PAE-379: poc server side authorisation #171
Conversation
| throw Boom.unauthorized() | ||
| } | ||
|
|
||
| if (data.action === 'link-organisations') { |
There was a problem hiding this comment.
This allows us to catch responses which have been "intercepted" by the API so that we can present an "Auth Wall" or "Takeover UI" whereby the user must confirm the link between the Defra ID Organisation in their token and an pEPR Organisation
src/server/logout/controller.js
Outdated
| config.get('appBaseUrl') | ||
| ) | ||
| // const referrer = request.info.referrer | ||
| const referrer = 'http://localhost:3000/' |
There was a problem hiding this comment.
Ensure the user is always redirected to the home page
| ({ defraIdOrgName, defraIdRelationshipId }) => [ | ||
| { text: defraIdOrgName }, | ||
| { | ||
| html: `<a href="http://localhost:3200/cdp-defra-id-stub/register/${defraId.userId}/relationship/${defraIdRelationshipId}/current">Switch</a>` |
There was a problem hiding this comment.
We would obviously retrieve protocol, hostname, port from config in the controller so that it works for all environments
| organisations: organisations.map(({ name, orgId, id }) => [ | ||
| { text: name ?? 'data missing' }, | ||
| { text: orgId ?? 'data missing' }, | ||
| { text: id ?? 'data missing' }, |
There was a problem hiding this comment.
I don't think this defensive coding approach is necessary as I've never seen any of these fields actually missing values
| id: userId, | ||
| name: displayName | ||
| } | ||
| } |
There was a problem hiding this comment.
There are likely better ways to share this data between handlers and views in Hapi
| - cdp-tenant | ||
|
|
||
| defra-id-stub: | ||
| profiles: ['all'] |
There was a problem hiding this comment.
These have been added to make it simpler to share the same docker compose command between repos, not necessary for the PoC
|
|
||
| # queues | ||
| aws --endpoint-url=http://localhost:4566 sqs create-queue --queue-name cdp-clamav-results | ||
| aws --endpoint-url=http://localhost:4566 sqs create-queue --queue-name cdp-uploader-download-requests |
There was a problem hiding this comment.
I couldn't start the stack without this, not sure why it wan't already in the repo
| heading: statusCode, | ||
| message: errorMessage | ||
| message: errorMessage, | ||
| defraId: request.server.app.defraId |
There was a problem hiding this comment.
It would be nice if we could add the defraId data globally to all views
nijk
force-pushed
the
PAE-379-poc-server-side-authorisation
branch
2 times, most recently
from
d4ad6e3 to
8051876
Compare
| border-right: none; | ||
| } | ||
| } | ||
| } |
nijk
force-pushed
the
PAE-379-poc-server-side-authorisation
branch
from
8051876 to
bfe335c
Compare
nijk
force-pushed
the
PAE-379-poc-server-side-authorisation
branch
from
bfe335c to
a0fd39c
Compare
Ticket: PAE-379
Description
PoC for authorising Defra ID users to access pEPR Organisation data
Please see the Pull Requests standards.