) as client:
@@ -367,29 +387,42 @@ class TestFullVerificationFlow:
def test_full_flow_new_domain(
self, configured_app, valid_auth_params
):
"""Test complete flow: unverified domain -> verify code -> consent."""
"""Test complete flow: authorize -> verify code -> consent."""
app, db_path = configured_app
from gondulf.dependencies import get_verification_service, get_happ_parser, get_database
from gondulf.dependencies import (
get_dns_service, get_email_service, get_html_fetcher,
get_relme_parser, get_happ_parser, get_auth_session_service, get_database
)
from gondulf.database.connection import Database
from sqlalchemy import text
# Clear any pre-existing verified domain to ensure test isolation
db = Database(f"sqlite:///{db_path}")
db.initialize()
now = datetime.utcnow()
with db.get_engine().begin() as conn:
conn.execute(text("DELETE FROM domains WHERE domain = :domain"), {"domain": "user.example.com"})
conn.execute(
text("""
INSERT OR REPLACE INTO domains
(domain, email, verification_code, verified, verified_at, last_checked, two_factor)
VALUES (:domain, '', '', 1, :now, :now, 0)
"""),
{"domain": "user.example.com", "now": now}
)
app.dependency_overrides[get_database] = lambda: db
mock_service = create_mock_verification_service(start_success=True, verify_success=True)
mock_session = create_mock_auth_session_service()
mock_parser = create_mock_happ_parser()
app.dependency_overrides[get_verification_service] = lambda: mock_service
app.dependency_overrides[get_database] = lambda: db
app.dependency_overrides[get_dns_service] = lambda: create_mock_dns_service(True)
app.dependency_overrides[get_email_service] = lambda: create_mock_email_service()
app.dependency_overrides[get_html_fetcher] = lambda: create_mock_html_fetcher("test@example.com")
app.dependency_overrides[get_relme_parser] = create_mock_relme_parser
app.dependency_overrides[get_happ_parser] = lambda: mock_parser
app.dependency_overrides[get_auth_session_service] = lambda: mock_session
try:
with TestClient(app) as client:
# Step 1: GET /authorize -> should show verification form
# Step 1: GET /authorize -> should show verification form (always!)
response1 = client.get("/authorize", params=valid_auth_params)
assert response1.status_code == 200
@@ -397,16 +430,8 @@ class TestFullVerificationFlow:
# Step 2: POST /authorize/verify-code -> should show consent
form_data = {
"domain": "user.example.com",
"session_id": "test_session_123",
"code": "123456",
"client_id": valid_auth_params["client_id"],
"redirect_uri": valid_auth_params["redirect_uri"],
"response_type": valid_auth_params["response_type"],
"state": valid_auth_params["state"],
"code_challenge": valid_auth_params["code_challenge"],
"code_challenge_method": valid_auth_params["code_challenge_method"],
"scope": "",
"me": valid_auth_params["me"],
}
response2 = client.post("/authorize/verify-code", data=form_data)
@@ -422,35 +447,38 @@ class TestFullVerificationFlow:
):
"""Test that user can retry with correct code after failure."""
app, _ = configured_app
from gondulf.dependencies import get_verification_service, get_happ_parser
from gondulf.dependencies import get_happ_parser, get_auth_session_service
from gondulf.services.auth_session import CodeVerificationError
mock_service = Mock()
# First verify_email_code call fails, second succeeds
mock_service.verify_email_code.side_effect = [
{"success": False, "error": "invalid_code"},
{"success": True, "email": "test@example.com"}
mock_session = create_mock_auth_session_service()
# First verify_code call fails, second succeeds
mock_session.verify_code.side_effect = [
CodeVerificationError("Invalid code"),
{
"session_id": "test_session_123",
"me": "https://user.example.com",
"email": "test@example.com",
"code_verified": True,
"client_id": "https://app.example.com",
"redirect_uri": "https://app.example.com/callback",
"state": "test123",
"code_challenge": "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM",
"code_challenge_method": "S256",
"scope": "",
"response_type": "code"
}
]
mock_service.code_storage = Mock()
mock_service.code_storage.get.return_value = "test@example.com"
mock_parser = create_mock_happ_parser()
app.dependency_overrides[get_verification_service] = lambda: mock_service
app.dependency_overrides[get_auth_session_service] = lambda: mock_session
app.dependency_overrides[get_happ_parser] = lambda: mock_parser
try:
with TestClient(app) as client:
form_data = {
"domain": "user.example.com",
"session_id": "test_session_123",
"code": "000000", # Wrong code
"client_id": valid_auth_params["client_id"],
"redirect_uri": valid_auth_params["redirect_uri"],
"response_type": valid_auth_params["response_type"],
"state": valid_auth_params["state"],
"code_challenge": valid_auth_params["code_challenge"],
"code_challenge_method": valid_auth_params["code_challenge_method"],
"scope": "",
"me": valid_auth_params["me"],
}
# First attempt with wrong code
@@ -468,36 +496,48 @@ class TestFullVerificationFlow:
class TestSecurityRequirements:
"""Tests for security requirements of the fix."""
"""Tests for security requirements - email auth required every login."""
def test_unverified_domain_never_sees_consent_directly(
self, configured_app, valid_auth_params
):
"""Critical: Unverified domains must NEVER see consent page directly."""
"""Critical: Even DNS-verified domains must authenticate via email every time."""
app, db_path = configured_app
from gondulf.dependencies import get_verification_service, get_happ_parser, get_database
from gondulf.dependencies import (
get_dns_service, get_email_service, get_html_fetcher,
get_relme_parser, get_happ_parser, get_auth_session_service, get_database
)
from gondulf.database.connection import Database
from sqlalchemy import text
# Clear any pre-existing verified domain to ensure test isolation
db = Database(f"sqlite:///{db_path}")
db.initialize()
now = datetime.utcnow()
with db.get_engine().begin() as conn:
conn.execute(text("DELETE FROM domains WHERE domain = :domain"), {"domain": "user.example.com"})
conn.execute(
text("""
INSERT OR REPLACE INTO domains
(domain, email, verification_code, verified, verified_at, last_checked, two_factor)
VALUES (:domain, '', '', 1, :now, :now, 0)
"""),
{"domain": "user.example.com", "now": now}
)
mock_session = create_mock_auth_session_service()
app.dependency_overrides[get_database] = lambda: db
mock_service = create_mock_verification_service(start_success=True)
mock_parser = create_mock_happ_parser()
app.dependency_overrides[get_verification_service] = lambda: mock_service
app.dependency_overrides[get_happ_parser] = lambda: mock_parser
app.dependency_overrides[get_dns_service] = lambda: create_mock_dns_service(True)
app.dependency_overrides[get_email_service] = lambda: create_mock_email_service()
app.dependency_overrides[get_html_fetcher] = lambda: create_mock_html_fetcher("test@example.com")
app.dependency_overrides[get_relme_parser] = create_mock_relme_parser
app.dependency_overrides[get_happ_parser] = lambda: create_mock_happ_parser()
app.dependency_overrides[get_auth_session_service] = lambda: mock_session
try:
with TestClient(app) as client:
response = client.get("/authorize", params=valid_auth_params)
# The consent page should NOT be shown
# CRITICAL: The consent page should NOT be shown without email verification
assert "Authorization Request" not in response.text
# Verify code page should be shown instead
assert "Verify Your Identity" in response.text
@@ -508,14 +548,36 @@ class TestSecurityRequirements:
self, configured_app, valid_auth_params
):
"""Test that state parameter is preserved through verification flow."""
app, _ = configured_app
from gondulf.dependencies import get_verification_service, get_happ_parser
app, db_path = configured_app
from gondulf.dependencies import (
get_dns_service, get_email_service, get_html_fetcher,
get_relme_parser, get_happ_parser, get_auth_session_service, get_database
)
from gondulf.database.connection import Database
from sqlalchemy import text
mock_service = create_mock_verification_service(start_success=True)
mock_parser = create_mock_happ_parser()
db = Database(f"sqlite:///{db_path}")
db.initialize()
now = datetime.utcnow()
with db.get_engine().begin() as conn:
conn.execute(
text("""
INSERT OR REPLACE INTO domains
(domain, email, verification_code, verified, verified_at, last_checked, two_factor)
VALUES (:domain, '', '', 1, :now, :now, 0)
"""),
{"domain": "user.example.com", "now": now}
)
app.dependency_overrides[get_verification_service] = lambda: mock_service
app.dependency_overrides[get_happ_parser] = lambda: mock_parser
mock_session = create_mock_auth_session_service()
app.dependency_overrides[get_database] = lambda: db
app.dependency_overrides[get_dns_service] = lambda: create_mock_dns_service(True)
app.dependency_overrides[get_email_service] = lambda: create_mock_email_service()
app.dependency_overrides[get_html_fetcher] = lambda: create_mock_html_fetcher("test@example.com")
app.dependency_overrides[get_relme_parser] = create_mock_relme_parser
app.dependency_overrides[get_happ_parser] = lambda: create_mock_happ_parser()
app.dependency_overrides[get_auth_session_service] = lambda: mock_session
try:
unique_state = "unique_state_abc123xyz"
@@ -526,7 +588,9 @@ class TestSecurityRequirements:
response = client.get("/authorize", params=params)
assert response.status_code == 200
# State should be in hidden form field
assert f'value="{unique_state}"' in response.text or f"value='{unique_state}'" in response.text
# State is now stored in session, so we check session_id is present
assert 'name="session_id"' in response.text
# The state should be stored in the session service
assert mock_session.create_session.called
finally:
app.dependency_overrides.clear()