From 22d728f0f82d1d20b8483eb311362437c60186fc Mon Sep 17 00:00:00 2001
From: Kenneth Kehl <@kkehl@flexion.us>
Date: Tue, 14 Nov 2023 10:14:35 -0800
Subject: [PATCH] cleanup

---
 .github/workflows/deploy-demo.yml |  2 ++
 .github/workflows/deploy-prod.yml |  3 +++
 .github/workflows/deploy.yml      |  2 ++
 app/main/views/sign_in.py         |  7 +------
 app/main/views/sign_out.py        | 12 +-----------
 sample.env                        |  8 ++------
 6 files changed, 11 insertions(+), 23 deletions(-)

diff --git a/.github/workflows/deploy-demo.yml b/.github/workflows/deploy-demo.yml
index e4cf662de..771209267 100644
--- a/.github/workflows/deploy-demo.yml
+++ b/.github/workflows/deploy-demo.yml
@@ -54,6 +54,7 @@ jobs:
           ADMIN_CLIENT_SECRET: ${{ secrets.ADMIN_CLIENT_SECRET }}
           NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY }}
           NR_BROWSER_KEY: ${{ secrets.NR_BROWSER_KEY }}
+          LOGIN_PEM: ${{ secrets.LOGIN_PEM }}
         with:
           cf_username: ${{ secrets.CLOUDGOV_USERNAME }}
           cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
@@ -67,6 +68,7 @@ jobs:
             --var ADMIN_CLIENT_SECRET="$ADMIN_CLIENT_SECRET"
             --var NEW_RELIC_LICENSE_KEY="$NEW_RELIC_LICENSE_KEY"
             --var NR_BROWSER_KEY="$NR_BROWSER_KEY"
+            --var LOGIN_PEM="$LOGIN_PEM"
 
       - name: Check for changes to egress config
         id: changed-egress-config
diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml
index df6c5614e..0f696de36 100644
--- a/.github/workflows/deploy-prod.yml
+++ b/.github/workflows/deploy-prod.yml
@@ -54,6 +54,8 @@ jobs:
           ADMIN_CLIENT_SECRET: ${{ secrets.ADMIN_CLIENT_SECRET }}
           NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY }}
           NR_BROWSER_KEY: ${{ secrets.NR_BROWSER_KEY }}
+          LOGIN_PEM: ${{ secrets.LOGIN_PEM }}
+          
         with:
           cf_username: ${{ secrets.CLOUDGOV_USERNAME }}
           cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
@@ -67,6 +69,7 @@ jobs:
             --var ADMIN_CLIENT_SECRET="$ADMIN_CLIENT_SECRET"
             --var NEW_RELIC_LICENSE_KEY="$NEW_RELIC_LICENSE_KEY"
             --var NR_BROWSER_KEY="$NR_BROWSER_KEY"
+            --var LOGIN_PEM="$LOGIN_PEM"
 
       - name: Check for changes to egress config
         id: changed-egress-config
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 83c141370..af7e894bb 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -59,6 +59,7 @@ jobs:
           ADMIN_CLIENT_SECRET: ${{ secrets.ADMIN_CLIENT_SECRET }}
           NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY }}
           NR_BROWSER_KEY: ${{ secrets.NR_BROWSER_KEY }}
+          LOGIN_PEM: ${{ secrets.LOGIN_PEM }}
         with:
           cf_username: ${{ secrets.CLOUDGOV_USERNAME }}
           cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
@@ -72,6 +73,7 @@ jobs:
             --var ADMIN_CLIENT_SECRET="$ADMIN_CLIENT_SECRET"
             --var NEW_RELIC_LICENSE_KEY="$NEW_RELIC_LICENSE_KEY"
             --var NR_BROWSER_KEY="$NR_BROWSER_KEY"
+            --var LOGIN_PEM="$LOGIN_PEM"
 
       - name: Check for changes to egress config
         id: changed-egress-config
diff --git a/app/main/views/sign_in.py b/app/main/views/sign_in.py
index b73e606df..ad9bf33e4 100644
--- a/app/main/views/sign_in.py
+++ b/app/main/views/sign_in.py
@@ -25,16 +25,12 @@ from app.models.user import InvitedUser, User
 from app.utils import hide_from_search_engines
 from app.utils.login import is_safe_redirect_url
 
-# This is the logout url for manual use until we figure out how to do programmatically
-# https://idp.int.identitysandbox.gov/openid_connect/logout?client_id=urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:test_notify_gov&post_logout_redirect_uri=http://localhost:6012/sign-in
 
 
 def _get_access_token(code, state):
     client_id = os.getenv("LOGIN_DOT_GOV_CLIENT_ID")
     access_token_url = os.getenv("LOGIN_DOT_GOV_ACCESS_TOKEN_URL")
-    pemfile = open("./private.pem", "r")
-    keystring = pemfile.read()
-    pemfile.close()
+    keystring = os.getenv("LOGIN_PEM")
     payload = {
         "iss": client_id,
         "sub": client_id,
@@ -76,7 +72,6 @@ def sign_in():
     state = request.args.get("state")
     login_gov_error = request.args.get("error")
     if code and state:
-        current_app.logger.info(f"found login.gov code and state {code} {state}")
         access_token = _get_access_token(code, state)
         user_email = _get_user_email(access_token)
         redirect_url = request.args.get("next")
diff --git a/app/main/views/sign_out.py b/app/main/views/sign_out.py
index e76ed2cf0..e54bb018d 100644
--- a/app/main/views/sign_out.py
+++ b/app/main/views/sign_out.py
@@ -33,15 +33,5 @@ def sign_out():
         # TODO This doesn't work yet, due to problems above.
         current_user.sign_out()
 
-        return redirect(
-            "https://idp.int.identitysandbox.gov/openid_connect/logout?client_id=urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:test_notify_gov&post_logout_redirect_uri=http://localhost:6012/sign-out"  # noqa
-        )
+        return redirect(os.getenv("LOGIN_DOT_GOV_LOGOUT_URL"))
     return redirect(url_for("main.index"))
-
-
-# @main.route("/sign-out-at-login-gov", methods=(["POST"]))
-# def sign_out_at_login_gov():
-#     current_app.logger.info("SHOULD BE REDIRECTING TO LOGIN GOV")
-#     return redirect(
-#         "https://idp.int.identitysandbox.gov/openid_connect/logout?client_id=urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:test_notify_gov&post_logout_redirect_uri=http://localhost:6012/sign-out"
-#    )
diff --git a/sample.env b/sample.env
index cf80fa8a4..7f4fb6791 100644
--- a/sample.env
+++ b/sample.env
@@ -22,11 +22,6 @@ NOTIFY_E2E_TEST_PASSWORD="don't write secrets to the sample file"
 NOTIFY_E2E_AUTH_STATE_PATH=playwright/.auth/
 
 
-# login.gov
-LOGIN_DOT_GOV_CLIENT_ID="urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:test_notify_gov"
-LOGIN_DOT_GOV_USER_INFO_URL="https://idp.int.identitysandbox.gov/api/openid_connect/userinfo"
-LOGIN_DOT_GOV_ACCESS_TOKEN_URL="https://idp.int.identitysandbox.gov/api/openid_connect/token"
-
 #############################################################
 
 # Local Docker setup
@@ -51,4 +46,5 @@ NR_BROWSER_KEY="don't write secrets to the sample file"
 # Login.gov
 LOGIN_DOT_GOV_CLIENT_ID="urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:test_notify_gov"
 LOGIN_DOT_GOV_USER_INFO_URL="https://idp.int.identitysandbox.gov/api/openid_connect/userinfo"
-LOGIN_DOT_GOV_ACCESS_TOKEN_URL="https://idp.int.identitysandbox.gov/api/openid_connect/token"
\ No newline at end of file
+LOGIN_DOT_GOV_ACCESS_TOKEN_URL="https://idp.int.identitysandbox.gov/api/openid_connect/token"
+LOGIN_DOT_GOV_LOGOUT_URL="https://idp.int.identitysandbox.gov/openid_connect/logout?client_id=urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:test_notify_gov&post_logout_redirect_uri=http://localhost:6012/sign-out"
\ No newline at end of file