Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[CPDLP-3843] Remove token access for NPQ (NPQ Post Separation Cleanup) #5386

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 1 addition & 6 deletions app/controllers/api/v1/ecf_participants_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
module Api
module V1
class ECFParticipantsController < Api::ApiController
include ApiTokenAuthenticatable
include LeadProviderApiTokenAuthenticatable
include ApiPagination
include ApiCsv
include ApiFilter
Expand Down Expand Up @@ -56,11 +56,6 @@ def ecf_participant_params
params.permit(:id, filter: %i[cohort updated_since])
end

def access_scope
LeadProviderApiToken
.joins(cpd_lead_provider: [:lead_provider])
end

def lead_provider
current_user.lead_provider
end
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ module Api
module V1
class ParticipantDeclarationsController < Api::ApiController
include ApiAuditable
include ApiTokenAuthenticatable
include LeadProviderApiTokenAuthenticatable
include ApiPagination
include ApiCsv
include ApiFilter
Expand Down
8 changes: 1 addition & 7 deletions app/controllers/api/v1/participants_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -5,14 +5,8 @@
module Api
module V1
class ParticipantsController < Api::ApiController
include ApiTokenAuthenticatable
include LeadProviderApiTokenAuthenticatable
include ParticipantActions

private

def access_scope
LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider])
end
end
end
end
6 changes: 1 addition & 5 deletions app/controllers/api/v3/delivery_partners_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
module Api
module V3
class DeliveryPartnersController < Api::ApiController
include ApiTokenAuthenticatable
include LeadProviderApiTokenAuthenticatable
include ApiPagination
include ApiFilterValidation

Expand Down Expand Up @@ -52,10 +52,6 @@ def delivery_partner_params
.permit(:id, :sort, filter: %i[cohort])
end

def access_scope
LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider])
end

def serializer_class
Api::V3::DeliveryPartnerSerializer
end
Expand Down
6 changes: 1 addition & 5 deletions app/controllers/api/v3/ecf/partnerships_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ module Api
module V3
module ECF
class PartnershipsController < Api::ApiController
include ApiTokenAuthenticatable
include LeadProviderApiTokenAuthenticatable
include ApiPagination
include ApiFilterValidation

Expand Down Expand Up @@ -78,10 +78,6 @@ def ecf_partnership_params
.permit(:id, :sort, filter: %i[cohort updated_since delivery_partner_id])
end

def access_scope
LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider])
end

def serializer_class
Api::V3::ECF::PartnershipSerializer
end
Expand Down
6 changes: 1 addition & 5 deletions app/controllers/api/v3/ecf/schools_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ module Api
module V3
module ECF
class SchoolsController < Api::ApiController
include ApiTokenAuthenticatable
include LeadProviderApiTokenAuthenticatable
include ApiPagination
include ApiFilterValidation

Expand Down Expand Up @@ -42,10 +42,6 @@ def ecf_schools_query
)
end

def access_scope
LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider])
end

def serializer_class
Api::V3::ECF::SchoolSerializer
end
Expand Down
6 changes: 1 addition & 5 deletions app/controllers/api/v3/ecf/transfers_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ module Api
module V3
module ECF
class TransfersController < Api::ApiController
include ApiTokenAuthenticatable
include LeadProviderApiTokenAuthenticatable
include ApiPagination
include ApiFilterValidation

Expand Down Expand Up @@ -53,10 +53,6 @@ def ecf_transfer_params
.permit(:participant_id, filter: %i[updated_since])
end

def access_scope
LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider])
end

def serializer_class
TransferSerializer
end
Expand Down
6 changes: 1 addition & 5 deletions app/controllers/api/v3/ecf/unfunded_mentors_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ module Api
module V3
module ECF
class UnfundedMentorsController < Api::ApiController
include ApiTokenAuthenticatable
include LeadProviderApiTokenAuthenticatable
include ApiPagination
include ApiFilterValidation

Expand Down Expand Up @@ -46,10 +46,6 @@ def ecf_unfunded_mentors_query
)
end

def access_scope
LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider])
end

def serializer_class
Api::V3::ECF::UnfundedMentorSerializer
end
Expand Down
2 changes: 1 addition & 1 deletion app/controllers/api/v3/finance/statements_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
module Api
module V3
class Finance::StatementsController < Api::ApiController
include ApiTokenAuthenticatable
include LeadProviderApiTokenAuthenticatable
include ApiPagination
include ApiFilterValidation

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ module Api
module V3
class ParticipantDeclarationsController < Api::ApiController
include ApiAuditable
include ApiTokenAuthenticatable
include LeadProviderApiTokenAuthenticatable
include ApiPagination
include ApiFilterValidation

Expand Down Expand Up @@ -102,10 +102,6 @@ def participant_declaration_for_lead_provider
@participant_declaration_for_lead_provider ||= ParticipantDeclaration.for_lead_provider(cpd_lead_provider).find(params[:id])
end

def access_scope
LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider]) + LeadProviderApiToken.joins(cpd_lead_provider: [:npq_lead_provider])
end

def serializer_class
ParticipantDeclarationSerializer
end
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# frozen_string_literal: true

module LeadProviderApiTokenAuthenticatable
extend ActiveSupport::Concern
include ApiTokenAuthenticatable

private

def access_scope
LeadProviderApiToken.joins(cpd_lead_provider: [:lead_provider])
end
end
13 changes: 0 additions & 13 deletions app/models/npq_registration_api_token.rb

This file was deleted.

4 changes: 0 additions & 4 deletions db/legacy_seeds/dummy_structures.rb
Original file line number Diff line number Diff line change
Expand Up @@ -238,15 +238,11 @@
# The tokens below have different unhashed version to avoid worrying about clever cryptographic attacks
if Rails.env.review?
EngageAndLearnApiToken.find_or_create_by!(hashed_token: "dfce9a34c6f982e8adb4b903f8b6064682e6ad1f7858c41ed8a0a7468abc8896")
NPQRegistrationApiToken.find_or_create_by!(hashed_token: "1dae3836ed90df4b796eff1f4a4713247ac5bc8a00352ea46eee621d74cd4fcf")
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe we can also delete NPQRegistrationApiToken class as well? let me know what you think

DataStudioApiToken.find_or_create_by!(hashed_token: "c7123fb0e2aecb17e1089e01849d71665983e200e891fe726341a08f176c1d64")
elsif Rails.env.development?
EngageAndLearnApiToken.find_or_create_by!(hashed_token: "f4a16cd7fc10918fbc7d869d7a83df36059bb98fac7c82502d797b1f1dd73e86")
end
end
if Rails.env.sandbox?
NPQRegistrationApiToken.find_or_create_by!(hashed_token: "166eaa39950ad15f2f36041cb9062cc8fa9f109945fe9b8378bf904fe35369bc")
end

unless Rails.env.sandbox?
[
Expand Down
5 changes: 1 addition & 4 deletions db/new_seeds/base/add_api_tokens.rb
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,12 @@

if Rails.env.in?(%w[review staging])
EngageAndLearnApiToken.find_or_create_by!(hashed_token: "dfce9a34c6f982e8adb4b903f8b6064682e6ad1f7858c41ed8a0a7468abc8896")
NPQRegistrationApiToken.find_or_create_by!(hashed_token: "1dae3836ed90df4b796eff1f4a4713247ac5bc8a00352ea46eee621d74cd4fcf")
DataStudioApiToken.find_or_create_by!(hashed_token: "c7123fb0e2aecb17e1089e01849d71665983e200e891fe726341a08f176c1d64")
elsif Rails.env.development?
EngageAndLearnApiToken.find_or_create_by!(hashed_token: "f4a16cd7fc10918fbc7d869d7a83df36059bb98fac7c82502d797b1f1dd73e86")
end

if Rails.env.sandbox?
NPQRegistrationApiToken.find_or_create_by!(hashed_token: "166eaa39950ad15f2f36041cb9062cc8fa9f109945fe9b8378bf904fe35369bc")
else
unless Rails.env.sandbox?
{
"Ambition Institute" => "ambition-token",
"Best Practice Network" => "best-practice-token",
Expand Down
2 changes: 1 addition & 1 deletion spec/docs/v3/statements_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
require "swagger_helper"

RSpec.describe "API", type: :request, swagger_doc: "v3/api_spec.json" do
let(:cpd_lead_provider) { create(:cpd_lead_provider) }
let(:cpd_lead_provider) { create(:cpd_lead_provider, :with_lead_provider) }
let(:token) { LeadProviderApiToken.create_with_random_token!(cpd_lead_provider:) }
let(:bearer_token) { "Bearer #{token}" }
let(:Authorization) { bearer_token }
Expand Down
2 changes: 1 addition & 1 deletion spec/requests/api/v1/data_studio/school_rollout_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@
end

context "using a private token from different scope" do
let(:other_private_token) { NPQRegistrationApiToken.create_with_random_token! }
let(:other_private_token) { DataStudioApiToken.create_with_random_token! }

it "returns data successfully" do
default_headers[:Authorization] = "Bearer #{other_private_token}"
Expand Down
2 changes: 1 addition & 1 deletion spec/requests/api/v3/statements_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
require "rails_helper"

RSpec.describe "statements endpoint spec", type: :request do
let(:cpd_lead_provider) { create(:cpd_lead_provider) }
let(:cpd_lead_provider) { create(:cpd_lead_provider, :with_lead_provider) }
let(:token) { LeadProviderApiToken.create_with_random_token!(cpd_lead_provider:) }
let(:bearer_token) { "Bearer #{token}" }

Expand Down
Loading