From 65f72a75c87cf12abad484353fd381f88db511fd Mon Sep 17 00:00:00 2001 From: Catalin Voineag <11318084+CatalinVoineag@users.noreply.github.com> Date: Wed, 18 Dec 2024 14:18:41 +0000 Subject: [PATCH] Revert "One login auth" --- app/controllers/one_login_controller.rb | 85 ------- app/models/one_login_user.rb | 50 ----- app/models/one_login_user_bypass.rb | 29 --- .../create_account_or_sign_in.html.erb | 50 ++--- app/views/layouts/_header.html.erb | 3 +- config/application.rb | 2 +- config/initializers/omniauth.rb | 22 -- config/locales/en.yml | 1 - config/routes.rb | 8 +- lib/omniauth/one_login_setup.rb | 41 ---- .../strategies/one_login_developer.rb | 9 - lib/tasks/local_dev.rake | 7 - spec/factories/one_login_auth.rb | 7 - spec/models/one_login_user_bypass_spec.rb | 43 ---- spec/models/one_login_user_spec.rb | 68 ------ spec/requests/one_login_controller_spec.rb | 208 ------------------ spec/smoke/candidate_login_spec.rb | 24 +- spec/support/test_helpers/one_login_helper.rb | 16 -- .../candidate_signs_in_spec.rb | 94 -------- 19 files changed, 29 insertions(+), 738 deletions(-) delete mode 100644 app/controllers/one_login_controller.rb delete mode 100644 app/models/one_login_user.rb delete mode 100644 app/models/one_login_user_bypass.rb delete mode 100644 lib/omniauth/one_login_setup.rb delete mode 100644 lib/omniauth/strategies/one_login_developer.rb delete mode 100644 spec/factories/one_login_auth.rb delete mode 100644 spec/models/one_login_user_bypass_spec.rb delete mode 100644 spec/models/one_login_user_spec.rb delete mode 100644 spec/requests/one_login_controller_spec.rb delete mode 100644 spec/support/test_helpers/one_login_helper.rb delete mode 100644 spec/system/candidate_interface/one_login_signup/candidate_signs_in_spec.rb diff --git a/app/controllers/one_login_controller.rb b/app/controllers/one_login_controller.rb deleted file mode 100644 index e9b4aa7e517..00000000000 --- a/app/controllers/one_login_controller.rb +++ /dev/null @@ -1,85 +0,0 @@ -class OneLoginController < ApplicationController - before_action :redirect_to_candidate_sign_in_unless_one_login_enabled - - def callback - auth = request.env['omniauth.auth'] - session[:one_login_id_token] = auth&.credentials&.id_token - candidate = OneLoginUser.authenticate_or_create_by(auth) - - sign_in_candidate(candidate) - - redirect_to candidate_interface_interstitial_path - rescue OneLoginUser::Error => e - session[:one_login_error] = e.message - redirect_to auth_one_login_sign_out_path - end - - def bypass_callback - one_login_user_bypass = OneLoginUserBypass.new( - token: request.env['omniauth.auth']&.uid, - ) - candidate = one_login_user_bypass.authenticate - - if candidate.present? - sign_in_candidate(candidate) - - redirect_to candidate_interface_interstitial_path - else - flash[:warning] = one_login_user_bypass.errors.full_messages.join('\n') - redirect_to candidate_interface_create_account_or_sign_in_path - end - end - - def sign_out - id_token = session[:one_login_id_token] - one_login_error = session[:one_login_error] - reset_session - - session[:one_login_error] = one_login_error - if OneLogin.bypass? - redirect_to candidate_interface_create_account_or_sign_in_path - else - # Go back to one login to sign out the user on their end as well - redirect_to logout_one_login(id_token), allow_other_host: true - end - end - - def sign_out_complete - if session[:one_login_error].present? - Sentry.capture_message(session[:one_login_error], level: :error) - redirect_to internal_server_error_path - else - redirect_to candidate_interface_create_account_or_sign_in_path - end - end - - def failure - session[:one_login_error] = "One login failure with #{params[:message]} " \ - "for one_login_id_token: #{session[:one_login_id_token]}" - - redirect_to auth_one_login_sign_out_path - end - -private - - def redirect_to_candidate_sign_in_unless_one_login_enabled - if FeatureFlag.inactive?(:one_login_candidate_sign_in) - redirect_to candidate_interface_create_account_or_sign_in_path - end - end - - def sign_in_candidate(candidate) - sign_in(candidate, scope: :candidate) - candidate.update!(last_signed_in_at: Time.zone.now) - end - - def logout_one_login(id_token_hint) - params = { - post_logout_redirect_uri: URI(auth_one_login_sign_out_complete_url), - id_token_hint:, - } - URI.parse("#{ENV['GOVUK_ONE_LOGIN_ISSUER_URL']}logout").tap do |uri| - uri.query = URI.encode_www_form(params) - end.to_s - end -end diff --git a/app/models/one_login_user.rb b/app/models/one_login_user.rb deleted file mode 100644 index 636c5bcb477..00000000000 --- a/app/models/one_login_user.rb +++ /dev/null @@ -1,50 +0,0 @@ -class OneLoginUser - class Error < StandardError; end - attr_reader :email_address, :token - - def initialize(omniauth_object) - @email_address = omniauth_object.info.email - @token = omniauth_object.uid - end - - def self.authenticate_or_create_by(omniauth_auth) - new(omniauth_auth).authenticate_or_create_by - end - - def authenticate_or_create_by - one_login_auth = OneLoginAuth.find_by(token:) - existing_candidate = Candidate.find_by(email_address:) - - return candidate_with_one_login(one_login_auth) if one_login_auth - return existing_candidate_without_one_login(existing_candidate) if existing_candidate - - create_candidate! - end - -private - - def candidate_with_one_login(one_login_auth) - one_login_auth.update!(email_address:) - one_login_auth.candidate - end - - def existing_candidate_without_one_login(existing_candidate) - if existing_candidate.one_login_auth.present? && existing_candidate.one_login_auth.token != token - raise( - Error, - "Candidate #{existing_candidate.id} has a different one login " \ - "token than the user trying to login. Token used to auth #{token}", - ) - end - - existing_candidate.create_one_login_auth!(token:, email_address:) - existing_candidate - end - - def create_candidate! - candidate = Candidate.create!(email_address:) - candidate.create_one_login_auth!(token:, email_address:) - - candidate - end -end diff --git a/app/models/one_login_user_bypass.rb b/app/models/one_login_user_bypass.rb deleted file mode 100644 index 1494a2cd30a..00000000000 --- a/app/models/one_login_user_bypass.rb +++ /dev/null @@ -1,29 +0,0 @@ -class OneLoginUserBypass - include ActiveModel::Model - - validates :token, presence: true - validate :token_format - - attr_accessor :token - - def authenticate - return unless valid? - - bypass_one_login = OneLoginAuth.find_by(token: 'dev-candidate') - - if bypass_one_login && bypass_one_login.token == token - bypass_one_login.candidate - else - errors.add(:base, "There is no candidate with #{token} uid") - nil - end - end - -private - - def token_format - return if token.nil? - - errors.add(:token, :invalid) if token.match?(URI::MailTo::EMAIL_REGEXP) - end -end diff --git a/app/views/candidate_interface/start_page/create_account_or_sign_in.html.erb b/app/views/candidate_interface/start_page/create_account_or_sign_in.html.erb index e8bf77eca6f..350a6fddd86 100644 --- a/app/views/candidate_interface/start_page/create_account_or_sign_in.html.erb +++ b/app/views/candidate_interface/start_page/create_account_or_sign_in.html.erb @@ -4,39 +4,31 @@
- <%= t('govuk.one_login_account_guidance') %> -
+- You can usually start applying for teacher training in October, the - year before your course starts. Courses can fill up quickly, so apply - as soon as you can. - <%= govuk_link_to 'Read how the application process works', candidate_interface_guidance_path %>. -
+ <%= f.govuk_submit t('continue') %> <% end %> + ++ You can usually start applying for teacher training in October, the + year before your course starts. Courses can fill up quickly, so apply + as soon as you can. + <%= govuk_link_to 'Read how the application process works', candidate_interface_guidance_path %>. +