API-1888 adding authFilter to verify confidence level

hmrc · Aug 22, 2016 · 65aa619 · 65aa619
1 parent f2b5d3c
commit 65aa619
Show file tree

Hide file tree

Showing 13 changed files with 540 additions and 26 deletions.
diff --git a/app/uk/gov/hmrc/openidconnect/userinfo/config/microserviceGlobal.scala b/app/uk/gov/hmrc/openidconnect/userinfo/config/microserviceGlobal.scala
@@ -24,9 +24,9 @@ import play.api._
 import play.api.libs.json.Json
 import play.api.mvc.Results._
 import play.api.mvc.{RequestHeader, Result}
+import uk.gov.hmrc.openidconnect.userinfo.filters.MicroserviceAuthFilter
 import uk.gov.hmrc.play.audit.filters.AuditFilter
 import uk.gov.hmrc.play.auth.controllers.AuthParamsControllerConfig
-import uk.gov.hmrc.play.auth.microservice.filters.AuthorisationFilter
 import uk.gov.hmrc.play.config.{AppName, ControllerConfig, RunMode}
 import uk.gov.hmrc.play.http.HeaderCarrier
 import uk.gov.hmrc.play.http.logging.filters.LoggingFilter
@@ -67,23 +67,6 @@ object MicroserviceLoggingFilter extends LoggingFilter {
   override def controllerNeedsLogging(controllerName: String) = ControllerConfiguration.paramsForController(controllerName).needsLogging
 }
 
-object MicroserviceAuthFilter extends AuthorisationFilter {
-  override def apply(next: (RequestHeader) => Future[Result])(rh: RequestHeader): Future[Result] = {
-    super.apply(next)(rh) map { res =>
-      res.header.status
-      match {
-        case 401 => Status(ErrorUnauthorized.httpStatusCode)(Json.toJson(ErrorUnauthorized))
-        case _ => res
-      }
-    }
-  }
-
-  override lazy val authParamsConfig = AuthParamsControllerConfiguration
-  override lazy val authConnector = MicroserviceAuthConnector
-
-  override def controllerNeedsAuth(controllerName: String): Boolean = ControllerConfiguration.paramsForController(controllerName).needsAuth
-}
-
 object MicroserviceGlobal extends DefaultMicroserviceGlobal with RunMode with ServiceLocatorRegistration {
   override val auditConnector = MicroserviceAuditConnector
 

diff --git a/app/uk/gov/hmrc/openidconnect/userinfo/config/microserviceWiring.scala b/app/uk/gov/hmrc/openidconnect/userinfo/config/microserviceWiring.scala
@@ -18,8 +18,7 @@ package uk.gov.hmrc.openidconnect.userinfo.config
 
 import uk.gov.hmrc.play.audit.http.config.LoadAuditingConfig
 import uk.gov.hmrc.play.audit.http.connector.AuditConnector
-import uk.gov.hmrc.play.auth.microservice.connectors.AuthConnector
-import uk.gov.hmrc.play.config.{AppName, RunMode, ServicesConfig}
+import uk.gov.hmrc.play.config.{AppName, RunMode}
 import uk.gov.hmrc.play.http.ws._
 
 object WSHttp extends WSGet with WSPut with WSPost with WSDelete with WSPatch with AppName with RunMode {
@@ -29,7 +28,3 @@ object WSHttp extends WSGet with WSPut with WSPost with WSDelete with WSPatch wi
 object MicroserviceAuditConnector extends AuditConnector with RunMode {
   override lazy val auditingConfig = LoadAuditingConfig(s"$env.auditing")
 }
-
-object MicroserviceAuthConnector extends AuthConnector with ServicesConfig {
-  override val authBaseUrl = baseUrl("auth")
-}
diff --git a/app/uk/gov/hmrc/openidconnect/userinfo/connectors/AuthConnector.scala b/app/uk/gov/hmrc/openidconnect/userinfo/connectors/AuthConnector.scala
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2016 HM Revenue & Customs
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package uk.gov.hmrc.openidconnect.userinfo.connectors
+
+import play.api.Logger
+import uk.gov.hmrc.openidconnect.userinfo.config.WSHttp
+import uk.gov.hmrc.play.auth.microservice.connectors.ConfidenceLevel._
+import uk.gov.hmrc.play.config.ServicesConfig
+import uk.gov.hmrc.play.http.{HeaderCarrier, HttpGet}
+
+import scala.concurrent.ExecutionContext.Implicits.global
+import scala.concurrent.Future
+
+trait AuthConnector extends uk.gov.hmrc.play.auth.microservice.connectors.AuthConnector {
+  val authBaseUrl: String
+  val http: HttpGet
+
+  def confidenceLevel()(implicit hc: HeaderCarrier): Future[Option[Int]] = {
+      http.GET(s"$authBaseUrl/auth/authority") map {
+        resp =>
+          val cf = (resp.json \ "confidenceLevel").as[Int]
+          Some(cf)
+      } recover {
+        case e: Throwable =>
+          Logger.error("failed to retrieve auth confidenceLevel", e)
+          None
+      }
+  }
+}
+
+object AuthConnector extends AuthConnector with ServicesConfig {
+  override lazy val authBaseUrl = baseUrl("auth")
+  lazy val http = WSHttp
+}
diff --git a/app/uk/gov/hmrc/openidconnect/userinfo/domain/package.scala b/app/uk/gov/hmrc/openidconnect/userinfo/domain/package.scala
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package uk.gov.hmrc.openidconnect.userinfo
 
 import play.api.libs.json._

diff --git a/app/uk/gov/hmrc/openidconnect/userinfo/filters/MicroserviceAuthFilter.scala b/app/uk/gov/hmrc/openidconnect/userinfo/filters/MicroserviceAuthFilter.scala
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2016 HM Revenue & Customs
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package uk.gov.hmrc.openidconnect.userinfo.filters
+
+import play.api.Routes
+import play.api.mvc.{Filter, RequestHeader, Result, Results}
+import uk.gov.hmrc.openidconnect.userinfo.config.{AuthParamsControllerConfiguration, ControllerConfiguration}
+import uk.gov.hmrc.openidconnect.userinfo.services.AuthService
+import uk.gov.hmrc.play.auth.controllers.{AuthConfig, AuthParamsControllerConfig}
+import uk.gov.hmrc.play.http.HeaderCarrier
+
+import scala.concurrent.ExecutionContext.Implicits.global
+import scala.concurrent.Future
+
+trait MicroserviceAuthFilter extends Filter {
+  def apply(next: (RequestHeader) => Future[Result])(rh: RequestHeader): Future[Result] = {
+    implicit val hc = HeaderCarrier.fromHeadersAndSession(rh.headers)
+
+    def authConfig(rh: RequestHeader): Option[AuthConfig] = {
+      rh.tags.get(Routes.ROUTE_CONTROLLER).flatMap { name =>
+        if (controllerNeedsAuth(name)) Some(authParamsConfig.authConfig(name))
+        else None
+      }
+    }
+
+    authConfig(rh) match {
+      case Some(authConfig) => authService.isAuthorised().flatMap {
+        case true => next(rh)
+        case _ => Future.successful(Results.Unauthorized)
+      }
+      case _ => next(rh)
+    }
+  }
+
+  val authService: AuthService
+  val authParamsConfig: AuthParamsControllerConfig
+
+  def controllerNeedsAuth(controllerName: String): Boolean = ControllerConfiguration.paramsForController(controllerName).needsAuth
+}
+
+object MicroserviceAuthFilter extends MicroserviceAuthFilter {
+  override lazy val authService = AuthService
+  override lazy val authParamsConfig = AuthParamsControllerConfiguration
+}
diff --git a/app/uk/gov/hmrc/openidconnect/userinfo/services/AuthService.scala b/app/uk/gov/hmrc/openidconnect/userinfo/services/AuthService.scala
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2016 HM Revenue & Customs
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package uk.gov.hmrc.openidconnect.userinfo.services
+
+import uk.gov.hmrc.openidconnect.userinfo.connectors.AuthConnector
+import uk.gov.hmrc.play.auth.microservice.connectors.ConfidenceLevel.L200
+import uk.gov.hmrc.play.http.HeaderCarrier
+import scala.concurrent.ExecutionContext.Implicits.global
+
+trait AuthService {
+  val authConnector: AuthConnector
+
+  def isAuthorised()(implicit hc: HeaderCarrier) = {
+    authConnector.confidenceLevel().map { result =>
+      result match {
+        case Some(cf) => cf >= L200.level
+        case None => false
+      }
+    }
+  }
+}
+
+object AuthService extends AuthService {
+  override val authConnector = AuthConnector
+}
diff --git a/conf/application.conf b/conf/application.conf
@@ -117,6 +117,58 @@ metrics {
 
 # Microservice specific config
 
+wiremock-port = 22222
+wiremock-port = ${?WIREMOCK_PORT}
+
+Test {
+
+    auditing {
+        enabled=true
+        traceRequests=false
+
+        consumer {
+            baseUri {
+                host = ${wiremock-port}
+                port = 8100
+            }
+        }
+    }
+
+    microservice {
+        metrics {
+            graphite {
+                host = graphite
+                port = 2003
+                prefix = play.${appName}.
+                enabled = false
+            }
+        }
+
+        services {
+
+            auth {
+                host=localhost
+                port=${wiremock-port}
+            }
+
+            datastream {
+                host=localhost
+                port=${wiremock-port}
+            }
+
+            service-locator {
+                host=localhost
+                port=${wiremock-port}
+            }
+
+            auth {
+                host = localhost
+                port = ${wiremock-port}
+            }
+        }
+    }
+}
+
 Dev {
 
     auditing {
@@ -157,6 +209,11 @@ Dev {
               host=localhost
               port=9602
             }
+
+            auth {
+                host = localhost
+                port = 8500
+            }
         }
     }
 }
@@ -200,6 +257,11 @@ Prod {
                 host=service-locator.service
                 port=80
             }
+
+            auth {
+                host = auth.service
+                port = 80
+            }
         }
     }
 }
diff --git a/project/MicroserviceBuild.scala b/project/MicroserviceBuild.scala
@@ -41,10 +41,10 @@ private object AppDependencies {
   val scalaTestPlus = "org.scalatestplus" %% "play" % "1.2.0" % testScope
   val scalaHttp = "org.scalaj" %% "scalaj-http" % "1.1.5"
   val junit = "junit" % "junit" % "4.12" % testScope
-  val wireMock = "com.github.tomakehurst" % "wiremock" % "1.48" % testScope exclude("org.apache.httpcomponents", "httpclient") exclude("org.apache.httpcomponents", "httpcore")
+  val wireMock = "com.github.tomakehurst" % "wiremock" % "1.54" % testScope exclude("org.apache.httpcomponents", "httpclient") exclude("org.apache.httpcomponents", "httpcore")
 
   val compileDependencies = Seq(microserviceBootStrap, playAuthorisation, playHealth, playUrlBinders, playConfig, playJsonLogger, domain, referenceChecker, scalaCheck, playHmrcApi)
-  val testDependencies = Seq(hmrcTest, scalaTest, pegDown, playTest, scalaHttp, junit, wireMock)
+  val testDependencies = Seq(hmrcTest, scalaTest, pegDown, playTest, scalaTestPlus, scalaHttp, junit, wireMock)
 
   def apply() = compileDependencies ++ testDependencies
 }