UML-3121 make redirect uri dynamic

ministryofjustice · Oct 30, 2023 · 06f7b8a · 06f7b8a
1 parent 5ae1593
commit 06f7b8a
Show file tree

Hide file tree

Showing 7 changed files with 28 additions and 15 deletions.
diff --git a/service-api/app/src/App/src/Handler/OneLoginAuthenticationRequestHandler.php b/service-api/app/src/App/src/Handler/OneLoginAuthenticationRequestHandler.php
@@ -31,15 +31,22 @@ public function handle(ServerRequestInterface $request): ResponseInterface
     {
         $requestData = $request->getQueryParams();
 
+        if (empty($requestData['redirect_url'])) {
+            throw new BadRequestException('Redirect URL must be provided');
+        }
+
         if (empty($requestData['ui_locale'])) {
             throw new BadRequestException('Ui locale must be provided');
         }
 
-        $ui_locale = strtolower($requestData['ui_locale']);
+        $redirect_url = $requestData['redirect_url'];
+        $ui_locale    = strtolower($requestData['ui_locale']);
         if ($ui_locale !== 'en' and $ui_locale !== 'cy') {
             throw new BadRequestException('ui_locale is not set to en or cy');
         }
 
-        return new JsonResponse($this->authenticationRequestService->createAuthenticationRequest($ui_locale));
+        $authRequest = $this->authenticationRequestService->createAuthenticationRequest($ui_locale, $redirect_url);
+
+        return new JsonResponse($authRequest);
     }
 }
diff --git a/service-api/app/src/App/src/Service/Authentication/OneLoginAuthenticationRequestService.php b/service-api/app/src/App/src/Service/Authentication/OneLoginAuthenticationRequestService.php
@@ -22,7 +22,7 @@ public function __construct(
     ) {
     }
 
-    public function createAuthenticationRequest(string $uiLocale): array
+    public function createAuthenticationRequest(string $uiLocale, string $redirectURL): array
     {
 
         $cachedBuilder = new MetadataProviderBuilder();
@@ -59,7 +59,7 @@ public function createAuthenticationRequest(string $uiLocale): array
             [
                 'scope'        => 'openid email',
                 'state'        => $state,
-                'redirect_uri' => 'http://localhost:9002/auth/redirect', //TODO: use dynamic domain UML-3121
+                'redirect_uri' => $redirectURL,
                 'nonce'        => $nonce,
                 'vtr'          => '["Cl.Cm.P2"]',
                 'ui_locales'   => $uiLocale,

diff --git a/...-api/app/test/AppTest/Service/Authentication/OneLoginAuthenticationRequestServiceTest.php b/...-api/app/test/AppTest/Service/Authentication/OneLoginAuthenticationRequestServiceTest.php
@@ -53,15 +53,13 @@ public function create_authentication_request(): void
             $this->issuerBuilder->reveal(),
             $this->cacheFactory->reveal(),
         );
-        $authorisationRequest        = $authorisationRequestService->createAuthenticationRequest('en');
+        $fakeRedirect                = 'http://fakehost/auth/redirect';
+        $authorisationRequest        = $authorisationRequestService->createAuthenticationRequest('en', $fakeRedirect);
         $authorisationRequestUrl     = $authorisationRequest['url'];
         $this->assertStringContainsString('client_id=client-id', $authorisationRequestUrl);
         $this->assertStringContainsString('scope=openid+email', $authorisationRequestUrl);
         $this->assertStringContainsString('vtr=["Cl.Cm.P2"]', urldecode($authorisationRequestUrl));
         $this->assertStringContainsString('ui_locales=en', $authorisationRequestUrl);
-        $this->assertStringContainsString(
-            'redirect_uri=http://localhost:9002/auth/redirect',
-            urldecode($authorisationRequestUrl)
-        );
+        $this->assertStringContainsString('redirect_uri=' . $fakeRedirect, urldecode($authorisationRequestUrl));
     }
 }
diff --git a/service-front/app/config/routes.php b/service-front/app/config/routes.php
@@ -100,6 +100,7 @@
     $app->get('/session-expired', Actor\Handler\ActorSessionExpiredHandler::class, 'session-expired');
     $app->get('/session-check', Actor\Handler\ActorSessionCheckHandler::class, 'session-check');
     $app->get('/session-refresh', Common\Handler\SessionRefreshHandler::class, 'session-refresh');
+    $app->route('/auth/redirect', Actor\Handler\LoginPageHandler::class, ['GET', 'POST'], 'auth-redirect');
 
     $app->get(
         '/logout',

diff --git a/service-front/app/src/Actor/src/Handler/AuthenticateOneLoginHandler.php b/service-front/app/src/Actor/src/Handler/AuthenticateOneLoginHandler.php
@@ -16,6 +16,7 @@
 use Facile\OpenIDClient\Session\AuthSession;
 use Laminas\Diactoros\Response\HtmlResponse;
 use Laminas\Diactoros\Response\RedirectResponse;
+use Mezzio\Helper\ServerUrlHelper;
 use Mezzio\Helper\UrlHelper;
 use Mezzio\Session\SessionMiddleware;
 use Mezzio\Template\TemplateRendererInterface;
@@ -39,6 +40,7 @@ public function __construct(
         UrlHelper $urlHelper,
         LoggerInterface $logger,
         private OneLoginService $authenticateOneLoginService,
+        private ServerUrlHelper $serverUrlHelper,
     ) {
         parent::__construct($renderer, $urlHelper, $logger);
     }
@@ -50,7 +52,9 @@ public function handle(ServerRequestInterface $request): ResponseInterface
         if ($request->getMethod() === 'POST') {
             $url      = $this->urlHelper->generate();
             $uiLocale = (str_contains($url, '/cy/') ? 'cy' : 'en');
-            $result   = $this->authenticateOneLoginService->authenticate($uiLocale);
+            $loginUrl   = $this->urlHelper->generate('auth-redirect');
+            $signInLink = $this->serverUrlHelper->generate($loginUrl);
+            $result     = $this->authenticateOneLoginService->authenticate($uiLocale, $signInLink);
             $this
                 ->getSession($request, SessionMiddleware::SESSION_ATTRIBUTE)
                 ?->set(self::OIDC_AUTH_INTERFACE, AuthSession::fromArray($result));

diff --git a/service-front/app/src/Common/src/Service/OneLogin/OneLoginService.php b/service-front/app/src/Common/src/Service/OneLogin/OneLoginService.php
@@ -12,10 +12,11 @@ public function __construct(private ApiClient $apiClient)
     {
     }
 
-    public function authenticate(string $uiLocale): ?array
+    public function authenticate(string $uiLocale, string $redirectUrl): ?array
     {
         return $this->apiClient->httpGet('/v1/auth-one-login', [
-            'ui_locale' => $uiLocale,
+            'ui_locale'    => $uiLocale,
+            'redirect_url' => $redirectUrl,
         ]);
     }
 }
diff --git a/service-front/app/test/CommonTest/Service/OneLogin/OneLoginServiceTest.php b/service-front/app/test/CommonTest/Service/OneLogin/OneLoginServiceTest.php
@@ -18,12 +18,13 @@ public function can_get_authentication_request_uri(): void
     {
         $state = 'STATE';
         $nonce = 'aEwkamaos5B';
+        $redirect = 'FAKE_REDIRECT';
         $uri   = '/authorize?response_type=code
             &scope=YOUR_SCOPES
             &client_id=YOUR_CLIENT_ID
             &state=' . $state .
-            '&redirect_uri=YOUR_REDIRECT_URI
-            &nonce=' . $nonce .
+            '&redirect_uri=' . $redirect .
+            '&nonce=' . $nonce .
             '&vtr=["Cl.Cm"]
             &ui_locales=en';
 
@@ -34,11 +35,12 @@ public function can_get_authentication_request_uri(): void
                 '/v1/auth-one-login',
                 [
                     'ui_locale' => 'en',
+                    'redirect_url' => $redirect,
                 ]
             )->willReturn(['state' => $state, 'nonce' => $nonce, 'url' => $uri]);
 
         $oneLoginService = new OneLoginService($apiClientProphecy->reveal());
-        $response        = $oneLoginService->authenticate('en');
+        $response        = $oneLoginService->authenticate('en', $redirect);
         $this->assertEquals(['state' => $state, 'nonce' => $nonce, 'url' => $uri], $response);
     }
 }