Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature In Progress - Add no access page #580

Closed
wants to merge 18 commits into from
Closed

Feature In Progress - Add no access page #580

wants to merge 18 commits into from

Conversation

dynamictulip
Copy link
Collaborator

@dynamictulip dynamictulip commented Oct 30, 2024
edited
Loading

Changes the auth processes in FIAT to allow unauthorised users to be redirected to a "No Access" page.

User Story 135671: Build: Authentication - Add access-denied screen

Changes

No Access specific changes

  • Add ADR about "No Access" page
  • Create authorised FIAT user role and add role requirement to authorisation
  • Add no access page and add redirect logic (described in ADR)
  • Hide header and footer areas not accessible to users without FIAT access
  • Make cookies, accessibility statement and privacy notice pages accessible to users without FIAT access
  • Update MockHttpContext to have separate cookie mocks and to mock user authentication state

Other changes:

  • Fix Privacy page having incorrect width
  • Move EnvironmentExtensions.cs into the Extensions folder
  • Change SameSite setting for the login cookie to current Microsoft recommendation of Lax
  • Move FIAT cookie names to static config class
  • Update name of cookie consent cookie to be consistent with application name and what is displayed in the Cookie UI

(This was a long running piece of work with change of direction which originally touched these areas)

Screenshots of UI changes

New "No Access" page

image

Header changes

Authorised user (No change)

image

Unauthorised user

image

Footer changes

Authorised user (No change)

image

Unauthorised user

image

Checklist

  • Pull request attached to the appropriate user story in Azure DevOps
  • ADR decision log updated (if needed)
  • Release notes added to CHANGELOG.md
  • Testing complete - all manual and automated tests pass

@dynamictulip
Add check to see if User has access to FIAT
4086ea3
@dynamictulip
Hide header and footer areas not accessible to users without FIAT access
1fa6d8a 
Also test BasePageModel and ContentPageModel in their own dedicated test files and only test changes to default behaviour in subclasses
@dynamictulip
Move EnvironmentExtensions.cs into the Extensions folder
3d39ed4
@dynamictulip
Add role requirement to authorisation
dcbb005 
This is to enable a redirect to a friendly page for users that are authenticated with DfE AD but do not have access to FIAT
@dynamictulip
Fix Privacy page having incorrect width
d5d4611
@dynamictulip
Add no access page
4f69cf6
@dynamictulip
Make some basic content pages accessible to users not set up to use FIAT
f4c658c
@dynamictulip
Move authorised user role name into a static config class
dc13189
@dynamictulip
Move FIAT cookie names to static config class
b257340
@dynamictulip
Change SameSite setting for the login cookie to current Microsoft r…
1f430a8 
…ecommendation of `Lax`

It can't be `Strict` because auth is done externally to the application
@dynamictulip
Add more flexible mock user authentication setup
8e46bd0
@dynamictulip
Split out cookie mocks
c4dc96a
@dynamictulip
Add redirect to no access page
f9277c1 
This is to enable a log in retry for users who may have stale role claims in their auth cookie. ADR to follow
@dynamictulip
Reduce nested branching by checking for return url first
be02b00
@dynamictulip
Add ADR
211d0b1
@dynamictulip
Share an anonymous page model between always accessible pages
0eaa92f 
Reduces code, makes it easier to see which pages have anonymous access and aggregates the behavior into one place
@dynamictulip dynamictulip mentioned this pull request Oct 30, 2024
Closed
4 tasks
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@dynamictulip
Copy link
Collaborator Author

Archived branch to pick up in future - archive/add-no-access-page

@dynamictulip dynamictulip deleted the add-no-access-page-feature branch January 2, 2025 14:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dneed-nimble dneed-nimble Awaiting requested review from dneed-nimble dneed-nimble will be requested when the pull request is marked ready for review dneed-nimble is a code owner

@nwarms nwarms Awaiting requested review from nwarms nwarms will be requested when the pull request is marked ready for review nwarms is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dynamictulip @dneed-nimble @CMurrell148