Merge pull request #488 from mozilla-iam/IAM-1256

IAM-1256 Remove Alerts and Notifications functions within SSO Dashbord
mozilla-iam · Feb 5, 2024 · 1a421fd · 1a421fd
2 parents aa90f12 + 372c3d1
commit 1a421fd
Show file tree

Hide file tree

Showing 26 changed files with 45 additions and 1,583 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,5 +1,6 @@
 venv
 dashboard/data/apps.yml-etag
+dashboard/data/apps.yml
 dump.rdb
 .env
 env3

diff --git a/Makefile b/Makefile
diff --git a/README.md b/README.md
@@ -24,14 +24,15 @@ A python flask implementation of an SSO dashboard.  OIDC for authentication and
 * MUI-CSS Framework
 * Docker
 
+
 # Features
 
+
 * Server Side Events Security Alerts
 * Control over what apps a user sees
 * User profile editor
 * Global Security Alerts
 * IHaveBeenPwned Integration
-* User alert acknowledgement/escalation
 
 # Authentication Flow
 
@@ -91,8 +92,9 @@ This section gives an overview of the SSO Dashboard deployment, for a more detai
 
 Single Sign On Dashboard (SSO Dashboard) runs in the AWS IAM account (320464205386) inside the production EKS cluster, however it uses resources in the `infosec-prod` and `infosec-dev` AWS accounts.
 
-Currently the application is deployed into 2 different environments: dev and prod, each one running in the correspondent Kubernetes namespaces.
+Currently the application is deployed into 3 different environments: dev, staging prod, each one running in the correspondent Kubernetes namespaces.
  - Production environment can be reach at https://sso.mozilla.com
+ - Staging environment can be reached at https://staging.sso.mozilla.com
  - Development environment can be reach at https://sso.allizom.org
 
 The application deployment process is performed by AWS Codebuild following the instructions in the [buildspec file](https://github.com/mozilla-iam/sso-dashboard/blob/master/buildspec-k8s.yml), which is heavily dependent in this [Makefile](https://github.com/mozilla-iam/sso-dashboard/blob/master/Makefile).

diff --git a/compose.yml b/compose.yml
@@ -7,9 +7,6 @@ services:
     env_file: envfile
     environment:
       - AWS_DEFAULT_REGION=us-west-2
-      - AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
-      - AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
-      - AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN}
       - FLASK_DEBUG=True
       - FLASK_APP=dashboard/app.py
     ports:

diff --git a/dashboard/app.py b/dashboard/app.py
@@ -33,10 +33,7 @@
 from dashboard.models.user import User
 from dashboard.models.user import FakeUser
 from dashboard.op.yaml_loader import Application
-from dashboard.models.alert import Alert
-from dashboard.models.alert import FakeAlert
-from dashboard.models.alert import Rules
-from dashboard.models.tile import S3Transfer
+from dashboard.models.tile import CDNTransfer
 
 
 logging.basicConfig(level=logging.INFO)
@@ -54,7 +51,7 @@
 talisman = Talisman(app, content_security_policy=DASHBOARD_CSP, force_https=False)
 
 app.config.from_object(config.Config(app).settings)
-app_list = S3Transfer(config.Config(app).settings)
+app_list = CDNTransfer(config.Config(app).settings)
 app_list.sync_config()
 
 # Activate server-side redis sesssion KV
@@ -135,6 +132,7 @@ def forbidden():
         jws = request.args.get("error").encode()
 
     token_verifier = oidc_auth.tokenVerification(jws=jws, public_key=app.config["FORBIDDEN_PAGE_PUBLIC_KEY"])
+    """TODO: add code here to catch when the token is invalid"""
     token_verifier.verify
 
     return render_template("forbidden.html", token_verifier=token_verifier)
@@ -179,24 +177,20 @@ def dashboard():
     session["userinfo"]["user_id"] = session.get("id_token")["sub"]
 
     # Transfer any updates in to the app_tiles.
-    S3Transfer(config.Config(app).settings).sync_config()
-
-    # The rule engine has been disabled.  See IAM-1256
-    # Send the user session and browser headers to the alert rules engine.
-    # Rules(userinfo=session["userinfo"], request=request).run()
+    CDNTransfer(config.Config(app).settings).sync_config()
 
     user = User(session, config.Config(app).settings)
     apps = user.apps(Application(app_list.apps_yml).apps)
 
-    return render_template("dashboard.html", config=app.config, user=user, apps=apps, alerts=None)
+    return render_template("dashboard.html", config=app.config, user=user, apps=apps)
 
 
 @app.route("/styleguide/dashboard")
 def styleguide_dashboard():
     user = FakeUser(config.Config(app).settings)
     apps = user.apps(Application(app_list.apps_yml).apps)
 
-    return render_template("dashboard.html", config=app.config, user=user, apps=apps, alerts=None)
+    return render_template("dashboard.html", config=app.config, user=user, apps=apps)
 
 
 @app.route("/styleguide/notifications")
@@ -206,58 +200,7 @@ def styleguide_notifications():
     return render_template("notifications.html", config=app.config, user=user)
 
 
-@app.route("/notifications")
-@oidc.oidc_auth("default")
-def notifications():
-    user = User(session, config.Config(app).settings)
-    return render_template("notifications.html", config=app.config, user=user)
-
-
-@oidc.oidc_auth("default")
-@app.route("/alert/<alert_id>", methods=["POST"])
-def alert_operation(alert_id):
-    if request.method == "POST":
-        user = User(session, config.Config(app).settings)
-        if request.data is not None:
-            data = json.loads(request.data.decode())
-            helpfulness = data.get("helpfulness")
-            alert_action = data.get("alert_action")
-
-        result = user.take_alert_action(alert_id, alert_action, helpfulness)
-
-        if result["ResponseMetadata"]["HTTPStatusCode"] == 200:
-            return "200"
-        else:
-            return "500"
-
-
-@oidc.oidc_auth("default")
-@app.route("/alert/fake", methods=["GET"])
-def alert_faking():
-    if request.method == "GET":
-        if app.config.get("SERVER_NAME") != "sso.mozilla.com":
-            """Only allow alert faking in non production environment."""
-            user = User(session, config.Config(app).settings)
-            fake_alerts = FakeAlert(user_id=user.userinfo.get("sub"))
-            fake_alerts.create_fake_alerts()
-
-    return redirect("/dashboard", code=302)
-
-
-@app.route("/api/v1/alert", methods=["GET"])
-@api.requires_api_auth
-def alert_api():
-    if request.method == "GET" and api.requires_scope("read:alert"):
-        user_id = request.args.get("user_id")
-        alerts = Alert().find(user_id)
-        result = Alert().to_summary(alerts)
-        return jsonify(result)
-    raise exceptions.AuthError(
-        {"code": "Unauthorized", "description": "Scope not matched.  Access Denied."},
-        403,
-    )
-
-
+"""useful endpoint for debugging"""
 @app.route("/info")
 @oidc.oidc_auth("default")
 def info():

diff --git a/dashboard/data/apps.yml b/dashboard/data/apps.yml
diff --git a/dashboard/models/__init__.py b/dashboard/models/__init__.py
@@ -1 +1 @@
-__all__ = ["alert", "tile", "user"]
+__all__ = ["tile", "user"]