From 5bbe22833ad1b7071c1086856da3cee52b750a68 Mon Sep 17 00:00:00 2001 From: Eric Lipe Date: Wed, 11 Sep 2024 11:18:31 -0400 Subject: [PATCH 1/7] - unified logout redirect config for ams and login.gov - add id hint for ams --- tdrs-backend/tdpservice/users/api/logout_redirect_oidc.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tdrs-backend/tdpservice/users/api/logout_redirect_oidc.py b/tdrs-backend/tdpservice/users/api/logout_redirect_oidc.py index 65c0bec09..b4437a175 100644 --- a/tdrs-backend/tdpservice/users/api/logout_redirect_oidc.py +++ b/tdrs-backend/tdpservice/users/api/logout_redirect_oidc.py @@ -50,7 +50,7 @@ def get(self, request, *args, **kwargs): # params needed by the logout endpoint logout_params = { "client_id": settings.LOGIN_GOV_CLIENT_ID, - "redirect_uri": settings.BASE_URL + "/logout", + "post_logout_redirect_uri": settings.BASE_URL + "/logout", "state": state, } @@ -59,9 +59,9 @@ def get(self, request, *args, **kwargs): # build out full API GET call to authorize endpoint if use_ams_handler: ams_configuration = LoginRedirectAMS.get_ams_configuration() + logout_params["id_token_hint"] = token_hint encoded_params = urlencode(logout_params, quote_via=quote_plus) return HttpResponseRedirect(ams_configuration["end_session_endpoint"] + "?" + encoded_params) else: - logout_params["post_logout_redirect_uri"] = logout_params.pop("redirect_uri") encoded_params = urlencode(logout_params, quote_via=quote_plus) return HttpResponseRedirect(settings.LOGIN_GOV_LOGOUT_ENDPOINT + "?" + encoded_params) From cd9e31da8d32cd1450fedf8514931a100aeed28d Mon Sep 17 00:00:00 2001 From: Eric Lipe Date: Thu, 12 Sep 2024 11:07:22 -0400 Subject: [PATCH 2/7] - commenting to deploy --- .circleci/build-and-test/workflows.yml | 100 ++++++++++++------------- 1 file changed, 50 insertions(+), 50 deletions(-) diff --git a/.circleci/build-and-test/workflows.yml b/.circleci/build-and-test/workflows.yml index b822f1cdc..d0a4d8ec7 100644 --- a/.circleci/build-and-test/workflows.yml +++ b/.circleci/build-and-test/workflows.yml @@ -3,15 +3,15 @@ when: << pipeline.parameters.build_and_test_all >> jobs: - secrets-check - - test-backend: - requires: - - secrets-check - - test-frontend: - requires: - - secrets-check - - test-e2e: - requires: - - secrets-check + # - test-backend: + # requires: + # - secrets-check + # - test-frontend: + # requires: + # - secrets-check + # - test-e2e: + # requires: + # - secrets-check ci-build-and-test-all: jobs: @@ -22,46 +22,46 @@ - main - master - /^release.*/ - - test-backend: - filters: - branches: - only: - - main - - master - - /^release.*/ - requires: - - secrets-check - - test-frontend: - filters: - branches: - only: - - main - - master - - /^release.*/ - requires: - - secrets-check - - test-e2e: - filters: - branches: - only: - - main - - master - - /^release.*/ - requires: - - secrets-check + # - test-backend: + # filters: + # branches: + # only: + # - main + # - master + # - /^release.*/ + # requires: + # - secrets-check + # - test-frontend: + # filters: + # branches: + # only: + # - main + # - master + # - /^release.*/ + # requires: + # - secrets-check + # - test-e2e: + # filters: + # branches: + # only: + # - main + # - master + # - /^release.*/ + # requires: + # - secrets-check - build-and-test-backend: - when: << pipeline.parameters.build_and_test_backend >> - jobs: - - secrets-check - - test-backend: - requires: - - secrets-check + # build-and-test-backend: + # when: << pipeline.parameters.build_and_test_backend >> + # jobs: + # - secrets-check + # - test-backend: + # requires: + # - secrets-check - build-and-test-frontend: - when: << pipeline.parameters.build_and_test_frontend >> - jobs: - - secrets-check - - test-frontend: - requires: - - secrets-check + # build-and-test-frontend: + # when: << pipeline.parameters.build_and_test_frontend >> + # jobs: + # - secrets-check + # - test-frontend: + # requires: + # - secrets-check From 6deb7270a2bbb412e5df8d5847839f7c11d34e9f Mon Sep 17 00:00:00 2001 From: Eric Lipe Date: Thu, 12 Sep 2024 12:17:11 -0400 Subject: [PATCH 3/7] - comment out token hint --- tdrs-backend/tdpservice/users/api/logout_redirect_oidc.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tdrs-backend/tdpservice/users/api/logout_redirect_oidc.py b/tdrs-backend/tdpservice/users/api/logout_redirect_oidc.py index b4437a175..c060a8db1 100644 --- a/tdrs-backend/tdpservice/users/api/logout_redirect_oidc.py +++ b/tdrs-backend/tdpservice/users/api/logout_redirect_oidc.py @@ -59,7 +59,7 @@ def get(self, request, *args, **kwargs): # build out full API GET call to authorize endpoint if use_ams_handler: ams_configuration = LoginRedirectAMS.get_ams_configuration() - logout_params["id_token_hint"] = token_hint + # logout_params["id_token_hint"] = token_hint encoded_params = urlencode(logout_params, quote_via=quote_plus) return HttpResponseRedirect(ams_configuration["end_session_endpoint"] + "?" + encoded_params) else: From 0e9e634f6b6867b81e0119579fcd39072ddb83b0 Mon Sep 17 00:00:00 2001 From: Eric Lipe Date: Thu, 12 Sep 2024 12:17:39 -0400 Subject: [PATCH 4/7] - re-enable tests --- .circleci/build-and-test/workflows.yml | 100 ++++++++++++------------- 1 file changed, 50 insertions(+), 50 deletions(-) diff --git a/.circleci/build-and-test/workflows.yml b/.circleci/build-and-test/workflows.yml index d0a4d8ec7..b822f1cdc 100644 --- a/.circleci/build-and-test/workflows.yml +++ b/.circleci/build-and-test/workflows.yml @@ -3,15 +3,15 @@ when: << pipeline.parameters.build_and_test_all >> jobs: - secrets-check - # - test-backend: - # requires: - # - secrets-check - # - test-frontend: - # requires: - # - secrets-check - # - test-e2e: - # requires: - # - secrets-check + - test-backend: + requires: + - secrets-check + - test-frontend: + requires: + - secrets-check + - test-e2e: + requires: + - secrets-check ci-build-and-test-all: jobs: @@ -22,46 +22,46 @@ - main - master - /^release.*/ - # - test-backend: - # filters: - # branches: - # only: - # - main - # - master - # - /^release.*/ - # requires: - # - secrets-check - # - test-frontend: - # filters: - # branches: - # only: - # - main - # - master - # - /^release.*/ - # requires: - # - secrets-check - # - test-e2e: - # filters: - # branches: - # only: - # - main - # - master - # - /^release.*/ - # requires: - # - secrets-check + - test-backend: + filters: + branches: + only: + - main + - master + - /^release.*/ + requires: + - secrets-check + - test-frontend: + filters: + branches: + only: + - main + - master + - /^release.*/ + requires: + - secrets-check + - test-e2e: + filters: + branches: + only: + - main + - master + - /^release.*/ + requires: + - secrets-check - # build-and-test-backend: - # when: << pipeline.parameters.build_and_test_backend >> - # jobs: - # - secrets-check - # - test-backend: - # requires: - # - secrets-check + build-and-test-backend: + when: << pipeline.parameters.build_and_test_backend >> + jobs: + - secrets-check + - test-backend: + requires: + - secrets-check - # build-and-test-frontend: - # when: << pipeline.parameters.build_and_test_frontend >> - # jobs: - # - secrets-check - # - test-frontend: - # requires: - # - secrets-check + build-and-test-frontend: + when: << pipeline.parameters.build_and_test_frontend >> + jobs: + - secrets-check + - test-frontend: + requires: + - secrets-check From 9abdcfb239e589dda368bf7f37adf48ec46152aa Mon Sep 17 00:00:00 2001 From: Eric Lipe Date: Thu, 12 Sep 2024 12:59:00 -0400 Subject: [PATCH 5/7] - remove token hint --- tdrs-backend/tdpservice/users/api/logout_redirect_oidc.py | 1 - 1 file changed, 1 deletion(-) diff --git a/tdrs-backend/tdpservice/users/api/logout_redirect_oidc.py b/tdrs-backend/tdpservice/users/api/logout_redirect_oidc.py index c060a8db1..9b218a56a 100644 --- a/tdrs-backend/tdpservice/users/api/logout_redirect_oidc.py +++ b/tdrs-backend/tdpservice/users/api/logout_redirect_oidc.py @@ -59,7 +59,6 @@ def get(self, request, *args, **kwargs): # build out full API GET call to authorize endpoint if use_ams_handler: ams_configuration = LoginRedirectAMS.get_ams_configuration() - # logout_params["id_token_hint"] = token_hint encoded_params = urlencode(logout_params, quote_via=quote_plus) return HttpResponseRedirect(ams_configuration["end_session_endpoint"] + "?" + encoded_params) else: From 08eecfaf852413b230453c2f37bd485d9660045a Mon Sep 17 00:00:00 2001 From: Eric Lipe Date: Thu, 12 Sep 2024 13:14:27 -0400 Subject: [PATCH 6/7] - Add AMS client id to logout params --- tdrs-backend/tdpservice/users/api/logout_redirect_oidc.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tdrs-backend/tdpservice/users/api/logout_redirect_oidc.py b/tdrs-backend/tdpservice/users/api/logout_redirect_oidc.py index 9b218a56a..f948b867d 100644 --- a/tdrs-backend/tdpservice/users/api/logout_redirect_oidc.py +++ b/tdrs-backend/tdpservice/users/api/logout_redirect_oidc.py @@ -58,6 +58,7 @@ def get(self, request, *args, **kwargs): # build out full API GET call to authorize endpoint if use_ams_handler: + logout_params["client_id"] = settings.AMS_CLIENT_ID ams_configuration = LoginRedirectAMS.get_ams_configuration() encoded_params = urlencode(logout_params, quote_via=quote_plus) return HttpResponseRedirect(ams_configuration["end_session_endpoint"] + "?" + encoded_params) From 69d7936bd198541c35ce3b30ae0727b7849d4268 Mon Sep 17 00:00:00 2001 From: Eric Lipe Date: Thu, 12 Sep 2024 13:21:33 -0400 Subject: [PATCH 7/7] - Move client id creation to respective brances --- tdrs-backend/tdpservice/users/api/logout_redirect_oidc.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tdrs-backend/tdpservice/users/api/logout_redirect_oidc.py b/tdrs-backend/tdpservice/users/api/logout_redirect_oidc.py index f948b867d..4b6db4ff3 100644 --- a/tdrs-backend/tdpservice/users/api/logout_redirect_oidc.py +++ b/tdrs-backend/tdpservice/users/api/logout_redirect_oidc.py @@ -49,7 +49,6 @@ def get(self, request, *args, **kwargs): # params needed by the logout endpoint logout_params = { - "client_id": settings.LOGIN_GOV_CLIENT_ID, "post_logout_redirect_uri": settings.BASE_URL + "/logout", "state": state, } @@ -63,5 +62,6 @@ def get(self, request, *args, **kwargs): encoded_params = urlencode(logout_params, quote_via=quote_plus) return HttpResponseRedirect(ams_configuration["end_session_endpoint"] + "?" + encoded_params) else: + logout_params["client_id"] = settings.LOGIN_GOV_CLIENT_ID encoded_params = urlencode(logout_params, quote_via=quote_plus) return HttpResponseRedirect(settings.LOGIN_GOV_LOGOUT_ENDPOINT + "?" + encoded_params)