RubyGems - gds-sso - Versions diffs - 22.0.0 → 22.1.1 - Mend

gds-sso 22.0.0 → 22.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/lib/gds-sso/failure_app.rb +0 -6
data/lib/gds-sso/lint/user_spec.rb +43 -23
data/lib/gds-sso/user.rb +8 -0
data/lib/gds-sso/version.rb +1 -1
data/spec/unit/user_spec.rb +20 -0
metadata +3 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cc434aa156074fb389c79d10a05993a5493d692a06af85e7d1409b6329ad296e
-  data.tar.gz: 2a4625eae41416c741ed0c0288eb7f4f4d4cb19d78338e5e967ea2761149e6f1
+  metadata.gz: 006b7a16f52c7a8013c5bf88cf8afeb9dbe9676a444618b80cb47c546bc8dda7
+  data.tar.gz: 19796282c692f14f5e5cfc6ee7dd823835d536a804470745affdd42cf1ca78c7
 SHA512:
-  metadata.gz: 35c3637ecf9de2b951b2367924f4b4aff1538a84e2ba0c318ef79dc95eccdd075d9f1c176feaed71dc60a03f8b2d6891bcf08148d85571cfadff303ccaf904ae
-  data.tar.gz: f9c2193558be493ce2f58414c72cb9ec240f835e2e3d5005cfa271716d9b504bbfbba080e487443b4905071209876acd5886f0280ce83630305ae1d2d254d7ae
+  metadata.gz: 93c40856ef0a2442e7cdca2854dff5d34c4d726a573e1dccf2bd5d81b7381d67243026a2ad00a165b6ff189c0ab15ff5cdf0e990ac0c25f00afea2c49cb0bd00
+  data.tar.gz: 3e9ed3c8da369905de18e35487c9d60b1a0c49663436bfff8a0e4bfeaf035914026512c47c4ca6f338c025bc878cbd1100ca0eeded22087355c0761b47057066

data/lib/gds-sso/failure_app.rb CHANGED Viewed

@@ -39,12 +39,6 @@ module GDS
         api_unauthorized("No bearer token was provided", "invalid_request")
       end
-      # Stores requested uri to redirect the user after signing in. We cannot use
-      # scoped session provided by warden here, since the user is not authenticated
-      # yet, but we still need to store the uri based on scope, so different scopes
-      # would never use the same uri to redirect.
-      # TOTALLY NOT DOING THE SCOPE THING. PROBABLY SHOULD.
       def store_location!
         return unless request.get?

data/lib/gds-sso/lint/user_spec.rb CHANGED Viewed

@@ -49,30 +49,50 @@ RSpec.shared_examples "a gds-sso user class" do
   end
   specify "the User class and GDS::SSO::User mixin work together" do
-    auth_hash = {
-      "uid" => "12345",
-      "info" => {
-        "name" => "Joe Smith",
-        "email" => "joe.smith@example.com",
-      },
-      "extra" => {
-        "user" => {
-          "disabled" => false,
-          "permissions" => %w[signin],
-          "organisation_slug" => "cabinet-office",
-          "organisation_content_id" => "91e57ad9-29a3-4f94-9ab4-5e9ae6d13588",
+    with_anonymous_user_id_secret "some-anonymous-user-id-secret" do
+      auth_hash = {
+        "uid" => "12345",
+        "info" => {
+          "name" => "Joe Smith",
+          "email" => "joe.smith@example.com",
         },
-      },
-    }
+        "extra" => {
+          "user" => {
+            "disabled" => false,
+            "permissions" => %w[signin],
+            "organisation_slug" => "cabinet-office",
+            "organisation_content_id" => "91e57ad9-29a3-4f94-9ab4-5e9ae6d13588",
+          },
+        },
+      }
+      user = described_class.find_for_gds_oauth(auth_hash)
+      expect(user).to be_an_instance_of(described_class)
+      expect(user.uid).to eq("12345")
+      expect(user.anonymous_user_id).to eq("91f4d86cd48c6d0cf")
+      expect(user.name).to eq("Joe Smith")
+      expect(user.email).to eq("joe.smith@example.com")
+      expect(user).not_to be_disabled
+      expect(user.permissions).to eq(%w[signin])
+      expect(user.organisation_slug).to eq("cabinet-office")
+      expect(user.organisation_content_id).to eq("91e57ad9-29a3-4f94-9ab4-5e9ae6d13588")
+    end
+  end
+private
-    user = described_class.find_for_gds_oauth(auth_hash)
-    expect(user).to be_an_instance_of(described_class)
-    expect(user.uid).to eq("12345")
-    expect(user.name).to eq("Joe Smith")
-    expect(user.email).to eq("joe.smith@example.com")
-    expect(user).not_to be_disabled
-    expect(user.permissions).to eq(%w[signin])
-    expect(user.organisation_slug).to eq("cabinet-office")
-    expect(user.organisation_content_id).to eq("91e57ad9-29a3-4f94-9ab4-5e9ae6d13588")
+  def with_anonymous_user_id_secret(value, &block)
+    if defined?(ClimateControl)
+      ClimateControl.modify(ANONYMOUS_USER_ID_SECRET: value, &block)
+    else
+      # If ClimateControl isn't available, we fall back to a simpler way of setting / resetting the environment
+      # variable. This doesn't account for tests running in parallel though.
+      begin
+        ENV["ANONYMOUS_USER_ID_SECRET"] = value
+        block.call
+      ensure
+        ENV.delete "ANONYMOUS_USER_ID_SECRET"
+      end
+    end
   end
 end

data/lib/gds-sso/user.rb CHANGED Viewed

@@ -1,4 +1,5 @@
 require "active_support/concern"
+require "json"
 module GDS
   module SSO
@@ -39,6 +40,13 @@ module GDS
         update_attribute(:remotely_signed_out, true)
       end
+      def anonymous_user_id
+        secret = ENV["ANONYMOUS_USER_ID_SECRET"]
+        return if secret.nil?
+        @anonymous_user_id ||= Digest::SHA2.hexdigest(JSON.dump([uid, secret]))[..16]
+      end
       module ClassMethods
         def find_for_gds_oauth(auth_hash)
           user_params = GDS::SSO::User.user_params_from_auth_hash(auth_hash.to_hash)

data/lib/gds-sso/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module GDS
   module SSO
-    VERSION = "22.0.0".freeze
+    VERSION = "22.1.1".freeze
   end
 end

data/spec/unit/user_spec.rb CHANGED Viewed

@@ -30,6 +30,26 @@ describe GDS::SSO::User do
     expect(GDS::SSO::User.user_params_from_auth_hash(@auth_hash)).to eq(expected)
   end
+  describe "#anonymous_user_id" do
+    it "should be nil if ANONYMOUS_USER_ID_SECRET is unset" do
+      ClimateControl.modify ANONYMOUS_USER_ID_SECRET: nil do
+        expect(TestUser.new.anonymous_user_id).to be_nil
+      end
+    end
+    it "should be computed based on the uid and ANONYMOUS_USER_ID_SECRET" do
+      ClimateControl.modify ANONYMOUS_USER_ID_SECRET: "some-anonymous-user-id-secret" do
+        expect("8724f603978a3adc0").to eq(TestUser.new(uid: "some-user-id").anonymous_user_id)
+        expect("69d0cf995988be2e1").to eq(TestUser.new(uid: "some-other-user-id").anonymous_user_id)
+      end
+      ClimateControl.modify ANONYMOUS_USER_ID_SECRET: "other-anonymous-user-id-secret" do
+        expect("297069f42a9251c64").to eq(TestUser.new(uid: "some-user-id").anonymous_user_id)
+        expect("4a3c66e26f5ec4229").to eq(TestUser.new(uid: "other-user-id").anonymous_user_id)
+      end
+    end
+  end
   context "making sure that the lint spec is valid" do
     let(:described_class) { TestUser }
     it_behaves_like "a gds-sso user class"

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: gds-sso
 version: !ruby/object:Gem::Version
-  version: 22.0.0
+  version: 22.1.1
 platform: ruby
 authors:
 - GOV.UK Dev
@@ -183,14 +183,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.1.19
+        version: 5.1.20
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.1.19
+        version: 5.1.20
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement