Don't allow any /verify/* path in prod without SP context (LG-3942)#4543
Closed
Don't allow any /verify/* path in prod without SP context (LG-3942)#4543
Conversation
aduth
reviewed
Dec 29, 2020
| extend ActiveSupport::Concern | ||
|
|
||
| included do | ||
| before_action :sp_context_needed? |
Contributor
There was a problem hiding this comment.
Because this is pretty broad, I just want to double-check we want to verify in all cases.
One example: When we send user an email including a link to reverify, will there be an SP associated?
…lly work?" Correctly use the have_action matcher This reverts commit 2e3fae7.
zachmargolis
approved these changes
Dec 29, 2020
|
|
||
| def sp_context_needed? | ||
| return if sp_from_sp_session.present? | ||
| return if LoginGov::Hostdata.env != 'prod' |
|
|
||
| describe 'before_actions' do | ||
| it 'includes before_actions from IdvSession' do | ||
| expect(subject).to have_actions(:sp_context_needed?) |
Contributor
There was a problem hiding this comment.
WDYT of using controller instead of subject?
Suggested change
| expect(subject).to have_actions(:sp_context_needed?) | |
| expect(controller).to have_actions(:sp_context_needed?) |
Contributor
Author
|
Closing - work moved to #4634 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
@aduth noted in #4538 that this should probably apply to all
/verify/*paths, not just/verify.The spec on the IdvController tests that the before action does what it is supposed to do,
and the other specs simply assure that the before action is present on the controller. Was using thehave_actionsmatcher to ensure that the before action was applied to each controller, but that matcher doesn't appear to actually do anything.