Add DfE sign in by pass

In review apps we can't use DfE sign in as the urls are generic and so are not registered with DfE sign in. This commit providers a form to allow testers to set the DfE sign in payload to check various sign in scenarios.
DFE-Digital · Aug 28, 2024 · eeac873 · eeac873
1 parent 20c20b0
commit eeac873
Show file tree

Hide file tree

Showing 5 changed files with 138 additions and 34 deletions.
diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb
@@ -123,6 +123,8 @@ def omniauth_hash
   end
 
   def further_education_payments_provider_callback(auth)
+    auth = params if DfESignIn.bypass?
+
     Journeys::FurtherEducationPayments::Provider::OmniauthCallbackForm.new(
       journey_session: journey_session,
       auth: auth

diff --git a/app/forms/journeys/further_education_payments/provider/omniauth_callback_form.rb b/app/forms/journeys/further_education_payments/provider/omniauth_callback_form.rb
@@ -43,10 +43,14 @@ def dfe_sign_in_service_access?
         end
 
         def dfe_sign_in_user
-          @dfe_sign_in_user ||= DfeSignIn::Api::User.new(
-            organisation_id: dfe_sign_in_organisation_id,
-            user_id: dfe_sign_in_uid
-          )
+          @dfe_sign_in_user ||= if DfESignIn.bypass?
+            StubApiUser.new(auth)
+          else
+            DfeSignIn::Api::User.new(
+              organisation_id: dfe_sign_in_organisation_id,
+              user_id: dfe_sign_in_uid
+            )
+          end
         end
 
         def dfe_sign_in_role_codes
@@ -66,6 +70,20 @@ def dfe_sign_in_last_name
         def dfe_sign_in_email
           auth.dig("info", "email")
         end
+
+        class StubApiUser
+          def initialize(params)
+            @params = params
+          end
+
+          def role_codes
+            @params.fetch("roles", {}).values.compact_blank
+          end
+
+          def service_access?
+            @params.fetch("service_access", false)
+          end
+        end
       end
     end
   end

diff --git a/app/views/further_education_payments/provider/claims/_dfe_sign_in_bypass_form.html.erb b/app/views/further_education_payments/provider/claims/_dfe_sign_in_bypass_form.html.erb
@@ -0,0 +1,80 @@
+<h2 class="govuk-heading-m">
+  Set DfE sign in payload details
+</h2>
+
+<p class="govuk-body">
+  In environments where DfE Sign-in is not enabled you can use this form to
+  set payload parameters to test different DfE Sign-in scenarios.
+</p>
+
+<p class="govuk-body">
+  By default this form is set to grant access to verify the claim.
+</p>
+
+<%= form_with(
+  url: "/further-education-payments-provider/auth/callback",
+  method: :get,
+  builder: GOVUKDesignSystemFormBuilder::FormBuilder
+) do |f| %>
+  <%= f.govuk_text_field(
+    "[extra][raw_info][organisation][ukprn]",
+    label: { text: "UKPRN" },
+    value: journey_session.answers.claim.school.ukprn
+  ) %>
+
+  <%= f.govuk_text_field(
+    "[extra][raw_info][organisation][id]",
+    label: { text: "Organisation id" },
+    value: "12345678"
+  ) %>
+
+  <%= f.govuk_text_field(
+    "uid",
+    label: { text: "DfE sign in UID" },
+    value: "12345678"
+  ) %>
+
+  <%= f.govuk_text_field(
+    "[info][first_name]",
+    label: { text: "First name" },
+    value: "Seymoure"
+  ) %>
+
+  <%= f.govuk_text_field(
+    "[info][last_name]",
+    label: { text: "Last name" },
+    value: "Skinner"
+  ) %>
+
+  <%= f.govuk_text_field(
+    "[info][email]",
+    label: { text: "Email" },
+    value: "[email protected]"
+  ) %>
+
+  <%= f.govuk_text_field(
+    "[roles][0]",
+    label: { text: "Role 1" },
+    value: Journeys::FurtherEducationPayments::Provider::CLAIM_VERIFIER_DFE_SIGN_IN_ROLE_CODE
+  ) %>
+
+  <%= f.govuk_text_field("[roles][1]", label: { text: "Role 2" }) %>
+
+  <%= f.govuk_text_field("[roles][2]", label: { text: "Role 3" }) %>
+
+  <%= f.govuk_check_box(
+    "service_access",
+    true,
+    false,
+    label: { text: "Claim service access"},
+    multiple: false,
+    checked: true
+  ) %>
+
+  <%= f.submit(class: "govuk-button govuk-button--start") do %>
+    Start now
+    <svg class="govuk-button__start-icon" xmlns="http://www.w3.org/2000/svg" width="17.5" height="19" viewBox="0 0 33 40" aria-hidden="true" focusable="false">
+      <path fill="currentColor" d="M0 0h13l20 20-20 20H0l20-20z" />
+    </svg>
+  <% end %>
+<% end %>
diff --git a/app/views/further_education_payments/provider/claims/sign_in.html.erb b/app/views/further_education_payments/provider/claims/sign_in.html.erb
@@ -21,17 +21,21 @@
       account yet, we will help you create one.
     </p>
 
-    <%= button_to(
-      "/further-education-payments-provider/auth/dfe_fe_provider",
-      class: "govuk-button govuk-button--start",
-      data: {
-        module: "govuk-button"
-      }
-    ) do %>
-      Start now
-      <svg class="govuk-button__start-icon" xmlns="http://www.w3.org/2000/svg" width="17.5" height="19" viewBox="0 0 33 40" aria-hidden="true" focusable="false">
-        <path fill="currentColor" d="M0 0h13l20 20-20 20H0l20-20z" />
-      </svg>
+    <% if DfESignIn.bypass? %>
+      <%= render "dfe_sign_in_bypass_form" %>
+    <% else %>
+      <%= button_to(
+        "/further-education-payments-provider/auth/dfe_fe_provider",
+        class: "govuk-button govuk-button--start",
+        data: {
+          module: "govuk-button"
+        }
+      ) do %>
+        Start now
+        <svg class="govuk-button__start-icon" xmlns="http://www.w3.org/2000/svg" width="17.5" height="19" viewBox="0 0 33 40" aria-hidden="true" focusable="false">
+          <path fill="currentColor" d="M0 0h13l20 20-20 20H0l20-20z" />
+        </svg>
+      <% end %>
     <% end %>
   </div>
 </div>
diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb
@@ -71,26 +71,26 @@ def self.bypass?
       issuer:
         ("#{dfe_sign_in_issuer_uri}:#{dfe_sign_in_issuer_uri.port}" if dfe_sign_in_issuer_uri.present?)
     }
-  end
 
-  provider :openid_connect, {
-    name: :dfe_fe_provider,
-    discovery: true,
-    response_type: :code,
-    scope: %i[openid email organisation first_name last_name],
-    callback_path: dfe_sign_in_fe_provider_callback_path,
-    path_prefix: "/further-education-payments-provider/auth",
-    client_options: {
-      port: dfe_sign_in_issuer_uri&.port,
-      scheme: dfe_sign_in_issuer_uri&.scheme,
-      host: dfe_sign_in_issuer_uri&.host,
-      identifier: ENV["DFE_SIGN_IN_IDENTIFIER"],
-      secret: ENV["DFE_SIGN_IN_SECRET"],
-      redirect_uri: dfe_sign_in_fe_provider_redirect_uri&.to_s
-    },
-    issuer:
-       ("#{dfe_sign_in_issuer_uri}:#{dfe_sign_in_issuer_uri.port}" if dfe_sign_in_issuer_uri.present?)
-  }
+    provider :openid_connect, {
+      name: :dfe_fe_provider,
+      discovery: true,
+      response_type: :code,
+      scope: %i[openid email organisation first_name last_name],
+      callback_path: dfe_sign_in_fe_provider_callback_path,
+      path_prefix: "/further-education-payments-provider/auth",
+      client_options: {
+        port: dfe_sign_in_issuer_uri&.port,
+        scheme: dfe_sign_in_issuer_uri&.scheme,
+        host: dfe_sign_in_issuer_uri&.host,
+        identifier: ENV["DFE_SIGN_IN_IDENTIFIER"],
+        secret: ENV["DFE_SIGN_IN_SECRET"],
+        redirect_uri: dfe_sign_in_fe_provider_redirect_uri&.to_s
+      },
+      issuer:
+         ("#{dfe_sign_in_issuer_uri}:#{dfe_sign_in_issuer_uri.port}" if dfe_sign_in_issuer_uri.present?)
+    }
+  end
 
   provider :openid_connect, {
     name: :tid,