Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add OneLogin flow for Jobseekers #7019

Draft
wants to merge 88 commits into
base: one_login
Choose a base branch
from
Draft

Add OneLogin flow for Jobseekers #7019

wants to merge 88 commits into from

Conversation

scruti
Copy link
Collaborator

@scruti scruti commented Aug 22, 2024
edited
Loading

Trello card URL

Changes in this PR:

TLDR:

Builds a basic end-to-end integration for the Jobseeker using GovUK One Login and sets it up for testing on the Jobseeker's Sign-in button on the service front page.

Detailed:

  • Introduces a Jobseekers::GovukOneLogin namespace in our service.
  • Adds a Client that communicates with OneLogin endpoints.
  • Adds a service that, based on the OneLogin response, validates it and queries OneLogin user information.
  • Adds a controller to receive the redirections from One Login and set the user session.
  • Associate the OneLogin user info to an existing Jobseeker or create a new Jobseeker.
  • Add helper methods that allow users to be sent to Govuk OneLogin with a valid authorization request.
  • Change Jobseeker's Sign-in button in the service root page to test the flow-end-to-end.

Missing/next steps

  • Fix system tests or issues created for Publishers DFE-Sign-in flow
  • Build our OneLogin flows

@scruti
Add JWT gem
a1fce2d
@scruti
Build GovUK One Login endpoints client
90f7374 
This client will be used to retrieve the tokens and user info from One
Login.
@scruti
Move GovUkOneLogin to service module
4fc3316 
For better namespacing and sharing domain code across the service.
@scruti scruti added the deploy label Aug 22, 2024
@scruti scruti changed the base branch from main to one_login August 22, 2024 12:03
@scruti scruti force-pushed the use-one-login-for-jobseekers branch 7 times, most recently from 3d33d38 to 7808986 Compare August 22, 2024 14:18
@github-actions GitHub Actions
Copy link

Review app deployed to https://teaching-vacancies-review-pr-7019.test.teacherservices.cloud on AKS

@scruti
Add One Login Id field to Jobseekers DB table
a6794fb 
Will contain the ID from OneLogin user associated with our local user
account.
@scruti
Setup basic Jobseeker OneLogin sign-in flow
7273bcd 
We are setting up the basic end-to-end flow for a jobseeker to sign-in
into our service through GovUK One Login.

- Builds a OneLogin auth request to be redirected to from the
  Jobseeker's "Sign in" button in our TV front page.
- Creates a controller to receive the response from OneLogin for our
  auth requests, parse the response values and either:
  A) Redirect the user to the root page with an error message if
     the parsed response is an error or invalid.
  B) If a successfull response is sent, it attempts to retrieve the
     associated user info from OneLogin by getting a One Login token and
     using it to retrieve the user info endpoint. All of it using our
     OneLogin client.
- Attempts to insulate the OneLogin business/validation logic from the
  controller, leaving the controller for orchestrating the service
  retrieving OneLogin info, setting session values, setting the user and
  redirecting.
- This work is just an anemic basic flow to do and end-to-end sign-in
  through OneLogin. We need to build our full user flows from here.
@scruti scruti force-pushed the use-one-login-for-jobseekers branch from 7808986 to 9c4681e Compare August 22, 2024 14:27
@scruti
Add Rails master key to CI tests
c84faca 
The value is needed to initialise Rails during testing
@scruti scruti force-pushed the use-one-login-for-jobseekers branch from 9c4681e to c84faca Compare August 22, 2024 14:53
@KyleMacPherson
Redirect existing users to account found page if it's their first log…
5fed8b9 
…in via gov.uk one login
@KyleMacPherson
Merge pull request #7026 from DFE-Digital/onelogin-found-account
2895d7c 
Redirect existing users to account found page if it's their first log…
@scruti
Merge pull request #7128 from DFE-Digital/implement-session-logout-th…
e862018 
…rough-one-login

Sign-out Jobseekers through Govuk OneLogin
scruti and others added 2 commits October 3, 2024 16:53
@scruti
Revert "Sign-out Jobseekers through Govuk OneLogin"
4a3eb20
@scruti
Merge pull request #7140 from DFE-Digital/revert-7128-implement-sessi…
e3eb99e 
…on-logout-through-one-login

Revert "Sign-out Jobseekers through Govuk OneLogin"
@scruti
Merge remote-tracking branch 'origin/one_login' into use-one-login-fo…
e7cfb1a 
…r-jobseekers

* origin/one_login: (34 commits)
  Update DfE Analytics search_performed event
  filter sensitive controller parameters (#7124)
  Cache result of hitting Google places API to try and reduce the bill (#7129)
  Add flexi working section to Vacancy (#7115)
  Send email for saved jobs 10 days before expiry (#7079)
  tweaking more error messages
  Fix Fusion ATS organisation mapping
  Change test to reflect error message change
  Change error message for invalid email addresses
  Update tests after copy change on professional status page
  Bump the npm-dependencies group with 3 updates
  tweaking error message
  tweaking profile trn error message
  Update jobseekers_can_manage_a_profile_spec.rb
  Update jobseekers_can_add_professional_status_to_their_profile_spec.rb
  Update jobseekers_can_add_professional_status_to_their_job_application_spec.rb
  Update jobseeker_helpers.rb
  making teacher reference number lowercase
  adding TRN acronym
  TRN content tweaks
  ...
@scruti
Exclude the one login id from Rails param logging
5b32cd5 
As it is listed in Analytics PII, we need to also exclude it from the
Rails parameter logging.
@scruti
Merge pull request #7144 from DFE-Digital/filter-one-login-id-from-ra…
ea90cd3 
…ils-parameter-logging

Exclude the one login id from Rails param logging
KyleMacPherson and others added 6 commits October 4, 2024 13:10
@KyleMacPherson
Remove word "old" from new sign in guidance
13946dd
@KyleMacPherson
Tweaks to sign in guidance
1efbdbe
@KyleMacPherson
Change where the sign in as jobseeker link takes user. Now taking the…
4937724 
…m to onelogin page.
@scruti
Fix login prompt after creating a subscription
0f70ee2 
The confirmation page after creating a job alert/subscription was
showing an old sign-in flow, requesting the password.

Fixed it by switching it to a One Login button/link and ensuring that
the users get redirected back to their job alerts dashboard (instead of
the Job applications dashboard) after they sign-in from this
confirmation page.
@scruti
Remove registration link from forced login banner
74b6365 
The banner displaying "You need to log in or create an account..." when
an unsigned user attempts to save a vacancy or apply through a quick
apply vacancy contained a link to the old in-house user registration
flow.

Removing the link as we now manage registrations through GovUK One
Login.
@scruti
Style: Remove spaces ant end of lines
9b015a3
KyleMacPherson and others added 2 commits October 4, 2024 15:06
@KyleMacPherson
Fix issue causing the jobseekers email to be lost on the account tran…
2e1ce24 
…sfer page when they enter the incorrect confirmation code
@scruti
Merge pull request #7143 from DFE-Digital/fix-login-prompt-after-crea…
2e1b4eb 
…ting-subscriptions

Fix login prompt after creating a subscription
@scruti scruti changed the title Add basic OneLogin flow for Jobseekers Add OneLogin flow for Jobseekers Oct 4, 2024
@KyleMacPherson
Merge pull request #7145 from DFE-Digital/onelogin-tweaks-2
f115d43 
Small content tweaks to one login flow
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
deploy
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@scruti @KyleMacPherson