From 4b09ce32ad8492f056621b3e15f6c40368e2f977 Mon Sep 17 00:00:00 2001 From: Riley Anderson Date: Thu, 11 Apr 2024 14:55:12 -0600 Subject: [PATCH] Move terms_of_use enabled_clients to settings (#16294) --- config/settings.yml | 1 + lib/saml/post_url_service.rb | 6 +---- lib/saml/url_service.rb | 2 -- .../v1/sessions_controller_spec.rb | 26 +++++++++++++------ spec/lib/saml/post_url_service_spec.rb | 12 ++++++--- 5 files changed, 28 insertions(+), 19 deletions(-) diff --git a/config/settings.yml b/config/settings.yml index b96a0d93058..6658613b94d 100644 --- a/config/settings.yml +++ b/config/settings.yml @@ -85,6 +85,7 @@ sign_in: terms_of_use: current_version: v1 provisioner_cookie_domain: localhost + enabled_clients: vaweb, mhv, myvahealth lockbox: master_key: "0d78eaf0e90d4e7b8910c9112e16e66d8b00ec4054a89aa426e32712a13371e9" diff --git a/lib/saml/post_url_service.rb b/lib/saml/post_url_service.rb index bf97005fd82..d16313784d4 100644 --- a/lib/saml/post_url_service.rb +++ b/lib/saml/post_url_service.rb @@ -114,11 +114,7 @@ def build_sso_url(link_authn_context, authn_con_compare = 'exact') end def enabled_tou_clients - if Settings.vsp_environment == 'production' - TERMS_OF_USE_ENABLED_CLIENTS - else - TERMS_OF_USE_ENABLED_CLIENTS_LOWERS - end + Settings.terms_of_use.enabled_clients.split(',').collect(&:strip) end end end diff --git a/lib/saml/url_service.rb b/lib/saml/url_service.rb index 9acd8d2fae2..9ee8371c520 100644 --- a/lib/saml/url_service.rb +++ b/lib/saml/url_service.rb @@ -25,8 +25,6 @@ class URLService WEB_CLIENT_ID = 'web' MOBILE_CLIENT_ID = 'mobile' UNIFIED_SIGN_IN_CLIENTS = %w[vaweb mhv myvahealth ebenefits vamobile vaoccmobile].freeze - TERMS_OF_USE_ENABLED_CLIENTS = %w[].freeze - TERMS_OF_USE_ENABLED_CLIENTS_LOWERS = %w[vaweb mhv myvahealth].freeze TERMS_OF_USE_DECLINED_PATH = '/terms-of-use/declined' attr_reader :saml_settings, :session, :user, :authn_context, :type, :query_params, :tracker diff --git a/spec/controllers/v1/sessions_controller_spec.rb b/spec/controllers/v1/sessions_controller_spec.rb index 3b8fcc9e116..0447796f1c9 100644 --- a/spec/controllers/v1/sessions_controller_spec.rb +++ b/spec/controllers/v1/sessions_controller_spec.rb @@ -502,13 +502,16 @@ def expect_logger_msg(level, msg) context 'when user has not accepted the current terms of use' do let(:user) { build(:user, loa, uuid:, idme_uuid: uuid) } + let(:application) { 'some-applicaton' } before do SAMLRequestTracker.create(uuid: login_uuid, payload: { type: 'idme', application: }) end - context 'and authentication occurred with a application in TERMS_OF_USE_ENABLED_CLIENTS' do - let(:application) { SAML::URLService::TERMS_OF_USE_ENABLED_CLIENTS.first } + context 'and authentication occurred with a application in Settings.terms_of_use.enabled_clients' do + before do + allow(Settings.terms_of_use).to receive(:enabled_clients).and_return(application) + end it 'redirects to terms of use page' do expect(call_endpoint).to redirect_to( @@ -517,8 +520,10 @@ def expect_logger_msg(level, msg) end end - context 'and authentication occurred with an application not in TERMS_OF_USE_ENABLED_CLIENTS' do - let(:application) { 'foobar' } + context 'and authentication occurred with an application not in Settings.terms_of_use.enabled_clients' do + before do + allow(Settings.terms_of_use).to receive(:enabled_clients).and_return('') + end it 'redirects to expected auth page' do expect(call_endpoint).to redirect_to(expected_redirect_url) @@ -540,13 +545,16 @@ def expect_logger_msg(level, msg) context 'when user has not accepted the current terms of use' do let(:user) { build(:user, loa, uuid:, idme_uuid: uuid) } + let(:application) { 'some-applicaton' } before do SAMLRequestTracker.create(uuid: login_uuid, payload: { type: 'idme', application: }) end - context 'and authentication occurred with a application in TERMS_OF_USE_ENABLED_CLIENTS' do - let(:application) { SAML::URLService::TERMS_OF_USE_ENABLED_CLIENTS.first } + context 'and authentication occurred with a application in Settings.terms_of_use.enabled_clients' do + before do + allow(Settings.terms_of_use).to receive(:enabled_clients).and_return(application) + end it 'redirects to terms of use page' do expect(call_endpoint).to redirect_to( @@ -555,8 +563,10 @@ def expect_logger_msg(level, msg) end end - context 'and authentication occurred with an application not in TERMS_OF_USE_ENABLED_CLIENTS' do - let(:application) { 'foobar' } + context 'and authentication occurred with an application not in Settings.terms_of_use.enabled_clients' do + before do + allow(Settings.terms_of_use).to receive(:enabled_clients).and_return('') + end it 'redirects to expected auth page' do expect(call_endpoint).to redirect_to(expected_redirect_url) diff --git a/spec/lib/saml/post_url_service_spec.rb b/spec/lib/saml/post_url_service_spec.rb index 5a45c3e270f..692020efd7a 100644 --- a/spec/lib/saml/post_url_service_spec.rb +++ b/spec/lib/saml/post_url_service_spec.rb @@ -613,8 +613,10 @@ let(:expected_log_message) { 'Redirecting to /terms-of-use' } let(:expected_log_payload) { { type: :ssoe } } - context 'when tracker application is within TERMS_OF_USE_ENABLED_CLIENTS' do - let(:application) { SAML::URLService::TERMS_OF_USE_ENABLED_CLIENTS_LOWERS.first } + context 'when tracker application is within Settings.terms_of_use.enabled_clients' do + before do + allow(Settings.terms_of_use).to receive(:enabled_clients).and_return(application) + end context 'and authentication is occuring on a review instance' do let(:review_instance_slug) { 'some-review-instance-slug' } @@ -660,8 +662,10 @@ end end - context 'when tracker application is not within TERMS_OF_USE_ENABLED_CLIENTS' do - let(:application) { 'some-application' } + context 'when tracker application is not within Settings.terms_of_use.enabled_clients' do + before do + allow(Settings.terms_of_use).to receive(:enabled_clients).and_return('') + end it 'has a login redirect url with success not embedded in a terms of use page' do expect(subject.terms_of_use_redirect_url)