Wrap auth logic in AuthService

This avoids having to keep track of the multiple store classes we now
have in the controllers, and removes some logic from the controllers.

Hopefully this makes it a bit easier to see what's involved in the
auth process.

Author: stephencdaly

app/controllers/application_controller.rb

@@ -119,11 +119,7 @@ def default_locale?(locale)
     false
   end
 
-  def auth_store
-    @auth_store ||= Store::AuthStore.new(session)
-  end
-
-  def return_from_one_login_store
-    @return_from_one_login_store ||= Store::ReturnFromOneLoginStore.new(session)
+  def auth_service
+    @auth_service ||= AuthService.new(session)
   end
 end

app/controllers/forms/check_your_answers_controller.rb

@@ -43,9 +43,9 @@ def submit_answers
 
         current_context.save_submission_details(submission_reference, requested_email_confirmation)
 
-        if auth_store.logged_in?
-          return_from_one_login_store.store_return_params(form: current_context.form, mode: mode, locale: locale_param)
-          redirect_to logout_request.redirect_uri, allow_other_host: true
+        if auth_service.logged_in?
+          auth_service.store_return_params(form: current_context.form, mode: mode, locale: locale_param)
+          redirect_to auth_service.logout_redirect_uri(omniauth_logged_out_url), allow_other_host: true
         else
           redirect_to :form_submitted
         end
@@ -87,10 +87,5 @@ def back_link
         end
       end
     end
-
-    def logout_request
-      token = auth_store.get_token
-      AuthService.new.logout_request(token, omniauth_logged_out_url)
-    end
   end
 end

app/controllers/forms/continue_to_one_login_controller.rb

@@ -3,7 +3,7 @@ class ContinueToOneLoginController < BaseController
     before_action :redirect_if_feature_disabled, :redirect_if_form_incomplete
 
     def show
-      return_from_one_login_store.store_return_params(
+      auth_service.store_return_params(
         form: current_context.form,
         mode: mode,
         locale: locale_param,

app/controllers/users/omniauth_controller.rb

@@ -1,25 +1,12 @@
 module Users
   class OmniauthController < ApplicationController
-    class OmniAuthLoggedInDataMissingError < StandardError; end
-
     class OmniAuthFailure < StandardError; end
 
     def callback
       auth_hash = request.env["omniauth.auth"]
-      raise OmniAuthLoggedInDataMissingError, "Auth hash is missing on request" if auth_hash.blank?
-
-      email = auth_hash.dig("info", "email")
-      raise OmniAuthLoggedInDataMissingError, "Email is missing in OmniAuth auth hash" if email.blank?
-
-      token = auth_hash.dig("credentials", "id_token")
-      raise OmniAuthLoggedInDataMissingError, "Token is missing in OmniAuth auth hash" if token.blank?
-
-      auth_store.store_token(token)
-
-      form_id = return_from_one_login_store.form_id
-      path_params = return_from_one_login_store.get_path_params
+      auth_service.store_auth_details(auth_hash)
 
-      Store::ConfirmationDetailsStore.new(session, form_id).save_copy_of_answers_email_address(email)
+      path_params = auth_service.form_path_params
 
       redirect_to check_your_answers_path(**path_params)
     rescue Store::ReturnFromOneLoginStore::MissingReturnParamsError
@@ -33,9 +20,9 @@ def failure
     end
 
     def logged_out
-      auth_store.clear
+      auth_service.clear_auth_session
 
-      path_params = return_from_one_login_store.get_path_params
+      path_params = auth_service.form_path_params
       redirect_to form_submitted_path(**path_params)
     end
   end

app/lib/store/return_from_one_login_store.rb

@@ -20,7 +20,7 @@ def store_return_params(form:, mode:, locale:)
       @store[RETURN_FROM_ONE_LOGIN_KEY][LAST_LOCALE_KEY] = locale
     end
 
-    def get_path_params
+    def form_path_params
       raise MissingReturnParamsError if @store[RETURN_FROM_ONE_LOGIN_KEY].blank?
 
       {

app/services/auth_service.rb

@@ -1,9 +1,43 @@
 class AuthService
-  def logout_request(token, post_logout_redirect_uri)
-    logout_utility.build_request(
+  class DataMissingError < StandardError; end
+
+  attr_reader :auth_store, :return_from_one_login_store
+
+  def initialize(store)
+    @store = store
+    @return_from_one_login_store = Store::ReturnFromOneLoginStore.new(store)
+    @auth_store = Store::AuthStore.new(store)
+  end
+
+  delegate :logged_in?, to: :auth_store
+  delegate :store_return_params, :form_path_params, to: :return_from_one_login_store
+
+  def store_auth_details(auth_hash)
+    form_id = @return_from_one_login_store.form_id
+
+    raise DataMissingError, "Auth hash is missing on request" if auth_hash.blank?
+
+    email = auth_hash.dig("info", "email")
+    raise DataMissingError, "Email is missing in OmniAuth auth hash" if email.blank?
+
+    token = auth_hash.dig("credentials", "id_token")
+    raise DataMissingError, "Token is missing in OmniAuth auth hash" if token.blank?
+
+    @auth_store.store_token(token)
+    Store::ConfirmationDetailsStore.new(@store, form_id).save_copy_of_answers_email_address(email)
+  end
+
+  def logout_redirect_uri(post_logout_redirect_uri)
+    token = @auth_store.get_token
+    logout_request = logout_utility.build_request(
       id_token_hint: token,
       post_logout_redirect_uri: url_without_params(post_logout_redirect_uri),
     )
+    logout_request.redirect_uri
+  end
+
+  def clear_auth_session
+    @auth_store.clear
   end
 
 private

spec/lib/store/return_from_one_login_store_spec.rb

@@ -12,7 +12,7 @@
     it "stores and return the path params" do
       return_from_one_login_store.store_return_params(form:, mode:, locale:)
 
-      expect(return_from_one_login_store.get_path_params).to eq({
+      expect(return_from_one_login_store.form_path_params).to eq({
         mode: mode.to_s,
         form_id: form.id,
         form_slug: form.form_slug,
@@ -21,7 +21,7 @@
     end
 
     it "raises an error if the return params have not been stored" do
-      expect { return_from_one_login_store.get_path_params }.to raise_error(Store::ReturnFromOneLoginStore::MissingReturnParamsError)
+      expect { return_from_one_login_store.form_path_params }.to raise_error(Store::ReturnFromOneLoginStore::MissingReturnParamsError)
     end
   end
 

spec/requests/forms/check_your_answers_controller_spec.rb

@@ -327,7 +327,7 @@
       let(:end_session_endpoint) { "http://example.com/one-login-mock/logout" }
 
       before do
-        allow(Store::ReturnFromOneLoginStore).to receive(:new).and_wrap_original do |original_method, *_args|
+        allow(AuthService).to receive(:new).and_wrap_original do |original_method, *_args|
           original_method.call(store)
         end
 

spec/requests/forms/continue_to_one_login_controller_spec.rb

@@ -37,7 +37,7 @@
     allow(Flow::Context).to receive(:new).and_wrap_original do |original_method, *args|
       original_method.call(form: args[0][:form], form_document: args[0][:form_document], store:)
     end
-    allow(Store::ReturnFromOneLoginStore).to receive(:new).and_wrap_original do |original_method, *_args|
+    allow(AuthService).to receive(:new).and_wrap_original do |original_method, *_args|
       original_method.call(store)
     end
   end

spec/requests/users/omniauth_controller_spec.rb

@@ -40,13 +40,7 @@
       OmniAuth.config.test_mode = true
       OmniAuth.config.mock_auth[:default] = auth_hash
 
-      allow(Store::ReturnFromOneLoginStore).to receive(:new).and_wrap_original do |original_method, *_args|
-        original_method.call(store)
-      end
-      allow(Store::ConfirmationDetailsStore).to receive(:new).and_wrap_original do |original_method, *args|
-        original_method.call(store, args[1])
-      end
-      allow(Store::AuthStore).to receive(:new).and_wrap_original do |original_method, *_args|
+      allow(AuthService).to receive(:new).and_wrap_original do |original_method, *_args|
         original_method.call(store)
       end
     end
@@ -69,19 +63,11 @@
       end
     end
 
-    context "when the auth details are not present on the request" do
+    context "when data is missing on the auth details on the request" do
       let(:auth_hash) { {} }
 
       it "raises an OmniAuthLoggedInDataMissingError" do
-        expect { get omniauth_callback_path }.to raise_error(Users::OmniauthController::OmniAuthLoggedInDataMissingError)
-      end
-    end
-
-    context "when the email on the auth hash is blank" do
-      let(:email) { "" }
-
-      it "raises a OmniAuthLoggedInDataMissingError" do
-        expect { get omniauth_callback_path }.to raise_error(Users::OmniauthController::OmniAuthLoggedInDataMissingError)
+        expect { get omniauth_callback_path }.to raise_error(AuthService::DataMissingError)
       end
     end
 
@@ -107,10 +93,7 @@
     let(:token) { Faker::Alphanumeric.alphanumeric }
 
     before do
-      allow(Store::ReturnFromOneLoginStore).to receive(:new).and_wrap_original do |original_method, *_args|
-        original_method.call(store)
-      end
-      allow(Store::AuthStore).to receive(:new).and_wrap_original do |original_method, *_args|
+      allow(AuthService).to receive(:new).and_wrap_original do |original_method, *_args|
         original_method.call(store)
       end
     end