Simplify authentication for development

This removes the need to enter username/password credentials when testing or development and only requires the service_open feature flag to be specified in production.
DFE-Digital · Mar 27, 2024 · f1585b1 · f1585b1
1 parent 3578f25
commit f1585b1
Show file tree

Hide file tree

Showing 66 changed files with 25 additions and 205 deletions.
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -9,8 +9,7 @@ class ApplicationController < ActionController::Base
   default_form_builder GOVUKDesignSystemFormBuilder::FormBuilder
   layout "two_thirds"
 
-  before_action :authenticate,
-                unless: -> { FeatureFlags::FeatureFlag.active?(:service_open) }
+  before_action :authenticate_support!, unless: :service_open?
 
   def current_user
     nil
@@ -20,25 +19,15 @@ def current_user
 
   private
 
-  def authenticate
-    valid_credentials = [
-      {
-        username: ENV.fetch("SUPPORT_USERNAME", "support"),
-        password: ENV.fetch("SUPPORT_PASSWORD", "support"),
-      },
-    ]
-
-    if FeatureFlags::FeatureFlag.active?(:staff_test_user)
-      valid_credentials.push(
-        {
-          username: ENV.fetch("TEST_USERNAME", "test"),
-          password: ENV.fetch("TEST_PASSWORD", "test"),
-        },
-      )
-    end
-
+  def authenticate_support!
     authenticate_or_request_with_http_basic do |username, password|
-      valid_credentials.include?({ username:, password: })
+      username == ENV.fetch("SUPPORT_USERNAME") &&
+        password == ENV.fetch("SUPPORT_PASSWORD")
     end
   end
+
+  def service_open?
+    Rails.env.development? || Rails.env.test? ||
+      FeatureFlags::FeatureFlag.active?(:service_open)
+  end
 end
diff --git a/app/controllers/staff/omniauth_callbacks_controller.rb b/app/controllers/staff/omniauth_callbacks_controller.rb
@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 class Staff::OmniauthCallbacksController < Devise::OmniauthCallbacksController
-  skip_before_action :authenticate
+  skip_before_action :authenticate_support!
 
   def azure_activedirectory_v2
     auth = request.env["omniauth.auth"]

diff --git a/config/feature_flags.yml b/config/feature_flags.yml
@@ -21,13 +21,6 @@ feature_flags:
     author: Richard Pattinson
     description: Allow users to sign in using accounts in Active Directory.
 
-  staff_test_user:
-    author: David Feetenby
-    description: >
-      Add extra user with access to the eligibility checker for user research.
-      When service_open is deactivated, and this flag is enabled, the user will
-      have full access to the service. Should be inactive on production.
-
   teacher_applications:
     author: Thomas Leese
     description: >

diff --git a/spec/controllers/assessor_interface/uploads_controller_spec.rb b/spec/controllers/assessor_interface/uploads_controller_spec.rb
@@ -3,8 +3,6 @@
 require "rails_helper"
 
 RSpec.describe AssessorInterface::UploadsController, type: :controller do
-  before { FeatureFlags::FeatureFlag.activate(:service_open) }
-
   let(:staff) { create(:staff, :with_assess_permission, :confirmed) }
   let(:application_form) { create(:application_form) }
 

diff --git a/spec/controllers/history_controller_spec.rb b/spec/controllers/history_controller_spec.rb
@@ -3,8 +3,6 @@
 require "rails_helper"
 
 RSpec.describe HistoryController, type: :controller do
-  before { FeatureFlags::FeatureFlag.activate(:service_open) }
-
   describe "GET back" do
     let(:default) { "/fallback" }
 

diff --git a/spec/controllers/teacher_interface/age_range_controller_spec.rb b/spec/controllers/teacher_interface/age_range_controller_spec.rb
@@ -3,8 +3,6 @@
 require "rails_helper"
 
 RSpec.describe TeacherInterface::AgeRangeController, type: :controller do
-  before { FeatureFlags::FeatureFlag.activate(:service_open) }
-
   let(:teacher) { create(:teacher) }
   let(:application_form) { create(:application_form, teacher:) }
 

diff --git a/spec/controllers/teacher_interface/documents_controller_spec.rb b/spec/controllers/teacher_interface/documents_controller_spec.rb
@@ -3,8 +3,6 @@
 require "rails_helper"
 
 RSpec.describe TeacherInterface::DocumentsController, type: :controller do
-  before { FeatureFlags::FeatureFlag.activate(:service_open) }
-
   let(:teacher) { create(:teacher) }
   let(:application_form) { create(:application_form, teacher:) }
 

diff --git a/spec/controllers/teacher_interface/english_language_controller_spec.rb b/spec/controllers/teacher_interface/english_language_controller_spec.rb
@@ -3,8 +3,6 @@
 require "rails_helper"
 
 RSpec.describe TeacherInterface::EnglishLanguageController, type: :controller do
-  before { FeatureFlags::FeatureFlag.activate(:service_open) }
-
   let(:teacher) { create(:teacher) }
   let(:application_form) { create(:application_form, teacher:) }
 

diff --git a/spec/controllers/teacher_interface/personal_information_controller_spec.rb b/spec/controllers/teacher_interface/personal_information_controller_spec.rb
@@ -4,8 +4,6 @@
 
 RSpec.describe TeacherInterface::PersonalInformationController,
                type: :controller do
-  before { FeatureFlags::FeatureFlag.activate(:service_open) }
-
   let(:teacher) { create(:teacher) }
   let(:application_form) { create(:application_form, teacher:) }
 

diff --git a/spec/controllers/teacher_interface/qualifications_controller_spec.rb b/spec/controllers/teacher_interface/qualifications_controller_spec.rb
@@ -3,8 +3,6 @@
 require "rails_helper"
 
 RSpec.describe TeacherInterface::QualificationsController, type: :controller do
-  before { FeatureFlags::FeatureFlag.activate(:service_open) }
-
   let(:teacher) { create(:teacher) }
   let!(:application_form) { create(:application_form, teacher:) }
 

diff --git a/spec/controllers/teacher_interface/registration_number_controller_spec.rb b/spec/controllers/teacher_interface/registration_number_controller_spec.rb
@@ -4,8 +4,6 @@
 
 RSpec.describe TeacherInterface::RegistrationNumberController,
                type: :controller do
-  before { FeatureFlags::FeatureFlag.activate(:service_open) }
-
   let(:teacher) { create(:teacher) }
   let(:application_form) { create(:application_form, teacher:) }
 

diff --git a/spec/controllers/teacher_interface/subjects_controller_spec.rb b/spec/controllers/teacher_interface/subjects_controller_spec.rb
@@ -3,8 +3,6 @@
 require "rails_helper"
 
 RSpec.describe TeacherInterface::SubjectsController, type: :controller do
-  before { FeatureFlags::FeatureFlag.activate(:service_open) }
-
   let(:teacher) { create(:teacher) }
   let(:application_form) { create(:application_form, teacher:) }
 

diff --git a/spec/controllers/teacher_interface/uploads_controller_spec.rb b/spec/controllers/teacher_interface/uploads_controller_spec.rb
@@ -3,8 +3,6 @@
 require "rails_helper"
 
 RSpec.describe TeacherInterface::UploadsController, type: :controller do
-  before { FeatureFlags::FeatureFlag.activate(:service_open) }
-
   let(:teacher) { create(:teacher) }
   let(:application_form) { create(:application_form, teacher:) }
 

diff --git a/spec/controllers/teacher_interface/work_histories_controller_spec.rb b/spec/controllers/teacher_interface/work_histories_controller_spec.rb
@@ -3,8 +3,6 @@
 require "rails_helper"
 
 RSpec.describe TeacherInterface::WorkHistoriesController, type: :controller do
-  before { FeatureFlags::FeatureFlag.activate(:service_open) }
-
   let(:teacher) { create(:teacher) }
   let(:application_form) { create(:application_form, teacher:) }
 

diff --git a/spec/requests/staff_sign_in_spec.rb b/spec/requests/staff_sign_in_spec.rb
@@ -1,15 +1,9 @@
 require "rails_helper"
 
 RSpec.describe "Staff sign in", type: :request do
-  before do
-    FeatureFlags::FeatureFlag.activate(:service_open)
-    FeatureFlags::FeatureFlag.activate(:sign_in_with_active_directory)
-  end
+  before { FeatureFlags::FeatureFlag.activate(:sign_in_with_active_directory) }
 
-  after do
-    FeatureFlags::FeatureFlag.deactivate(:service_open)
-    FeatureFlags::FeatureFlag.deactivate(:sign_in_with_active_directory)
-  end
+  after { FeatureFlags::FeatureFlag.deactivate(:sign_in_with_active_directory) }
 
   shared_examples "an Azure login" do
     it "redirects to Azure login" do

diff --git a/spec/requests/throttling_spec.rb b/spec/requests/throttling_spec.rb
@@ -1,8 +1,6 @@
 require "rails_helper"
 
 RSpec.describe "Throttling", rack_attack: true do
-  before { FeatureFlags::FeatureFlag.activate(:service_open) }
-
   shared_examples "throttled" do |path|
     context path do
       subject(:cache_count) do

diff --git a/spec/support/system_helpers.rb b/spec/support/system_helpers.rb
@@ -1,19 +1,9 @@
+# frozen_string_literal: true
+
 module SystemHelpers
   include PageHelpers
   include Warden::Test::Helpers
 
-  def given_the_service_is_open
-    FeatureFlags::FeatureFlag.activate(:service_open)
-  end
-
-  def given_the_service_is_closed
-    FeatureFlags::FeatureFlag.deactivate(:service_open)
-  end
-
-  def given_the_service_allows_teacher_applications
-    FeatureFlags::FeatureFlag.activate(:teacher_applications)
-  end
-
   def given_an_eligible_eligibility_check(country_check:)
     country = create(:country, :with_national_region, code: "GB-SCT")
     country.regions.first.update!(
@@ -80,8 +70,8 @@ def given_i_am_authorized_as_an_assessor_user
     user =
       create(
         :staff,
-        :with_assess_permission,
         :confirmed,
+        :with_assess_permission,
         name: "Authorized User",
       )
     given_i_am_authorized_as_a_user(user)
@@ -91,8 +81,8 @@ def given_i_am_authorized_as_an_admin_user
     user =
       create(
         :staff,
-        :with_verify_permission,
         :confirmed,
+        :with_verify_permission,
         name: "Authorized User",
       )
     given_i_am_authorized_as_a_user(user)
@@ -123,27 +113,12 @@ def given_malware_scanning_is_enabled(scan_result: "No threats found")
     allow(stubbed_service).to receive(:call).and_return(stubbed_response)
   end
 
-  def when_i_am_authorized_as_a_test_user
-    page.driver.basic_authorize(
-      ENV.fetch("TEST_USERNAME", "test"),
-      ENV.fetch("TEST_PASSWORD", "test"),
-    )
-  end
-
   def when_i_sign_out
     sign_out @user
   end
 
   alias_method :then_i_sign_out, :when_i_sign_out
 
-  def given_the_test_user_is_disabled
-    FeatureFlags::FeatureFlag.deactivate(:staff_test_user)
-  end
-
-  def given_the_test_user_is_enabled
-    FeatureFlags::FeatureFlag.activate(:staff_test_user)
-  end
-
   def when_i_choose_yes
     choose "Yes", visible: false
   end

diff --git a/spec/system/assessor_interface/assigning_assessor_spec.rb b/spec/system/assessor_interface/assigning_assessor_spec.rb
@@ -3,10 +3,7 @@
 require "rails_helper"
 
 RSpec.describe "Assigning an assessor", type: :system do
-  before do
-    given_the_service_is_open
-    given_there_is_an_application_form
-  end
+  before { given_there_is_an_application_form }
 
   it "assigns an assessor" do
     given_i_am_authorized_as_an_assessor_user

diff --git a/spec/system/assessor_interface/authentication_spec.rb b/spec/system/assessor_interface/authentication_spec.rb
@@ -4,7 +4,6 @@
 
 RSpec.describe "Assessor authentication", type: :system do
   it "allows signing in and signing out" do
-    given_the_service_is_open
     given_staff_exist
 
     when_i_visit_the(:assessor_applications_page)

diff --git a/spec/system/assessor_interface/change_application_form_name_spec.rb b/spec/system/assessor_interface/change_application_form_name_spec.rb
@@ -3,10 +3,7 @@
 require "rails_helper"
 
 RSpec.describe "Assessor change application form name", type: :system do
-  before do
-    given_the_service_is_open
-    given_there_is_an_application_form
-  end
+  before { given_there_is_an_application_form }
 
   it "checks manage applications permission" do
     given_i_am_authorized_as_a_user(assessor)

diff --git a/spec/system/assessor_interface/change_work_history_spec.rb b/spec/system/assessor_interface/change_work_history_spec.rb
@@ -3,10 +3,7 @@
 require "rails_helper"
 
 RSpec.describe "Assessor change work history", type: :system do
-  before do
-    given_the_service_is_open
-    given_there_is_an_application_form
-  end
+  before { given_there_is_an_application_form }
 
   it "checks manage applications permission" do
     given_i_am_authorized_as_a_user(assessor)

diff --git a/spec/system/assessor_interface/checking_submitted_details_spec.rb b/spec/system/assessor_interface/checking_submitted_details_spec.rb
@@ -2,7 +2,6 @@
 
 RSpec.describe "Assessor check submitted details", type: :system do
   before do
-    given_the_service_is_open
     given_there_is_an_application_form
     given_i_am_authorized_as_an_assessor_user
   end

diff --git a/spec/system/assessor_interface/completing_assessment_spec.rb b/spec/system/assessor_interface/completing_assessment_spec.rb
@@ -25,7 +25,6 @@
   end
 
   it "award" do
-    given_the_service_is_open
     given_i_am_authorized_as_an_assessor_user
     given_there_is_an_awardable_application_form(%i[old_regs])
     given_i_can_request_dqt_api
@@ -85,7 +84,6 @@
   end
 
   it "verify" do
-    given_the_service_is_open
     given_i_am_authorized_as_an_assessor_user
     given_there_is_an_awardable_application_form_with_work_history
 
@@ -139,7 +137,6 @@
   end
 
   it "verify with reduced evidence" do
-    given_the_service_is_open
     given_i_am_authorized_as_an_assessor_user
     given_there_is_an_awardable_application_form_with_reduced_evidence
 
@@ -179,7 +176,6 @@
   end
 
   it "decline" do
-    given_the_service_is_open
     given_i_am_authorized_as_an_assessor_user
     given_there_is_a_declinable_application_form
 

diff --git a/spec/system/assessor_interface/confirming_english_language_exemption_spec.rb b/spec/system/assessor_interface/confirming_english_language_exemption_spec.rb
@@ -2,7 +2,6 @@
 
 RSpec.describe "Assessor confirms English language section", type: :system do
   it "exemption via citizenship in the Personal Information section" do
-    given_the_service_is_open
     given_there_is_an_application_form
     and_the_application_states_english_language_exemption_by_citizenship
     given_i_am_authorized_as_an_assessor_user
@@ -39,7 +38,6 @@
   end
 
   it "exemption via qualification in the Qualifications section" do
-    given_the_service_is_open
     given_there_is_an_application_form
     and_the_application_states_english_language_exemption_by_qualification
     given_i_am_authorized_as_an_assessor_user
@@ -72,7 +70,6 @@
   end
 
   it "confirmation of proficiency by SELT from approved provider" do
-    given_the_service_is_open
     given_there_is_an_application_form
     and_the_application_english_language_proof_method_is_provider
     given_i_am_authorized_as_an_assessor_user
@@ -91,7 +88,6 @@
   end
 
   it "confirmation of proficiency by medium of instruction document" do
-    given_the_service_is_open
     given_there_is_an_application_form
     and_the_application_english_language_proof_method_is_moi
     given_i_am_authorized_as_an_assessor_user

diff --git a/spec/system/assessor_interface/creating_note_spec.rb b/spec/system/assessor_interface/creating_note_spec.rb
@@ -4,7 +4,6 @@
 
 RSpec.describe "Creating a note", type: :system do
   it "creates a note" do
-    given_the_service_is_open
     given_i_am_authorized_as_an_assessor_user
     given_there_is_an_application_form
 

diff --git a/spec/system/assessor_interface/duplicate_applicant_application_form_spec.rb b/spec/system/assessor_interface/duplicate_applicant_application_form_spec.rb
@@ -3,7 +3,6 @@
 RSpec.describe "Assessor views duplicate applicant's application form",
                type: :system do
   it "displays information about the duplicate applicant" do
-    given_the_service_is_open
     given_i_am_authorized_as_an_assessor_user
     given_there_is_an_application_form
     and_the_applicant_matches_a_record_in_dqt