Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add constraint and config options #300

Merged
merged 7 commits into from
Apr 29, 2024
Merged

Add constraint and config options #300

merged 7 commits into from
Apr 29, 2024

Conversation

AlexAvlonitis
Copy link
Contributor

@AlexAvlonitis AlexAvlonitis commented Apr 23, 2024
edited

  • Adds config for warden to not intercept 401 requests
    This config allows apps to change the default behaviour of intercepting 401 requests, by including an initialiser:
    GDS::SSO.config { |config| config.intercept_401_responses = false }.
    For example apps that also include basic http auth would probably need this option.

  • Adds authorised user constraint so that consumer apps can easily add a permission based constraint.

  • Add PermissionDeniedError error class under GDS::SSO namespace and a warning log message that the existing PermissionDeniedException should be deprecated on a new major release.

  • Extract the user authorisation logic into a separate class and Re-use authorisation logic in the controller_methods class

more info : https://trello.com/c/qb1qpwnr/1369-additional-functionality-to-gds-sso-gem-for-intercepting-401s-and-providing-a-route-constraint

@AlexAvlonitis AlexAvlonitis changed the title Add constraints and config options Add constraint and config options Apr 23, 2024
kevindew
kevindew reviewed Apr 23, 2024
View reviewed changes
Copy link
Member

@kevindew kevindew left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks Alex, this looks great. I've not had a chance to look at tests yet but thought I'd hit submit.

CHANGELOG.md Outdated Show resolved Hide resolved
lib/gds-sso/controller_methods.rb Outdated Show resolved Hide resolved
lib/gds-sso/authorise_user.rb Show resolved Hide resolved
lib/gds-sso/railtie.rb Show resolved Hide resolved
lib/gds-sso/version.rb Outdated Show resolved Hide resolved
spec/support/test_user.rb Outdated Show resolved Hide resolved
.gitignore Outdated Show resolved Hide resolved
CHANGELOG.md Outdated Show resolved Hide resolved
CHANGELOG.md Outdated Show resolved Hide resolved
kevindew
kevindew reviewed Apr 23, 2024
View reviewed changes
Copy link
Member

@kevindew kevindew left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just added some testing notes. The tests look good but I don't think we have yet got sufficient testing.

spec/controller/controller_methods_spec.rb Show resolved Hide resolved
lib/gds-sso/config.rb Show resolved Hide resolved
lib/gds-sso/authorised_user_constraint.rb Show resolved Hide resolved
@AlexAvlonitis AlexAvlonitis force-pushed the add-constraints-and-config-options branch 6 times, most recently from 0aa3a1a to e33d033 Compare April 24, 2024 08:04
@AlexAvlonitis AlexAvlonitis marked this pull request as ready for review April 24, 2024 08:06
kevindew
kevindew reviewed Apr 24, 2024
View reviewed changes
Copy link
Member

@kevindew kevindew left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great stuff Alex, this looks really close. Once we've got my comments resolved we'll seek final review from the owning team.

The only thing I notice is missing is the CHANGELOG entry - we can do that before we release the gem, it'll just go under the "Unreleased" header.

lib/gds-sso/controller_methods.rb Outdated Show resolved Hide resolved
lib/gds-sso/controller_methods.rb Outdated Show resolved Hide resolved
lib/gds-sso/railtie.rb Outdated Show resolved Hide resolved
spec/spec_helper.rb Show resolved Hide resolved
spec/unit/config_spec.rb Outdated Show resolved Hide resolved
@AlexAvlonitis AlexAvlonitis force-pushed the add-constraints-and-config-options branch 4 times, most recently from 4850338 to 8bdc6f6 Compare April 24, 2024 14:21
@kevindew
Copy link
Member

Great stuff. This all looks good to me. Let's see if the #govuk-publishing-platform team are happy. I'll drop them a ping.

@AlexAvlonitis AlexAvlonitis mentioned this pull request Apr 25, 2024
Merged
@AlexAvlonitis
Add config for warden to not intercept 401 requests
1d03541 
- This config allows apps to change the default behaviour of intercepting 401 requests, by including an initialiser:
  `GDS::SSO.config { |config| config.intercept_401_responses = false }`.
  For example apps that also include basic http auth would need this option.
@AlexAvlonitis AlexAvlonitis force-pushed the add-constraints-and-config-options branch from 8bdc6f6 to 6393469 Compare April 26, 2024 07:58
@AlexAvlonitis
Adds authorised user constraint
41fc5ff 
- Adds a class so that consumer apps can easily add a permission based constraint.
@AlexAvlonitis AlexAvlonitis force-pushed the add-constraints-and-config-options branch from 6393469 to dbaa00a Compare April 26, 2024 08:01
JonathanHallam
JonathanHallam approved these changes Apr 26, 2024
View reviewed changes
Copy link

@JonathanHallam JonathanHallam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Small non blocking comment but otherwise happy, thanks :)

@AlexAvlonitis AlexAvlonitis force-pushed the add-constraints-and-config-options branch from dbaa00a to e128c44 Compare April 26, 2024 10:29
@AlexAvlonitis
Add PermissionDeniedError error class under GDS::SSO namespace
40afea5 
- Adds a warning log message that the existing PermissionDeniedException should be depracated on a new major release, but it will still work for current apps.
  The reason is that the new error GDS::SSO::PermissionDeniedError has been created to replace the existing GDS::SSO::ControllerMethods::PermissionDeniedException. Also the new error has been placed on the outer layer of the name-spacing (GDS::SSO), which is more generic than the existing GDS::SSO::ControllerMethods one. And it follows the Rails conventions that the error class names should end with ...Error, which is more indicative that they inherit from StandardError rather than the top level error class Exception.
- Updates the Railtie so any rescue errors from PermissionDeniedError will be transformed to :forbidden Rails specific ones.
@AlexAvlonitis
Extract the user authorisation logic into a separate class
2fa18d8 
- All the logic that checks the current_user permissions has been extracted to a separate class, because it will need to be re-used from different parts of the code.
@AlexAvlonitis
Re-use authorisation logic in the controller_methods class
1228da6
@AlexAvlonitis
Add authorise user constraint system spec
f407c5e
@AlexAvlonitis
Update changelog
077e35e
@AlexAvlonitis AlexAvlonitis force-pushed the add-constraints-and-config-options branch from e128c44 to 077e35e Compare April 29, 2024 07:37
@AlexAvlonitis AlexAvlonitis merged commit a9b93d2 into main Apr 29, 2024
12 checks passed
@AlexAvlonitis AlexAvlonitis deleted the add-constraints-and-config-options branch April 29, 2024 09:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kevindew kevindew kevindew left review comments

@JonathanHallam JonathanHallam JonathanHallam approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@AlexAvlonitis @kevindew @JonathanHallam