Merge branch 'main' into MLPAB-1743

ministryofjustice · Feb 1, 2024 · 8f55518 · 8f55518
2 parents 74b02a6 + ff84342
commit 8f55518
Show file tree

Hide file tree

Showing 49 changed files with 1,657 additions and 371 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -25,7 +25,24 @@ repos:
       - id: terraform_tflint
         args:
           - --args=--recursive
-
+  - repo: https://github.com/terraform-docs/terraform-docs
+    rev: "v0.17.0"
+    hooks:
+      - id: terraform-docs-go
+        name: terraform-docs Environment-root
+        args: ["--config", "terraform/environment/.terraform-docs.yml", "./terraform/environment"]
+      - id: terraform-docs-go
+        name: terraform-docs Environment-region
+        args: ["--config", "terraform/environment/region/.terraform-docs.yml", "./terraform/environment/region"]
+      - id: terraform-docs-go
+        name: terraform-docs Environment-global
+        args: ["--config", "terraform/environment/global/.terraform-docs.yml", "./terraform/environment/global"]
+      - id: terraform-docs-go
+        name: terraform-docs Account-root
+        args: ["--config", "terraform/account/.terraform-docs.yml", "./terraform/account"]
+      - id: terraform-docs-go
+        name: terraform-docs Account-region
+        args: ["--config", "terraform/account/region/.terraform-docs.yml", "./terraform/account/region"]
   - repo: https://github.com/dnephin/pre-commit-golang
     rev: v0.5.1
     hooks:

diff --git a/go.mod b/go.mod
@@ -38,6 +38,7 @@ require (
 	go.opentelemetry.io/otel/trace v1.22.0
 	golang.org/x/exp v0.0.0-20240119083558-1b970713d09a
 	golang.org/x/mod v0.14.0
+	golang.org/x/time v0.5.0
 	golang.org/x/tools v0.17.0
 	google.golang.org/grpc v1.61.0
 )
@@ -127,7 +128,6 @@ require (
 	golang.org/x/sys v0.16.0 // indirect
 	golang.org/x/term v0.16.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
-	golang.org/x/time v0.5.0 // indirect
 	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
 	google.golang.org/api v0.153.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect

diff --git a/internal/app/app.go b/internal/app/app.go
@@ -2,7 +2,6 @@ package app
 
 import (
 	"context"
-	"encoding/base64"
 	"fmt"
 	"net/http"
 	"strings"
@@ -269,7 +268,7 @@ func makeHandle(mux *http.ServeMux, errorHandler page.ErrorHandler, store sesh.S
 					return
 				}
 
-				appData.SessionID = base64.StdEncoding.EncodeToString([]byte(loginSession.Sub))
+				appData.SessionID = loginSession.SessionID()
 				ctx = page.ContextWithSessionData(ctx, &page.SessionData{SessionID: appData.SessionID})
 			}
 

diff --git a/internal/onelogin/configuration.go b/internal/onelogin/configuration.go
@@ -11,6 +11,7 @@ import (
 	"github.com/MicahParks/jwkset"
 	"github.com/MicahParks/keyfunc/v3"
 	"github.com/golang-jwt/jwt/v5"
+	"golang.org/x/time/rate"
 )
 
 const (
@@ -128,16 +129,17 @@ func (c *configurationClient) refresh() error {
 		return err
 	}
 
-	uri, err := url.Parse(v.JwksURI)
+	uri, err := url.ParseRequestURI(v.JwksURI)
 	if err != nil {
 		return err
 	}
 
 	storage, err := jwkset.NewStorageFromHTTP(uri, jwkset.HTTPClientStorageOptions{
-		Ctx:             c.ctx,
-		Client:          c.httpClient,
-		RefreshInterval: refreshInterval,
-		HTTPTimeout:     refreshTimeout,
+		Ctx:                       c.ctx,
+		Client:                    c.httpClient,
+		RefreshInterval:           refreshInterval,
+		HTTPTimeout:               refreshTimeout,
+		NoErrorReturnFirstHTTPReq: true,
 		RefreshErrorHandler: func(_ context.Context, err error) {
 			c.logger.Print("error refreshing jwks: ", err)
 		},
@@ -146,8 +148,18 @@ func (c *configurationClient) refresh() error {
 		return err
 	}
 
+	client, err := jwkset.NewHTTPClient(jwkset.HTTPClientOptions{
+		HTTPURLs: map[string]jwkset.Storage{
+			uri.String(): storage,
+		},
+		RefreshUnknownKID: rate.NewLimiter(rate.Every(refreshRateLimit), 1),
+	})
+	if err != nil {
+		return err
+	}
+
 	c.currentConfiguration = &v
-	c.currentJwks, err = keyfunc.New(keyfunc.Options{Ctx: c.ctx, Storage: storage})
+	c.currentJwks, err = keyfunc.New(keyfunc.Options{Ctx: c.ctx, Storage: client})
 
 	return err
 }

diff --git a/internal/page/app_data.go b/internal/page/app_data.go
@@ -28,6 +28,7 @@ type AppData struct {
 	OneloginURL      string
 	AppPublicURL     string
 	IsSupporter      bool
+	OrganisationName string
 	OrganisationID   string
 }
 

diff --git a/internal/page/attorney/enter_reference_number.go b/internal/page/attorney/enter_reference_number.go
@@ -1,7 +1,6 @@
 package attorney
 
 import (
-	"encoding/base64"
 	"errors"
 	"net/http"
 
@@ -51,7 +50,7 @@ func EnterReferenceNumber(tmpl template.Template, shareCodeStore ShareCodeStore,
 				}
 
 				ctx := page.ContextWithSessionData(r.Context(), &page.SessionData{
-					SessionID: base64.StdEncoding.EncodeToString([]byte(session.Sub)),
+					SessionID: session.SessionID(),
 					LpaID:     shareCode.LpaID,
 				})
 

diff --git a/internal/page/attorney/register.go b/internal/page/attorney/register.go
@@ -2,7 +2,6 @@ package attorney
 
 import (
 	"context"
-	"encoding/base64"
 	"io"
 	"net/http"
 	"time"
@@ -152,7 +151,7 @@ func makeHandle(mux *http.ServeMux, store sesh.Store, errorHandler page.ErrorHan
 					return
 				}
 
-				appData.SessionID = base64.StdEncoding.EncodeToString([]byte(session.Sub))
+				appData.SessionID = session.SessionID()
 				ctx = page.ContextWithSessionData(ctx, &page.SessionData{SessionID: appData.SessionID, LpaID: appData.LpaID})
 			}
 
@@ -177,7 +176,7 @@ func makeAttorneyHandle(mux *http.ServeMux, store sesh.Store, errorHandler page.
 				return
 			}
 
-			appData.SessionID = base64.StdEncoding.EncodeToString([]byte(session.Sub))
+			appData.SessionID = session.SessionID()
 
 			sessionData, err := page.SessionDataFromContext(ctx)
 			if err == nil {

diff --git a/internal/page/certificateprovider/enter_reference_number.go b/internal/page/certificateprovider/enter_reference_number.go
@@ -1,7 +1,6 @@
 package certificateprovider
 
 import (
-	"encoding/base64"
 	"errors"
 	"net/http"
 
@@ -52,7 +51,7 @@ func EnterReferenceNumber(tmpl template.Template, shareCodeStore ShareCodeStore,
 				}
 
 				ctx := page.ContextWithSessionData(r.Context(), &page.SessionData{
-					SessionID: base64.StdEncoding.EncodeToString([]byte(session.Sub)),
+					SessionID: session.SessionID(),
 					LpaID:     shareCode.LpaID,
 				})
 

diff --git a/internal/page/certificateprovider/register.go b/internal/page/certificateprovider/register.go
@@ -2,7 +2,6 @@ package certificateprovider
 
 import (
 	"context"
-	"encoding/base64"
 	"io"
 	"net/http"
 	"time"
@@ -185,7 +184,7 @@ func makeCertificateProviderHandle(mux *http.ServeMux, store sesh.Store, errorHa
 				return
 			}
 
-			appData.SessionID = base64.StdEncoding.EncodeToString([]byte(session.Sub))
+			appData.SessionID = session.SessionID()
 
 			sessionData, err := page.SessionDataFromContext(ctx)
 			if err == nil {

diff --git a/internal/page/donor/register.go b/internal/page/donor/register.go
@@ -2,7 +2,6 @@ package donor
 
 import (
 	"context"
-	"encoding/base64"
 	"fmt"
 	"io"
 	"net/http"
@@ -404,10 +403,9 @@ func makeHandle(mux *http.ServeMux, store sesh.Store, defaultOptions page.Handle
 					return
 				}
 
-				appData.SessionID = base64.StdEncoding.EncodeToString([]byte(donorSession.Sub))
+				appData.SessionID = donorSession.SessionID()
 
 				sessionData, err := page.SessionDataFromContext(ctx)
-
 				if err == nil {
 					sessionData.SessionID = appData.SessionID
 					ctx = page.ContextWithSessionData(ctx, sessionData)
@@ -444,10 +442,9 @@ func makeLpaHandle(mux *http.ServeMux, store sesh.Store, defaultOptions page.Han
 				return
 			}
 
-			appData.SessionID = base64.StdEncoding.EncodeToString([]byte(donorSession.Sub))
+			appData.SessionID = donorSession.SessionID()
 
 			sessionData, err := page.SessionDataFromContext(ctx)
-
 			if err == nil {
 				sessionData.SessionID = appData.SessionID
 				ctx = page.ContextWithSessionData(ctx, sessionData)

diff --git a/internal/page/fixtures/supporter.go b/internal/page/fixtures/supporter.go
@@ -35,7 +35,11 @@ func Supporter(sessionStore sesh.Store, organisationStore OrganisationStore) pag
 			}
 		}
 
-		http.Redirect(w, r, "/supporter/"+redirect, http.StatusFound)
+		if redirect != page.Paths.Supporter.EnterOrganisationName.Format() {
+			redirect = "/supporter/" + redirect
+		}
+
+		http.Redirect(w, r, redirect, http.StatusFound)
 		return nil
 	}
 }
diff --git a/internal/page/login_callback.go b/internal/page/login_callback.go
@@ -2,7 +2,6 @@ package page
 
 import (
 	"context"
-	"encoding/base64"
 	"net/http"
 
 	"github.com/ministryofjustice/opg-modernising-lpa/internal/actor"
@@ -32,20 +31,18 @@ func LoginCallback(oneLoginClient LoginCallbackOneLoginClient, sessionStore sesh
 			return err
 		}
 
-		if err := sesh.SetLoginSession(sessionStore, r, w, &sesh.LoginSession{
+		session := &sesh.LoginSession{
 			IDToken: idToken,
 			Sub:     userInfo.Sub,
 			Email:   userInfo.Email,
-		}); err != nil {
+		}
+
+		if err := sesh.SetLoginSession(sessionStore, r, w, session); err != nil {
 			return err
 		}
 
 		if actorType != actor.TypeDonor {
-			exists, err := dashboardStore.SubExistsForActorType(
-				r.Context(),
-				base64.StdEncoding.EncodeToString([]byte(userInfo.Sub)),
-				actorType,
-			)
+			exists, err := dashboardStore.SubExistsForActorType(r.Context(), session.SessionID(), actorType)
 
 			if err != nil {
 				return err

diff --git a/internal/page/supporter/dashboard.go b/internal/page/supporter/dashboard.go
@@ -4,6 +4,7 @@ import (
 	"net/http"
 
 	"github.com/ministryofjustice/opg-go-common/template"
+	"github.com/ministryofjustice/opg-modernising-lpa/internal/actor"
 	"github.com/ministryofjustice/opg-modernising-lpa/internal/page"
 	"github.com/ministryofjustice/opg-modernising-lpa/internal/validation"
 )
@@ -14,13 +15,8 @@ type DashboardData struct {
 }
 
 func Dashboard(tmpl template.Template, organisationStore OrganisationStore) Handler {
-	return func(appData page.AppData, w http.ResponseWriter, r *http.Request) error {
+	return func(appData page.AppData, w http.ResponseWriter, r *http.Request, organisation *actor.Organisation) error {
 		if r.Method == http.MethodPost {
-			organisation, err := organisationStore.Get(r.Context())
-			if err != nil {
-				return err
-			}
-
 			donorProvided, err := organisationStore.CreateLPA(r.Context(), organisation.ID)
 			if err != nil {
 				return err

diff --git a/internal/page/supporter/guidance.go b/internal/page/supporter/guidance.go
@@ -5,6 +5,7 @@ import (
 	"net/url"
 
 	"github.com/ministryofjustice/opg-go-common/template"
+	"github.com/ministryofjustice/opg-modernising-lpa/internal/actor"
 	"github.com/ministryofjustice/opg-modernising-lpa/internal/page"
 	"github.com/ministryofjustice/opg-modernising-lpa/internal/validation"
 )
@@ -16,7 +17,7 @@ type guidanceData struct {
 }
 
 func Guidance(tmpl template.Template) Handler {
-	return func(appData page.AppData, w http.ResponseWriter, r *http.Request) error {
+	return func(appData page.AppData, w http.ResponseWriter, r *http.Request, organisation *actor.Organisation) error {
 		return tmpl(w, &guidanceData{
 			App:   appData,
 			Query: r.URL.Query(),

diff --git a/internal/page/supporter/guidance_test.go b/internal/page/supporter/guidance_test.go
@@ -18,7 +18,7 @@ func TestGuidance(t *testing.T) {
 		Execute(w, &guidanceData{App: testAppData, Query: url.Values{}}).
 		Return(nil)
 
-	err := Guidance(template.Execute)(testAppData, w, r)
+	err := Guidance(template.Execute)(testAppData, w, r, nil)
 	resp := w.Result()
 
 	assert.Nil(t, err)
@@ -34,7 +34,7 @@ func TestGuidanceWhenTemplateErrors(t *testing.T) {
 		Execute(w, &guidanceData{App: testAppData, Query: url.Values{}}).
 		Return(expectedError)
 
-	err := Guidance(template.Execute)(testAppData, w, r)
+	err := Guidance(template.Execute)(testAppData, w, r, nil)
 
 	assert.Equal(t, expectedError, err)
 }
diff --git a/internal/page/supporter/invite_member.go b/internal/page/supporter/invite_member.go
@@ -5,6 +5,7 @@ import (
 	"net/url"
 
 	"github.com/ministryofjustice/opg-go-common/template"
+	"github.com/ministryofjustice/opg-modernising-lpa/internal/actor"
 	"github.com/ministryofjustice/opg-modernising-lpa/internal/notify"
 	"github.com/ministryofjustice/opg-modernising-lpa/internal/page"
 	"github.com/ministryofjustice/opg-modernising-lpa/internal/validation"
@@ -17,7 +18,7 @@ type inviteMemberData struct {
 }
 
 func InviteMember(tmpl template.Template, organisationStore OrganisationStore, notifyClient NotifyClient, randomString func(int) string) Handler {
-	return func(appData page.AppData, w http.ResponseWriter, r *http.Request) error {
+	return func(appData page.AppData, w http.ResponseWriter, r *http.Request, organisation *actor.Organisation) error {
 		data := &inviteMemberData{
 			App:  appData,
 			Form: &inviteMemberForm{},
@@ -28,11 +29,6 @@ func InviteMember(tmpl template.Template, organisationStore OrganisationStore, n
 			data.Errors = data.Form.Validate()
 
 			if !data.Errors.Any() {
-				organisation, err := organisationStore.Get(r.Context())
-				if err != nil {
-					return err
-				}
-
 				inviteCode := randomString(12)
 				if err := organisationStore.CreateMemberInvite(r.Context(), organisation, data.Form.Email, inviteCode); err != nil {
 					return err