From 5c532d672bd732800871be26c669d96ae9a5da0e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leandro=20Alem=C3=A3o?= Date: Wed, 18 Dec 2024 10:06:08 +0000 Subject: [PATCH 1/3] [CPDLP-3843] Remove token access for NPQ (NPQ Post Separation Cleanup) --- app/controllers/api/v1/ecf_participants_controller.rb | 5 ----- app/controllers/api/v1/participants_controller.rb | 6 ------ app/controllers/api/v3/delivery_partners_controller.rb | 4 ---- app/controllers/api/v3/ecf/partnerships_controller.rb | 4 ---- app/controllers/api/v3/ecf/schools_controller.rb | 4 ---- app/controllers/api/v3/ecf/transfers_controller.rb | 4 ---- app/controllers/api/v3/ecf/unfunded_mentors_controller.rb | 4 ---- .../api/v3/participant_declarations_controller.rb | 4 ---- app/controllers/concerns/api_token_authenticatable.rb | 2 +- spec/controllers/api/api_controller_spec.rb | 4 ++-- spec/requests/api/v3/statements_spec.rb | 2 +- 11 files changed, 4 insertions(+), 39 deletions(-) diff --git a/app/controllers/api/v1/ecf_participants_controller.rb b/app/controllers/api/v1/ecf_participants_controller.rb index aa3cfa8112..a71135deb4 100644 --- a/app/controllers/api/v1/ecf_participants_controller.rb +++ b/app/controllers/api/v1/ecf_participants_controller.rb @@ -56,11 +56,6 @@ def ecf_participant_params params.permit(:id, filter: %i[cohort updated_since]) end - def access_scope - LeadProviderApiToken - .joins(cpd_lead_provider: [:lead_provider]) - end - def lead_provider current_user.lead_provider end diff --git a/app/controllers/api/v1/participants_controller.rb b/app/controllers/api/v1/participants_controller.rb index 6c45aab0bb..636e646c50 100644 --- a/app/controllers/api/v1/participants_controller.rb +++ b/app/controllers/api/v1/participants_controller.rb @@ -7,12 +7,6 @@ module V1 class ParticipantsController < Api::ApiController include ApiTokenAuthenticatable include ParticipantActions - - private - - def access_scope - LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider]) - end end end end diff --git a/app/controllers/api/v3/delivery_partners_controller.rb b/app/controllers/api/v3/delivery_partners_controller.rb index d7067c53cd..de90b6785f 100644 --- a/app/controllers/api/v3/delivery_partners_controller.rb +++ b/app/controllers/api/v3/delivery_partners_controller.rb @@ -52,10 +52,6 @@ def delivery_partner_params .permit(:id, :sort, filter: %i[cohort]) end - def access_scope - LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider]) - end - def serializer_class Api::V3::DeliveryPartnerSerializer end diff --git a/app/controllers/api/v3/ecf/partnerships_controller.rb b/app/controllers/api/v3/ecf/partnerships_controller.rb index 9b67eb649d..df6d2ce8da 100644 --- a/app/controllers/api/v3/ecf/partnerships_controller.rb +++ b/app/controllers/api/v3/ecf/partnerships_controller.rb @@ -78,10 +78,6 @@ def ecf_partnership_params .permit(:id, :sort, filter: %i[cohort updated_since delivery_partner_id]) end - def access_scope - LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider]) - end - def serializer_class Api::V3::ECF::PartnershipSerializer end diff --git a/app/controllers/api/v3/ecf/schools_controller.rb b/app/controllers/api/v3/ecf/schools_controller.rb index 6b2e01be72..e86e5cb2e2 100644 --- a/app/controllers/api/v3/ecf/schools_controller.rb +++ b/app/controllers/api/v3/ecf/schools_controller.rb @@ -42,10 +42,6 @@ def ecf_schools_query ) end - def access_scope - LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider]) - end - def serializer_class Api::V3::ECF::SchoolSerializer end diff --git a/app/controllers/api/v3/ecf/transfers_controller.rb b/app/controllers/api/v3/ecf/transfers_controller.rb index b4349781ae..8bebdb515c 100644 --- a/app/controllers/api/v3/ecf/transfers_controller.rb +++ b/app/controllers/api/v3/ecf/transfers_controller.rb @@ -53,10 +53,6 @@ def ecf_transfer_params .permit(:participant_id, filter: %i[updated_since]) end - def access_scope - LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider]) - end - def serializer_class TransferSerializer end diff --git a/app/controllers/api/v3/ecf/unfunded_mentors_controller.rb b/app/controllers/api/v3/ecf/unfunded_mentors_controller.rb index 182b66d011..649af378da 100644 --- a/app/controllers/api/v3/ecf/unfunded_mentors_controller.rb +++ b/app/controllers/api/v3/ecf/unfunded_mentors_controller.rb @@ -46,10 +46,6 @@ def ecf_unfunded_mentors_query ) end - def access_scope - LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider]) - end - def serializer_class Api::V3::ECF::UnfundedMentorSerializer end diff --git a/app/controllers/api/v3/participant_declarations_controller.rb b/app/controllers/api/v3/participant_declarations_controller.rb index 2412404a0f..7a32a01b74 100644 --- a/app/controllers/api/v3/participant_declarations_controller.rb +++ b/app/controllers/api/v3/participant_declarations_controller.rb @@ -102,10 +102,6 @@ def participant_declaration_for_lead_provider @participant_declaration_for_lead_provider ||= ParticipantDeclaration.for_lead_provider(cpd_lead_provider).find(params[:id]) end - def access_scope - LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider]) + LeadProviderApiToken.joins(cpd_lead_provider: [:npq_lead_provider]) - end - def serializer_class ParticipantDeclarationSerializer end diff --git a/app/controllers/concerns/api_token_authenticatable.rb b/app/controllers/concerns/api_token_authenticatable.rb index a7090ff688..fd52136b5e 100644 --- a/app/controllers/concerns/api_token_authenticatable.rb +++ b/app/controllers/concerns/api_token_authenticatable.rb @@ -50,6 +50,6 @@ def check_access_scope end def access_scope - ApiToken.all + LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider]) end end diff --git a/spec/controllers/api/api_controller_spec.rb b/spec/controllers/api/api_controller_spec.rb index a7e7176da0..034ff034ff 100644 --- a/spec/controllers/api/api_controller_spec.rb +++ b/spec/controllers/api/api_controller_spec.rb @@ -24,8 +24,8 @@ def index; end end context "when authorization header is provided" do - let(:lead_provider) { create(:lead_provider) } - let(:token) { LeadProviderApiToken.create_with_random_token!(lead_provider:) } + let(:cpd_lead_provider) { create(:cpd_lead_provider, :with_lead_provider) } + let(:token) { LeadProviderApiToken.create_with_random_token!(cpd_lead_provider:) } let(:bearer_token) { "Bearer #{token}" } it "requests authentication via the http header" do diff --git a/spec/requests/api/v3/statements_spec.rb b/spec/requests/api/v3/statements_spec.rb index 5a30c069e8..dea8431f0a 100644 --- a/spec/requests/api/v3/statements_spec.rb +++ b/spec/requests/api/v3/statements_spec.rb @@ -3,7 +3,7 @@ require "rails_helper" RSpec.describe "statements endpoint spec", type: :request do - let(:cpd_lead_provider) { create(:cpd_lead_provider) } + let(:cpd_lead_provider) { create(:cpd_lead_provider, :with_lead_provider) } let(:token) { LeadProviderApiToken.create_with_random_token!(cpd_lead_provider:) } let(:bearer_token) { "Bearer #{token}" } From c5d6e060eaf0b991e1258e728a5d1f95094eb66d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leandro=20Alem=C3=A3o?= Date: Thu, 19 Dec 2024 16:58:46 +0000 Subject: [PATCH 2/3] [CPDLP-3843] Remove NPQRegistrationApiToken --- app/models/npq_registration_api_token.rb | 13 ------------- db/legacy_seeds/dummy_structures.rb | 4 ---- db/new_seeds/base/add_api_tokens.rb | 5 +---- .../api/v1/data_studio/school_rollout_spec.rb | 2 +- 4 files changed, 2 insertions(+), 22 deletions(-) delete mode 100644 app/models/npq_registration_api_token.rb diff --git a/app/models/npq_registration_api_token.rb b/app/models/npq_registration_api_token.rb deleted file mode 100644 index a6bd5cb043..0000000000 --- a/app/models/npq_registration_api_token.rb +++ /dev/null @@ -1,13 +0,0 @@ -# frozen_string_literal: true - -class NPQRegistrationApiToken < ApiToken - attribute :private_api_access, default: true - - def owner - "npq_registration_application" - end - - def owner_description - "NPQ registration application" - end -end diff --git a/db/legacy_seeds/dummy_structures.rb b/db/legacy_seeds/dummy_structures.rb index c7432d1fa7..a756b7d76c 100644 --- a/db/legacy_seeds/dummy_structures.rb +++ b/db/legacy_seeds/dummy_structures.rb @@ -238,15 +238,11 @@ # The tokens below have different unhashed version to avoid worrying about clever cryptographic attacks if Rails.env.review? EngageAndLearnApiToken.find_or_create_by!(hashed_token: "dfce9a34c6f982e8adb4b903f8b6064682e6ad1f7858c41ed8a0a7468abc8896") - NPQRegistrationApiToken.find_or_create_by!(hashed_token: "1dae3836ed90df4b796eff1f4a4713247ac5bc8a00352ea46eee621d74cd4fcf") DataStudioApiToken.find_or_create_by!(hashed_token: "c7123fb0e2aecb17e1089e01849d71665983e200e891fe726341a08f176c1d64") elsif Rails.env.development? EngageAndLearnApiToken.find_or_create_by!(hashed_token: "f4a16cd7fc10918fbc7d869d7a83df36059bb98fac7c82502d797b1f1dd73e86") end end -if Rails.env.sandbox? - NPQRegistrationApiToken.find_or_create_by!(hashed_token: "166eaa39950ad15f2f36041cb9062cc8fa9f109945fe9b8378bf904fe35369bc") -end unless Rails.env.sandbox? [ diff --git a/db/new_seeds/base/add_api_tokens.rb b/db/new_seeds/base/add_api_tokens.rb index 588072de7a..e2f246ecf0 100644 --- a/db/new_seeds/base/add_api_tokens.rb +++ b/db/new_seeds/base/add_api_tokens.rb @@ -4,15 +4,12 @@ if Rails.env.in?(%w[review staging]) EngageAndLearnApiToken.find_or_create_by!(hashed_token: "dfce9a34c6f982e8adb4b903f8b6064682e6ad1f7858c41ed8a0a7468abc8896") - NPQRegistrationApiToken.find_or_create_by!(hashed_token: "1dae3836ed90df4b796eff1f4a4713247ac5bc8a00352ea46eee621d74cd4fcf") DataStudioApiToken.find_or_create_by!(hashed_token: "c7123fb0e2aecb17e1089e01849d71665983e200e891fe726341a08f176c1d64") elsif Rails.env.development? EngageAndLearnApiToken.find_or_create_by!(hashed_token: "f4a16cd7fc10918fbc7d869d7a83df36059bb98fac7c82502d797b1f1dd73e86") end -if Rails.env.sandbox? - NPQRegistrationApiToken.find_or_create_by!(hashed_token: "166eaa39950ad15f2f36041cb9062cc8fa9f109945fe9b8378bf904fe35369bc") -else +unless Rails.env.sandbox? { "Ambition Institute" => "ambition-token", "Best Practice Network" => "best-practice-token", diff --git a/spec/requests/api/v1/data_studio/school_rollout_spec.rb b/spec/requests/api/v1/data_studio/school_rollout_spec.rb index 2c25996442..901a0465c0 100644 --- a/spec/requests/api/v1/data_studio/school_rollout_spec.rb +++ b/spec/requests/api/v1/data_studio/school_rollout_spec.rb @@ -57,7 +57,7 @@ end context "using a private token from different scope" do - let(:other_private_token) { NPQRegistrationApiToken.create_with_random_token! } + let(:other_private_token) { DataStudioApiToken.create_with_random_token! } it "returns data successfully" do default_headers[:Authorization] = "Bearer #{other_private_token}" From 814e24cde1fb4879a625cec8d96e526003d5914e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leandro=20Alem=C3=A3o?= Date: Fri, 20 Dec 2024 11:17:24 +0000 Subject: [PATCH 3/3] [CPDLP-3843] Address PR comments --- .../api/v1/ecf_participants_controller.rb | 2 +- .../api/v1/participant_declarations_controller.rb | 2 +- app/controllers/api/v1/participants_controller.rb | 2 +- .../api/v3/delivery_partners_controller.rb | 2 +- .../api/v3/ecf/partnerships_controller.rb | 2 +- app/controllers/api/v3/ecf/schools_controller.rb | 2 +- app/controllers/api/v3/ecf/transfers_controller.rb | 2 +- .../api/v3/ecf/unfunded_mentors_controller.rb | 2 +- .../api/v3/finance/statements_controller.rb | 2 +- .../api/v3/participant_declarations_controller.rb | 2 +- .../concerns/api_token_authenticatable.rb | 2 +- .../lead_provider_api_token_authenticatable.rb | 12 ++++++++++++ spec/controllers/api/api_controller_spec.rb | 4 ++-- spec/docs/v3/statements_spec.rb | 2 +- 14 files changed, 26 insertions(+), 14 deletions(-) create mode 100644 app/controllers/concerns/lead_provider_api_token_authenticatable.rb diff --git a/app/controllers/api/v1/ecf_participants_controller.rb b/app/controllers/api/v1/ecf_participants_controller.rb index a71135deb4..172863d451 100644 --- a/app/controllers/api/v1/ecf_participants_controller.rb +++ b/app/controllers/api/v1/ecf_participants_controller.rb @@ -5,7 +5,7 @@ module Api module V1 class ECFParticipantsController < Api::ApiController - include ApiTokenAuthenticatable + include LeadProviderApiTokenAuthenticatable include ApiPagination include ApiCsv include ApiFilter diff --git a/app/controllers/api/v1/participant_declarations_controller.rb b/app/controllers/api/v1/participant_declarations_controller.rb index bf79fc5d6d..93817b4eff 100644 --- a/app/controllers/api/v1/participant_declarations_controller.rb +++ b/app/controllers/api/v1/participant_declarations_controller.rb @@ -4,7 +4,7 @@ module Api module V1 class ParticipantDeclarationsController < Api::ApiController include ApiAuditable - include ApiTokenAuthenticatable + include LeadProviderApiTokenAuthenticatable include ApiPagination include ApiCsv include ApiFilter diff --git a/app/controllers/api/v1/participants_controller.rb b/app/controllers/api/v1/participants_controller.rb index 636e646c50..c3b72bd0bf 100644 --- a/app/controllers/api/v1/participants_controller.rb +++ b/app/controllers/api/v1/participants_controller.rb @@ -5,7 +5,7 @@ module Api module V1 class ParticipantsController < Api::ApiController - include ApiTokenAuthenticatable + include LeadProviderApiTokenAuthenticatable include ParticipantActions end end diff --git a/app/controllers/api/v3/delivery_partners_controller.rb b/app/controllers/api/v3/delivery_partners_controller.rb index de90b6785f..60de6b2534 100644 --- a/app/controllers/api/v3/delivery_partners_controller.rb +++ b/app/controllers/api/v3/delivery_partners_controller.rb @@ -3,7 +3,7 @@ module Api module V3 class DeliveryPartnersController < Api::ApiController - include ApiTokenAuthenticatable + include LeadProviderApiTokenAuthenticatable include ApiPagination include ApiFilterValidation diff --git a/app/controllers/api/v3/ecf/partnerships_controller.rb b/app/controllers/api/v3/ecf/partnerships_controller.rb index df6d2ce8da..c188092212 100644 --- a/app/controllers/api/v3/ecf/partnerships_controller.rb +++ b/app/controllers/api/v3/ecf/partnerships_controller.rb @@ -4,7 +4,7 @@ module Api module V3 module ECF class PartnershipsController < Api::ApiController - include ApiTokenAuthenticatable + include LeadProviderApiTokenAuthenticatable include ApiPagination include ApiFilterValidation diff --git a/app/controllers/api/v3/ecf/schools_controller.rb b/app/controllers/api/v3/ecf/schools_controller.rb index e86e5cb2e2..841e4a9b7c 100644 --- a/app/controllers/api/v3/ecf/schools_controller.rb +++ b/app/controllers/api/v3/ecf/schools_controller.rb @@ -4,7 +4,7 @@ module Api module V3 module ECF class SchoolsController < Api::ApiController - include ApiTokenAuthenticatable + include LeadProviderApiTokenAuthenticatable include ApiPagination include ApiFilterValidation diff --git a/app/controllers/api/v3/ecf/transfers_controller.rb b/app/controllers/api/v3/ecf/transfers_controller.rb index 8bebdb515c..cd75e4bc21 100644 --- a/app/controllers/api/v3/ecf/transfers_controller.rb +++ b/app/controllers/api/v3/ecf/transfers_controller.rb @@ -4,7 +4,7 @@ module Api module V3 module ECF class TransfersController < Api::ApiController - include ApiTokenAuthenticatable + include LeadProviderApiTokenAuthenticatable include ApiPagination include ApiFilterValidation diff --git a/app/controllers/api/v3/ecf/unfunded_mentors_controller.rb b/app/controllers/api/v3/ecf/unfunded_mentors_controller.rb index 649af378da..ed99a2d89a 100644 --- a/app/controllers/api/v3/ecf/unfunded_mentors_controller.rb +++ b/app/controllers/api/v3/ecf/unfunded_mentors_controller.rb @@ -4,7 +4,7 @@ module Api module V3 module ECF class UnfundedMentorsController < Api::ApiController - include ApiTokenAuthenticatable + include LeadProviderApiTokenAuthenticatable include ApiPagination include ApiFilterValidation diff --git a/app/controllers/api/v3/finance/statements_controller.rb b/app/controllers/api/v3/finance/statements_controller.rb index 46975ccab9..9c0966a7f0 100644 --- a/app/controllers/api/v3/finance/statements_controller.rb +++ b/app/controllers/api/v3/finance/statements_controller.rb @@ -3,7 +3,7 @@ module Api module V3 class Finance::StatementsController < Api::ApiController - include ApiTokenAuthenticatable + include LeadProviderApiTokenAuthenticatable include ApiPagination include ApiFilterValidation diff --git a/app/controllers/api/v3/participant_declarations_controller.rb b/app/controllers/api/v3/participant_declarations_controller.rb index 7a32a01b74..f9a6f5f2d7 100644 --- a/app/controllers/api/v3/participant_declarations_controller.rb +++ b/app/controllers/api/v3/participant_declarations_controller.rb @@ -4,7 +4,7 @@ module Api module V3 class ParticipantDeclarationsController < Api::ApiController include ApiAuditable - include ApiTokenAuthenticatable + include LeadProviderApiTokenAuthenticatable include ApiPagination include ApiFilterValidation diff --git a/app/controllers/concerns/api_token_authenticatable.rb b/app/controllers/concerns/api_token_authenticatable.rb index fd52136b5e..a7090ff688 100644 --- a/app/controllers/concerns/api_token_authenticatable.rb +++ b/app/controllers/concerns/api_token_authenticatable.rb @@ -50,6 +50,6 @@ def check_access_scope end def access_scope - LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider]) + ApiToken.all end end diff --git a/app/controllers/concerns/lead_provider_api_token_authenticatable.rb b/app/controllers/concerns/lead_provider_api_token_authenticatable.rb new file mode 100644 index 0000000000..6ef8da544f --- /dev/null +++ b/app/controllers/concerns/lead_provider_api_token_authenticatable.rb @@ -0,0 +1,12 @@ +# frozen_string_literal: true + +module LeadProviderApiTokenAuthenticatable + extend ActiveSupport::Concern + include ApiTokenAuthenticatable + +private + + def access_scope + LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider]) + end +end diff --git a/spec/controllers/api/api_controller_spec.rb b/spec/controllers/api/api_controller_spec.rb index 034ff034ff..a7e7176da0 100644 --- a/spec/controllers/api/api_controller_spec.rb +++ b/spec/controllers/api/api_controller_spec.rb @@ -24,8 +24,8 @@ def index; end end context "when authorization header is provided" do - let(:cpd_lead_provider) { create(:cpd_lead_provider, :with_lead_provider) } - let(:token) { LeadProviderApiToken.create_with_random_token!(cpd_lead_provider:) } + let(:lead_provider) { create(:lead_provider) } + let(:token) { LeadProviderApiToken.create_with_random_token!(lead_provider:) } let(:bearer_token) { "Bearer #{token}" } it "requests authentication via the http header" do diff --git a/spec/docs/v3/statements_spec.rb b/spec/docs/v3/statements_spec.rb index b547f2c1a6..c59b32a59d 100644 --- a/spec/docs/v3/statements_spec.rb +++ b/spec/docs/v3/statements_spec.rb @@ -3,7 +3,7 @@ require "swagger_helper" RSpec.describe "API", type: :request, swagger_doc: "v3/api_spec.json" do - let(:cpd_lead_provider) { create(:cpd_lead_provider) } + let(:cpd_lead_provider) { create(:cpd_lead_provider, :with_lead_provider) } let(:token) { LeadProviderApiToken.create_with_random_token!(cpd_lead_provider:) } let(:bearer_token) { "Bearer #{token}" } let(:Authorization) { bearer_token }