DPC-5127 update portal to use multiple OIDC#2883
DPC-5127 update portal to use multiple OIDC#2883jdettmannnava wants to merge 76 commits intomainfrom
Conversation
… into jd/dpc-5127-multiple-oidc
| # and recreated between test runs. Don't rely on the data there! | ||
|
|
||
| Rails.application.configure do | ||
| config.colorize_logging = false |
There was a problem hiding this comment.
probably don't need to change this config setting
There was a problem hiding this comment.
Not necessary, but I found that it was difficult to analyze the logs because of their colorization, so I would prefer to leave this change in.
There was a problem hiding this comment.
I'm wondering if this .find_or_create_by() needs to be updated to include login_dot_gov
e.g.
@user = User.find_or_create_by!(provider: :login_dot_gov, uid: user_info['sub']) do |user_to_create|
There was a problem hiding this comment.
Yup, this needs to change
|
✅ updated redirects look good Only open question I have is - does this capture intended behavior for provider column for newly created users? |
|
I confirmed that provider is set correctly for new users! Thanks for updating! 
|
Not for merge. ## 🎫 Ticket https://jira.cms.gov/browse/DPC-5159 ## 🛠 Changes - New model with migration: IdpUid to store foreign keys for CSPs - Updated login flow to use IdpUid - Updated user-creation flow in invitations controller to use IdpUid ## ℹ️ Context We need to support the ability of each user to log in to the portal with multiple CSPs. Note: because of the way we fake the CPI API Gateway, most Authrorized Officials share the same PacId. Therefore, unlike in production, where each user will have their own PacId, we cannot bind multiple CSPs to the same user by PacId in local, dev, test, and sandbox environments. That is why we use the email address to deduplicate all users in the lower environments. We do want to test this flow, which is why we also bind AOs on PacId while running automated tests. ## 🧪 Validation Updated Manual tests. Logged in as same user using multiple IdPs. --------- Co-authored-by: jose-verdance <jose@verdance.co>
4 participants
NOT FOR MERGE UNTIL CMS APPROVAL
🎫 Ticket
https://jira.cms.gov/browse/DPC-5127
🛠 Changes
ℹ️ Context
We are moving to a multi-IDP environment. These IDPs use the OIDC protocol. Because of complexity, the Devise authentication gem only supports one openid_connect provider via the omniauth_openid_connect gem. Fortunately, we use very little Devise functionality, so removing the gem and replacing the necessary parts was not very extensive.
🧪 Validation
Automated tests updated to handle a world without devise.
Successfully logged in and out from localhost.
Successfully failed invitation flow.
Successfully passed invitation flow.
Post-Deploy Actions
After deployment, the following SQL will need to run in dpc-portal. This should not be a problem, as we are not in upper environments.
UPDATE users set provider = 'login_dot_gov';