From 70de61c6950dc04c08bfb2e0783560b32d52edca Mon Sep 17 00:00:00 2001
From: Kenneth Kehl <@kkehl@flexion.us>
Date: Mon, 11 Dec 2023 07:50:45 -0800
Subject: [PATCH 1/2] fix whitespace
---
.github/workflows/deploy.yml | 14 ++++++++++++++
app/main/views/sign_in.py | 24 +++++++++++++++++++++++-
app/templates/views/signin.html | 2 +-
3 files changed, 38 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index af7e894bb..31bbdafa2 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -60,6 +60,13 @@ jobs:
NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY }}
NR_BROWSER_KEY: ${{ secrets.NR_BROWSER_KEY }}
LOGIN_PEM: ${{ secrets.LOGIN_PEM }}
+ # Need to double check value of client id with Carlo in LOGIN_DOT_GOV_CLIENT_ID and LOGIN_DOT_GOV_LOGOUT_URL
+ LOGIN_DOT_GOV_CLIENT_ID: "urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:notify_gov"
+ LOGIN_DOT_GOV_USER_INFO_URL: "https://idp.int.identitysandbox.gov/api/openid_connect/userinfo"
+ LOGIN_DOT_GOV_ACCESS_TOKEN_URL: "https://idp.int.identitysandbox.gov/api/openid_connect/token"
+ LOGIN_DOT_GOV_LOGOUT_URL: "https://idp.int.identitysandbox.gov/openid_connect/logout?client_id=urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:notify_gov&post_logout_redirect_uri=https://notify-staging.app.cloud.gov/sign-out"
+ LOGIN_DOT_GOV_BASE_LOGOUT_URL: "https://idp.int.identitysandbox.gov/openid_connect/logout?"
+ LOGIN_DOT_GOV_SIGNOUT_REDIRECT: "https://notify-staging.app.cloud.gov/sign-out"
with:
cf_username: ${{ secrets.CLOUDGOV_USERNAME }}
cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
@@ -74,6 +81,13 @@ jobs:
--var NEW_RELIC_LICENSE_KEY="$NEW_RELIC_LICENSE_KEY"
--var NR_BROWSER_KEY="$NR_BROWSER_KEY"
--var LOGIN_PEM="$LOGIN_PEM"
+ --var LOGIN_DOT_GOV_CLIENT_ID="$LOGIN_DOT_GOV_CLIENT_ID"
+ --var LOGIN_DOT_GOV_USER_INFO_URL="$LOGIN_DOT_GOV_USER_INFO_URL"
+ --var LOGIN_DOT_GOV_ACCESS_TOKEN_URL="$LOGIN_DOT_GOV_ACCESS_TOKEN_URL"
+ --var LOGIN_DOT_GOV_LOGOUT_URL="$LOGIN_DOT_GOV_LOGOUT_URL"
+ --var LOGIN_DOT_GOV_BASE_LOGOUT_URL="$LOGIN_DOT_GOV_BASE_LOGOUT_URL"
+ --var LOGIN_DOT_GOV_SIGNOUT_REDIRECT="$LOGIN_DOT_GOV_SIGNOUT_REDIRECT"
+
- name: Check for changes to egress config
id: changed-egress-config
diff --git a/app/main/views/sign_in.py b/app/main/views/sign_in.py
index c0b634a7f..fdb8242b3 100644
--- a/app/main/views/sign_in.py
+++ b/app/main/views/sign_in.py
@@ -153,12 +153,34 @@ def sign_in():
other_device = current_user.logged_in_elsewhere()
notify_env = os.getenv("NOTIFY_ENVIRONMENT")
current_app.logger.info("should render the sign in template")
+
+ # TODO REMOVE THIS INFO ONCE STAGING WORKS WITH LOGIN DOT GOV
+ current_app.logger.info(f"NOTIFY ENV = {notify_env}")
+ current_app.logger.info(
+ f"LOGIN_DOT_GOV_CLIENT_ID={os.getenv('LOGIN_DOT_GOV_CLIENT_ID')}"
+ )
+ current_app.logger.info(
+ f"LOGIN_DOT_GOV_USER_INFO_URL={os.getenv('LOGIN_DOT_GOV_USER_INFO_URL')}"
+ )
+ current_app.logger.info(
+ f"LOGIN_DOT_GOV_ACCESS_TOKEN_URL={os.getenv('LOGIN_DOT_GOV_ACCESS_TOKEN_URL')}"
+ )
+ current_app.logger.info(
+ f"LOGIN_DOT_GOV_LOGOUT_URL={os.getenv('LOGIN_DOT_GOV_LOGOUT_URL')}"
+ )
+ current_app.logger.info(
+ f"LOGIN_DOT_GOV_BASE_LOGOUT_URL={os.getenv('LOGIN_DOT_GOV_BASE_LOGOUT_URL')}"
+ )
+ current_app.logger.info(
+ f"LOGIN_DOT_GOV_SIGNOUT_REDIRECT={os.getenv('LOGIN_DOT_GOV_SIGNOUT_REDIRECT')}"
+ )
+
return render_template(
"views/signin.html",
form=form,
again=bool(redirect_url),
other_device=other_device,
- notify_env_is_dev=bool(notify_env == "development"),
+ notify_env_is_dev_or_staging=bool(notify_env in ["development", "staging"]),
password_reset_url=password_reset_url,
)
diff --git a/app/templates/views/signin.html b/app/templates/views/signin.html
index ce72c74f3..9162f9706 100644
--- a/app/templates/views/signin.html
+++ b/app/templates/views/signin.html
@@ -28,7 +28,7 @@
{% endif %}
{% else %}
Sign in
- {% if notify_env_is_dev %}
+ {% if notify_env_is_dev_or_staging %}
Test login.gov authentication:
Login.gov.
From 7ffd3f503156cf781de2679593c1c0d1a7a895ca Mon Sep 17 00:00:00 2001
From: Kenneth Kehl <@kkehl@flexion.us>
Date: Thu, 14 Dec 2023 07:34:33 -0800
Subject: [PATCH 2/2] code review feedback
---
.github/workflows/deploy.yml | 5 ++---
app/main/views/sign_in.py | 2 +-
app/templates/views/signin.html | 2 +-
3 files changed, 4 insertions(+), 5 deletions(-)
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 31bbdafa2..9da01d51b 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -60,11 +60,10 @@ jobs:
NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY }}
NR_BROWSER_KEY: ${{ secrets.NR_BROWSER_KEY }}
LOGIN_PEM: ${{ secrets.LOGIN_PEM }}
- # Need to double check value of client id with Carlo in LOGIN_DOT_GOV_CLIENT_ID and LOGIN_DOT_GOV_LOGOUT_URL
- LOGIN_DOT_GOV_CLIENT_ID: "urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:notify_gov"
+ LOGIN_DOT_GOV_CLIENT_ID: "urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:notify-gov"
LOGIN_DOT_GOV_USER_INFO_URL: "https://idp.int.identitysandbox.gov/api/openid_connect/userinfo"
LOGIN_DOT_GOV_ACCESS_TOKEN_URL: "https://idp.int.identitysandbox.gov/api/openid_connect/token"
- LOGIN_DOT_GOV_LOGOUT_URL: "https://idp.int.identitysandbox.gov/openid_connect/logout?client_id=urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:notify_gov&post_logout_redirect_uri=https://notify-staging.app.cloud.gov/sign-out"
+ LOGIN_DOT_GOV_LOGOUT_URL: "https://idp.int.identitysandbox.gov/openid_connect/logout?client_id=urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:notify-gov&post_logout_redirect_uri=https://notify-staging.app.cloud.gov/sign-out"
LOGIN_DOT_GOV_BASE_LOGOUT_URL: "https://idp.int.identitysandbox.gov/openid_connect/logout?"
LOGIN_DOT_GOV_SIGNOUT_REDIRECT: "https://notify-staging.app.cloud.gov/sign-out"
with:
diff --git a/app/main/views/sign_in.py b/app/main/views/sign_in.py
index fdb8242b3..6fc9c286a 100644
--- a/app/main/views/sign_in.py
+++ b/app/main/views/sign_in.py
@@ -180,7 +180,7 @@ def sign_in():
form=form,
again=bool(redirect_url),
other_device=other_device,
- notify_env_is_dev_or_staging=bool(notify_env in ["development", "staging"]),
+ login_gov_enabled=bool(notify_env in ["development", "staging"]),
password_reset_url=password_reset_url,
)
diff --git a/app/templates/views/signin.html b/app/templates/views/signin.html
index 9162f9706..a2c0d244a 100644
--- a/app/templates/views/signin.html
+++ b/app/templates/views/signin.html
@@ -28,7 +28,7 @@
{% endif %}
{% else %}
Sign in
- {% if notify_env_is_dev_or_staging %}
+ {% if login_gov_enabled %}
Test login.gov authentication:
Login.gov.