FEATURE BRANCH - 407 Add SSO #498
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Janell-Huyck
force-pushed
the
407-feature-branch-add-sso
branch
from
1871fcd to
8b80f6a
Compare
Janell-Huyck
force-pushed
the
407-feature-branch-add-sso
branch
from
c803915 to
de1f643
Compare
Janell-Huyck
force-pushed
the
407-feature-branch-add-sso
branch
from
de1f643 to
e3186a1
Compare
Janell-Huyck
changed the title
Janell-Huyck
force-pushed
the
407-feature-branch-add-sso
branch
4 times, most recently
from
89bbe48 to
aa71118
Compare
Janell-Huyck
force-pushed
the
407-feature-branch-add-sso
branch
from
9677157 to
9289c0c
Compare
… BRANCH (#532) * Copy ucrate tests - first pass * Add necessary gems * reviewed test list * files reviewed 51724 * reviewed tests and deleted or modified * Test update 5/20 * LIBTREATDB-38 add sso configuration to environment variables (#528) * LIBTREATDB-61 - Remove env variables (#529) * Remove Shibboleth environment variables, comment out Shibboleth tests * LIBTREATDB-61 link issue to Jira * Copy ucrate tests - first pass reviewed test list LIBTREATDB-55 set up to use shibboleth with middleware (#530) * Remove Shibboleth environment variables, comment out Shibboleth tests * LIBTREATDB-61 link issue to Jira * LIBTREATDB-55 Set up middleware to use Shibboleth * LIBTREATDB-55 Rubocop fix * WIP * Revert "WIP" This reverts commit 9a3987c. * Re-run bundle install * Upgrade to pagy 9 * Add test for callbacks controller * Rubocop fix for new callbacks controller spec LIBTREATDB-55 set up to use shibboleth with middleware (#530) * Remove Shibboleth environment variables, comment out Shibboleth tests * LIBTREATDB-61 link issue to Jira * LIBTREATDB-55 Set up middleware to use Shibboleth * LIBTREATDB-55 Rubocop fix * WIP * Revert "WIP" This reverts commit 9a3987c. * Re-run bundle install * Upgrade to pagy 9 * Add test for callbacks controller * Rubocop fix for new callbacks controller spec Migrate to remove Devise user fields, Add bcrypt to gemfile WIP WIP - need to check tests Fix accidental changes, clean-up WIP WIP - 106 failing tests View and Controller tests working, WIP WIP, in-progress for request tests WIP - request tests fail when run in entire suite Rubocop changes WIP WIP Fix tests Fix brakeman error for possible mass assignment WIP Correct add-username migration to allow for previous user data WIP WIP WIP * Test passing * Rubocop fix * WIP * Add tests for sessions controller * WIP * Revert accidental migration changes * WIP, broken nav tests * WIP * Update Ability model to match new layout * WIP * WIP * LIBTREATDB-78 Remove application logic from navigation html * WIP * Correct Users navigation link * Restore deleted helper files * Add display name uniqueness, wip * Adjust nav layout for middle-size screens * Fix broken tests * WIP * Re-add shibboleth middleware * Include ability testing for guest users, refactor ability tests * Fix ability tests, align read-only permissions to actual permission * Make test syntax more consistent * Make all user default passwords 'notapassword' * Add additional tests to sessions controller * Add pinned rexml version, run bundle update, rubocop * Rubocop fix * Remove redundant loading of Simplecov that may be interfering with reporting * Add tests, rename testing file * Add admin users_controller delete test * Ensure inactive users can edit account, logout. Remove password changing. * Allow Admins to create new users with passwords * Fix broken tests * Test unsuccessful 'update' for admin/users * Rubocop --------- Co-authored-by: lisa3711 <[email protected]>
Janell-Huyck
force-pushed
the
407-feature-branch-add-sso
branch
from
425070d to
92ad404
Compare
* WIP * Add /saml/metadata page and tests * Add more waiting for External Repair modal in end-to-end spec * Fix flaky end-to-end test * Continue fixing flaky end-to-end test * WIP - make requests local, add builder gem * Set requests to not be local in production * Update SAML per IT requests * Remove middleware, refactor Shibboleth login for clarity * WIP * WIP - need testing * WIP - careful with cookies * WIP - Set errors to local true for production to see error message * WIP - fix login route * WIP - stop infinite loop * WIP - log shib variables * WIP set up rails logging route in production * WIP * Log shibboleth headers - WIP * WIP - log all headers * WIP - some broken tests * WIP - update test files * WIP - add logging headers and request.env * WIP - stop redirects * WIP - GPT rewrite * WIP - add logging back in * WIP - try to use /login path * WIP - try to grab uid instead of username * WIP - add Janell Huyck user to seeds * WIP - use extracted username to log in * WIP - correct preserve_shibboleth_cookies method * WIP - fix logout, rubocop * WIP - working on QA, has broken tests * WIP - fixing tests * Fix tests * Rubocop * Increase wait time on flaky portion of end-to-end * Code cleanup * Add Rondi, Glen, Lisa, Thomas to seeds file to access QA login after db reset. * Attempt login without idp_certificate.pem * Remove certificate added for previous attempt to use ruby-saml. * Add tests for SessionsController * Remove unused function in dev_sessions_controller
Janell-Huyck
changed the title
#566) * WIP: searching for the correct logout URL * WIP: Split logout urls * WIP: redirect to /Shibboleth.sso/Logout * WIP: add return address after shibboleth logout * WIP: move redirect URL to controller * WIP: encode return URL for logout * WIP: try to log out via JavaScript split methods * WIP: Correct logout form action selector * WIP: Log javascript, Use absolute Shibboleth logout URL * WIP: Log out via invisible iframe * WIP: use parameter on redirect to get flash message on logout * WIP: Remove duplicate successful logout notification * WIP: Test server-side only * Code clean-up * WIP: Debug loading of JS * Make Sign Out button not be a form * Reset qa deploy branch to 'qa' * Debug nonfunctional logout by removing method: delete
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR implements the following major changes for the Rails application:
Removed Devise
Completely removed Devise for session and account management.
Transitioned to custom-built methods for handling authentication, session management, and user access control.
Custom Session Handling
Introduced a SessionsController for managing user login and logout flows.
Sessions now rely on custom logic to authenticate users via Shibboleth SSO or development login pathways, depending on the environment.
Development Login Pathway
Added a 'Dev Login' page and button for testers and developers to log in during development and test environments.
Ensured the 'Dev Login' page is inaccessible in production for security purposes. Attempts to access it in production redirect users to the home page.
Shibboleth SSO Integration