From 9486df151a2eb6d61a35e9466dbdf6c14a913086 Mon Sep 17 00:00:00 2001
From: Randy Barlow <randy@electronsweatshop.com>
Date: Mon, 4 Sep 2017 12:19:36 -0400
Subject: [PATCH] Retry auth in the bindings upon captcha key errors.

fixes #1787

Signed-off-by: Randy Barlow <randy@electronsweatshop.com>
---
 bodhi/client/bindings.py            | 12 +++++++++++-
 bodhi/tests/client/test_bindings.py | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 43 insertions(+), 1 deletion(-)

diff --git a/bodhi/client/bindings.py b/bodhi/client/bindings.py
index 57c4260..0bcd717 100644
--- a/bodhi/client/bindings.py
+++ b/bodhi/client/bindings.py
@@ -73,13 +73,23 @@ def errorhandled(method):
     def wrapper(*args, **kwargs):
         try:
             result = method(*args, **kwargs)
+            # Bodhi allows comments to be written by unauthenticated users if they solve a Captcha.
+            # Due to this, an authentication error is not raised by the server if the client fails
+            # to authenticate for any reason, and instead an error about needing a captcha key is
+            # presented instead. If we see that error, we can just raise an AuthError to trigger the
+            # retry logic in the exception handler below.
+            if 'errors' in result:
+                for error in result['errors']:
+                    if 'name' in error and error['name'] == 'captcha_key':
+                        raise AuthError('Captcha key needed.')
         except AuthError:
-            # An AuthError can be raised for three different reasons:
+            # An AuthError can be raised for four different reasons:
             #
             # 0) The password is wrong.
             # 1) The session cookies are expired. fedora.python does not handle this automatically.
             # 2) The session cookies are not expired, but are no longer valid (for example, this can
             #    happen if the server's auth secret has changed.)
+            # 3) The client received a captcha_key error, as described in the try block above.
             #
             # We don't know the difference between the cases here, but case #1 is fairly common and
             # we can work around it and case #2 by removing the session cookies and csrf token and
diff --git a/bodhi/tests/client/test_bindings.py b/bodhi/tests/client/test_bindings.py
index 15c239a..974ecde 100644
--- a/bodhi/tests/client/test_bindings.py
+++ b/bodhi/tests/client/test_bindings.py
@@ -1001,6 +1001,38 @@ class TestErrorhandled(unittest.TestCase):
         self.assertTrue(a_fake_self.csrf_token is None)
         self.assertEqual(a_fake_self.call_count, 2)
 
+    def test_retry_on_captcha_key_failure(self):
+        """
+        Test the decorator when the wrapped method returns a captch_key error.
+
+        This test ensures that the decorator will retry the wrapped method if it returns a
+        captcha_key error, after clearing cookies and the csrf token.
+
+        This test was written to assert the fix for
+        https://github.com/fedora-infra/bodhi/issues/1787
+        """
+        a_fake_self = mock.MagicMock()
+        a_fake_self.csrf_token = 'some_token'
+        a_fake_self.call_count = 0
+
+        @bindings.errorhandled
+        def captcha_plz(a_fake_self):
+            a_fake_self.call_count = a_fake_self.call_count + 1
+
+            # Fail on the first call with a captcha_key error to simulate unauth'd user on a
+            # comment.
+            if a_fake_self.call_count == 1:
+                return {'errors': [{'name': 'captcha_key'}]}
+
+            return 'here you go'
+
+        # No Exception should be raised.
+        captcha_plz(a_fake_self)
+
+        a_fake_self._session.cookies.clear.assert_called_once_with()
+        self.assertTrue(a_fake_self.csrf_token is None)
+        self.assertEqual(a_fake_self.call_count, 2)
+
     def test_success(self):
         """
         Test the decorator for the success case.
-- 
2.9.5