Merge pull request #9093 from CitizenLabDotCo/TAN-2794-keycloak-impro…

…vements

[TAN-2794] Added the ability to hide verification methods from the front end (for Oslo)

back/app/models/app_configuration.rb

@@ -147,7 +147,7 @@ def closest_locale_to(locale)
   end
 
   def public_settings
-    @public_settings ||= SettingsService.new.remove_private_settings(settings, Settings.json_schema)
+    @public_settings ||= SettingsService.new.format_for_front_end(settings, Settings.json_schema)
   end
 
   def location

back/app/services/settings_service.rb

@@ -67,14 +67,8 @@ def remove_additional_settings(settings, schema)
     res
   end
 
-  def remove_private_settings(settings, schema)
-    res = settings.deep_dup
-    schema['properties'].each do |feature, feature_schema|
-      feature_schema['properties'].each do |setting, setting_schema|
-        res[feature]&.delete(setting) if setting_schema['private']
-      end
-    end
-    res
+  def format_for_front_end(settings, schema)
+    remove_private_settings(settings, schema)
   end
 
   def activate_feature!(feature, config: nil, settings: {})
@@ -112,7 +106,19 @@ def minimal_required_settings(locales: ['en'], lifecycle_stage: 'demo')
 
   private
 
+  def remove_private_settings(settings, schema)
+    res = settings.deep_dup
+    schema['properties'].each do |feature, feature_schema|
+      feature_schema['properties'].each do |setting, setting_schema|
+        res[feature]&.delete(setting) if setting_schema['private']
+      end
+    end
+    res
+  end
+
   def default_setting(schema, feature, setting)
     schema.dig('properties', feature, 'properties', setting, 'default')
   end
 end
+
+SettingsService.prepend(Verification::Patches::SettingsService)

back/config/schemas/settings.schema.json.erb

@@ -1368,6 +1368,8 @@
     "id_gent_rrn": ["verification"],
     "id_oostende_rrn": ["verification"],
     "id_id_card_lookup": ["verification"],
+    "id_keycloak": ["verification"],
+
     "power_bi": ["public_api_tokens"],
     "large_summaries": ["analysis"],
     "ask_a_question": ["analysis"],

back/engines/commercial/id_keycloak/app/lib/id_keycloak/keycloak_omniauth.rb

@@ -46,8 +46,8 @@ def verification_prioritized?
     end
 
     def email_confirmed?(auth)
-      # Response will tell us if the email is verified
-      auth&.info&.email_verified
+      # Even if the response says the email is NOT verified, we assume that it is if email is present
+      auth&.info&.email.present?
     end
 
     def filter_auth_to_persist(auth)

back/engines/commercial/id_keycloak/app/lib/id_keycloak/keycloak_verification.rb

@@ -22,6 +22,8 @@ def config_parameters
         domain
         client_id
         client_secret
+        enabled_for_verified_actions
+        hide_from_profile
       ]
     end
 
@@ -31,6 +33,16 @@ def config_parameters_schema
           type: 'string',
           description: 'The name this verification method will have in the UI',
           default: 'ID-Porten'
+        },
+        enabled_for_verified_actions: {
+          private: true,
+          type: 'boolean',
+          description: 'Whether this verification method should be enabled for verified actions.'
+        },
+        hide_from_profile: {
+          private: true,
+          type: 'boolean',
+          description: 'Should verification be hidden in the user profile and under the username?'
         }
       }
     end
@@ -56,5 +68,13 @@ def profile_to_uid(auth)
     def updateable_user_attrs
       super + %i[first_name last_name]
     end
+
+    def enabled_for_verified_actions?
+      config[:enabled_for_verified_actions] || false
+    end
+
+    def ui_method_name
+      config[:ui_method_name] || name
+    end
   end
 end

back/engines/commercial/verification/app/services/verification/patches/settings_service.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Verification
+  module Patches
+    module SettingsService
+      def format_for_front_end(settings, schema)
+        settings = disable_verification_if_no_methods_enabled(settings)
+        super
+      end
+
+      private
+
+      # Ensures the FE does not show verification if:
+      # a) There are no verification methods
+      # b) All verification methods are flagged as 'hide_from_profile'
+      def disable_verification_if_no_methods_enabled(settings)
+        return settings if !settings['verification'] || settings['verification']['enabled'] == false
+
+        enabled = settings['verification']['verification_methods'].present?
+        enabled = false if settings['verification']['verification_methods']&.pluck('hide_from_profile')&.all?(true)
+
+        settings['verification']['enabled'] = enabled
+        settings
+      end
+    end
+  end
+end

back/engines/commercial/verification/spec/services/settings_service_spec.rb

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe SettingsService do
+  let(:ss) { described_class.new }
+
+  describe 'disable_verification_if_no_methods_enabled' do
+    it 'disables verification if there are no methods enabled' do
+      settings = {
+        'verification' => {
+          'allowed' => true,
+          'enabled' => true
+        }
+      }
+
+      updated_settings = ss.send(:disable_verification_if_no_methods_enabled, settings)
+      expect(updated_settings['verification']['enabled']).to be false
+    end
+
+    it 'disables verification if all methods are hidden from the profile' do
+      settings = {
+        'verification' => {
+          'allowed' => true,
+          'enabled' => true,
+          'verification_methods' => [
+            {
+              'name' => 'nemlog_in',
+              'hide_from_profile' => true
+            },
+            {
+              'name' => 'keycloak',
+              'hide_from_profile' => true
+            }
+          ]
+        }
+      }
+
+      updated_settings = ss.send(:disable_verification_if_no_methods_enabled, settings)
+      expect(updated_settings['verification']['enabled']).to be false
+    end
+
+    it 'does not disable verification if at least one method is NOT hidden from the profile' do
+      settings = {
+        'verification' => {
+          'allowed' => true,
+          'enabled' => true,
+          'verification_methods' => [
+            {
+              'name' => 'nemlog_in'
+            },
+            {
+              'name' => 'keycloak',
+              'hide_in_profile' => true
+            }
+          ]
+        }
+      }
+
+      updated_settings = ss.send(:disable_verification_if_no_methods_enabled, settings)
+      expect(updated_settings['verification']['enabled']).to be true
+    end
+  end
+end

back/spec/services/settings_service_spec.rb

@@ -194,7 +194,7 @@
     end
   end
 
-  describe 'remove_private_settings' do
+  describe 'format_for_front_end' do
     let(:schema) do
       {
         'type' => 'object',
@@ -214,7 +214,7 @@
       settings = {
         'a' => { 'settings1' => true }
       }
-      expect(ss.remove_private_settings(settings, schema)).to eq settings
+      expect(ss.format_for_front_end(settings, schema)).to eq settings
     end
 
     it 'removes private settings' do
@@ -224,7 +224,7 @@
       expected_settings = {
         'a' => { 'settings1' => true }
       }
-      expect(ss.remove_private_settings(settings, schema)).to eq expected_settings
+      expect(ss.format_for_front_end(settings, schema)).to eq expected_settings
     end
   end
 end