diff --git a/back/app/models/app_configuration.rb b/back/app/models/app_configuration.rb index f4b4ffbbeed6..f966ce1842dc 100644 --- a/back/app/models/app_configuration.rb +++ b/back/app/models/app_configuration.rb @@ -147,7 +147,7 @@ def closest_locale_to(locale) end def public_settings - @public_settings ||= SettingsService.new.remove_private_settings(settings, Settings.json_schema) + @public_settings ||= SettingsService.new.format_for_front_end(settings, Settings.json_schema) end def location diff --git a/back/app/services/settings_service.rb b/back/app/services/settings_service.rb index 8dfcca335f23..2801f82d50f2 100644 --- a/back/app/services/settings_service.rb +++ b/back/app/services/settings_service.rb @@ -67,14 +67,8 @@ def remove_additional_settings(settings, schema) res end - def remove_private_settings(settings, schema) - res = settings.deep_dup - schema['properties'].each do |feature, feature_schema| - feature_schema['properties'].each do |setting, setting_schema| - res[feature]&.delete(setting) if setting_schema['private'] - end - end - res + def format_for_front_end(settings, schema) + remove_private_settings(settings, schema) end def activate_feature!(feature, config: nil, settings: {}) @@ -112,7 +106,19 @@ def minimal_required_settings(locales: ['en'], lifecycle_stage: 'demo') private + def remove_private_settings(settings, schema) + res = settings.deep_dup + schema['properties'].each do |feature, feature_schema| + feature_schema['properties'].each do |setting, setting_schema| + res[feature]&.delete(setting) if setting_schema['private'] + end + end + res + end + def default_setting(schema, feature, setting) schema.dig('properties', feature, 'properties', setting, 'default') end end + +SettingsService.prepend(Verification::Patches::SettingsService) diff --git a/back/config/schemas/settings.schema.json.erb b/back/config/schemas/settings.schema.json.erb index 0caded5124d1..d6979f6f1335 100644 --- a/back/config/schemas/settings.schema.json.erb +++ b/back/config/schemas/settings.schema.json.erb @@ -1368,6 +1368,8 @@ "id_gent_rrn": ["verification"], "id_oostende_rrn": ["verification"], "id_id_card_lookup": ["verification"], + "id_keycloak": ["verification"], + "power_bi": ["public_api_tokens"], "large_summaries": ["analysis"], "ask_a_question": ["analysis"], diff --git a/back/engines/commercial/id_keycloak/app/lib/id_keycloak/keycloak_omniauth.rb b/back/engines/commercial/id_keycloak/app/lib/id_keycloak/keycloak_omniauth.rb index f9f1627475f0..c3eb0052ccfd 100644 --- a/back/engines/commercial/id_keycloak/app/lib/id_keycloak/keycloak_omniauth.rb +++ b/back/engines/commercial/id_keycloak/app/lib/id_keycloak/keycloak_omniauth.rb @@ -46,8 +46,8 @@ def verification_prioritized? end def email_confirmed?(auth) - # Response will tell us if the email is verified - auth&.info&.email_verified + # Even if the response says the email is NOT verified, we assume that it is if email is present + auth&.info&.email.present? end def filter_auth_to_persist(auth) diff --git a/back/engines/commercial/id_keycloak/app/lib/id_keycloak/keycloak_verification.rb b/back/engines/commercial/id_keycloak/app/lib/id_keycloak/keycloak_verification.rb index 82a931d9fa79..89e71313efa4 100644 --- a/back/engines/commercial/id_keycloak/app/lib/id_keycloak/keycloak_verification.rb +++ b/back/engines/commercial/id_keycloak/app/lib/id_keycloak/keycloak_verification.rb @@ -22,6 +22,8 @@ def config_parameters domain client_id client_secret + enabled_for_verified_actions + hide_from_profile ] end @@ -31,6 +33,16 @@ def config_parameters_schema type: 'string', description: 'The name this verification method will have in the UI', default: 'ID-Porten' + }, + enabled_for_verified_actions: { + private: true, + type: 'boolean', + description: 'Whether this verification method should be enabled for verified actions.' + }, + hide_from_profile: { + private: true, + type: 'boolean', + description: 'Should verification be hidden in the user profile and under the username?' } } end @@ -56,5 +68,13 @@ def profile_to_uid(auth) def updateable_user_attrs super + %i[first_name last_name] end + + def enabled_for_verified_actions? + config[:enabled_for_verified_actions] || false + end + + def ui_method_name + config[:ui_method_name] || name + end end end diff --git a/back/engines/commercial/verification/app/services/verification/patches/settings_service.rb b/back/engines/commercial/verification/app/services/verification/patches/settings_service.rb new file mode 100644 index 000000000000..c1f3ad5dee9e --- /dev/null +++ b/back/engines/commercial/verification/app/services/verification/patches/settings_service.rb @@ -0,0 +1,27 @@ +# frozen_string_literal: true + +module Verification + module Patches + module SettingsService + def format_for_front_end(settings, schema) + settings = disable_verification_if_no_methods_enabled(settings) + super + end + + private + + # Ensures the FE does not show verification if: + # a) There are no verification methods + # b) All verification methods are flagged as 'hide_from_profile' + def disable_verification_if_no_methods_enabled(settings) + return settings if !settings['verification'] || settings['verification']['enabled'] == false + + enabled = settings['verification']['verification_methods'].present? + enabled = false if settings['verification']['verification_methods']&.pluck('hide_from_profile')&.all?(true) + + settings['verification']['enabled'] = enabled + settings + end + end + end +end diff --git a/back/engines/commercial/verification/spec/services/settings_service_spec.rb b/back/engines/commercial/verification/spec/services/settings_service_spec.rb new file mode 100644 index 000000000000..44854435f777 --- /dev/null +++ b/back/engines/commercial/verification/spec/services/settings_service_spec.rb @@ -0,0 +1,64 @@ +# frozen_string_literal: true + +require 'rails_helper' + +describe SettingsService do + let(:ss) { described_class.new } + + describe 'disable_verification_if_no_methods_enabled' do + it 'disables verification if there are no methods enabled' do + settings = { + 'verification' => { + 'allowed' => true, + 'enabled' => true + } + } + + updated_settings = ss.send(:disable_verification_if_no_methods_enabled, settings) + expect(updated_settings['verification']['enabled']).to be false + end + + it 'disables verification if all methods are hidden from the profile' do + settings = { + 'verification' => { + 'allowed' => true, + 'enabled' => true, + 'verification_methods' => [ + { + 'name' => 'nemlog_in', + 'hide_from_profile' => true + }, + { + 'name' => 'keycloak', + 'hide_from_profile' => true + } + ] + } + } + + updated_settings = ss.send(:disable_verification_if_no_methods_enabled, settings) + expect(updated_settings['verification']['enabled']).to be false + end + + it 'does not disable verification if at least one method is NOT hidden from the profile' do + settings = { + 'verification' => { + 'allowed' => true, + 'enabled' => true, + 'verification_methods' => [ + { + 'name' => 'nemlog_in' + }, + { + 'name' => 'keycloak', + 'hide_in_profile' => true + } + ] + } + } + + updated_settings = ss.send(:disable_verification_if_no_methods_enabled, settings) + expect(updated_settings['verification']['enabled']).to be true + end + end +end diff --git a/back/spec/services/settings_service_spec.rb b/back/spec/services/settings_service_spec.rb index b70f4ec0cbf3..40cd90597160 100644 --- a/back/spec/services/settings_service_spec.rb +++ b/back/spec/services/settings_service_spec.rb @@ -194,7 +194,7 @@ end end - describe 'remove_private_settings' do + describe 'format_for_front_end' do let(:schema) do { 'type' => 'object', @@ -214,7 +214,7 @@ settings = { 'a' => { 'settings1' => true } } - expect(ss.remove_private_settings(settings, schema)).to eq settings + expect(ss.format_for_front_end(settings, schema)).to eq settings end it 'removes private settings' do @@ -224,7 +224,7 @@ expected_settings = { 'a' => { 'settings1' => true } } - expect(ss.remove_private_settings(settings, schema)).to eq expected_settings + expect(ss.format_for_front_end(settings, schema)).to eq expected_settings end end end