GH-3: Introduce endpoint for unauthorized page

acteng · Oct 12, 2023 · 33ce2c0 · 33ce2c0
1 parent 2e00d88
commit 33ce2c0
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 2 deletions.
diff --git a/schemes/auth.py b/schemes/auth.py
@@ -16,13 +16,18 @@ def callback() -> BaseResponse:
     user = oauth.govuk.userinfo(token=token)
 
     if user["email"] not in current_app.extensions["users"]:
-        return Response("<h1>Unauthorized</h1>", status=401)
+        return redirect(url_for("auth.unauthorized"))
 
     session["user"] = user
     session["id_token"] = token["id_token"]
     return redirect(url_for("home.index"))
 
 
+@bp.route("/unauthorized")
+def unauthorized() -> Response:
+    return Response("<h1>Unauthorized</h1>", status=401)
+
+
 @bp.route("/logout")
 def logout() -> BaseResponse:
     id_token = session["id_token"]

diff --git a/tests/integration/test_auth.py b/tests/integration/test_auth.py
@@ -34,13 +34,19 @@ def test_callback_redirects_to_home(client: FlaskClient) -> None:
     assert response.status_code == 302 and response.location == "/home"
 
 
-def test_callback_when_unauthorized_shows_unauthorized(client: FlaskClient) -> None:
+def test_callback_when_unauthorized_redirects_to_unauthorized(client: FlaskClient) -> None:
     current_app.extensions["users"].append("[email protected]")
     _given_oidc_returns_token_response({"id_token": "jwt"})
     _given_oidc_returns_user_info(UserInfo({"email": "[email protected]"}))
 
     response = client.get("/auth")
 
+    assert response.status_code == 302 and response.location == "/auth/unauthorized"
+
+
+def test_unauthorized(client: FlaskClient) -> None:
+    response = client.get("/auth/unauthorized")
+
     assert response.status_code == 401 and response.text == "<h1>Unauthorized</h1>"