From eeac8733fec46bc077fa44d9e249e6aea10bc302 Mon Sep 17 00:00:00 2001 From: Richard Lynch Date: Thu, 22 Aug 2024 17:23:42 +0100 Subject: [PATCH] Add DfE sign in by pass In review apps we can't use DfE sign in as the urls are generic and so are not registered with DfE sign in. This commit providers a form to allow testers to set the DfE sign in payload to check various sign in scenarios. --- .../omniauth_callbacks_controller.rb | 2 + .../provider/omniauth_callback_form.rb | 26 +++++- .../claims/_dfe_sign_in_bypass_form.html.erb | 80 +++++++++++++++++++ .../provider/claims/sign_in.html.erb | 26 +++--- config/initializers/omniauth.rb | 38 ++++----- 5 files changed, 138 insertions(+), 34 deletions(-) create mode 100644 app/views/further_education_payments/provider/claims/_dfe_sign_in_bypass_form.html.erb diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb index 35145faabb..f0d51b5dbd 100644 --- a/app/controllers/omniauth_callbacks_controller.rb +++ b/app/controllers/omniauth_callbacks_controller.rb @@ -123,6 +123,8 @@ def omniauth_hash end def further_education_payments_provider_callback(auth) + auth = params if DfESignIn.bypass? + Journeys::FurtherEducationPayments::Provider::OmniauthCallbackForm.new( journey_session: journey_session, auth: auth diff --git a/app/forms/journeys/further_education_payments/provider/omniauth_callback_form.rb b/app/forms/journeys/further_education_payments/provider/omniauth_callback_form.rb index d433e341df..6ff29c68a6 100644 --- a/app/forms/journeys/further_education_payments/provider/omniauth_callback_form.rb +++ b/app/forms/journeys/further_education_payments/provider/omniauth_callback_form.rb @@ -43,10 +43,14 @@ def dfe_sign_in_service_access? end def dfe_sign_in_user - @dfe_sign_in_user ||= DfeSignIn::Api::User.new( - organisation_id: dfe_sign_in_organisation_id, - user_id: dfe_sign_in_uid - ) + @dfe_sign_in_user ||= if DfESignIn.bypass? + StubApiUser.new(auth) + else + DfeSignIn::Api::User.new( + organisation_id: dfe_sign_in_organisation_id, + user_id: dfe_sign_in_uid + ) + end end def dfe_sign_in_role_codes @@ -66,6 +70,20 @@ def dfe_sign_in_last_name def dfe_sign_in_email auth.dig("info", "email") end + + class StubApiUser + def initialize(params) + @params = params + end + + def role_codes + @params.fetch("roles", {}).values.compact_blank + end + + def service_access? + @params.fetch("service_access", false) + end + end end end end diff --git a/app/views/further_education_payments/provider/claims/_dfe_sign_in_bypass_form.html.erb b/app/views/further_education_payments/provider/claims/_dfe_sign_in_bypass_form.html.erb new file mode 100644 index 0000000000..81662c7603 --- /dev/null +++ b/app/views/further_education_payments/provider/claims/_dfe_sign_in_bypass_form.html.erb @@ -0,0 +1,80 @@ +

+ Set DfE sign in payload details +

+ +

+ In environments where DfE Sign-in is not enabled you can use this form to + set payload parameters to test different DfE Sign-in scenarios. +

+ +

+ By default this form is set to grant access to verify the claim. +

+ +<%= form_with( + url: "/further-education-payments-provider/auth/callback", + method: :get, + builder: GOVUKDesignSystemFormBuilder::FormBuilder +) do |f| %> + <%= f.govuk_text_field( + "[extra][raw_info][organisation][ukprn]", + label: { text: "UKPRN" }, + value: journey_session.answers.claim.school.ukprn + ) %> + + <%= f.govuk_text_field( + "[extra][raw_info][organisation][id]", + label: { text: "Organisation id" }, + value: "12345678" + ) %> + + <%= f.govuk_text_field( + "uid", + label: { text: "DfE sign in UID" }, + value: "12345678" + ) %> + + <%= f.govuk_text_field( + "[info][first_name]", + label: { text: "First name" }, + value: "Seymoure" + ) %> + + <%= f.govuk_text_field( + "[info][last_name]", + label: { text: "Last name" }, + value: "Skinner" + ) %> + + <%= f.govuk_text_field( + "[info][email]", + label: { text: "Email" }, + value: "seymoure.skinner@springfield-elementary.edu" + ) %> + + <%= f.govuk_text_field( + "[roles][0]", + label: { text: "Role 1" }, + value: Journeys::FurtherEducationPayments::Provider::CLAIM_VERIFIER_DFE_SIGN_IN_ROLE_CODE + ) %> + + <%= f.govuk_text_field("[roles][1]", label: { text: "Role 2" }) %> + + <%= f.govuk_text_field("[roles][2]", label: { text: "Role 3" }) %> + + <%= f.govuk_check_box( + "service_access", + true, + false, + label: { text: "Claim service access"}, + multiple: false, + checked: true + ) %> + + <%= f.submit(class: "govuk-button govuk-button--start") do %> + Start now + + <% end %> +<% end %> diff --git a/app/views/further_education_payments/provider/claims/sign_in.html.erb b/app/views/further_education_payments/provider/claims/sign_in.html.erb index 0c53a9e0a2..fb02449bf5 100644 --- a/app/views/further_education_payments/provider/claims/sign_in.html.erb +++ b/app/views/further_education_payments/provider/claims/sign_in.html.erb @@ -21,17 +21,21 @@ account yet, we will help you create one.

- <%= button_to( - "/further-education-payments-provider/auth/dfe_fe_provider", - class: "govuk-button govuk-button--start", - data: { - module: "govuk-button" - } - ) do %> - Start now - + <% if DfESignIn.bypass? %> + <%= render "dfe_sign_in_bypass_form" %> + <% else %> + <%= button_to( + "/further-education-payments-provider/auth/dfe_fe_provider", + class: "govuk-button govuk-button--start", + data: { + module: "govuk-button" + } + ) do %> + Start now + + <% end %> <% end %> diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb index e15de40f9e..b880164f15 100644 --- a/config/initializers/omniauth.rb +++ b/config/initializers/omniauth.rb @@ -71,26 +71,26 @@ def self.bypass? issuer: ("#{dfe_sign_in_issuer_uri}:#{dfe_sign_in_issuer_uri.port}" if dfe_sign_in_issuer_uri.present?) } - end - provider :openid_connect, { - name: :dfe_fe_provider, - discovery: true, - response_type: :code, - scope: %i[openid email organisation first_name last_name], - callback_path: dfe_sign_in_fe_provider_callback_path, - path_prefix: "/further-education-payments-provider/auth", - client_options: { - port: dfe_sign_in_issuer_uri&.port, - scheme: dfe_sign_in_issuer_uri&.scheme, - host: dfe_sign_in_issuer_uri&.host, - identifier: ENV["DFE_SIGN_IN_IDENTIFIER"], - secret: ENV["DFE_SIGN_IN_SECRET"], - redirect_uri: dfe_sign_in_fe_provider_redirect_uri&.to_s - }, - issuer: - ("#{dfe_sign_in_issuer_uri}:#{dfe_sign_in_issuer_uri.port}" if dfe_sign_in_issuer_uri.present?) - } + provider :openid_connect, { + name: :dfe_fe_provider, + discovery: true, + response_type: :code, + scope: %i[openid email organisation first_name last_name], + callback_path: dfe_sign_in_fe_provider_callback_path, + path_prefix: "/further-education-payments-provider/auth", + client_options: { + port: dfe_sign_in_issuer_uri&.port, + scheme: dfe_sign_in_issuer_uri&.scheme, + host: dfe_sign_in_issuer_uri&.host, + identifier: ENV["DFE_SIGN_IN_IDENTIFIER"], + secret: ENV["DFE_SIGN_IN_SECRET"], + redirect_uri: dfe_sign_in_fe_provider_redirect_uri&.to_s + }, + issuer: + ("#{dfe_sign_in_issuer_uri}:#{dfe_sign_in_issuer_uri.port}" if dfe_sign_in_issuer_uri.present?) + } + end provider :openid_connect, { name: :tid,