From 9486df151a2eb6d61a35e9466dbdf6c14a913086 Mon Sep 17 00:00:00 2001

From: Randy Barlow <randy@electronsweatshop.com>

Date: Mon, 4 Sep 2017 12:19:36 -0400

Subject: [PATCH] Retry auth in the bindings upon captcha key errors.

fixes #1787

Signed-off-by: Randy Barlow <randy@electronsweatshop.com>

---

 bodhi/client/bindings.py            | 12 +++++++++++-

 bodhi/tests/client/test_bindings.py | 32 ++++++++++++++++++++++++++++++++

 2 files changed, 43 insertions(+), 1 deletion(-)

diff --git a/bodhi/client/bindings.py b/bodhi/client/bindings.py

index 57c4260..0bcd717 100644

--- a/bodhi/client/bindings.py

+++ b/bodhi/client/bindings.py

@@ -73,13 +73,23 @@ def errorhandled(method):

     def wrapper(*args, **kwargs):

         try:

             result = method(*args, **kwargs)

+            # Bodhi allows comments to be written by unauthenticated users if they solve a Captcha.

+            # Due to this, an authentication error is not raised by the server if the client fails

+            # to authenticate for any reason, and instead an error about needing a captcha key is

+            # presented instead. If we see that error, we can just raise an AuthError to trigger the

+            # retry logic in the exception handler below.

+            if 'errors' in result:

+                for error in result['errors']:

+                    if 'name' in error and error['name'] == 'captcha_key':

+                        raise AuthError('Captcha key needed.')

         except AuthError:

-            # An AuthError can be raised for three different reasons:

+            # An AuthError can be raised for four different reasons:

             #

             # 0) The password is wrong.

             # 1) The session cookies are expired. fedora.python does not handle this automatically.

             # 2) The session cookies are not expired, but are no longer valid (for example, this can

             #    happen if the server's auth secret has changed.)

+            # 3) The client received a captcha_key error, as described in the try block above.

             #

             # We don't know the difference between the cases here, but case #1 is fairly common and

             # we can work around it and case #2 by removing the session cookies and csrf token and

diff --git a/bodhi/tests/client/test_bindings.py b/bodhi/tests/client/test_bindings.py

index 15c239a..974ecde 100644

--- a/bodhi/tests/client/test_bindings.py

+++ b/bodhi/tests/client/test_bindings.py

@@ -1001,6 +1001,38 @@ class TestErrorhandled(unittest.TestCase):

         self.assertTrue(a_fake_self.csrf_token is None)

         self.assertEqual(a_fake_self.call_count, 2)

+    def test_retry_on_captcha_key_failure(self):

+        """

+        Test the decorator when the wrapped method returns a captch_key error.

+

+        This test ensures that the decorator will retry the wrapped method if it returns a

+        captcha_key error, after clearing cookies and the csrf token.

+

+        This test was written to assert the fix for

+        https://github.com/fedora-infra/bodhi/issues/1787

+        """

+        a_fake_self = mock.MagicMock()

+        a_fake_self.csrf_token = 'some_token'

+        a_fake_self.call_count = 0

+

+        @bindings.errorhandled

+        def captcha_plz(a_fake_self):

+            a_fake_self.call_count = a_fake_self.call_count + 1

+

+            # Fail on the first call with a captcha_key error to simulate unauth'd user on a

+            # comment.

+            if a_fake_self.call_count == 1:

+                return {'errors': [{'name': 'captcha_key'}]}

+

+            return 'here you go'

+

+        # No Exception should be raised.

+        captcha_plz(a_fake_self)

+

+        a_fake_self._session.cookies.clear.assert_called_once_with()

+        self.assertTrue(a_fake_self.csrf_token is None)

+        self.assertEqual(a_fake_self.call_count, 2)

+

     def test_success(self):

         """

         Test the decorator for the success case.

-- 

2.9.5