Fix: healthcheck user agents (#1285)

Author: angela-tran

benefits/__init__.py

@@ -1,3 +1,3 @@
-__version__ = "2023.01.1"
+__version__ = "2023.02.1"
 
 VERSION = __version__

benefits/core/middleware.py

@@ -109,6 +109,18 @@ def __call__(self, request):
         return self.get_response(request)
 
 
+class HealthcheckUserAgents(MiddlewareMixin):
+    """Middleware to return healthcheck for user agents specified in HEALTHCHECK_USER_AGENTS."""
+
+    def process_request(self, request):
+        if hasattr(request, "META"):
+            user_agent = request.META.get("HTTP_USER_AGENT", "")
+            if user_agent in settings.HEALTHCHECK_USER_AGENTS:
+                return HttpResponse("Healthy", content_type="text/plain")
+
+        return self.get_response(request)
+
+
 class VerifierSessionRequired(MiddlewareMixin):
     """Middleware raises an exception for sessions lacking an eligibility verifier configuration."""
 

benefits/settings.py

@@ -49,6 +49,7 @@ def _filter_empty(ls):
     "django.contrib.messages.middleware.MessageMiddleware",
     "django.middleware.locale.LocaleMiddleware",
     "benefits.core.middleware.Healthcheck",
+    "benefits.core.middleware.HealthcheckUserAgents",
     "django.middleware.common.CommonMiddleware",
     "django.middleware.csrf.CsrfViewMiddleware",
     "django.middleware.clickjacking.XFrameOptionsMiddleware",
@@ -67,6 +68,7 @@ def _filter_empty(ls):
 if DEBUG:
     MIDDLEWARE.append("benefits.core.middleware.DebugSession")
 
+HEALTHCHECK_USER_AGENTS = _filter_empty(os.environ.get("HEALTHCHECK_USER_AGENTS", "").split(","))
 
 # Azure Insights
 # https://docs.microsoft.com/en-us/azure/azure-monitor/app/opencensus-python-request#tracking-django-applications

docs/configuration/environment-variables.md

@@ -145,6 +145,14 @@ Django's primary secret, keep this safe!
 
 Comma-separated list of hosts which are trusted origins for unsafe requests (e.g. POST)
 
+### `HEALTHCHECK_USER_AGENTS`
+
+!!! warning "Deployment configuration"
+
+   You must change this setting when deploying the app to a non-localhost domain
+
+Comma-separated list of User-Agent strings which, when present as an HTTP header, should only receive healthcheck responses. Used by our `HealthcheckUserAgent` middleware.
+
 ## Cypress tests
 
 !!! tldr "Cypress docs"

tests/pytest/core/test_middleware_healthcheck_user_agent.py

@@ -0,0 +1,36 @@
+from django.test import Client
+from django.urls import reverse
+
+import pytest
+
+from benefits.core import session
+from benefits.core.models import TransitAgency
+from benefits.core.views import ROUTE_INDEX, TEMPLATE_PAGE
+
+
+@pytest.mark.django_db
+@pytest.mark.parametrize("user_agent", ["AlwaysOn", "Edge Health Probe"])
+def test_healthcheck_user_agent(mocker, user_agent):
+    mocker.patch.object(session.settings, "HEALTHCHECK_USER_AGENTS", [user_agent])
+    client = Client(HTTP_USER_AGENT=user_agent)
+
+    response = client.get(reverse(ROUTE_INDEX))
+
+    assert response.status_code == 200
+    assert response.content.decode("UTF-8") == "Healthy"
+
+
+@pytest.mark.django_db
+def test_non_healthcheck_user_agent(mocker, model_TransitAgency, client):
+    # create another Transit Agency by cloning the original to ensure there are multiple
+    # https://stackoverflow.com/a/48149675/453168
+    new_agency = TransitAgency.objects.get(pk=model_TransitAgency.id)
+    new_agency.pk = None
+    new_agency.save()
+
+    mocker.patch.object(session.settings, "HEALTHCHECK_USER_AGENTS", ["AlwaysOn"])
+
+    response = client.get(reverse(ROUTE_INDEX))
+
+    assert response.status_code == 200
+    assert response.template_name == TEMPLATE_PAGE