diff --git a/.env_login b/.env_login new file mode 100644 index 00000000..de4aac84 --- /dev/null +++ b/.env_login @@ -0,0 +1,4 @@ +# local dev env vars for login.gov +export LOGIN_CLIENT_ID=urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:challenge_gov_portal_eval_dev +export LOGIN_REDIRECT_EVAL_URL=http://localhost:3000/auth/result +export LOGOUT_REDIRECT_EVAL_URL=http://localhost:3000/ \ No newline at end of file diff --git a/.envrc b/.envrc index 3e088573..4fbb075a 100644 --- a/.envrc +++ b/.envrc @@ -4,3 +4,6 @@ use nix mkdir -p .nix-bundler export BUNDLE_PATH=./.nix-bundler + +# Login Env Vars +source .env_login diff --git a/.tool-versions b/.tool-versions index e87d7b95..70b96cf5 100644 --- a/.tool-versions +++ b/.tool-versions @@ -1,3 +1,3 @@ -ruby 3.2.4 -nodejs 20.15.1 -yarn 1.22.22 +ruby system +nodejs system +yarn system diff --git a/DEVCONFIG.md b/DEVCONFIG.md index 287a87dd..c9b2a296 100644 --- a/DEVCONFIG.md +++ b/DEVCONFIG.md @@ -63,7 +63,10 @@ Once direnv is installed and your shell is restarted, clone the project and `cd` 1. Set up your uswds files in the build directory `npx gulp copyAssets` 1. Setup the database `rake db:create`, note that postgres must be running for this to work 1. Boot the system, this will run the sass, esbuild, and uswds watchers along with the rails server - 1. `./bin/dev` + ``` + ./bin/dev + ``` + > _NOTE for login.gov configuration_ -- if you are **not** using direnv/nix to eval `.envrc`, you can run `source .env_login` in your terminal before starting the server or add the env vars in that file to your local environment directly. Now you can visit [`localhost:3000`](http://localhost:3000) from your browser. diff --git a/app/models/login_gov.rb b/app/models/login_gov.rb index 7d4e398e..ac88f861 100644 --- a/app/models/login_gov.rb +++ b/app/models/login_gov.rb @@ -21,6 +21,7 @@ def initialize(msg, code:, body:) attr_reader :config def initialize(config = Rails.configuration.login_gov_oidc) + puts config.inspect @config = config.freeze.dup end diff --git a/config/application.rb b/config/application.rb index 0f48164e..a97f4d90 100644 --- a/config/application.rb +++ b/config/application.rb @@ -28,5 +28,17 @@ class Application < Rails::Application # Use the Postgresql-specific syntax for DB dumps config.active_record.schema_format = :sql + + # Shared login.gov config with ENV overrides + config.login_gov_oidc = { + idp_host: ENV.fetch("LOGIN_IDP_HOST", "https://idp.int.identitysandbox.gov"), + login_redirect_uri: ENV.fetch("LOGIN_REDIRECT_EVAL_URL", "https://challenge-dev.app.cloud.gov/auth/result"), + logout_redirect_uri: ENV.fetch("LOGOUT_REDIRECT_EVAL_URL", "https://challenge-dev.app.cloud.gov/"), + acr_value: "http://idmanagement.gov/ns/assurance/loa/1", + client_id: ENV.fetch("LOGIN_CLIENT_ID", "urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:_client_id"), # default fake ID for CI + private_key_password: ENV.fetch("LOGIN_PRIVATE_KEY_PASSWORD", nil), # optional + public_key_path: ENV.fetch("LOGIN_PUBLIC_KEY_PATH", "config/public.crt"), + private_key_path: ENV.fetch("LOGIN_PRIVATE_KEY_PATH", "config/private.pem"), + } end end diff --git a/config/environments/development.rb b/config/environments/development.rb deleted file mode 100644 index 5220eed1..00000000 --- a/config/environments/development.rb +++ /dev/null @@ -1,89 +0,0 @@ -# frozen_string_literal: true - -require "active_support/core_ext/integer/time" - -Rails.application.configure do - # Settings specified here will take precedence over those in config/application.rb. - - # In the development environment your application's code is reloaded any time - # it changes. This slows down response time but is perfect for development - # since you don't have to restart the web server when you make code changes. - config.enable_reloading = true - - # Do not eager load code on boot. - config.eager_load = false - - # Show full error reports. - config.consider_all_requests_local = true - - # Enable server timing - config.server_timing = true - - # Enable/disable caching. By default caching is disabled. - # Run rails dev:cache to toggle caching. - if Rails.root.join("tmp/caching-dev.txt").exist? - config.action_controller.perform_caching = true - config.action_controller.enable_fragment_cache_logging = true - - config.cache_store = :memory_store - config.public_file_server.headers = { - "Cache-Control" => "public, max-age=#{2.days.to_i}" - } - else - config.action_controller.perform_caching = false - - config.cache_store = :null_store - end - - # Store uploaded files on the local file system (see config/storage.yml for options). - config.active_storage.service = :local - - # Don't care if the mailer can't send. - config.action_mailer.raise_delivery_errors = false - - config.action_mailer.perform_caching = false - - # Print deprecation notices to the Rails logger. - config.active_support.deprecation = :log - - # Raise exceptions for disallowed deprecations. - config.active_support.disallowed_deprecation = :raise - - # Tell Active Support which deprecation messages to disallow. - config.active_support.disallowed_deprecation_warnings = [] - - # Raise an error on page load if there are pending migrations. - config.active_record.migration_error = :page_load - - # Highlight code that triggered database queries in logs. - config.active_record.verbose_query_logs = true - - # Highlight code that enqueued background job in logs. - config.active_job.verbose_enqueue_logs = true - - # Suppress logger output for asset requests. - config.assets.quiet = true - - # Raises error for missing translations. - # config.i18n.raise_on_missing_translations = true - - # Annotate rendered view with file names. - # config.action_view.annotate_rendered_view_with_filenames = true - - # Uncomment if you wish to allow Action Cable access from any origin. - # config.action_cable.disable_request_forgery_protection = true - - # Raise error when a before_action's only/except options reference missing actions - config.action_controller.raise_on_missing_callback_actions = true - - config.login_gov_oidc = { - idp_host: "https://idp.int.identitysandbox.gov", - login_redirect_uri: "http://localhost:3000/auth/result", - logout_redirect_uri: "http://localhost:3000/", - acr_value: "http://idmanagement.gov/ns/assurance/loa/1", - client_id: "urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:challenge_gov_platform_dev", - private_key_password: nil, - private_key_path: "config/private.pem", - public_key_path: "config/public.crt", - } -end diff --git a/manifest.yml b/manifest.yml index 98a99852..9ae01e7d 100644 --- a/manifest.yml +++ b/manifest.yml @@ -20,9 +20,9 @@ applications: RAILS_LOG_TO_STDOUT: true RAILS_SERVE_STATIC_FILES: true HOST: challenge-dev.app.cloud.gov + LOGIN_CLIENT_ID: urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:challenge_gov_portal_eval_dev + LOGIN_IDP_HOST: https://idp.int.identitysandbox.gov LOGIN_PRIVATE_KEY_PATH: dev_key.pem LOGIN_PUBLIC_KEY_PATH: dev_cert.pem - LOGIN_REDIRECT_URL: https://challenge-portal-dev.app.cloud.gov/auth/result - LOGIN_IDP_AUTHORIZE_URL: https://idp.int.identitysandbox.gov/openid_connect/authorize - LOGIN_TOKEN_ENDPOINT: https://idp.int.identitysandbox.gov/api/openid_connect/token - LOGIN_CLIENT_ID: urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:challenge_gov_portal_dev + LOGIN_REDIRECT_EVAL_URL: https://challenge-dev.app.cloud.gov/auth/result + LOGOUT_REDIRECT_EVAL_URL: https://challenge-dev.app.cloud.gov/ \ No newline at end of file