addressed some warnings, made sure we are asserting on the right stru…

…cture of extra in Fake keycloak strategy
mbta · Nov 5, 2024 · 736f1c1 · 736f1c1
1 parent fd58abf
commit 736f1c1
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 25 deletions.
diff --git a/config/prod.exs b/config/prod.exs
@@ -54,3 +54,11 @@ config :logger, level: :info
 #       force_ssl: [hsts: true]
 #
 # Check `Plug.SSL` for all available options in `force_ssl`.
+
+config(:ueberauth, Ueberauth,
+  providers: [
+    keycloak:
+      {Ueberauth.Strategy.Oidcc,
+       issuer: :keycloak_issuer, userinfo: true, uid_field: "email", scopes: ~w(openid email)}
+  ]
+)
diff --git a/config/runtime.exs b/config/runtime.exs
@@ -17,12 +17,6 @@ if config_env() == :prod do
     issuers: [%{name: :keycloak_issuer, issuer: System.fetch_env!("KEYCLOAK_ISSUER")}],
     providers: [keycloak: keycloak_opts]
   )
-
-  config(:ueberauth, Ueberauth,
-    keycloak:
-      {Ueberauth.Strategy.Oidcc,
-       issuer: :keycloak_issuer, userinfo: true, uid_field: "email", scopes: ~w(openid email)}
-  )
 end
 
 if guardian_secret_key = System.get_env("GUARDIAN_SECRET_KEY") do

diff --git a/config/test.exs b/config/test.exs
@@ -13,4 +13,4 @@ config :document_viewer, DocumentViewerWeb.Endpoint,
 config :document_viewer, DocumentViewerWeb.AuthManager, secret_key: "test key"
 
 # Print only warnings and errors during test
-config :logger, level: :warn
+config :logger, level: :warning
diff --git a/lib/document_viewer_web/controllers/auth_controller.ex b/lib/document_viewer_web/controllers/auth_controller.ex
@@ -13,14 +13,6 @@ defmodule DocumentViewerWeb.AuthController do
   alias DocumentViewerWeb.AuthManager
   alias DocumentViewerWeb.UserActionLogger
 
-  def request(conn, %{"provider" => provider}) when provider != "keycloak" do
-    send_resp(conn, 404, "Not Found")
-  end
-
-  def callback(conn, %{"provider" => provider}) when provider != "keycloak" do
-    send_resp(conn, 404, "Not Found")
-  end
-
   @doc """
   This is called when a user returns from logging in. They'll return with information that
   Ueberauth extracts from the request and puts into assigns for us, which we can then use
@@ -29,7 +21,12 @@ defmodule DocumentViewerWeb.AuthController do
   def callback(
         %{
           assigns: %{
-            ueberauth_auth: %Ueberauth.Auth{uid: username, credentials: credentials, extra: extra}
+            ueberauth_auth: %Ueberauth.Auth{
+              uid: username,
+              credentials: credentials,
+              extra: extra,
+              provider: :keycloak
+            }
           }
         } = conn,
         _params
@@ -49,22 +46,20 @@ defmodule DocumentViewerWeb.AuthController do
       |> Plug.Conn.put_session(:username, username)
       |> redirect(to: ~p"/")
     else
-      log_errors("Document viewer role not found in the roles for user: #{roles}")
-      redirect_to_my_charlie(conn)
+      Logger.warning("Document viewer role not found in the roles for user: #{roles}")
+      redirect_to_dotcom(conn)
     end
   end
 
   def callback(%{assigns: %{ueberauth_failure: ueberauth_failure}} = conn, _params) do
-    ueberauth_failure |> IO.inspect(limit: :infinity, label: "FAIL")
-
     log_errors(ueberauth_failure)
-    redirect_to_my_charlie(conn)
+    redirect_to_dotcom(conn)
   end
 
   # If a user gets a failure from Ueberauth, we want to redirect them away from this site.
   # Since everything on this site requires authorization, they will get trapped
   # in an infinite loop of redirects otherwise.
-  defp redirect_to_my_charlie(conn) do
+  defp redirect_to_dotcom(conn) do
     conn
     |> Guardian.Plug.sign_out(AuthManager, [])
     |> redirect(external: "https://www.mbta.com")

diff --git a/test/document_viewer_web/ueberauth/strategy/fake_test.exs b/test/document_viewer_web/ueberauth/strategy/fake_test.exs
@@ -10,15 +10,25 @@ defmodule DocumentViewerWeb.Ueberauth.Strategy.FakeTest do
              refresh_token: "fake_refresh_token",
              expires: true,
              expires_at: System.system_time(:second) + 60 * 60
-             # other: %{groups: ["document-viewer"]}
            }
   end
 
   test "info returns an empty Info struct" do
     assert Fake.info(%{}) == %Info{}
   end
 
-  test "extra returns an Extra struct with empty raw_info" do
-    assert Fake.extra(%{}) == %Extra{raw_info: %{}}
+  test "extra returns an Extra struct with expected roles" do
+    assert Fake.extra(%{}) == %Extra{
+             raw_info: %{
+               claims: %{"aud" => "fake_aud"},
+               userinfo: %{
+                 "resource_access" => %{
+                   "fake_aud" => %{
+                     "roles" => ["document-viewer-admin"]
+                   }
+                 }
+               }
+             }
+           }
   end
 end