Merge branch 'dev' into 26/eval-footer

.env_login

@@ -0,0 +1,4 @@
+# local dev env vars for login.gov
+export LOGIN_CLIENT_ID=urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:challenge_gov_portal_eval_dev
+export LOGIN_REDIRECT_EVAL_URL=http://localhost:3000/auth/result
+export LOGOUT_REDIRECT_EVAL_URL=http://localhost:3000/

.envrc

@@ -4,3 +4,6 @@ use nix
 
 mkdir -p .nix-bundler
 export BUNDLE_PATH=./.nix-bundler
+
+# Login Env Vars
+source .env_login

DEVCONFIG.md

@@ -63,7 +63,10 @@ Once direnv is installed and your shell is restarted, clone the project and `cd`
 1. Set up your uswds files in the build directory `npx gulp copyAssets`
 1. Setup the database `rake db:create`, note that postgres must be running for this to work
 1. Boot the system, this will run the sass, esbuild, and uswds watchers along with the rails server
-   1. `./bin/dev`
+    ```
+    ./bin/dev
+    ```
+    > _NOTE for login.gov configuration_ -- if you are **not** using direnv/nix to eval `.envrc`, you can run `source .env_login` in your terminal before starting the server or add the env vars in that file to your local environment directly.
 
 Now you can visit [`localhost:3000`](http://localhost:3000) from your browser.
 

Gemfile

@@ -90,6 +90,6 @@ group :test do
   gem "capybara"
   gem "selenium-webdriver"
   gem "rspec_junit_formatter"
-  gem "simplecov"
+  gem 'simplecov', '~> 0.17.0', require: false
   gem "rails-controller-testing"
 end

Gemfile.lock

@@ -84,7 +84,7 @@ GEM
     base64 (0.2.0)
     bigdecimal (3.1.8)
     bindex (0.8.1)
-    bootsnap (1.18.3)
+    bootsnap (1.18.4)
       msgpack (~> 1.2)
     builder (3.3.0)
     capybara (3.40.0)
@@ -96,8 +96,8 @@ GEM
       rack-test (>= 0.6.3)
       regexp_parser (>= 1.5, < 3.0)
       xpath (~> 3.2)
-    codeclimate-test-reporter (1.0.9)
-      simplecov (<= 0.13)
+    codeclimate-test-reporter (1.0.7)
+      simplecov
     concurrent-ruby (1.3.3)
     connection_pool (2.4.1)
     crack (1.0.0)
@@ -111,18 +111,18 @@ GEM
       irb (~> 1.10)
       reline (>= 0.3.8)
     diff-lcs (1.5.1)
-    docile (1.1.5)
+    docile (1.4.1)
     drb (2.2.1)
     erubi (1.13.0)
-    faraday (2.10.0)
+    faraday (2.10.1)
       faraday-net_http (>= 2.0, < 3.2)
       logger
-    faraday-net_http (3.1.0)
+    faraday-net_http (3.1.1)
       net-http
     foreman (0.88.1)
     globalid (1.2.1)
       activesupport (>= 6.1)
-    hashdiff (1.1.0)
+    hashdiff (1.1.1)
     i18n (1.14.5)
       concurrent-ruby (~> 1.0)
     io-console (0.7.2)
@@ -165,19 +165,23 @@ GEM
     net-smtp (0.5.0)
       net-protocol
     nio4r (2.7.3)
-    nokogiri (1.16.6-aarch64-linux)
+    nokogiri (1.16.7-aarch64-linux)
       racc (~> 1.4)
-    nokogiri (1.16.6-arm64-darwin)
+    nokogiri (1.16.7-arm-linux)
       racc (~> 1.4)
-    nokogiri (1.16.6-x86_64-darwin)
+    nokogiri (1.16.7-arm64-darwin)
       racc (~> 1.4)
-    nokogiri (1.16.6-x86_64-linux)
+    nokogiri (1.16.7-x86-linux)
+      racc (~> 1.4)
+    nokogiri (1.16.7-x86_64-darwin)
+      racc (~> 1.4)
+    nokogiri (1.16.7-x86_64-linux)
       racc (~> 1.4)
     parallel (1.25.1)
     parser (3.3.4.0)
       ast (~> 2.4.1)
       racc
-    pg (1.5.6)
+    pg (1.5.7)
     prism (0.30.0)
     propshaft (0.9.0)
       actionpack (>= 7.0.0)
@@ -186,7 +190,7 @@ GEM
       railties (>= 7.0.0)
     psych (5.1.2)
       stringio
-    public_suffix (6.0.0)
+    public_suffix (6.0.1)
     puma (6.4.2)
       nio4r (~> 2.0)
     racc (1.8.1)
@@ -272,7 +276,7 @@ GEM
       rubocop-ast (>= 1.31.1, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 3.0)
-    rubocop-ast (1.31.3)
+    rubocop-ast (1.32.0)
       parser (>= 3.3.1.0)
     rubocop-performance (1.21.1)
       rubocop (>= 1.48.1, < 2.0)
@@ -284,9 +288,9 @@ GEM
       rubocop-ast (>= 1.31.1, < 2.0)
     rubocop-rake (0.6.0)
       rubocop (~> 1.0)
-    rubocop-rspec (3.0.3)
+    rubocop-rspec (3.0.4)
       rubocop (~> 1.61)
-    ruby-lsp (0.17.9)
+    ruby-lsp (0.17.11)
       language_server-protocol (~> 3.17.0)
       prism (>= 0.29.0, < 0.31)
       rbs (>= 3, < 4)
@@ -299,12 +303,12 @@ GEM
       rexml (~> 3.2, >= 3.2.5)
       rubyzip (>= 1.2.2, < 3.0)
       websocket (~> 1.0)
-    simplecov (0.13.0)
-      docile (~> 1.1.0)
+    simplecov (0.17.1)
+      docile (~> 1.1)
       json (>= 1.8, < 3)
       simplecov-html (~> 0.10.0)
     simplecov-html (0.10.2)
-    sorbet-runtime (0.5.11492)
+    sorbet-runtime (0.5.11511)
     stimulus-rails (1.3.3)
       railties (>= 6.0.0)
     stringio (3.1.1)
@@ -335,14 +339,14 @@ GEM
     websocket-extensions (0.1.5)
     xpath (3.2.0)
       nokogiri (~> 1.8)
-    zeitwerk (2.6.16)
+    zeitwerk (2.6.17)
 
 PLATFORMS
   aarch64-linux
-  arm64-darwin-21
-  arm64-darwin-22
-  arm64-darwin-23
-  x86_64-darwin-22
+  arm-linux
+  arm64-darwin
+  x86-linux
+  x86_64-darwin
   x86_64-linux
 
 DEPENDENCIES
@@ -371,7 +375,7 @@ DEPENDENCIES
   rubocop-rspec
   ruby-lsp
   selenium-webdriver
-  simplecov
+  simplecov (~> 0.17.0)
   stimulus-rails
   turbo-rails
   tzinfo-data
@@ -382,4 +386,4 @@ RUBY VERSION
    ruby 3.2.4p170
 
 BUNDLED WITH
-   2.4.6
+   2.5.9

Rakefile

@@ -9,8 +9,12 @@ Rails.application.load_tasks
 
 namespace :cf do
   desc "Only run on the first application instance"
-  task :on_first_instance do
-    instance_index = JSON.parse(ENV["VCAP_APPLICATION"])["instance_index"] rescue nil
-    exit(0) unless instance_index == 0
+  task on_first_instance: :environment do
+    instance_index = begin
+      JSON.parse(ENV.fetch("VCAP_APPLICATION", nil))["instance_index"]
+    rescue
+      nil
+    end
+    exit(0) unless instance_index.zero?
   end
 end

app/controllers/application_controller.rb

@@ -1,4 +1,34 @@
 # frozen_string_literal: true
 
 class ApplicationController < ActionController::Base
+  helper_method :current_user, :logged_in?
+
+  def current_user
+    return unless session[:userinfo]
+
+    user_token = session["userinfo"][0]["sub"]
+    @current_user ||= User.find_by(token: user_token) if user_token
+  end
+
+  def logged_in?
+    !!current_user
+  end
+
+  def sign_in(login_userinfo)
+    user = User.user_from_userinfo(login_userinfo)
+
+    @current_user = user
+    session[:userinfo] = login_userinfo
+  end
+
+  def sign_out
+    @current_user = nil
+    session.delete(:userinfo)
+  end
+
+  def redirect_if_logged_in(path = "/dashboard")
+    return unless logged_in?
+
+    redirect_to path, notice: I18n.t("already_logged_in_notice")
+  end
 end

app/controllers/dashboard_controller.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+class DashboardController < ApplicationController
+  def index; end
+end

app/controllers/sessions_controller.rb

@@ -12,17 +12,16 @@ def create
     redirect_to(login_gov.authorization_url, allow_other_host: true)
   end
 
-  def delete
+  def destroy
     login_gov = LoginGov.new
-    # TODO: update user session status, clear out JWT
     # TODO: add session duration to the security log
-    # TODO: delete session locally and Phoenix
-    redirect_to(login_gov.logout_url)
+    sign_out
+    redirect_to(login_gov.logout_url, allow_other_host: true)
   end
 
   def result
-    # TODO: store the user_info in the session
-    # session[:user_info] = @login_userinfo
+    sign_in(@login_userinfo)
+    redirect_to dashboard_path
   end
 
   private

app/models/application_record.rb

@@ -2,4 +2,14 @@
 
 class ApplicationRecord < ActiveRecord::Base
   primary_abstract_class
+
+  attribute :inserted_at, :datetime, precision: 6
+  attribute :updated_at, :datetime, precision: 6
+
+  # created_at timestamp is currently overridden to inserted_at due to shared Phoenix database
+  def self.timestamp_attributes_for_create
+    # only strings allowed here, symbols won't work, see below commit for more details
+    # https://github.com/rails/rails/commit/2b5dacb43dd92e98e1fd240a80c2a540ed380257
+    super << 'inserted_at'
+  end
 end

app/models/security_log.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+# == Schema Information
+#
+# Table name: security_log
+#
+#  id                    :bigint           not null, primary key
+#  action                :string(255)      not null
+#  details               :jsonb
+#  originator_id         :bigint
+#  originator_role       :string(255)
+#  originator_identifier :string(255)
+#  target_id             :integer
+#  target_type           :string(255)
+#  target_identifier     :string(255)
+#  logged_at             :datetime         not null
+#  originator_remote_ip  :string(255)
+#
+class SecurityLog < ApplicationRecord
+  self.table_name = 'security_log'
+
+  belongs_to :originator, class_name: 'User', optional: true
+
+  ROLES = %w[
+    status_change account_update role_change accessed_site session_duration
+    create read update delete submit renewal_request
+  ].freeze
+
+  validates :action, presence: true, inclusion: { in: ROLES }
+  validates :logged_at, presence: true
+
+  before_validation :set_logged_at, on: :create
+
+  # Attributes
+  attribute :action, :string
+  attribute :details, :jsonb
+  attribute :originator_id, :integer
+  attribute :originator_role, :string
+  attribute :originator_identifier, :string
+  attribute :originator_remote_ip, :string
+  attribute :target_id, :integer
+  attribute :target_type, :string
+  attribute :target_identifier, :string
+  attribute :logged_at, :datetime
+
+  def self.timestamp_attributes_for_create
+    super + %w[logged_at]
+  end
+
+  private
+
+  def set_logged_at
+    self.logged_at ||= DateTime.now
+  end
+end