Skip to content

Commit

Permalink
Merge pull request #2784 from raft-tech/local-devauth
Browse files Browse the repository at this point in the history
DEVAUTH - All-local devenv sans cloud or third-party auth workflows
  • Loading branch information
tptignor authored Jan 10, 2024
2 parents 04de245 + 6557594 commit 1b17e39
Show file tree
Hide file tree
Showing 10 changed files with 78 additions and 9 deletions.
1 change: 1 addition & 0 deletions tdrs-backend/docker-compose.local.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ services:
environment:
- discovery.type=single-node
- xpack.security.enabled=false
- cluster.routing.allocation.disk.threshold_enabled=false
- logger.discovery.level=debug
ports:
- 9200:9200
Expand Down
3 changes: 3 additions & 0 deletions tdrs-backend/tdpservice/data_files/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -54,13 +54,15 @@ class DataFileViewSet(ModelViewSet):

def create(self, request, *args, **kwargs):
"""Override create to upload in case of successful scan."""
logger.debug(f"{self.__class__.__name__}: {request}")
response = super().create(request, *args, **kwargs)

# only if file is passed the virus scan and created successfully will we perform side-effects:
# * Send to parsing
# * Upload to ACF-TITAN
# * Send email to user

logger.debug(f"{self.__class__.__name__}: status: {response.status_code}")
if response.status_code == status.HTTP_201_CREATED or response.status_code == status.HTTP_200_OK:
user = request.user
data_file_id = response.data.get('id')
Expand Down Expand Up @@ -109,6 +111,7 @@ def create(self, request, *args, **kwargs):
if len(recipients) > 0:
send_data_submitted_email(list(recipients), data_file, email_context, subject)

logger.debug(f"{self.__class__.__name__}: return val: {response}")
return response

def get_s3_versioning_id(self, file_name, prefix):
Expand Down
2 changes: 2 additions & 0 deletions tdrs-backend/tdpservice/users/api/authorization_check.py
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@ class AuthorizationCheck(APIView):

def get(self, request, *args, **kwargs):
"""Handle get request and verify user is authorized."""
logger.debug(f"{self.__class__.__name__}: {request} {request.user} {args} {kwargs}")

user = request.user
serializer = UserProfileSerializer(user)

Expand Down
9 changes: 6 additions & 3 deletions tdrs-backend/tdpservice/users/authentication.py
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,13 @@ class CustomAuthentication(BaseAuthentication):
@staticmethod
def authenticate(username=None, login_gov_uuid=None, hhs_id=None):
"""Authenticate user with the request and username."""
# TODO: Provide separate implementations for two unrelated workflows
# both using this method. (The latter appears to always fail.)
# References:
# tdpservice/users/api/login.py:TokenAuthorizationOIDC.handleUser
# https://www.django-rest-framework.org/api-guide/authentication
User = get_user_model()
logging.debug("CustomAuthentication::authenticate:hhs_id {}".format(hhs_id))
logging.debug("CustomAuthentication::authenticate:login_gov_uuid {}".format(login_gov_uuid))
logging.debug("CustomAuthentication::authenticate:username {}".format(username))
logging.debug(f"CustomAuthentication::authenticate: {username}, {login_gov_uuid}, {hhs_id}")
try:
if hhs_id:
try:
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
"""generate_dev_user command."""

from django.contrib.auth import get_user_model
from django.contrib.auth.models import Group
from django.core.management import BaseCommand

User = get_user_model()

email = "dev@test.com"
pswd = "pass"
first = "Jon"
last = "Tester"

class Command(BaseCommand):
"""Command class."""

def handle(self, *args, **options):
"""Generate dev user if it doesn't exist."""
try:
user = User.objects.get(username=email)
print(f"Found {vars(user)}")
except User.DoesNotExist:
group = Group.objects.get(name="Developer")
user = User.objects.create(username=email,
email=email,
password=pswd,
is_superuser=True,
is_staff=True,
first_name=first,
last_name=last,
stt_id=31,
account_approval_status="Approved")
user.groups.add(group)
print(f"Created {vars(user)}")
6 changes: 6 additions & 0 deletions tdrs-backend/tdpservice/users/permissions.py
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,9 @@
from collections import ChainMap
from copy import deepcopy
from typing import List, Optional, TYPE_CHECKING
import logging

logger = logging.getLogger(__name__)


if TYPE_CHECKING: # pragma: no cover
Expand Down Expand Up @@ -126,6 +129,7 @@ class IsApprovedPermission(permissions.DjangoModelPermissions):

def has_permission(self, request, view):
"""Return True if the user has been assigned a group and is approved."""
logging.debug(f"{self.__class__.__name__}: {request} ; {view}")
return (request.user.groups.first() is not None and
request.user.account_approval_status == AccountApprovalStatusChoices.APPROVED)

Expand Down Expand Up @@ -160,6 +164,8 @@ def has_permission(self, request, view):
Data Analyst will only have permission to files within their STT and a
Regional Manager will only have permission to files within their region.
"""
logging.debug(f"{self.__class__.__name__}: {request} ; {view}")

# Checks for existence of `data_files.view_datafile` Permission
has_permission = super().has_permission(request, view)

Expand Down
3 changes: 3 additions & 0 deletions tdrs-frontend/.env
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,9 @@
# WARNING: This file is checked in to source control, do NOT store any secrets in this file
#

# Uncomment for local dev only!
#REACT_APP_DEVAUTH=dev@test.com

# The hostname behind the tdrs-backend Django app
REACT_APP_BACKEND_HOST=http://127.0.0.1:8080

Expand Down
7 changes: 2 additions & 5 deletions tdrs-frontend/docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ services:
ports:
- 8090:8090
networks:
- local
- default
volumes:
- ./reports:/zap/wrk/:rw
- ../scripts/zap-hook.py:/zap/scripts/zap-hook.py:ro
Expand All @@ -21,14 +21,14 @@ services:
- 3000:80
- 8080:8080
networks:
- local
- default
volumes:
- ./:/home/node/app
environment:
- NGINX_FRONTEND=tdp-frontend
- BACK_END=web
- LOCAL_DEV=true
- REACT_APP_DEVAUTH=${REACT_APP_DEVAUTH}
command: >
/bin/sh -c
"echo 'starting nginx' &&
Expand All @@ -42,9 +42,6 @@ services:
&& nginx -g 'daemon off;'"
networks:
local:
driver: bridge

default:
external:
name: external-net
2 changes: 1 addition & 1 deletion tdrs-frontend/src/components/Profile/Profile.jsx
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ import {
function Profile() {
const user = useSelector((state) => state.auth.user)
// Most higher-env users will only have a single role, so just grab the first one.
const primaryRole = user?.roles[0]
const primaryRole = user?.roles?.[0]
const missingAccessRequest = useSelector(accountIsMissingAccessRequest)
const isAccessRequestPending = useSelector(accountIsInReview)

Expand Down
20 changes: 20 additions & 0 deletions tdrs-frontend/src/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,28 @@ axios.defaults.xsrfCookieName = 'csrftoken'
axios.defaults.xsrfHeaderName = 'X-CSRFToken'
axios.defaults.withCredentials = true

function devLogin(devEmail) {
const BACKEND_URL = process.env.REACT_APP_BACKEND_URL
axios
.post(`${BACKEND_URL}/login/cypress`, {
username: devEmail,
token: 'local-cypress-token',
})
.then(function (response) {
console.log(response)
})
.catch(function (error) {
console.log(error)
})
store.dispatch({ type: 'SET_AUTH', payload: { devEmail } })
console.log(`dispatched SET_AUTH(${devEmail})`)
}

// call auth_check
const store = configureStore()
if (process.env.REACT_APP_DEVAUTH && !store.getState().auth?.user) {
devLogin(process.env.REACT_APP_DEVAUTH)
}
store.dispatch(fetchAuth())

// if (window.location.href.match(/https:\/\/.*\.app\.cloud\.gov/)) {
Expand Down

0 comments on commit 1b17e39

Please sign in to comment.