gds-sso 15.0.0 → 16.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +23 -56
- data/Rakefile +11 -6
- data/app/controllers/api/user_controller.rb +30 -28
- data/app/controllers/authentications_controller.rb +4 -6
- data/config/routes.rb +7 -6
- data/lib/gds-sso.rb +29 -24
- data/lib/gds-sso/api_access.rb +1 -1
- data/lib/gds-sso/bearer_token.rb +24 -24
- data/lib/gds-sso/config.rb +13 -12
- data/lib/gds-sso/controller_methods.rb +7 -8
- data/lib/gds-sso/failure_app.rb +8 -8
- data/lib/gds-sso/lint/user_spec.rb +24 -25
- data/lib/gds-sso/lint/user_test.rb +28 -28
- data/lib/gds-sso/railtie.rb +12 -0
- data/lib/gds-sso/user.rb +12 -12
- data/lib/gds-sso/version.rb +1 -1
- data/lib/gds-sso/warden_config.rb +21 -31
- data/spec/controller/api_user_controller_spec.rb +40 -37
- data/spec/controller/controller_methods_spec.rb +28 -42
- data/spec/internal/app/controllers/application_controller.rb +1 -1
- data/spec/internal/app/controllers/example_controller.rb +1 -2
- data/spec/internal/config/initializers/gds-sso.rb +2 -2
- data/spec/internal/config/routes.rb +2 -2
- data/spec/internal/db/combustion_test.sqlite +0 -0
- data/spec/internal/db/schema.rb +5 -5
- data/spec/internal/log/test.log +1131 -1123
- data/spec/requests/end_to_end_spec.rb +44 -45
- data/spec/spec_helper.rb +12 -13
- data/spec/support/controller_spy.rb +14 -0
- data/spec/support/serializable_user.rb +3 -0
- data/spec/support/signon_integration_helpers.rb +10 -8
- data/spec/support/test_user.rb +29 -0
- data/spec/support/timecop.rb +1 -1
- data/spec/unit/api_access_spec.rb +7 -7
- data/spec/unit/bearer_token_spec.rb +14 -15
- data/spec/unit/config_spec.rb +5 -5
- data/spec/unit/mock_bearer_token_spec.rb +4 -4
- data/spec/unit/railtie_spec.rb +14 -0
- data/spec/unit/session_serialisation_spec.rb +5 -9
- data/spec/unit/user_spec.rb +20 -51
- metadata +104 -61
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4104bc40db9904a03de0b700f1136b49282191e69bee00222844cb7cb2063bef
|
4
|
+
data.tar.gz: 7dc476f342219a188e0441ec8afacac71d7a80fa6797d09831d21538489a3bb9
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 05b3c93e8a78e7d485ca1bb1464d22dc0c9e16a74b770c5b1b4f8f7abf656f5782edbaa8e63e3c92143df6c00bc14a26bf5b24fa56289e8f84fc1d5b25103132
|
7
|
+
data.tar.gz: 6d74861d444d1ee8021b7bb1cb4b8ec135fdba5c315b81c609438d593b5f6bf17f4756c0d1acb41a0338d0aedf624cdc07e07640bebceda9bab22002594d937f
|
data/README.md
CHANGED
@@ -14,55 +14,26 @@ Some of the applications that use this gem:
|
|
14
14
|
|
15
15
|
### Integration with a Rails 4+ app
|
16
16
|
|
17
|
-
|
18
|
-
These can be provided by one of the team with admin access to Signon.
|
17
|
+
- Include the gem in your Gemfile:
|
19
18
|
|
20
|
-
|
19
|
+
```ruby
|
20
|
+
gem 'gds-sso'
|
21
|
+
```
|
21
22
|
|
22
|
-
|
23
|
-
gem 'gds-sso', '<version>'
|
24
|
-
```
|
25
|
-
|
26
|
-
Create a `config/initializers/gds-sso.rb` that looks like:
|
27
|
-
|
28
|
-
```ruby
|
29
|
-
GDS::SSO.config do |config|
|
30
|
-
config.user_model = 'User'
|
31
|
-
|
32
|
-
# set up ID and Secret in a way which doesn't require it to be checked in to source control...
|
33
|
-
config.oauth_id = ENV['OAUTH_ID']
|
34
|
-
config.oauth_secret = ENV['OAUTH_SECRET']
|
23
|
+
- Create a "users" table in the database: ([example migration with all the necessary fields](https://github.com/alphagov/content-publisher/blob/16c58a40745c1ea61ec241e5aeb702ae15238f98/db/migrate/20160622154200_create_users.rb))
|
35
24
|
|
36
|
-
|
37
|
-
config.oauth_root_url = "http://localhost:3001"
|
38
|
-
|
39
|
-
# Pass in a caching adapter cache bearer token requests.
|
40
|
-
config.cache = Rails.cache
|
41
|
-
end
|
42
|
-
```
|
43
|
-
|
44
|
-
The user model must include the `GDS::SSO::User` module.
|
45
|
-
|
46
|
-
It should have the following fields:
|
47
|
-
|
48
|
-
```ruby
|
49
|
-
string "name"
|
50
|
-
string "email"
|
51
|
-
string "uid"
|
52
|
-
string "organisation_slug"
|
53
|
-
string "organisation_content_id"
|
54
|
-
array "permissions"
|
55
|
-
boolean "remotely_signed_out", :default => false
|
56
|
-
boolean "disabled", :default => false
|
57
|
-
```
|
25
|
+
- Create a User model with the following:
|
58
26
|
|
59
|
-
|
27
|
+
```ruby
|
28
|
+
serialize :permissions, Array
|
29
|
+
```
|
60
30
|
|
61
|
-
|
31
|
+
- Add to your `ApplicationController`:
|
62
32
|
|
63
|
-
```ruby
|
64
|
-
|
65
|
-
|
33
|
+
```ruby
|
34
|
+
include GDS::SSO::ControllerMethods
|
35
|
+
before_action :authenticate_user!
|
36
|
+
```
|
66
37
|
|
67
38
|
### Securing your application
|
68
39
|
|
@@ -113,22 +84,11 @@ as an [API user](https://signon.publishing.service.gov.uk/api_users).
|
|
113
84
|
To authorise with a bearer token, a request has to be made with the header:
|
114
85
|
|
115
86
|
```
|
87
|
+
# See https://github.com/alphagov/gds-api-adapters/blob/41e9cbf12bec738489340bd9dc63d62427ee3fe7/lib/gds_api/json_client.rb#L122
|
116
88
|
Authorization: Bearer your-token-here
|
117
89
|
```
|
118
90
|
|
119
|
-
|
120
|
-
valid, the API client will be authorised in the same way as a single-sign-on
|
121
|
-
user. The [gds-api-adapters gem](https://github.com/alphagov/gds-api-adapters#app-level-authentication)
|
122
|
-
has functionality for sending the bearer token for each request. To avoid making
|
123
|
-
these requests for each incoming request, specify a caching adapter like `Rails.cache`:
|
124
|
-
|
125
|
-
```ruby
|
126
|
-
GDS::SSO.config do |config|
|
127
|
-
# ...
|
128
|
-
# Pass in a caching adapter cache bearer token requests.
|
129
|
-
config.cache = Rails.cache
|
130
|
-
end
|
131
|
-
```
|
91
|
+
To avoid making these requests for each incoming request, this gem will [automatically cache a successful response](https://github.com/alphagov/gds-sso/blob/master/lib/gds-sso/bearer_token.rb), using the [Rails cache](https://github.com/alphagov/gds-sso/blob/master/lib/gds-sso/railtie.rb).
|
132
92
|
|
133
93
|
If you are using a Rails 5 app in
|
134
94
|
[api_only](http://guides.rubyonrails.org/api_app.html) mode this gem will
|
@@ -143,6 +103,13 @@ GDS::SSO.config do |config|
|
|
143
103
|
end
|
144
104
|
```
|
145
105
|
|
106
|
+
### Use in production mode
|
107
|
+
|
108
|
+
To use gds-sso in production you will need to setup the following environment variables, which we look for in [the config](https://github.com/alphagov/gds-sso/blob/master/lib/gds-sso/config.rb). You will need to have admin access to Signon to get these.
|
109
|
+
|
110
|
+
- GDS_SSO_OAUTH_ID
|
111
|
+
- GDS_SSO_OAUTH_SECRET
|
112
|
+
|
146
113
|
### Use in development mode
|
147
114
|
|
148
115
|
In development, you generally want to be able to run an application without needing to run your own SSO server to be running as well. GDS-SSO facilitates this by using a 'mock' mode in development. Mock mode loads an arbitrary user from the local application's user tables:
|
data/Rakefile
CHANGED
@@ -1,19 +1,24 @@
|
|
1
|
-
require
|
2
|
-
require
|
1
|
+
require "bundler/setup"
|
2
|
+
require "bundler/gem_tasks"
|
3
3
|
|
4
4
|
Bundler::GemHelper.install_tasks
|
5
5
|
|
6
|
-
require
|
6
|
+
require "rspec/core/rake_task"
|
7
7
|
desc "Run all specs"
|
8
8
|
RSpec::Core::RakeTask.new(:spec) do |task|
|
9
|
-
task.pattern =
|
9
|
+
task.pattern = "spec/**/*_spec.rb"
|
10
10
|
end
|
11
11
|
|
12
12
|
namespace :spec do
|
13
13
|
desc "Run integration specs"
|
14
14
|
RSpec::Core::RakeTask.new(:integration) do |task|
|
15
|
-
task.pattern =
|
15
|
+
task.pattern = "spec/integration/**/*_spec.rb"
|
16
16
|
end
|
17
17
|
end
|
18
18
|
|
19
|
-
|
19
|
+
desc "Lint Ruby"
|
20
|
+
task :lint do
|
21
|
+
sh "bundle exec rubocop --format clang"
|
22
|
+
end
|
23
|
+
|
24
|
+
task default: %i[spec lint]
|
@@ -6,43 +6,45 @@ class Api::UserController < ActionController::Base
|
|
6
6
|
before_action :require_user_update_permission
|
7
7
|
|
8
8
|
def update
|
9
|
-
user_json = JSON.parse(request.body.read)[
|
9
|
+
user_json = JSON.parse(request.body.read)["user"]
|
10
10
|
oauth_hash = build_gds_oauth_hash(user_json)
|
11
11
|
GDS::SSO::Config.user_klass.find_for_gds_oauth(oauth_hash)
|
12
|
-
head :ok, content_type:
|
12
|
+
head :ok, content_type: "text/plain"
|
13
13
|
end
|
14
14
|
|
15
15
|
def reauth
|
16
|
-
user = GDS::SSO::Config.user_klass.where(:
|
16
|
+
user = GDS::SSO::Config.user_klass.where(uid: params[:uid]).first
|
17
17
|
if user.nil? || user.set_remotely_signed_out!
|
18
|
-
head :ok, content_type:
|
18
|
+
head :ok, content_type: "text/plain"
|
19
19
|
else
|
20
|
-
head 500, content_type:
|
20
|
+
head 500, content_type: "text/plain"
|
21
21
|
end
|
22
22
|
end
|
23
23
|
|
24
|
-
|
25
|
-
# This should mirror the object created by the omniauth-gds strategy/gem
|
26
|
-
# By doing this, we can reuse the code for creating/updating the user
|
27
|
-
def build_gds_oauth_hash(user_json)
|
28
|
-
OmniAuth::AuthHash.new(
|
29
|
-
uid: user_json['uid'],
|
30
|
-
provider: 'gds',
|
31
|
-
info: {
|
32
|
-
name: user_json['name'],
|
33
|
-
email: user_json['email']
|
34
|
-
},
|
35
|
-
extra: {
|
36
|
-
user: {
|
37
|
-
permissions: user_json['permissions'],
|
38
|
-
organisation_slug: user_json['organisation_slug'],
|
39
|
-
organisation_content_id: user_json['organisation_content_id'],
|
40
|
-
disabled: user_json['disabled'],
|
41
|
-
}
|
42
|
-
})
|
43
|
-
end
|
24
|
+
private
|
44
25
|
|
45
|
-
|
46
|
-
|
47
|
-
|
26
|
+
# This should mirror the object created by the omniauth-gds strategy/gem
|
27
|
+
# By doing this, we can reuse the code for creating/updating the user
|
28
|
+
def build_gds_oauth_hash(user_json)
|
29
|
+
OmniAuth::AuthHash.new(
|
30
|
+
uid: user_json["uid"],
|
31
|
+
provider: "gds",
|
32
|
+
info: {
|
33
|
+
name: user_json["name"],
|
34
|
+
email: user_json["email"],
|
35
|
+
},
|
36
|
+
extra: {
|
37
|
+
user: {
|
38
|
+
permissions: user_json["permissions"],
|
39
|
+
organisation_slug: user_json["organisation_slug"],
|
40
|
+
organisation_content_id: user_json["organisation_content_id"],
|
41
|
+
disabled: user_json["disabled"],
|
42
|
+
},
|
43
|
+
},
|
44
|
+
)
|
45
|
+
end
|
46
|
+
|
47
|
+
def require_user_update_permission
|
48
|
+
authorise_user!("user_update_permission")
|
49
|
+
end
|
48
50
|
end
|
@@ -1,19 +1,17 @@
|
|
1
1
|
class AuthenticationsController < ActionController::Base
|
2
2
|
include GDS::SSO::ControllerMethods
|
3
3
|
|
4
|
-
before_action :authenticate_user!, :
|
4
|
+
before_action :authenticate_user!, only: :callback
|
5
5
|
layout false
|
6
6
|
|
7
7
|
def callback
|
8
|
-
redirect_to session["return_to"] ||
|
8
|
+
redirect_to session["return_to"] || "/"
|
9
9
|
end
|
10
10
|
|
11
|
-
def failure
|
12
|
-
|
13
|
-
end
|
11
|
+
def failure; end
|
14
12
|
|
15
13
|
def sign_out
|
16
14
|
logout
|
17
|
-
redirect_to GDS::SSO::Config.oauth_root_url
|
15
|
+
redirect_to "#{GDS::SSO::Config.oauth_root_url}/users/sign_out"
|
18
16
|
end
|
19
17
|
end
|
data/config/routes.rb
CHANGED
@@ -1,8 +1,9 @@
|
|
1
1
|
Rails.application.routes.draw do
|
2
|
-
next if GDS::SSO::Config.api_only
|
3
|
-
|
4
|
-
get
|
5
|
-
get
|
6
|
-
|
7
|
-
|
2
|
+
next if GDS::SSO::Config.api_only
|
3
|
+
|
4
|
+
get "/auth/gds/callback", to: "authentications#callback", as: :gds_sign_in
|
5
|
+
get "/auth/gds/sign_out", to: "authentications#sign_out", as: :gds_sign_out
|
6
|
+
get "/auth/failure", to: "authentications#failure", as: :auth_failure
|
7
|
+
put "/auth/gds/api/users/:uid", to: "api/user#update"
|
8
|
+
post "/auth/gds/api/users/:uid/reauth", to: "api/user#reauth"
|
8
9
|
end
|
data/lib/gds-sso.rb
CHANGED
@@ -1,17 +1,19 @@
|
|
1
|
-
require
|
1
|
+
require "rails"
|
2
2
|
|
3
|
-
require
|
4
|
-
require
|
5
|
-
require
|
6
|
-
require
|
7
|
-
require
|
3
|
+
require "gds-sso/config"
|
4
|
+
require "gds-sso/version"
|
5
|
+
require "gds-sso/warden_config"
|
6
|
+
require "omniauth"
|
7
|
+
require "omniauth-gds"
|
8
|
+
|
9
|
+
require "gds-sso/railtie" if defined?(Rails)
|
8
10
|
|
9
11
|
module GDS
|
10
12
|
module SSO
|
11
|
-
autoload :FailureApp,
|
12
|
-
autoload :ControllerMethods,
|
13
|
-
autoload :User,
|
14
|
-
autoload :ApiAccess,
|
13
|
+
autoload :FailureApp, "gds-sso/failure_app"
|
14
|
+
autoload :ControllerMethods, "gds-sso/controller_methods"
|
15
|
+
autoload :User, "gds-sso/user"
|
16
|
+
autoload :ApiAccess, "gds-sso/api_access"
|
15
17
|
|
16
18
|
# User to return as logged in during tests
|
17
19
|
mattr_accessor :test_user
|
@@ -23,29 +25,32 @@ module GDS
|
|
23
25
|
class Engine < ::Rails::Engine
|
24
26
|
# Force routes to be loaded if we are doing any eager load.
|
25
27
|
# TODO - check this one - Stolen from Devise because it looked sensible...
|
26
|
-
config.before_eager_load
|
28
|
+
config.before_eager_load(&:reload_routes!)
|
29
|
+
|
30
|
+
OmniAuth.config.allowed_request_methods = %i[post get]
|
27
31
|
|
28
32
|
config.app_middleware.use ::OmniAuth::Builder do
|
29
|
-
next if GDS::SSO::Config.api_only
|
33
|
+
next if GDS::SSO::Config.api_only
|
34
|
+
|
30
35
|
provider :gds, GDS::SSO::Config.oauth_id, GDS::SSO::Config.oauth_secret,
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
36
|
+
client_options: {
|
37
|
+
site: GDS::SSO::Config.oauth_root_url,
|
38
|
+
authorize_url: "#{GDS::SSO::Config.oauth_root_url}/oauth/authorize",
|
39
|
+
token_url: "#{GDS::SSO::Config.oauth_root_url}/oauth/access_token",
|
40
|
+
connection_opts: {
|
41
|
+
headers: {
|
42
|
+
user_agent: "gds-sso/#{GDS::SSO::VERSION} (#{ENV['GOVUK_APP_NAME']})",
|
43
|
+
},
|
44
|
+
},
|
45
|
+
}
|
41
46
|
end
|
42
47
|
|
43
48
|
def self.default_strategies
|
44
|
-
Config.use_mock_strategies? ? [
|
49
|
+
Config.use_mock_strategies? ? %i[mock_gds_sso gds_bearer_token] : %i[gds_sso gds_bearer_token]
|
45
50
|
end
|
46
51
|
|
47
52
|
config.app_middleware.use Warden::Manager do |config|
|
48
|
-
config.default_strategies
|
53
|
+
config.default_strategies(*default_strategies)
|
49
54
|
config.failure_app = GDS::SSO::FailureApp
|
50
55
|
end
|
51
56
|
end
|
data/lib/gds-sso/api_access.rb
CHANGED
data/lib/gds-sso/bearer_token.rb
CHANGED
@@ -1,12 +1,12 @@
|
|
1
|
-
require
|
2
|
-
require
|
3
|
-
require
|
1
|
+
require "multi_json"
|
2
|
+
require "oauth2"
|
3
|
+
require "gds-sso/version"
|
4
4
|
|
5
5
|
module GDS
|
6
6
|
module SSO
|
7
7
|
module BearerToken
|
8
8
|
def self.locate(token_string)
|
9
|
-
user_details = GDS::SSO::Config.cache.fetch([
|
9
|
+
user_details = GDS::SSO::Config.cache.fetch(["api-user-cache", token_string], expires_in: 5.minutes) do
|
10
10
|
access_token = OAuth2::AccessToken.new(oauth_client, token_string)
|
11
11
|
response_body = access_token.get("/user.json?client_id=#{CGI.escape(GDS::SSO::Config.oauth_id)}").body
|
12
12
|
omniauth_style_response(response_body)
|
@@ -21,12 +21,12 @@ module GDS
|
|
21
21
|
@oauth_client ||= OAuth2::Client.new(
|
22
22
|
GDS::SSO::Config.oauth_id,
|
23
23
|
GDS::SSO::Config.oauth_secret,
|
24
|
-
:
|
25
|
-
:
|
26
|
-
:
|
27
|
-
:
|
28
|
-
}
|
29
|
-
}.merge(GDS::SSO::Config.connection_opts)
|
24
|
+
site: GDS::SSO::Config.oauth_root_url,
|
25
|
+
connection_opts: {
|
26
|
+
headers: {
|
27
|
+
user_agent: "gds-sso/#{GDS::SSO::VERSION} (#{ENV['GOVUK_APP_NAME']})",
|
28
|
+
},
|
29
|
+
}.merge(GDS::SSO::Config.connection_opts),
|
30
30
|
)
|
31
31
|
end
|
32
32
|
|
@@ -35,32 +35,32 @@ module GDS
|
|
35
35
|
# structure. Here we're addressing signon directly so
|
36
36
|
# we need to transform the response ourselves.
|
37
37
|
def self.omniauth_style_response(response_body)
|
38
|
-
input = MultiJson.decode(response_body)[
|
38
|
+
input = MultiJson.decode(response_body)["user"]
|
39
39
|
|
40
40
|
{
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
41
|
+
"uid" => input["uid"],
|
42
|
+
"info" => {
|
43
|
+
"email" => input["email"],
|
44
|
+
"name" => input["name"],
|
45
|
+
},
|
46
|
+
"extra" => {
|
47
|
+
"user" => {
|
48
|
+
"permissions" => input["permissions"],
|
49
|
+
"organisation_slug" => input["organisation_slug"],
|
50
|
+
"organisation_content_id" => input["organisation_content_id"],
|
51
|
+
},
|
45
52
|
},
|
46
|
-
'extra' => {
|
47
|
-
'user' => {
|
48
|
-
'permissions' => input['permissions'],
|
49
|
-
'organisation_slug' => input['organisation_slug'],
|
50
|
-
'organisation_content_id' => input['organisation_content_id'],
|
51
|
-
}
|
52
|
-
}
|
53
53
|
}
|
54
54
|
end
|
55
55
|
end
|
56
56
|
|
57
57
|
module MockBearerToken
|
58
|
-
def self.locate(
|
58
|
+
def self.locate(_token_string)
|
59
59
|
dummy_api_user = GDS::SSO.test_user || GDS::SSO::Config.user_klass.where(email: "dummyapiuser@domain.com").first
|
60
60
|
if dummy_api_user.nil?
|
61
61
|
dummy_api_user = GDS::SSO::Config.user_klass.new
|
62
62
|
dummy_api_user.email = "dummyapiuser@domain.com"
|
63
|
-
dummy_api_user.uid =
|
63
|
+
dummy_api_user.uid = rand(10_000).to_s
|
64
64
|
dummy_api_user.name = "Dummy API user created by gds-sso"
|
65
65
|
end
|
66
66
|
|
data/lib/gds-sso/config.rb
CHANGED
@@ -1,21 +1,26 @@
|
|
1
|
-
require
|
1
|
+
require "active_support/cache/null_store"
|
2
|
+
require "plek"
|
2
3
|
|
3
4
|
module GDS
|
4
5
|
module SSO
|
5
6
|
module Config
|
7
|
+
# rubocop:disable Style/ClassVars
|
8
|
+
|
6
9
|
# Name of the User class
|
7
10
|
mattr_accessor :user_model
|
8
11
|
@@user_model = "User"
|
9
12
|
|
10
13
|
# OAuth ID
|
11
14
|
mattr_accessor :oauth_id
|
15
|
+
@@oauth_id = ENV.fetch("GDS_SSO_OAUTH_ID", "test-oauth-id")
|
12
16
|
|
13
17
|
# OAuth Secret
|
14
18
|
mattr_accessor :oauth_secret
|
19
|
+
@@oauth_secret = ENV.fetch("GDS_SSO_OAUTH_SECRET", "test-oauth-secret")
|
15
20
|
|
16
21
|
# Location of the OAuth server
|
17
22
|
mattr_accessor :oauth_root_url
|
18
|
-
@@oauth_root_url = "
|
23
|
+
@@oauth_root_url = Plek.new.external_url_for("signon")
|
19
24
|
|
20
25
|
mattr_accessor :auth_valid_for
|
21
26
|
@@auth_valid_for = 20 * 3600
|
@@ -23,19 +28,19 @@ module GDS
|
|
23
28
|
mattr_accessor :cache
|
24
29
|
@@cache = ActiveSupport::Cache::NullStore.new
|
25
30
|
|
26
|
-
|
31
|
+
mattr_accessor :api_only
|
27
32
|
|
28
33
|
mattr_accessor :additional_mock_permissions_required
|
29
34
|
|
30
35
|
mattr_accessor :connection_opts
|
31
36
|
@@connection_opts = {
|
32
|
-
:
|
33
|
-
:
|
34
|
-
}
|
37
|
+
request: {
|
38
|
+
open_timeout: 5,
|
39
|
+
},
|
35
40
|
}
|
36
41
|
|
37
42
|
def self.permissions_for_dummy_api_user
|
38
|
-
[
|
43
|
+
%w[signin].push(*additional_mock_permissions_required)
|
39
44
|
end
|
40
45
|
|
41
46
|
def self.user_klass
|
@@ -52,11 +57,7 @@ module GDS
|
|
52
57
|
ENV.fetch("GDS_SSO_STRATEGY", default_strategy) == "mock"
|
53
58
|
end
|
54
59
|
|
55
|
-
|
56
|
-
config = Rails.configuration
|
57
|
-
default = config.respond_to?(:api_only) ? config.api_only : false
|
58
|
-
@@api_only.nil? ? default : @@api_only
|
59
|
-
end
|
60
|
+
# rubocop:enable Style/ClassVars
|
60
61
|
end
|
61
62
|
end
|
62
63
|
end
|