Cleanup

ashley-weaver · ashley-weaver · commit 9c2347518e49 · 2026-05-28T16:42:37.000-04:00
diff --git a/docker-compose.portals.yml b/docker-compose.portals.yml
@@ -142,8 +142,6 @@ services:
       - DATABASE_CLEANER_ALLOW_REMOTE_DATABASE_URL=true
       - CPI_API_GW_BASE_URL=http://localhost:4567/
       - CMS_IDM_OAUTH_URL=http://localhost:4567/
-      - IDP_ID_ME_HOST=api.idmelabs.com
-      - IDP_ID_ME_CLIENT_ID=925bb2985ccf623114359caa76228919
       - RUBY_YJIT_ENABLE=1
       - ENV=local
       - NEW_RELIC_MONITOR_MODE=false
diff --git a/dpc-portal/app/controllers/application_controller.rb b/dpc-portal/app/controllers/application_controller.rb
@@ -30,6 +30,25 @@ def sign_in(user, csp)
     session[:csp] = csp
   end
 
+  private
+
+  def check_user_verification
+    return unless current_user&.rejected?
+
+    render(Page::Utility::AccessDeniedComponent.new(failure_code: "verification.#{current_user.verification_reason}"))
+  end
+
+  def tos_accepted
+    return if @organization.terms_of_service_accepted_by.present?
+
+    if current_user.ao?(@organization)
+      render(Page::Organization::TosFormComponent.new(@organization))
+    else
+      flash[:notice] = 'Organization is not ready for credential management'
+      redirect_to organizations_path
+    end
+  end
+
   def url_for_logout(csp)
     case csp
     when :id_me.to_s
@@ -62,25 +81,6 @@ def url_for_id_me_logout
                               redirect_uri: "#{root_url}oauth/logged_out" }.to_query)
   end
 
-  private
-
-  def check_user_verification
-    return unless current_user&.rejected?
-
-    render(Page::Utility::AccessDeniedComponent.new(failure_code: "verification.#{current_user.verification_reason}"))
-  end
-
-  def tos_accepted
-    return if @organization.terms_of_service_accepted_by.present?
-
-    if current_user.ao?(@organization)
-      render(Page::Organization::TosFormComponent.new(@organization))
-    else
-      flash[:notice] = 'Organization is not ready for credential management'
-      redirect_to organizations_path
-    end
-  end
-
   # rubocop:disable Metrics/AbcSize
   def check_session_length
     session[:logged_in_at] = Time.now if session[:logged_in_at].nil?
diff --git a/dpc-portal/app/controllers/invitations_controller.rb b/dpc-portal/app/controllers/invitations_controller.rb
@@ -54,8 +54,11 @@ def confirm_cd
   end
 
   # Everybody
+  # rubocop:disable Metrics/AbcSize
   def register
-    return redirect_to organization_invitation_url(@organization, @invitation) unless verification_complete?
+    unless session["invitation_status_#{@invitation.id}"] == 'verification_complete'
+      return redirect_to organization_invitation_url(@organization, @invitation)
+    end
 
     return unless create_link
 
@@ -69,18 +72,19 @@ def register
   rescue UserInfoServiceError => e
     handle_user_info_service_error(e, 2)
   end
+  # rubocop:enable Metrics/AbcSize
 
   def login
     login_session
     Rails.logger.info(['User began login flow',
                        { actionContext: LoggingConstants::ActionContext::Registration,
                          actionType: LoggingConstants::ActionType::BeginLogin,
                          invitation: @invitation.id }])
-    csp_config = CspConfig.for(:id_me)
+    csp_config = CspConfig.for(session[:csp])
     url = URI::HTTPS.build(host: csp_config.host,
                            path: '/oauth/authorize',
                            query: { client_id: csp_config.identifier,
-                                    redirect_uri: "#{my_protocol_host}/auth/id_me/callback",
+                                    redirect_uri: "#{my_protocol_host}/auth/#{csp_config.code}/callback",
                                     response_type: 'code',
                                     scope: 'openid http://idmanagement.gov/ns/assurance/ial/2/aal/2',
                                     nonce: @nonce,
@@ -106,10 +110,6 @@ def set_idp_token
 
   private
 
-  def verification_complete?
-    session["invitation_status_#{@invitation.id}"] == 'verification_complete'
-  end
-
   def invitation_matches_user
     user_info = UserInfoService.new.user_info(session)
     return if render_bad_invitation?(user_info)
@@ -213,8 +213,8 @@ def create_ao_org_link
   def user
     user_info = UserInfoService.new.user_info(session)
     find_or_create_user(user_info)
-    @csp = Csp.find_by(name: @user.provider)
-    csp_user = CspUser.find_or_create_by!(user: @user, csp: @csp, uuid: user_info['sub'])
+    csp = Csp.find_by(name: @user.provider)
+    csp_user = CspUser.find_or_create_by!(user: @user, csp:, uuid: user_info['sub'])
 
     # Update emails based upon the latest information in user info.
     new_emails = user_info['all_emails'] || user_info['emails'] || user_info['emails_confirmed']
@@ -255,9 +255,7 @@ def assign_user_attributes(user_to_create, user_info)
     user_to_create.family_name = user_info['family_name']
     user_to_create.pac_id = session.delete(:user_pac_id)
 
-    # For now we force login.gov, this will have to change once we support multi-CSP.
-    # TODO: parametrize on provider -acw
-    user_to_create.provider = session[:csp] || 'id_me'
+    user_to_create.provider = session[:csp]
     user_to_create.uid = user_info['sub']
   end
 
diff --git a/dpc-portal/app/views/users/sessions/new.html.erb b/dpc-portal/app/views/users/sessions/new.html.erb
@@ -1,2 +1 @@
-<%# TODO: parametrize on provider -acw %>
-<%= render(Page::Session::LoginComponent.new(omniauth_authorize_path(:id_me))) %>
+<%= render(Page::Session::LoginComponent.new(omniauth_authorize_path(session[:csp]))) %>
diff --git a/dpc-portal/config/environments/test.rb b/dpc-portal/config/environments/test.rb
@@ -70,4 +70,5 @@
 end
 ENV['CPI_API_GW_BASE_URL'] = 'https://val.cpiapi.cms.gov/'
 ENV['CMS_IDM_OAUTH_URL'] = 'https://impl.idp.idm.cms.gov/'
+ENV['IDP_LOGIN_DOT_GOV_HOST'] = 'idp.int.identitysandbox.gov'
 ENV['IDP_ID_ME_HOST'] = 'api.idmelabs.com'
diff --git a/dpc-portal/spec/jobs/verify_resource_health_job_spec.rb b/dpc-portal/spec/jobs/verify_resource_health_job_spec.rb
@@ -85,7 +85,7 @@
 
   context 'not connected to AWS' do
     it 'should ignore connection error and move on gracefully' do
-      stub_request(:get, 'https://api.idmelabs.com').to_return(status: 200)
+      stub_request(:get, 'https://idp.int.identitysandbox.gov').to_return(status: 200)
 
       expect(mock_dpc_client).to receive(:healthcheck)
       expect(mock_dpc_client).to receive(:response_successful?).and_return(true).twice
@@ -149,7 +149,7 @@ def expect_cpi(auth_health: true, api_health: true, metric: 1)
   end
 
   def expect_idp(site_status: 200, metric: 1)
-    stub_request(:get, 'https://api.idmelabs.com').to_return(status: site_status)
+    stub_request(:get, 'https://idp.int.identitysandbox.gov').to_return(status: site_status)
     expect_put_metric('PortalConnectedToIdp', metric)
   end
 
diff --git a/dpc-portal/spec/requests/invitations_spec.rb b/dpc-portal/spec/requests/invitations_spec.rb
@@ -877,7 +877,7 @@
   end
 end
 
-def log_in(template = user_info_template, provider: 'login_dot_gov')
+def log_in(template: user_info_template, provider: 'login_dot_gov')
   OmniAuth.config.test_mode = true
   OmniAuth.config.add_mock(provider.to_sym,
                            { uid: template['sub'],

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1 @@`
`1`		`-<%# TODO: parametrize on provider -acw %>`
`2`		`-<%= render(Page::Session::LoginComponent.new(omniauth_authorize_path(:id_me))) %>`
	`1`	`+<%= render(Page::Session::LoginComponent.new(omniauth_authorize_path(session[:csp]))) %>`