notify-admin-761 remove basic auth

.github/workflows/checks.yml

@@ -49,15 +49,13 @@ jobs:
         env:
           NOTIFY_E2E_AUTH_STATE_PATH: ${{ secrets.NOTIFY_E2E_AUTH_STATE_PATH }}
           NOTIFY_E2E_TEST_EMAIL: ${{ secrets.NOTIFY_E2E_TEST_EMAIL }}
-          NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD }}
-          NOTIFY_E2E_TEST_HTTP_AUTH_USER: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_USER }}
           NOTIFY_E2E_TEST_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_PASSWORD }}
           NOTIFY_E2E_TEST_URI: ${{ secrets.NOTIFY_E2E_TEST_URI }}
       - name: Check coverage threshold
         run: poetry run coverage report --fail-under=90
       - name: Health check
         run: |
-          response=$(curl -url ${{secrets.NOTIFY_E2E_TEST_URI}}_status -u "${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_USER }}:${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD }}")
+          response=$(curl -url ${{secrets.NOTIFY_E2E_TEST_URI}}_status)
           if grep -q "ok" <<< "$response"; then
             echo "Health check passed"
           else
@@ -67,8 +65,6 @@ jobs:
         env:
           NOTIFY_E2E_AUTH_STATE_PATH: ${{ secrets.NOTIFY_E2E_AUTH_STATE_PATH }}
           NOTIFY_E2E_TEST_EMAIL: ${{ secrets.NOTIFY_E2E_TEST_EMAIL }}
-          NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD }}
-          NOTIFY_E2E_TEST_HTTP_AUTH_USER: ${{ secrets.NOTIFY_E2E_TEST_HTTP_AUTH_USER }}
           NOTIFY_E2E_TEST_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_PASSWORD }}
           NOTIFY_E2E_TEST_URI: ${{ secrets.NOTIFY_E2E_TEST_URI }}
 

.github/workflows/deploy-demo.yml

@@ -52,7 +52,6 @@ jobs:
           DANGEROUS_SALT: ${{ secrets.DANGEROUS_SALT }}
           SECRET_KEY: ${{ secrets.SECRET_KEY }}
           ADMIN_CLIENT_SECRET: ${{ secrets.ADMIN_CLIENT_SECRET }}
-          BASIC_AUTH_PASSWORD: ${{ secrets.BASIC_AUTH_PASSWORD }}
           NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY }}
           NR_BROWSER_KEY: ${{ secrets.NR_BROWSER_KEY }}
         with:
@@ -66,8 +65,6 @@ jobs:
             --var SECRET_KEY="$SECRET_KEY"
             --var ADMIN_CLIENT_USERNAME="notify-admin"
             --var ADMIN_CLIENT_SECRET="$ADMIN_CLIENT_SECRET"
-            --var BASIC_AUTH_USERNAME="curiousabout"
-            --var BASIC_AUTH_PASSWORD="$BASIC_AUTH_PASSWORD"
             --var NEW_RELIC_LICENSE_KEY="$NEW_RELIC_LICENSE_KEY"
             --var NR_BROWSER_KEY="$NR_BROWSER_KEY"
 

.github/workflows/deploy-prod.yml

@@ -52,7 +52,6 @@ jobs:
           DANGEROUS_SALT: ${{ secrets.DANGEROUS_SALT }}
           SECRET_KEY: ${{ secrets.SECRET_KEY }}
           ADMIN_CLIENT_SECRET: ${{ secrets.ADMIN_CLIENT_SECRET }}
-          BASIC_AUTH_PASSWORD: ${{ secrets.BASIC_AUTH_PASSWORD }}
           NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY }}
           NR_BROWSER_KEY: ${{ secrets.NR_BROWSER_KEY }}
         with:
@@ -66,8 +65,6 @@ jobs:
             --var SECRET_KEY="$SECRET_KEY"
             --var ADMIN_CLIENT_USERNAME="notify-admin"
             --var ADMIN_CLIENT_SECRET="$ADMIN_CLIENT_SECRET"
-            --var BASIC_AUTH_USERNAME="curiousabout"
-            --var BASIC_AUTH_PASSWORD="$BASIC_AUTH_PASSWORD"
             --var NEW_RELIC_LICENSE_KEY="$NEW_RELIC_LICENSE_KEY"
             --var NR_BROWSER_KEY="$NR_BROWSER_KEY"
 

.github/workflows/deploy.yml

@@ -57,7 +57,6 @@ jobs:
           DANGEROUS_SALT: ${{ secrets.DANGEROUS_SALT }}
           SECRET_KEY: ${{ secrets.SECRET_KEY }}
           ADMIN_CLIENT_SECRET: ${{ secrets.ADMIN_CLIENT_SECRET }}
-          BASIC_AUTH_PASSWORD: ${{ secrets.BASIC_AUTH_PASSWORD }}
           NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY }}
           NR_BROWSER_KEY: ${{ secrets.NR_BROWSER_KEY }}
         with:
@@ -71,8 +70,6 @@ jobs:
             --var SECRET_KEY="$SECRET_KEY"
             --var ADMIN_CLIENT_USERNAME="notify-admin"
             --var ADMIN_CLIENT_SECRET="$ADMIN_CLIENT_SECRET"
-            --var BASIC_AUTH_USERNAME="curiousabout"
-            --var BASIC_AUTH_PASSWORD="$BASIC_AUTH_PASSWORD"
             --var NEW_RELIC_LICENSE_KEY="$NEW_RELIC_LICENSE_KEY"
             --var NR_BROWSER_KEY="$NR_BROWSER_KEY"
 

app/config.py

@@ -28,8 +28,6 @@ class Config(object):
     # ZENDESK_API_KEY = getenv('ZENDESK_API_KEY')
     ROUTE_SECRET_KEY_1 = getenv("ROUTE_SECRET_KEY_1", "dev-route-secret-key-1")
     ROUTE_SECRET_KEY_2 = getenv("ROUTE_SECRET_KEY_2", "dev-route-secret-key-2")
-    BASIC_AUTH_USERNAME = getenv("BASIC_AUTH_USERNAME")
-    BASIC_AUTH_PASSWORD = getenv("BASIC_AUTH_PASSWORD")
 
     NR_ACCOUNT_ID = getenv("NR_ACCOUNT_ID")
     NR_TRUST_KEY = getenv("NR_TRUST_KEY")
@@ -101,7 +99,6 @@ def _s3_credentials_from_env(bucket_prefix):
 
 
 class Development(Config):
-    BASIC_AUTH_FORCE = False
     DEBUG = True
     SESSION_COOKIE_SECURE = False
     SESSION_PROTECTION = None
@@ -138,7 +135,6 @@ class Test(Development):
 class Production(Config):
     HEADER_COLOUR = "#005EA5"  # $govuk-blue
     HTTP_PROTOCOL = "https"
-    BASIC_AUTH_FORCE = True
     ASSET_DOMAIN = ""  # TODO use a CDN
     ASSET_PATH = "/static/"  # TODO use a CDN
     DEBUG = False
@@ -153,7 +149,6 @@ class Production(Config):
 
 
 class Staging(Production):
-    BASIC_AUTH_FORCE = True
     HEADER_COLOUR = "#00ff00"  # $green
 
 
@@ -166,7 +161,6 @@ class Sandbox(Staging):
 
 
 class Scanning(Production):
-    BASIC_AUTH_FORCE = False
     HTTP_PROTOCOL = "http"
     API_HOST_NAME = "https://notify-api-staging.app.cloud.gov/"
     SECRET_KEY = "dev-notify-secret-key"  # nosec B105 - only used in development

deploy-config/sandbox.yml

@@ -7,8 +7,6 @@ ADMIN_CLIENT_USERNAME: notify-admin
 ADMIN_CLIENT_SECRET: sandbox-notify-secret-key
 DANGEROUS_SALT: sandbox-notify-salt
 SECRET_KEY: sandbox-notify-secret-key
-BASIC_AUTH_USERNAME: sandbox
-BASIC_AUTH_PASSWORD: sandbox
 nr_agent_id: ""
 nr_app_id: ""
 NR_BROWSER_KEY: ""

docs/end_to_end_tests.md

@@ -77,8 +77,6 @@ and that it has at least these environment variables set in it:
 ```
 # E2E Test Configuration - only set for the Admin site.
 NOTIFY_E2E_TEST_URI
-NOTIFY_E2E_TEST_HTTP_AUTH_USER         # This is optional
-NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD     # This is optional
 NOTIFY_E2E_TEST_EMAIL
 NOTIFY_E2E_TEST_PASSWORD
 NOTIFY_E2E_AUTH_STATE_PATH
@@ -133,8 +131,6 @@ These are the E2E test environment variables that must be set:
 
 ```
 NOTIFY_E2E_TEST_URI
-NOTIFY_E2E_TEST_HTTP_AUTH_USER         # This is optional
-NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD     # This is optional
 NOTIFY_E2E_TEST_EMAIL
 NOTIFY_E2E_TEST_PASSWORD
 NOTIFY_E2E_AUTH_STATE_PATH

manifest.yml

@@ -41,8 +41,6 @@ applications:
       ADMIN_CLIENT_USERNAME: ((ADMIN_CLIENT_USERNAME))
       DANGEROUS_SALT: ((DANGEROUS_SALT))
       SECRET_KEY: ((SECRET_KEY))
-      BASIC_AUTH_USERNAME: ((BASIC_AUTH_USERNAME))
-      BASIC_AUTH_PASSWORD: ((BASIC_AUTH_PASSWORD))
       NEW_RELIC_LICENSE_KEY: ((NEW_RELIC_LICENSE_KEY))
 
       NOTIFY_BILLING_DETAILS: '[]'

sample.env

@@ -17,8 +17,6 @@ NODE_VERSION=16.15.1
 # E2E Testing
 
 NOTIFY_E2E_TEST_URI=http://localhost:6012/
-#NOTIFY_E2E_TEST_HTTP_AUTH_USER="this is optional"
-#NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD="this is optional - don't write secrets to the sample file"
 NOTIFY_E2E_TEST_EMAIL=fake.user@example.com
 NOTIFY_E2E_TEST_PASSWORD="don't write secrets to the sample file"
 NOTIFY_E2E_AUTH_STATE_PATH=playwright/.auth/

tests/conftest.py

@@ -3661,18 +3661,7 @@ def login_for_end_to_end_testing(browser):
 
 @pytest.fixture(scope="session")
 def end_to_end_context(browser):
-    # Create a context with HTTP Authentication credentials for Playwright E2E
-    # tests, if the environment variables exist.
-    if os.getenv("NOTIFY_E2E_TEST_HTTP_AUTH_USER"):
-        context = browser.new_context(
-            http_credentials={
-                "username": os.getenv("NOTIFY_E2E_TEST_HTTP_AUTH_USER"),
-                "password": os.getenv("NOTIFY_E2E_TEST_HTTP_AUTH_PASSWORD"),
-            }
-        )
-    else:
     context = browser.new_context()
-
     yield context