RubyGems - gds-sso - Versions diffs - 22.0.0 → 22.1.0 - Mend

gds-sso 22.0.0 → 22.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/lib/gds-sso/failure_app.rb +0 -6
data/lib/gds-sso/lint/user_spec.rb +26 -23
data/lib/gds-sso/user.rb +8 -0
data/lib/gds-sso/version.rb +1 -1
data/spec/unit/user_spec.rb +20 -0
metadata +3 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cc434aa156074fb389c79d10a05993a5493d692a06af85e7d1409b6329ad296e
-  data.tar.gz: 2a4625eae41416c741ed0c0288eb7f4f4d4cb19d78338e5e967ea2761149e6f1
+  metadata.gz: 69935efadb057e8b8f85cdd7549ff1c07a94d2b50ba25086e64c3f17dc8730c6
+  data.tar.gz: 28bc82620af28be973c62ef9c2020e072f9971aabfe7f6bce1b17c66d12fa8fd
 SHA512:
-  metadata.gz: 35c3637ecf9de2b951b2367924f4b4aff1538a84e2ba0c318ef79dc95eccdd075d9f1c176feaed71dc60a03f8b2d6891bcf08148d85571cfadff303ccaf904ae
-  data.tar.gz: f9c2193558be493ce2f58414c72cb9ec240f835e2e3d5005cfa271716d9b504bbfbba080e487443b4905071209876acd5886f0280ce83630305ae1d2d254d7ae
+  metadata.gz: a57f468d6a7bed0783851e1364112cbaaeea9ae41ea82b53b90e8231f0b2d9ec8280e69527c19dd79b04c1c127fb83d8f77ad80d69cad9763189abfc04a2a674
+  data.tar.gz: a6c38c8f82b5006ff4e69a505f7ce1c26a7e5469c816148c930a44225ed048f209ea8891666e9f7eb7d8f0a243a49cfc8f52ae8874037fe3a79b9e7d28ec36aa

data/lib/gds-sso/failure_app.rb CHANGED Viewed

@@ -39,12 +39,6 @@ module GDS
         api_unauthorized("No bearer token was provided", "invalid_request")
       end
-      # Stores requested uri to redirect the user after signing in. We cannot use
-      # scoped session provided by warden here, since the user is not authenticated
-      # yet, but we still need to store the uri based on scope, so different scopes
-      # would never use the same uri to redirect.
-      # TOTALLY NOT DOING THE SCOPE THING. PROBABLY SHOULD.
       def store_location!
         return unless request.get?

data/lib/gds-sso/lint/user_spec.rb CHANGED Viewed

@@ -49,30 +49,33 @@ RSpec.shared_examples "a gds-sso user class" do
   end
   specify "the User class and GDS::SSO::User mixin work together" do
-    auth_hash = {
-      "uid" => "12345",
-      "info" => {
-        "name" => "Joe Smith",
-        "email" => "joe.smith@example.com",
-      },
-      "extra" => {
-        "user" => {
-          "disabled" => false,
-          "permissions" => %w[signin],
-          "organisation_slug" => "cabinet-office",
-          "organisation_content_id" => "91e57ad9-29a3-4f94-9ab4-5e9ae6d13588",
+    ClimateControl.modify ANONYMOUS_USER_ID_SECRET: "some-anonymous-user-id-secret" do
+      auth_hash = {
+        "uid" => "12345",
+        "info" => {
+          "name" => "Joe Smith",
+          "email" => "joe.smith@example.com",
         },
-      },
-    }
+        "extra" => {
+          "user" => {
+            "disabled" => false,
+            "permissions" => %w[signin],
+            "organisation_slug" => "cabinet-office",
+            "organisation_content_id" => "91e57ad9-29a3-4f94-9ab4-5e9ae6d13588",
+          },
+        },
+      }
-    user = described_class.find_for_gds_oauth(auth_hash)
-    expect(user).to be_an_instance_of(described_class)
-    expect(user.uid).to eq("12345")
-    expect(user.name).to eq("Joe Smith")
-    expect(user.email).to eq("joe.smith@example.com")
-    expect(user).not_to be_disabled
-    expect(user.permissions).to eq(%w[signin])
-    expect(user.organisation_slug).to eq("cabinet-office")
-    expect(user.organisation_content_id).to eq("91e57ad9-29a3-4f94-9ab4-5e9ae6d13588")
+      user = described_class.find_for_gds_oauth(auth_hash)
+      expect(user).to be_an_instance_of(described_class)
+      expect(user.uid).to eq("12345")
+      expect(user.anonymous_user_id).to eq("91f4d86cd48c6d0cf")
+      expect(user.name).to eq("Joe Smith")
+      expect(user.email).to eq("joe.smith@example.com")
+      expect(user).not_to be_disabled
+      expect(user.permissions).to eq(%w[signin])
+      expect(user.organisation_slug).to eq("cabinet-office")
+      expect(user.organisation_content_id).to eq("91e57ad9-29a3-4f94-9ab4-5e9ae6d13588")
+    end
   end
 end

data/lib/gds-sso/user.rb CHANGED Viewed

@@ -1,4 +1,5 @@
 require "active_support/concern"
+require "json"
 module GDS
   module SSO
@@ -39,6 +40,13 @@ module GDS
         update_attribute(:remotely_signed_out, true)
       end
+      def anonymous_user_id
+        secret = ENV["ANONYMOUS_USER_ID_SECRET"]
+        return if secret.nil?
+        @anonymous_user_id ||= Digest::SHA2.hexdigest(JSON.dump([uid, secret]))[..16]
+      end
       module ClassMethods
         def find_for_gds_oauth(auth_hash)
           user_params = GDS::SSO::User.user_params_from_auth_hash(auth_hash.to_hash)

data/lib/gds-sso/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module GDS
   module SSO
-    VERSION = "22.0.0".freeze
+    VERSION = "22.1.0".freeze
   end
 end

data/spec/unit/user_spec.rb CHANGED Viewed

@@ -30,6 +30,26 @@ describe GDS::SSO::User do
     expect(GDS::SSO::User.user_params_from_auth_hash(@auth_hash)).to eq(expected)
   end
+  describe "#anonymous_user_id" do
+    it "should be nil if ANONYMOUS_USER_ID_SECRET is unset" do
+      ClimateControl.modify ANONYMOUS_USER_ID_SECRET: nil do
+        expect(TestUser.new.anonymous_user_id).to be_nil
+      end
+    end
+    it "should be computed based on the uid and ANONYMOUS_USER_ID_SECRET" do
+      ClimateControl.modify ANONYMOUS_USER_ID_SECRET: "some-anonymous-user-id-secret" do
+        expect("8724f603978a3adc0").to eq(TestUser.new(uid: "some-user-id").anonymous_user_id)
+        expect("69d0cf995988be2e1").to eq(TestUser.new(uid: "some-other-user-id").anonymous_user_id)
+      end
+      ClimateControl.modify ANONYMOUS_USER_ID_SECRET: "other-anonymous-user-id-secret" do
+        expect("297069f42a9251c64").to eq(TestUser.new(uid: "some-user-id").anonymous_user_id)
+        expect("4a3c66e26f5ec4229").to eq(TestUser.new(uid: "other-user-id").anonymous_user_id)
+      end
+    end
+  end
   context "making sure that the lint spec is valid" do
     let(:described_class) { TestUser }
     it_behaves_like "a gds-sso user class"

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: gds-sso
 version: !ruby/object:Gem::Version
-  version: 22.0.0
+  version: 22.1.0
 platform: ruby
 authors:
 - GOV.UK Dev
@@ -183,14 +183,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.1.19
+        version: 5.1.20
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.1.19
+        version: 5.1.20
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement