This repository has been archived by the owner on Jul 30, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
Add a new flow based on the "prompt:none" scope #5
Merged
abrahammartin
merged 6 commits into
uisautomation:master
from
rjw57:issue-4-prompt-none-workflow
Apr 23, 2018
Merged
Add a new flow based on the "prompt:none" scope #5
abrahammartin
merged 6 commits into
uisautomation:master
from
rjw57:issue-4-prompt-none-workflow
Apr 23, 2018
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bump to the latest version of hydra at the moment (v0.11.12).
The omit clause in .coveragerc was being ignored since --omit was passed explicitly on the command line in tox.ini. Remove the explicit --omit.
The rejection reason was hard-coded. In preparation for rejecting the request due to user not being logged in, make this configurable.
As a step towards allowing implicit login/prompt=none style workflow, move the consent processing before the user login. Fix up tests which assumed consent processing happened before login to check consent processing before and after login.
Recognise a special scope, defaulting to "prompt:none" but configurable via the CONSENT_PROMPT_NONE_SCOPE setting, which will never redirect the user to a login page but will accept or reject the consent request based entirely on the existing login state. This can be used to implement UI-less login flows where we can detect if the user can be automatically logged in and, if so, log them in. Closes uisautomation#4
Update documentation and example scripts to allow demonstrating the "prompt:none" flow. A new page is added to the documentation taking the user through both the normal and "prompt:none" flow and demonstrating the difference.
Codecov Report
@@ Coverage Diff @@
## master #5 +/- ##
==========================================
- Coverage 90.7% 89.23% -1.48%
==========================================
Files 21 8 -13
Lines 355 130 -225
==========================================
- Hits 322 116 -206
+ Misses 33 14 -19
Continue to review full report at Codecov.
|
rjw57
added a commit
to rjw57/experimental-mock-consent-app
that referenced
this pull request
Apr 12, 2018
Implement prompt:none flow to match that proposed in uisautomation/hydra-consent-app#5. This commit is intended to keep the mock consent app and real consent app in lock step with regards to features. Update the app to cache the current subject in the flask session and automatically grant requests if there is a user in the session. This approximates the existing Raven behaviour. Teach the app about the "prompt:none" scope which signals that the request should be immediately rejected if there is not a user in the session.
This was referenced Apr 12, 2018
msb
approved these changes
Apr 18, 2018
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR addresses #4 by teaching the consent app about a new scope:
prompt:none
. If this scope is present in the request and there is not currently a user logged in, the request is immediately denied without redirecting to the Raven login dialog. If the user is logged in, the request is processed as per normal. This can be used to support "background" login where we first check to see if we can log in without using a UI and only if that fails do we attempt UI-based login.Most of the early commits are general tidy-ups required to implement the functionality of the PR.
63b9f71 provides the actual implementation of the
prompt:none
flow. The exact scope used is configurable via a Django setting.d0d66be provides documentation for the new flow and adds an expanded section to the documentation on issuing tokens which may be used as a basis for testing this PR.
This PR is required by the new token timeout behaviour in uisautomation/iar-frontend#153.
Closes #4