Skip to content

Idea: JSON API to serve current SMS/voice support #5523

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
zachmargolis merged 6 commits into from
Oct 20, 2021
Merged

Idea: JSON API to serve current SMS/voice support #5523

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
ca21ed3
Add /api/country-support for SMS/voice support
zachmargolis Oct 19, 2021
a528151
fix origins for development
zachmargolis Oct 19, 2021
89cbbee
lints
zachmargolis Oct 19, 2021
7f58c89
Make test more specific about response structure
zachmargolis Oct 20, 2021
ff22865
Update config/application.rb
zachmargolis Oct 20, 2021
af119cd
Fix CORS specs, anchor domains
zachmargolis Oct 20, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions app/controllers/country_support_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
class CountrySupportController < ApplicationController
def index
render json: { countries: PhoneNumberCapabilities::INTERNATIONAL_CODES }
Copy link
Contributor Author

@zachmargolis zachmargolis Oct 19, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as a TODO if we do LG-5223 we need to make sure to update this part as well

end
end
18 changes: 18 additions & 0 deletions config/application.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,7 @@ class Application < Rails::Application
require 'utf8_sanitizer'
config.middleware.use Utf8Sanitizer

# rubocop:disable Metrics/BlockLength
config.middleware.insert_before 0, Rack::Cors do
allow do
origins do |source, _env|
Expand All @@ -105,7 +106,24 @@ class Application < Rails::Application
methods: %i[post options]
resource '/api/openid_connect/userinfo', headers: :any, methods: [:get]
end

allow do
allowed_origins = [
'https://www.login.gov',
'https://login.gov',
%r{^https://federalist-[0-9a-f-]+\.app\.cloud\.gov$},
]

if Rails.env.development? || Rails.env.test?
allowed_origins << %r{https?://localhost(:\d+)?$}
allowed_origins << %r{https?://127\.0\.0\.1(:\d+)?$}
end

origins allowed_origins
resource '/api/country-support', headers: :any, methods: [:get]
end
end
# rubocop:enable Metrics/BlockLength

if IdentityConfig.store.enable_rate_limiting
config.middleware.use Rack::Attack
Expand Down
1 change: 1 addition & 0 deletions config/routes.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
Rails.application.routes.draw do
# Non i18n routes. Alphabetically sorted.
get '/api/country-support' => 'country_support#index'
get '/api/health' => 'health/health#index'
get '/api/health/database' => 'health/database#index'
get '/api/health/jobs' => 'health/jobs#index'
Expand Down
18 changes: 18 additions & 0 deletions spec/controllers/country_support_controller_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
require 'rails_helper'

RSpec.describe CountrySupportController do
describe '#index' do
it 'renders country support as JSON' do
get :index

json = JSON.parse(response.body, symbolize_names: true)

expect(json[:countries][:US]).to eq(
name: 'United States',
country_code: '1',
supports_sms: true,
supports_voice: true,
)
end
end
end
75 changes: 75 additions & 0 deletions spec/requests/country_support_cors_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
require 'rails_helper'

RSpec.describe 'CORS headers for OpenID Connect endpoints' do
describe '/api/country-support' do
before do
get api_country_support_path, headers: { 'HTTP_ORIGIN' => http_origin }
end

context 'origin is www.login.gov' do
let(:http_origin) { 'https://www.login.gov' }

it 'allows origin' do
aggregate_failures do
expect(response['Access-Control-Allow-Origin']).to eq(http_origin)
expect(response['Access-Control-Allow-Methods']).to eq('GET')
end
end
end

context 'origin is login.gov' do
let(:http_origin) { 'https://login.gov' }

it 'allows origin' do
aggregate_failures do
expect(response['Access-Control-Allow-Origin']).to eq(http_origin)
expect(response['Access-Control-Allow-Methods']).to eq('GET')
end
end
end

context 'origin is federalist preview' do
let(:http_origin) { 'https://federalist-abcdef.app.cloud.gov' }

it 'allows origin' do
aggregate_failures do
expect(response['Access-Control-Allow-Origin']).to eq(http_origin)
expect(response['Access-Control-Allow-Methods']).to eq('GET')
end
end
end

context 'origin is local in development' do
let(:http_origin) { 'http://127.0.0.1:4000' }

it 'allows origin' do
aggregate_failures do
expect(response['Access-Control-Allow-Origin']).to eq(http_origin)
expect(response['Access-Control-Allow-Methods']).to eq('GET')
end
end
end

context 'origin is not allowed' do
let(:http_origin) { 'https://foo.com' }

it 'does not allow origin' do
aggregate_failures do
expect(response).to be_ok
expect(response['Access-Control-Allow-Origin']).to be_nil
end
end
end

context 'origin includes but is not login.gov' do
let(:http_origin) { 'https://login.gov.evil.com' }

it 'does not allow origin' do
aggregate_failures do
expect(response).to be_ok
expect(response['Access-Control-Allow-Origin']).to be_nil
end
end
end
end
end