Merge branch 'main' into dependabot/npm_and_yarn/tough-cookie-4.1.3

ministryofjustice · Nov 10, 2023 · 7a21e7f · 7a21e7f
2 parents 099a13e + 04b1af2
commit 7a21e7f
Show file tree

Hide file tree

Showing 113 changed files with 3,716 additions and 1,084 deletions.
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -1,11 +1,17 @@
 <!-- The title of this PR should complete the sentence: “Merging this PR will ...” -->
 
 ## :memo: Summary
-This PR closes/completes/contributes to issue #ANPL-...
-<!-- Adding the issue number above will automatically link it to our Jira board -->
+This PR resolves ...
+<!-- Adding the issue number above will automatically link the PR to the github issue,
+and will close the issue on merging. Note this will only happen if the correct keyword
+is used, such resolves/closes/fixes. See full list of keywords at
+https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword.
+If the issue belongs to the current repo, add the number prefixed with e.g #1234.
+If the issue belongs to another repo, add with Organization_name/Repository#... e.g.
+ministryofjustice/data-platform#1234 -->
 
 This PR ...
-<!-- Give a brief description here. 
+<!-- Give a brief description here.
 What changes have you made?
 Is it a version bump, bugfix, documentation, major change, something else? -->
 
@@ -27,4 +33,4 @@ Merging this PR will have the following side-effects:
 <!-- If documentation is left until later, you must explain why and create a ticket for it -->
 - [ ] No changes to the documentation are required
 - [ ] This PR includes all relevant documentation
-- [ ] Documentation will be added in the future because ... (see #ANPL-...)
+- [ ] Documentation will be added in the future because ... (see issue #...)
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -29,12 +29,3 @@ repos:
     - id: flake8
       name: flake8 format check
       entry: bash -c 'flake8 --config=.flake8 $(git diff --name-only --cached --diff-filter=ACMR | grep .py)'
-
-  - repo: local
-    hooks:
-    - id: jira-ticket
-      name: Check for Jira ticket
-      language: pygrep
-      entry: '\A(?!ANPL+-[0-9]+)'
-      args: [--multiline]
-      stages: [commit-msg]
diff --git a/Dockerfile b/Dockerfile
@@ -29,6 +29,11 @@ RUN apt-get update \
     && apt-get install -y --no-install-recommends \
         postgresql-client \
         wget \
+        gcc \
+        libcurl4-gnutls-dev \
+        python3-dev \
+        libgnutls28-dev \
+        libssl-dev \
     && rm -rf /var/lib/apt/lists/*
 
 WORKDIR /home/controlpanel

diff --git a/controlpanel/__init__.py b/controlpanel/__init__.py
@@ -0,0 +1,5 @@
+# This will make sure the app is always imported when
+# Django starts so that shared_task will use this app.
+from .celery import app as celery_app
+
+__all__ = ('celery_app',)
diff --git a/controlpanel/api/admin.py b/controlpanel/api/admin.py
@@ -24,8 +24,8 @@ class AppAdmin(admin.ModelAdmin):
 
 
 class S3Admin(admin.ModelAdmin):
-    list_display = ("name", "created_by", "created", "is_data_warehouse")
-    list_filter = ("created_by", "is_data_warehouse")
+    list_display = ("name", "created_by", "created", "is_data_warehouse", "is_deleted")
+    list_filter = ("created_by", "is_data_warehouse", "is_deleted")
     search_fields = ("name",)
 
 

diff --git a/controlpanel/api/auth0.py b/controlpanel/api/auth0.py
@@ -47,6 +47,8 @@ class ExtendedAuth0(Auth0):
     DEFAULT_GRANT_TYPES = ["authorization_code", "client_credentials"]
     DEFAULT_APP_TYPE = "regular_web"
 
+    DEFAULT_CONNECTION_OPTION = 'email'
+
     def __init__(self, **kwargs):
         self.client_id = kwargs.get("client_id", settings.AUTH0["client_id"])
         self.client_secret = kwargs.get(
@@ -156,7 +158,7 @@ def setup_auth0_client(
                 }
         """
         if connections is None:
-            connections = {"email": {}}
+            connections = {self.DEFAULT_CONNECTION_OPTION: {}}
         new_connections = self._create_custom_connection(client_name, connections)
         app_url = "https://{}.{}".format(
             app_url_name or client_name, app_domain or self.app_domain)
@@ -178,7 +180,18 @@ def setup_auth0_client(
         )
         role = self.roles.create(dict(name="app-viewer", applicationId=client_id))
         self.roles.add_permission(role, view_app["_id"])
-        group = self.groups.create(dict(name=client_name))
+        try:
+            group = self.groups.create(dict(name=client_name))
+        except exceptions.Auth0Error as exc:
+            # celery fails to unpickle original exception, but not 100% sure why.
+            # Seems to be because __reduce__  method is incorrect? Possible bug.
+            # https://github.com/celery/celery/issues/6990#issuecomment-1433689294
+            # TODO what should happen if group already exists? Raise new error and
+            #  catch in the worker? e.g.:
+            # raise Auth0Error(detail=exc.message, code=exc.error_code)
+            # Or get the group ID and continue?
+            group = dict(_id=self.groups.get_group_id(client_name))
+
         self.groups.add_role(group["_id"], role["_id"])
 
         self._enable_connections_for_new_client(
@@ -277,7 +290,7 @@ def update_client_auth_connections(
         so we have to get all social connections, then check whether the client
         (client_id) is in the list of enabled_clients
         """
-        connections = {"email": {}} if new_conns is None else new_conns
+        connections = {self.DEFAULT_CONNECTION_OPTION: {}} if new_conns is None else new_conns
         new_connections = self._create_custom_connection(app_name, connections)
 
         # Get the list of  removed connections based on the existing connections
@@ -512,7 +525,12 @@ def create_custom_connection(self, connection_name: str, input_values: dict()):
             body = yaml.safe_load(yaml_rendered) or defaultdict(dict)
             body["options"]["scripts"] = scripts_rendered
 
-        self.create(body)
+        try:
+            self.create(body)
+        except exceptions.Auth0Error as error:
+            # Skip the exception when the connection name existed already
+            if error.status_code != 409:
+                raise Auth0Error(error.__str__(), code=error.status_code)
         return input_values["name"]
 
 

diff --git a/controlpanel/api/auth0_conns/auth0_nomis/fetchUserProfile.js b/controlpanel/api/auth0_conns/auth0_nomis/fetchUserProfile.js
@@ -1,37 +1,14 @@
-function(accessToken, ctx, cb) {
-  var base_url = "{{gateway_url}}";
-  var user_endpoint = "/auth/api/user/me";
-  var user_profile_url = base_url + user_endpoint;
-
-  // call oauth2 API with the accesstoken and create the profile
-  request.get(
-    user_profile_url,
-    {
-      headers: {
-        Authorization: "Bearer " + accessToken
-      }
-    },
-    function(err, resp, body) {
-      if (err) {
-        cb(err);
-        return;
-      }
-      if (!/^2/.test("" + resp.statusCode)) {
-        cb(body);
-        return;
-      }
-      let parsedBody = JSON.parse(body);
-      let profile = {
-        user_id: parsedBody.staffId,
-        nickname: parsedBody.name,
-        name: parsedBody.name,
-        email: parsedBody.username + "+" + parsedBody.activeCaseLoadId + "@nomis",
-        username: parsedBody.username,
-        blocked: !parsedBody.active,
-        activeCaseLoadId: parsedBody.activeCaseLoadId,
-        _nomisAccessToken: accessToken
-      };
-      cb(null, profile);
-    }
-  );
+function fetchUserProfile(accessToken, context, callback) {
+  // The email is only for auth0 usage purpose, not the actual email of login user
+  const profile = {
+    sub: context.sub,
+    user_id: context.user_id,
+    auth_source: context.auth_source,
+    nickname: context.name,
+    name: context.name,
+    username: context.user_name,
+    _accessToken: accessToken,
+    email: context.user_name + "+" + context.user_id + "@" + context.auth_source,
+  };
+  callback(null, profile);
 }