From 462991d8c4f8962fad67711798be2b696bc1c688 Mon Sep 17 00:00:00 2001 From: OJ Bucao <9256675+ojbucao@users.noreply.github.com> Date: Fri, 7 Mar 2025 10:43:35 -0800 Subject: [PATCH] =?UTF-8?q?feat:=20enforce=20Flipper=20feature=20flag=20in?= =?UTF-8?q?=20ApplicationController=20=E2=80=A2Added=20Flipper=20validatio?= =?UTF-8?q?n=20to=20ApplicationController=20spec=20to=20ensure=20API=20acc?= =?UTF-8?q?ess=20is=20blocked=20when=20:accredited=5Frepresentative=5Fport?= =?UTF-8?q?al=5Fpilot=20is=20disabled.=20=E2=80=A2Modified=20tests=20to=20?= =?UTF-8?q?check=20that=20the=20feature=20flag=20takes=20priority=20over?= =?UTF-8?q?=20authentication.=20=E2=80=A2Ensured=20existing=20authenticati?= =?UTF-8?q?on=20tests=20remain=20intact,=20validating=20correct=20behavior?= =?UTF-8?q?=20when=20the=20flag=20is=20enabled.=20=E2=80=A2If=20Flipper=20?= =?UTF-8?q?is=20disabled,=20requests=20now=20return=20403=20Forbidden=20be?= =?UTF-8?q?fore=20checking=20tokens=20or=20audience=20validation.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../application_spec.rb | 53 +++++++++++-------- 1 file changed, 32 insertions(+), 21 deletions(-) diff --git a/modules/accredited_representative_portal/spec/requests/accredited_representative_portal/application_spec.rb b/modules/accredited_representative_portal/spec/requests/accredited_representative_portal/application_spec.rb index 79bfae6fbe6..79c61bd0ccd 100644 --- a/modules/accredited_representative_portal/spec/requests/accredited_representative_portal/application_spec.rb +++ b/modules/accredited_representative_portal/spec/requests/accredited_representative_portal/application_spec.rb @@ -29,34 +29,45 @@ Rails.application.reload_routes! end - context 'when authenticated' do - context 'with a valid audience' do - it 'allows access' do - expect(subject).to have_http_status(:ok) - end - end + context 'when feature flag is enabled' do + before { Flipper.enable(:accredited_representative_portal_pilot) } - context 'with an invalid audience' do - let(:access_token_cookie) { SignIn::AccessTokenJwtEncoder.new(access_token: invalid_access_token).perform } - let(:expected_log_message) { '[SignIn][AudienceValidator] Invalid audience' } - let(:expected_log_payload) do - { invalid_audience: invalid_access_token.audience, valid_audience: valid_access_token.audience } - end - let(:expected_response_body) do - { errors: 'Invalid audience' }.to_json + context 'when authenticated' do + context 'with a valid audience' do + it 'allows access' do + expect(subject).to have_http_status(:ok) + end end - before do - allow(Rails.logger).to receive(:error) - end + context 'with an invalid audience' do + let(:access_token_cookie) { SignIn::AccessTokenJwtEncoder.new(access_token: invalid_access_token).perform } + let(:expected_log_message) { '[SignIn][AudienceValidator] Invalid audience' } + let(:expected_log_payload) do + { invalid_audience: invalid_access_token.audience, valid_audience: valid_access_token.audience } + end + let(:expected_response_body) do + { errors: 'Invalid audience' }.to_json + end + + before { allow(Rails.logger).to receive(:error) } - it 'denies access' do - expect(subject).to have_http_status(:unauthorized) - expect(subject.body).to eq(expected_response_body) - expect(Rails.logger).to have_received(:error).with(expected_log_message, expected_log_payload) + it 'denies access' do + expect(subject).to have_http_status(:unauthorized) + expect(subject.body).to eq(expected_response_body) + expect(Rails.logger).to have_received(:error).with(expected_log_message, expected_log_payload) + end end end end + + context 'when feature flag is disabled' do + before { Flipper.disable(:accredited_representative_portal_pilot) } + + it 'returns 403 Forbidden regardless of authentication' do + expect(subject).to have_http_status(:forbidden) + expect(subject.body).to match(/flag is disabled/) + end + end end end