From 147c93f5916d7f8ec156074b5f06bce67b1f03d5 Mon Sep 17 00:00:00 2001
From: Richard Lynch
Date: Thu, 22 Aug 2024 17:23:42 +0100
Subject: [PATCH] Add DfE sign in by pass
In review apps we can't use DfE sign in as the urls are generic and so
are not registered with DfE sign in. This commit providers a form to
allow testers to set the DfE sign in payload to check various sign in
scenarios.
---
.../omniauth_callbacks_controller.rb | 2 +
.../provider/omniauth_callback_form.rb | 26 +++++-
.../claims/_dfe_sign_in_bypass_form.html.erb | 80 +++++++++++++++++++
.../provider/claims/sign_in.html.erb | 26 +++---
config/initializers/omniauth.rb | 38 ++++-----
5 files changed, 138 insertions(+), 34 deletions(-)
create mode 100644 app/views/further_education_payments/provider/claims/_dfe_sign_in_bypass_form.html.erb
diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb
index 35145faabb..f0d51b5dbd 100644
--- a/app/controllers/omniauth_callbacks_controller.rb
+++ b/app/controllers/omniauth_callbacks_controller.rb
@@ -123,6 +123,8 @@ def omniauth_hash
end
def further_education_payments_provider_callback(auth)
+ auth = params if DfESignIn.bypass?
+
Journeys::FurtherEducationPayments::Provider::OmniauthCallbackForm.new(
journey_session: journey_session,
auth: auth
diff --git a/app/forms/journeys/further_education_payments/provider/omniauth_callback_form.rb b/app/forms/journeys/further_education_payments/provider/omniauth_callback_form.rb
index d433e341df..6ff29c68a6 100644
--- a/app/forms/journeys/further_education_payments/provider/omniauth_callback_form.rb
+++ b/app/forms/journeys/further_education_payments/provider/omniauth_callback_form.rb
@@ -43,10 +43,14 @@ def dfe_sign_in_service_access?
end
def dfe_sign_in_user
- @dfe_sign_in_user ||= DfeSignIn::Api::User.new(
- organisation_id: dfe_sign_in_organisation_id,
- user_id: dfe_sign_in_uid
- )
+ @dfe_sign_in_user ||= if DfESignIn.bypass?
+ StubApiUser.new(auth)
+ else
+ DfeSignIn::Api::User.new(
+ organisation_id: dfe_sign_in_organisation_id,
+ user_id: dfe_sign_in_uid
+ )
+ end
end
def dfe_sign_in_role_codes
@@ -66,6 +70,20 @@ def dfe_sign_in_last_name
def dfe_sign_in_email
auth.dig("info", "email")
end
+
+ class StubApiUser
+ def initialize(params)
+ @params = params
+ end
+
+ def role_codes
+ @params.fetch("roles", {}).values.compact_blank
+ end
+
+ def service_access?
+ @params.fetch("service_access", false)
+ end
+ end
end
end
end
diff --git a/app/views/further_education_payments/provider/claims/_dfe_sign_in_bypass_form.html.erb b/app/views/further_education_payments/provider/claims/_dfe_sign_in_bypass_form.html.erb
new file mode 100644
index 0000000000..dbec9dd04a
--- /dev/null
+++ b/app/views/further_education_payments/provider/claims/_dfe_sign_in_bypass_form.html.erb
@@ -0,0 +1,80 @@
+
+ Set DfE sign in payload details
+
+
+
+ In environments where DfE Sign-in is not enabled you can use this form to
+ set payload parameters to test different DfE Sign-in scenarios.
+
+
+
+ By default this form is set to grant access to verify the claim.
+
+
+<%= form_with(
+ url: "/further-education-payments-provider/auth/callback",
+ method: :get,
+ builder: GOVUKDesignSystemFormBuilder::FormBuilder
+) do |f| %>
+ <%= f.govuk_text_field(
+ "[extra][raw_info][organisation][ukprn]",
+ label: { text: "UKPRN" },
+ value: journey_session.answers.claim.school.ukprn
+ ) %>
+
+ <%= f.govuk_text_field(
+ "[extra][raw_info][organisation][id]",
+ label: { text: "Organisation id" },
+ value: "12345678"
+ ) %>
+
+ <%= f.govuk_text_field(
+ "uid",
+ label: { text: "DfE sign in UID" },
+ value: "12345678"
+ ) %>
+
+ <%= f.govuk_text_field(
+ "[info][first_name]",
+ label: { text: "First name" },
+ value: "Seymoure"
+ ) %>
+
+ <%= f.govuk_text_field(
+ "[info][last_name]",
+ label: { text: "Last name" },
+ value: "Skinner"
+ ) %>
+
+ <%= f.govuk_text_field(
+ "[info][email]",
+ label: { text: "Email" },
+ value: "seymoure.skinner@springfield-elementary.edu"
+ ) %>
+
+ <%= f.govuk_text_field(
+ "[roles][0]",
+ label: { text: "Role 1" },
+ value: Journeys::FurtherEducationPayments::Provider::CLAIM_VERIFIER_DFE_SIGN_IN_ROLE_CODE
+ ) %>
+
+ <%= f.govuk_check_box(
+ "service_access",
+ true,
+ false,
+ label: { text: "Claim service access"},
+ multiple: false,
+ checked: true
+ ) %>
+
+ <%= f.govuk_text_field("[roles][1]", label: { text: "Role 2" }) %>
+
+ <%= f.govuk_text_field("[roles][2]", label: { text: "Role 3" }) %>
+
+ <%= f.submit(class: "govuk-button govuk-button--start") do %>
+ Start now
+
+ <% end %>
+<% end %>
diff --git a/app/views/further_education_payments/provider/claims/sign_in.html.erb b/app/views/further_education_payments/provider/claims/sign_in.html.erb
index 0c53a9e0a2..fb02449bf5 100644
--- a/app/views/further_education_payments/provider/claims/sign_in.html.erb
+++ b/app/views/further_education_payments/provider/claims/sign_in.html.erb
@@ -21,17 +21,21 @@
account yet, we will help you create one.
- <%= button_to(
- "/further-education-payments-provider/auth/dfe_fe_provider",
- class: "govuk-button govuk-button--start",
- data: {
- module: "govuk-button"
- }
- ) do %>
- Start now
-
+ <% if DfESignIn.bypass? %>
+ <%= render "dfe_sign_in_bypass_form" %>
+ <% else %>
+ <%= button_to(
+ "/further-education-payments-provider/auth/dfe_fe_provider",
+ class: "govuk-button govuk-button--start",
+ data: {
+ module: "govuk-button"
+ }
+ ) do %>
+ Start now
+
+ <% end %>
<% end %>
diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb
index e15de40f9e..b880164f15 100644
--- a/config/initializers/omniauth.rb
+++ b/config/initializers/omniauth.rb
@@ -71,26 +71,26 @@ def self.bypass?
issuer:
("#{dfe_sign_in_issuer_uri}:#{dfe_sign_in_issuer_uri.port}" if dfe_sign_in_issuer_uri.present?)
}
- end
- provider :openid_connect, {
- name: :dfe_fe_provider,
- discovery: true,
- response_type: :code,
- scope: %i[openid email organisation first_name last_name],
- callback_path: dfe_sign_in_fe_provider_callback_path,
- path_prefix: "/further-education-payments-provider/auth",
- client_options: {
- port: dfe_sign_in_issuer_uri&.port,
- scheme: dfe_sign_in_issuer_uri&.scheme,
- host: dfe_sign_in_issuer_uri&.host,
- identifier: ENV["DFE_SIGN_IN_IDENTIFIER"],
- secret: ENV["DFE_SIGN_IN_SECRET"],
- redirect_uri: dfe_sign_in_fe_provider_redirect_uri&.to_s
- },
- issuer:
- ("#{dfe_sign_in_issuer_uri}:#{dfe_sign_in_issuer_uri.port}" if dfe_sign_in_issuer_uri.present?)
- }
+ provider :openid_connect, {
+ name: :dfe_fe_provider,
+ discovery: true,
+ response_type: :code,
+ scope: %i[openid email organisation first_name last_name],
+ callback_path: dfe_sign_in_fe_provider_callback_path,
+ path_prefix: "/further-education-payments-provider/auth",
+ client_options: {
+ port: dfe_sign_in_issuer_uri&.port,
+ scheme: dfe_sign_in_issuer_uri&.scheme,
+ host: dfe_sign_in_issuer_uri&.host,
+ identifier: ENV["DFE_SIGN_IN_IDENTIFIER"],
+ secret: ENV["DFE_SIGN_IN_SECRET"],
+ redirect_uri: dfe_sign_in_fe_provider_redirect_uri&.to_s
+ },
+ issuer:
+ ("#{dfe_sign_in_issuer_uri}:#{dfe_sign_in_issuer_uri.port}" if dfe_sign_in_issuer_uri.present?)
+ }
+ end
provider :openid_connect, {
name: :tid,