Change sign_in hash

Author: ashley-weaver

dpc-portal/README.md

@@ -25,7 +25,7 @@ The following commands can be useful for manual interaction:
 
     ```sh
     $ make portal-sh
-    > rails db:create db:migrate db:seed RAILS_ENV=test # Create the test database
+    > rails db:create db:migrate RAILS_ENV=test # Create the test database
     > bundle exec rspec path/to/test # Run individual test files
     ```
 

dpc-portal/app/controllers/application_controller.rb

@@ -25,7 +25,7 @@ def authenticate_user!
     redirect_to sign_in_path
   end
 
-  def sign_in(user, csp)
+  def sign_in(user:, csp:)
     session[:user] = user.id
     session[:csp] = csp
   end

dpc-portal/app/controllers/csp_controller.rb

@@ -50,7 +50,7 @@ def logout
   def sign_in_and_log(user, csp)
     return unless user
 
-    sign_in(user, csp)
+    sign_in(user:, csp:)
     session[:logged_in_at] = Time.now
     Rails.logger.info(['User logged in',
                        { actionContext: LoggingConstants::ActionContext::Authentication,

dpc-portal/app/controllers/invitations_controller.rb

@@ -63,7 +63,7 @@ def register
     return unless create_link
 
     session.delete("invitation_status_#{@invitation.id}")
-    sign_in(@user, session[:csp])
+    sign_in(user: @user, csp: session[:csp])
     Rails.logger.info(['User logged in',
                        { actionContext: LoggingConstants::ActionContext::Registration,
                          actionType: LoggingConstants::ActionType::UserLoggedIn,
@@ -80,11 +80,12 @@ def login
                        { actionContext: LoggingConstants::ActionContext::Registration,
                          actionType: LoggingConstants::ActionType::BeginLogin,
                          invitation: @invitation.id }])
+    puts "SESSION CSP: #{session[:csp].class}:#{session[:csp]}"
     csp_config = CspConfig.for(session[:csp])
     url = URI::HTTPS.build(host: csp_config.host,
                            path: '/oauth/authorize',
                            query: { client_id: csp_config.identifier,
-                                    redirect_uri: "#{my_protocol_host}/auth/#{csp_config.code}/callback",
+                                    redirect_uri: "#{my_protocol_host}/auth/#{session[:csp]}/callback",
                                     response_type: 'code',
                                     scope: 'openid http://idmanagement.gov/ns/assurance/ial/2/aal/2',
                                     nonce: @nonce,
@@ -255,7 +256,7 @@ def assign_user_attributes(user_to_create, user_info)
     user_to_create.family_name = user_info['family_name']
     user_to_create.pac_id = session.delete(:user_pac_id)
 
-    user_to_create.provider = session[:csp]
+    user_to_create.provider = session[:csp] || :login_dot_gov
     user_to_create.uid = user_info['sub']
   end
 

dpc-portal/db/seeds.rb

@@ -6,7 +6,3 @@
 #
 #   movies = Movie.create([{ name: "Star Wars" }, { name: "Lord of the Rings" }])
 #   Character.create(name: "Luke", movie: movies.first)
-
-Csp.create!(name: :login_dot_gov, start_date: Time.current)
-Csp.create!(name: :id_me, start_date: Time.current)
-Csp.create!(name: :clear, start_date: Time.current)

dpc-portal/spec/jobs/verify_resource_health_job_spec.rb

@@ -86,6 +86,7 @@
   context 'not connected to AWS' do
     it 'should ignore connection error and move on gracefully' do
       stub_request(:get, 'https://idp.int.identitysandbox.gov').to_return(status: 200)
+      stub_request(:get, 'https://api.idmelabs.com').to_return(status: 200)
 
       expect(mock_dpc_client).to receive(:healthcheck)
       expect(mock_dpc_client).to receive(:response_successful?).and_return(true).twice
@@ -150,6 +151,7 @@ def expect_cpi(auth_health: true, api_health: true, metric: 1)
 
   def expect_idp(site_status: 200, metric: 1)
     stub_request(:get, 'https://idp.int.identitysandbox.gov').to_return(status: site_status)
+    stub_request(:get, 'https://api.idmelabs.com').to_return(status: site_status)
     expect_put_metric('PortalConnectedToIdp', metric)
   end
 

dpc-portal/spec/requests/application_spec.rb

@@ -7,7 +7,7 @@
   include LoginSupport
 
   let!(:user) { create_user_with_csp }
-  before { sign_in user, :login_dot_gov }
+  before { sign_in(user:, csp: :login_dot_gov) }
 
   it 'sets cache control to no-store' do
     get '/'

dpc-portal/spec/requests/client_tokens_spec.rb

@@ -27,7 +27,7 @@
       context 'user has sanctions' do
         let!(:user) { create_user_with_csp(verification_status: 'rejected', verification_reason: 'ao_med_sanctions') }
         let!(:org) { create(:provider_organization, terms_of_service_accepted_by:) }
-        before { sign_in user, :login_dot_gov }
+        before { sign_in(user:, csp: :login_dot_gov) }
 
         it 'should show access denied page' do
           create(:ao_org_link, provider_organization: org, user:)
@@ -43,7 +43,7 @@
           create(:provider_organization, terms_of_service_accepted_by:, verification_status: 'rejected',
                                          verification_reason: 'org_med_sanctions')
         end
-        before { sign_in user, :login_dot_gov }
+        before { sign_in(user:, csp: :login_dot_gov) }
 
         it 'should show access denied page' do
           create(:ao_org_link, provider_organization: org, user:)
@@ -58,7 +58,7 @@
           create(:provider_organization, terms_of_service_accepted_by:, verification_status: 'rejected',
                                          verification_reason: 'no_approved_enrollment')
         end
-        before { sign_in user, :login_dot_gov }
+        before { sign_in(user:, csp: :login_dot_gov) }
 
         it 'should show access denied page' do
           create(:ao_org_link, provider_organization: org, user:)
@@ -70,7 +70,7 @@
       context 'user no longer ao' do
         let!(:user) { create_user_with_csp }
         let!(:org) { create(:provider_organization, terms_of_service_accepted_by:) }
-        before { sign_in user, :login_dot_gov }
+        before { sign_in(user:, csp: :login_dot_gov) }
 
         it 'should show access denied page' do
           create(:ao_org_link, provider_organization: org, user:, verification_status: false,
@@ -87,7 +87,7 @@
           create(:provider_organization, terms_of_service_accepted_by:, verification_status: 'rejected',
                                          verification_reason: 'org_med_sanctions')
         end
-        before { sign_in user, :login_dot_gov }
+        before { sign_in(user:, csp: :login_dot_gov) }
 
         it 'should show access denied page' do
           create(:cd_org_link, provider_organization: org, user:)
@@ -102,7 +102,7 @@
           create(:provider_organization, terms_of_service_accepted_by:, verification_status: 'rejected',
                                          verification_reason: 'no_approved_enrollment')
         end
-        before { sign_in user, :login_dot_gov }
+        before { sign_in(user:, csp: :login_dot_gov) }
 
         it 'should show access denied page' do
           create(:cd_org_link, provider_organization: org, user:)
@@ -115,7 +115,7 @@
     context 'no link to org' do
       let!(:user) { create_user_with_csp }
       let!(:org) { create(:provider_organization, terms_of_service_accepted_by:) }
-      before { sign_in user, :login_dot_gov }
+      before { sign_in(user:, csp: :login_dot_gov) }
       it 'redirects to organizations' do
         get "/organizations/#{org.id}/client_tokens/new"
         expect(response).to redirect_to('/organizations')
@@ -128,7 +128,7 @@
 
       before do
         create(:cd_org_link, provider_organization: org, user:)
-        sign_in user, :login_dot_gov
+        sign_in(user:, csp: :login_dot_gov)
       end
 
       it 'redirects to organizations page' do
@@ -144,7 +144,7 @@
 
       before do
         create(:cd_org_link, provider_organization: org, user:)
-        sign_in user, :login_dot_gov
+        sign_in(user:, csp: :login_dot_gov)
       end
 
       it 'returns success' do
@@ -170,7 +170,7 @@
 
       before do
         create(:cd_org_link, provider_organization: org, user:)
-        sign_in user, :login_dot_gov
+        sign_in(user:, csp: :login_dot_gov)
       end
 
       it 'succeeds if label' do
@@ -235,7 +235,7 @@
 
       before do
         create(:cd_org_link, provider_organization: org, user:)
-        sign_in user, :login_dot_gov
+        sign_in(user:, csp: :login_dot_gov)
       end
 
       it 'flashes success if succeeds' do

dpc-portal/spec/requests/credential_delegate_invitations_spec.rb

@@ -21,7 +21,7 @@
 
       before do
         create(:ao_org_link, provider_organization: org, user:)
-        sign_in user, :login_dot_gov
+        sign_in(user:, csp: :login_dot_gov)
       end
 
       it 'returns success' do
@@ -51,7 +51,7 @@
                              verification_reason: 'ao_med_sanctions')
       end
       let!(:org) { create(:provider_organization) }
-      before { sign_in user, :login_dot_gov }
+      before { sign_in(user:, csp: :login_dot_gov) }
 
       it 'should show access denied page' do
         create(:ao_org_link, provider_organization: org, user:)
@@ -67,7 +67,7 @@
         create(:provider_organization, terms_of_service_accepted_by: user, verification_status: 'rejected',
                                        verification_reason: 'org_med_sanctions')
       end
-      before { sign_in user, :login_dot_gov }
+      before { sign_in(user:, csp: :login_dot_gov) }
 
       it 'should show access denied page' do
         create(:ao_org_link, provider_organization: org, user:)
@@ -82,7 +82,7 @@
         create(:provider_organization, terms_of_service_accepted_by: user, verification_status: 'rejected',
                                        verification_reason: 'no_approved_enrollment')
       end
-      before { sign_in user, :login_dot_gov }
+      before { sign_in(user:, csp: :login_dot_gov) }
 
       it 'should show access denied page' do
         create(:ao_org_link, provider_organization: org, user:)
@@ -94,7 +94,7 @@
     context 'user no longer ao' do
       let!(:user) { create_user_with_csp }
       let!(:org) { create(:provider_organization, terms_of_service_accepted_by: user) }
-      before { sign_in user, :login_dot_gov }
+      before { sign_in(user:, csp: :login_dot_gov) }
 
       it 'should show access denied page' do
         create(:ao_org_link, provider_organization: org, user:, verification_status: false,
@@ -109,7 +109,7 @@
       let!(:org) { create(:provider_organization) }
       before do
         create(:cd_org_link, provider_organization: org, user:)
-        sign_in user, :login_dot_gov
+        sign_in(user:, csp: :login_dot_gov)
       end
       it 'redirects to organizations' do
         get "/organizations/#{org.id}/credential_delegate_invitations/new"
@@ -132,7 +132,7 @@
       let(:api_id) { org.id }
       before do
         create(:ao_org_link, provider_organization: org, user:)
-        sign_in user, :login_dot_gov
+        sign_in(user:, csp: :login_dot_gov)
       end
 
       it 'creates invitation record on success' do
@@ -202,7 +202,7 @@
     context 'as cd' do
       before do
         create(:cd_org_link, provider_organization: org, user:)
-        sign_in user, :login_dot_gov
+        sign_in(user:, csp: :login_dot_gov)
       end
 
       it 'fails even with good parameters' do
@@ -222,7 +222,7 @@
     context 'as cd' do
       before do
         create(:cd_org_link, provider_organization: org, user:)
-        sign_in(user, :login_dot_gov)
+        sign_in(user:, csp: :login_dot_gov)
       end
       it 'fails' do
         delete "/organizations/#{org.id}/credential_delegate_invitations/#{invitation.id}"
@@ -234,7 +234,7 @@
     context 'as ao' do
       before do
         create(:ao_org_link, provider_organization: org, user:)
-        sign_in(user, :login_dot_gov)
+        sign_in(user:, csp: :login_dot_gov)
       end
       it 'soft deletes invitation' do
         expect do

dpc-portal/spec/requests/invitations_spec.rb

@@ -14,6 +14,7 @@
     let(:org) { invitation.provider_organization }
     let(:bad_org) { create(:provider_organization) }
     let(:expected_success_status) { 200 }
+    before { log_in }
     it 'should be ok or redirect' do
       send(method, "/organizations/#{org.id}/invitations/#{invitation.id}/#{path_suffix}")
       expect(response.status).to eq(expected_success_status)