diff --git a/.env.example b/.env.example index b7f1713f3b..3169fdbe27 100644 --- a/.env.example +++ b/.env.example @@ -99,5 +99,14 @@ UNIFORM_CLIENT_AYLESBURY_VALE=👻 UNIFORM_CLIENT_CHILTERN=👻 UNIFORM_CLIENT_WYCOMBE=👻 +## Camden +BOPS_SUBMISSION_URL_CAMDEN=👻 + +## Gloucester +BOPS_SUBMISSION_URL_GLOUCESTER=👻 + +## Medway +GOV_UK_PAY_TOKEN_MEDWAY=👻 + ## End-to-end test team (borrows Lambeth's details) GOV_UK_PAY_TOKEN_E2E=👻 diff --git a/api.planx.uk/.env.test.example b/api.planx.uk/.env.test.example index 51ce761586..877b1405bf 100644 --- a/api.planx.uk/.env.test.example +++ b/api.planx.uk/.env.test.example @@ -26,10 +26,7 @@ HASURA_PLANX_API_KEY=👻 # Integrations BOPS_API_TOKEN=👻 - -GOV_UK_PAY_TOKEN_BUCKINGHAMSHIRE=👻 -GOV_UK_PAY_TOKEN_LAMBETH=👻 -GOV_UK_PAY_TOKEN_SOUTHWARK=👻 +BOPS_API_TOKEN=👻 GOVUK_NOTIFY_API_KEY=testlocaldev2-👻 @@ -38,12 +35,26 @@ UNIFORM_SUBMISSION_URL=👻 SLACK_WEBHOOK_URL=👻 +ORDNANCE_SURVEY_API_KEY=👻 + # Local authority specific integrations ## Lambeth GOV_UK_PAY_TOKEN_LAMBETH=👻 +BOPS_SUBMISSION_URL_LAMBETH=👻 ## Southwark GOV_UK_PAY_TOKEN_SOUTHWARK=👻 +BOPS_SUBMISSION_URL_SOUTHWARK=👻 ## Buckinghamshire -GOV_UK_PAY_TOKEN_BUCKINGHAMSHIRE=👻 \ No newline at end of file +GOV_UK_PAY_TOKEN_BUCKINGHAMSHIRE=👻 +BOPS_SUBMISSION_URL_BUCKINGHAMSHIRE=👻 + +## Camden +BOPS_SUBMISSION_URL_CAMDEN=👻 + +## Gloucester +BOPS_SUBMISSION_URL_GLOUCESTER=👻 + +## Medway +GOV_UK_PAY_TOKEN_MEDWAY=👻 diff --git a/api.planx.uk/modules/auth/controller.ts b/api.planx.uk/modules/auth/controller.ts index 69ac070316..458487ad6c 100644 --- a/api.planx.uk/modules/auth/controller.ts +++ b/api.planx.uk/modules/auth/controller.ts @@ -1,8 +1,6 @@ import { CookieOptions, RequestHandler, Response } from "express"; import { Request } from "express-jwt"; -import { isLiveEnv } from "../../helpers"; - export const failedLogin: RequestHandler = (_req, _res, next) => next({ status: 401, @@ -17,61 +15,64 @@ export const logout: RequestHandler = (req, res) => { }; export const handleSuccess = (req: Request, res: Response) => { - if (req.user) { - const { returnTo = process.env.EDITOR_URL_EXT } = req.session!; - - const domain = (() => { - if (isLiveEnv()) { - if (returnTo?.includes("editor.planx.")) { - // user is logging in to staging from editor.planx.dev - // or production from editor.planx.uk - return `.${new URL(returnTo).host}`; - } else { - // user is logging in from either a netlify preview build, - // or from localhost, to staging (or production... temporarily) - return undefined; - } - } else { - // user is logging in from localhost, to development - return "localhost"; - } - })(); - - if (domain) { - // As domain is set, we know that we're either redirecting back to - // editor.planx.dev/login, editor.planx.uk, or localhost:PORT - // (if this code is running in development). With the respective - // domain set in the cookie. - const cookie: CookieOptions = { - domain, - maxAge: new Date( - new Date().setFullYear(new Date().getFullYear() + 1), - ).getTime(), - httpOnly: false, - }; - - if (isLiveEnv()) { - cookie.secure = true; - cookie.sameSite = "none"; - } - - res.cookie("jwt", req.user.jwt, cookie); - - res.redirect(returnTo); - } else { - // Redirect back to localhost:PORT/login (if this API is in staging or - // production), or a netlify preview build url. As the login page is on a - // different domain to whatever this API is running on, we can't set a - // cookie. To solve this issue we inject the JWT into the return url as - // a parameter that can be extracted by the frontend code instead. - const url = new URL(returnTo); - url.searchParams.set("jwt", req.user.jwt); - res.redirect(url.href); - } - } else { - res.json({ + if (!req.user) { + return res.json({ message: "no user", success: true, }); } + + // Check referrer of original request + // This means requests from Pizzas to the staging API will not get flagged as `isStagingOrProd` + const { returnTo = process.env.EDITOR_URL_EXT } = req.session!; + if (!returnTo) throw Error("Can't generate returnTo URL from session"); + + const isStagingOrProd = returnTo.includes("editor.planx."); + + isStagingOrProd + ? setJWTCookie(returnTo, res, req) + : setJWTSearchParams(returnTo, res, req); }; + +/** + * Handle auth for staging and production + * + * Use a httpOnly cookie to pass the JWT securely back to the client. + * The client will then use the JWT to make authenticated requests to the API. + */ +function setJWTCookie(returnTo: string, res: Response, req: Request) { + const defaultCookieOptions: CookieOptions = { + domain: `.${new URL(returnTo).host}`, + maxAge: new Date( + new Date().setFullYear(new Date().getFullYear() + 1), + ).getTime(), + sameSite: "none", + secure: true, + }; + + const httpOnlyCookieOptions: CookieOptions = { + ...defaultCookieOptions, + httpOnly: true, + }; + + // Set secure, httpOnly cookie with JWT + res.cookie("jwt", req.user!.jwt, httpOnlyCookieOptions); + + // Set second cookie which can be read by browser to detect presence of the unreadable httpOnly cookie + const authCookie = btoa(JSON.stringify({ loggedIn: true })); + res.cookie("auth", authCookie, defaultCookieOptions); + + res.redirect(returnTo); +} + +/** + * Handle auth for local development and Pizzas + * + * We can't use cookies cross-domain. + * Inject the JWT into the return URL, which can then be set as a cookie by the frontend + */ +function setJWTSearchParams(returnTo: string, res: Response, req: Request) { + const url = new URL(returnTo); + url.searchParams.set("jwt", req.user!.jwt); + res.redirect(url.href); +} diff --git a/api.planx.uk/modules/gis/service/digitalLand.ts b/api.planx.uk/modules/gis/service/digitalLand.ts index 04387799f2..ea1f9cf8aa 100644 --- a/api.planx.uk/modules/gis/service/digitalLand.ts +++ b/api.planx.uk/modules/gis/service/digitalLand.ts @@ -18,6 +18,7 @@ export interface LocalAuthorityMetadata { } const localAuthorityMetadata: Record = { + barnet: require("./local_authorities/metadata/barnet"), birmingham: require("./local_authorities/metadata/birmingham"), buckinghamshire: require("./local_authorities/metadata/buckinghamshire"), camden: require("./local_authorities/metadata/camden"), @@ -203,6 +204,7 @@ async function go( // these are various ways we link source data to granular planx values (see local_authorities/metadata for specifics) entity.name.replace(/\r?\n|\r/g, " ") === a4s[key] || entity.reference === a4s[key] || + entity?.["article-4-direction"] === a4s[key] || entity?.notes === a4s[key] || entity?.description?.startsWith(a4s[key]) || formattedResult[key]?.value // if this granular var is already true, make sure it remains true diff --git a/api.planx.uk/modules/gis/service/local_authorities/metadata/barnet.ts b/api.planx.uk/modules/gis/service/local_authorities/metadata/barnet.ts new file mode 100644 index 0000000000..521e591ac8 --- /dev/null +++ b/api.planx.uk/modules/gis/service/local_authorities/metadata/barnet.ts @@ -0,0 +1,38 @@ +/* +LAD20CD: E09000003 +LAD20NM: Barnet +LAD20NMW: +FID: + +https://www.planning.data.gov.uk/entity/?dataset=article-4-direction-area&geometry_curie=statistical-geography%3AE09000003&entry_date_day=&entry_date_month=&entry_date_year= +https://docs.google.com/spreadsheets/d/1ZjqYdC7upA8YS9rBoyRIQPT1sqCXJBaxQDrvUh1todU/edit#gid=0 +*/ + +import { LocalAuthorityMetadata } from "../../digitalLand"; + +const planningConstraints: LocalAuthorityMetadata["planningConstraints"] = { + article4: { + // Planx granular values link to Digital Land article-4-direction and entity.reference + records: { + "article4.barnet.finchleyChurchEnd": "A4D1", + "article4.barnet.finchleyGardenVillage": "A4D2A1", + "article4.barnet.glenhillClose": "A4D3A1", + "article4.barnet.hendonBurroughs.1": "A4D5A1", + "article4.barnet.hendonBurroughs.2": "A4D5A2", + "article4.barnet.hampsteadGardenSuburb": "A4D4A1", + "article4.barnet.spaniardsEnd": " A4D4A2", + "article4.barnet.millHillA": "A4D6", + "article4.barnet.millHillB": "A4D7", + "article4.barnet.monkenHadleyA": "A4D8", + "article4.barnet.monkenHadleyB": "A4D9", + "article4.barnet.mossHall": "A4D10", + "article4.barnet.totteridgeA": "A4D11", + "article4.barnet.totteridgeB": "A4D12", + "article4.barnet.woodStreet": "A4D13", + "article4.barnet.hmo": "A4D14", + "article4.barnet.agriculturalLand": "A4D15", + }, + }, +}; + +export { planningConstraints }; diff --git a/api.planx.uk/modules/send/bops/bops.ts b/api.planx.uk/modules/send/bops/bops.ts index 9bfed5c288..1dd5006f9e 100644 --- a/api.planx.uk/modules/send/bops/bops.ts +++ b/api.planx.uk/modules/send/bops/bops.ts @@ -261,16 +261,16 @@ const sendToBOPSV2 = async ( .catch((error) => { if (error.response) { throw new Error( - `Sending to BOPS v2 failed (${localAuthority}):\n${JSON.stringify( - error.response.data, - null, - 2, - )}`, + `Sending to BOPS v2 failed (${[localAuthority, payload?.sessionId] + .filter(Boolean) + .join(" - ")}):\n${JSON.stringify(error.response.data, null, 2)}`, ); } else { // re-throw other errors throw new Error( - `Sending to BOPS v2 failed (${localAuthority}):\n${error}`, + `Sending to BOPS v2 failed (${[localAuthority, payload?.sessionId] + .filter(Boolean) + .join(" - ")}):\n${error}`, ); } }); @@ -279,7 +279,12 @@ const sendToBOPSV2 = async ( next( new ServerError({ status: 500, - message: `Sending to BOPS v2 failed (${localAuthority})`, + message: `Sending to BOPS v2 failed (${[ + localAuthority, + payload?.sessionId, + ] + .filter(Boolean) + .join(" - ")})`, cause: err, }), ); diff --git a/api.planx.uk/modules/send/createSendEvents/controller.ts b/api.planx.uk/modules/send/createSendEvents/controller.ts index 6fa8b60808..684bbbcfaa 100644 --- a/api.planx.uk/modules/send/createSendEvents/controller.ts +++ b/api.planx.uk/modules/send/createSendEvents/controller.ts @@ -30,28 +30,25 @@ const createSendEvents: CreateSendEventsController = async ( if (bops) { const bopsEvent = await createScheduledEvent({ webhook: `{{HASURA_PLANX_API_URL}}/bops/${bops.localAuthority}`, - schedule_at: new Date(now.getTime() + 30 * 1000), + schedule_at: new Date(now.getTime() + 25 * 1000), payload: bops.body, comment: `bops_submission_${sessionId}`, }); combinedResponse["bops"] = bopsEvent; - const isProduction = process.env.APP_ENVIRONMENT === "production"; - if (!isProduction) { - const bopsV2Event = await createScheduledEvent({ - webhook: `{{HASURA_PLANX_API_URL}}/bops-v2/${bops.localAuthority}`, - schedule_at: new Date(now.getTime() + 45 * 1000), - payload: bops.body, - comment: `bops_v2_submission_${sessionId}`, - }); - combinedResponse["bops_v2"] = bopsV2Event; - } + const bopsV2Event = await createScheduledEvent({ + webhook: `{{HASURA_PLANX_API_URL}}/bops-v2/${bops.localAuthority}`, + schedule_at: new Date(now.getTime() + 50 * 1000), + payload: bops.body, + comment: `bops_v2_submission_${sessionId}`, + }); + combinedResponse["bops_v2"] = bopsV2Event; } if (uniform) { const uniformEvent = await createScheduledEvent({ webhook: `{{HASURA_PLANX_API_URL}}/uniform/${uniform.localAuthority}`, - schedule_at: new Date(now.getTime() + 60 * 1000), + schedule_at: new Date(now.getTime() + 75 * 1000), payload: uniform.body, comment: `uniform_submission_${sessionId}`, }); diff --git a/api.planx.uk/modules/user/controller.ts b/api.planx.uk/modules/user/controller.ts index b7a83cb7f4..11ea5cf0d1 100644 --- a/api.planx.uk/modules/user/controller.ts +++ b/api.planx.uk/modules/user/controller.ts @@ -69,7 +69,7 @@ export const deleteUser: DeleteUser = async (_req, res, next) => { export const getLoggedInUserDetails: RequestHandler< Record, - User + User & { jwt: string | undefined } > = async (_req, res, next) => { try { const $client = getClient(); @@ -88,7 +88,12 @@ export const getLoggedInUserDetails: RequestHandler< status: 400, }); - res.json(user); + const jwt = userContext.getStore()?.user.jwt; + + res.json({ + ...user, + jwt: jwt, + }); } catch (error) { next(error); } diff --git a/api.planx.uk/modules/user/docs.yaml b/api.planx.uk/modules/user/docs.yaml index c774fd5453..5e65093164 100644 --- a/api.planx.uk/modules/user/docs.yaml +++ b/api.planx.uk/modules/user/docs.yaml @@ -91,6 +91,9 @@ paths: isPlatformAdmin: type: boolean example: true + jwt: + type: string + example: xxxxx.yyyyy.zzzzz teams: type: array items: diff --git a/api.planx.uk/server.ts b/api.planx.uk/server.ts index 5d0d2c18f7..0016cd8659 100644 --- a/api.planx.uk/server.ts +++ b/api.planx.uk/server.ts @@ -38,19 +38,18 @@ useSwaggerDocs(app); app.set("trust proxy", 1); -app.use((req, res, next) => { - res.header("Access-Control-Allow-Origin", req.headers.origin); - res.header( - "Access-Control-Allow-Headers", - "Origin, X-Requested-With, Content-Type, Accept", - ); - next(); -}); - app.use( cors({ credentials: true, methods: "*", + origin: process.env.EDITOR_URL_EXT, + allowedHeaders: [ + "Accept", + "Authorization", + "Content-Type", + "Origin", + "X-Requested-With", + ], }), ); @@ -90,6 +89,7 @@ assert(process.env.BOPS_API_TOKEN); assert(process.env.UNIFORM_TOKEN_URL); assert(process.env.UNIFORM_SUBMISSION_URL); +// Medway has sandbox pay only, so skip assertion as this will fail in production ["BUCKINGHAMSHIRE", "LAMBETH", "SOUTHWARK"].forEach((authority) => { assert(process.env[`GOV_UK_PAY_TOKEN_${authority}`]); }); diff --git a/docker-compose.yml b/docker-compose.yml index abc75db0af..25fc9bccee 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -153,6 +153,8 @@ services: UNIFORM_CLIENT_AYLESBURY_VALE: ${UNIFORM_CLIENT_AYLESBURY_VALE} UNIFORM_CLIENT_CHILTERN: ${UNIFORM_CLIENT_CHILTERN} UNIFORM_CLIENT_WYCOMBE: ${UNIFORM_CLIENT_WYCOMBE} + #Medway + GOV_UK_PAY_TOKEN_MEDWAY: ${GOV_UK_PAY_TOKEN_MEDWAY} sharedb: restart: unless-stopped diff --git a/e2e/tests/ui-driven/src/create-flow/create-flow.spec.ts b/e2e/tests/ui-driven/src/create-flow/create-flow.spec.ts index c9b27078d7..bb8b3aba97 100644 --- a/e2e/tests/ui-driven/src/create-flow/create-flow.spec.ts +++ b/e2e/tests/ui-driven/src/create-flow/create-flow.spec.ts @@ -1,5 +1,3 @@ -/* eslint-disable */ - import { test, expect, Browser } from "@playwright/test"; import { contextDefaults, @@ -14,7 +12,7 @@ import { import type { Context } from "../context"; import { getTeamPage, isGetUserRequest } from "./helpers"; -test.skip("Navigation", () => { +test.describe("Navigation", () => { let context: Context = { ...contextDefaults, }; diff --git a/e2e/tests/ui-driven/src/create-flow/helpers.ts b/e2e/tests/ui-driven/src/create-flow/helpers.ts index 2bc95b7eaf..edaea7b683 100644 --- a/e2e/tests/ui-driven/src/create-flow/helpers.ts +++ b/e2e/tests/ui-driven/src/create-flow/helpers.ts @@ -1,11 +1,8 @@ import { Browser, Page, Request } from "@playwright/test"; import { createAuthenticatedSession } from "../globalHelpers"; -export const isGetUserRequest = (req: Request) => { - const isHasuraRequest = req.url().includes("/graphql"); - const isGetUserOperation = req.postData()?.toString().includes("GetUserById"); - return Boolean(isHasuraRequest && isGetUserOperation); -}; +export const isGetUserRequest = (req: Request) => + req.url().includes("/user/me"); export async function getAdminPage({ browser, diff --git a/e2e/tests/ui-driven/src/globalHelpers.ts b/e2e/tests/ui-driven/src/globalHelpers.ts index 9a99af6e11..a6f8552b90 100644 --- a/e2e/tests/ui-driven/src/globalHelpers.ts +++ b/e2e/tests/ui-driven/src/globalHelpers.ts @@ -62,6 +62,12 @@ export async function createAuthenticatedSession({ path: "/", value: token, }, + { + name: "auth", + domain: "localhost", + path: "/", + value: JSON.stringify({ loggedIn: true }), + }, ]); return page; } diff --git a/editor.planx.uk/package.json b/editor.planx.uk/package.json index 9540df5fd0..f53be79f63 100644 --- a/editor.planx.uk/package.json +++ b/editor.planx.uk/package.json @@ -25,7 +25,7 @@ "@tiptap/extension-history": "^2.0.3", "@tiptap/extension-image": "^2.0.3", "@tiptap/extension-italic": "^2.0.3", - "@tiptap/extension-link": "^2.0.3", + "@tiptap/extension-link": "^2.1.13", "@tiptap/extension-list-item": "^2.0.3", "@tiptap/extension-mention": "^2.1.13", "@tiptap/extension-ordered-list": "^2.1.13", @@ -52,7 +52,6 @@ "graphql-tag": "^2.12.6", "immer": "^9.0.21", "js-cookie": "^3.0.5", - "jwt-decode": "^4.0.0", "lodash": "^4.17.21", "marked": "^4.3.0", "mathjs": "^11.8.2", diff --git a/editor.planx.uk/pnpm-lock.yaml b/editor.planx.uk/pnpm-lock.yaml index 907cbb4607..3e8430c0f5 100644 --- a/editor.planx.uk/pnpm-lock.yaml +++ b/editor.planx.uk/pnpm-lock.yaml @@ -78,8 +78,8 @@ dependencies: specifier: ^2.0.3 version: 2.0.3(@tiptap/core@2.0.3) '@tiptap/extension-link': - specifier: ^2.0.3 - version: 2.0.3(@tiptap/core@2.0.3)(@tiptap/pm@2.0.3) + specifier: ^2.1.13 + version: 2.1.13(@tiptap/core@2.0.3)(@tiptap/pm@2.0.3) '@tiptap/extension-list-item': specifier: ^2.0.3 version: 2.0.3(@tiptap/core@2.0.3) @@ -158,9 +158,6 @@ dependencies: js-cookie: specifier: ^3.0.5 version: 3.0.5 - jwt-decode: - specifier: ^4.0.0 - version: 4.0.0 lodash: specifier: ^4.17.21 version: 4.17.21 @@ -7331,8 +7328,8 @@ packages: '@tiptap/core': 2.0.3(@tiptap/pm@2.0.3) dev: false - /@tiptap/extension-link@2.0.3(@tiptap/core@2.0.3)(@tiptap/pm@2.0.3): - resolution: {integrity: sha512-H72tXQ5rkVCkAhFaf08fbEU7EBUCK0uocsqOF+4th9sOlrhfgyJtc8Jv5EXPDpxNgG5jixSqWBo0zKXQm9s9eg==} + /@tiptap/extension-link@2.1.13(@tiptap/core@2.0.3)(@tiptap/pm@2.0.3): + resolution: {integrity: sha512-wuGMf3zRtMHhMrKm9l6Tft5M2N21Z0UP1dZ5t1IlOAvOeYV2QZ5UynwFryxGKLO0NslCBLF/4b/HAdNXbfXWUA==} peerDependencies: '@tiptap/core': ^2.0.0 '@tiptap/pm': ^2.0.0 @@ -14632,11 +14629,6 @@ packages: setimmediate: 1.0.5 dev: false - /jwt-decode@4.0.0: - resolution: {integrity: sha512-+KJGIyHgkGuIq3IEBNftfhW/LfWhXUIY6OmyVWjliu5KH1y0fw7VQ8YndE2O4qZdMSd9SqbnC8GOcZEy0Om7sA==} - engines: {node: '>=18'} - dev: false - /keyv@4.5.4: resolution: {integrity: sha512-oxVHkHR/EJf2CNXnWxRLW6mg7JyCCUcG0DtEGmL2ctUo1PNTin1PUil+r/+4r5MpVgC/fn1kjsx7mjSujKqIpw==} dependencies: diff --git a/editor.planx.uk/src/@planx/components/FileUploadAndLabel/Editor.test.tsx b/editor.planx.uk/src/@planx/components/FileUploadAndLabel/Editor.test.tsx index 4b8d71140a..1c3b97a4cd 100644 --- a/editor.planx.uk/src/@planx/components/FileUploadAndLabel/Editor.test.tsx +++ b/editor.planx.uk/src/@planx/components/FileUploadAndLabel/Editor.test.tsx @@ -19,6 +19,7 @@ describe("FileUploadAndLabel - Editor Modal", () => { isPlatformAdmin: true, email: "test@test.com", teams: [], + jwt: "x.y.z", }); }); diff --git a/editor.planx.uk/src/@planx/components/PropertyInformation/Public.tsx b/editor.planx.uk/src/@planx/components/PropertyInformation/Public.tsx index 5bd3bb2982..761515830d 100644 --- a/editor.planx.uk/src/@planx/components/PropertyInformation/Public.tsx +++ b/editor.planx.uk/src/@planx/components/PropertyInformation/Public.tsx @@ -11,6 +11,7 @@ import { useFormik } from "formik"; import { submitFeedback } from "lib/feedback"; import { publicClient } from "lib/graphql"; import find from "lodash/find"; +import { useAnalyticsTracking } from "pages/FlowEditor/lib/analyticsProvider"; import { useStore } from "pages/FlowEditor/lib/store"; import { handleSubmit } from "pages/Preview/Node"; import React from "react"; @@ -237,6 +238,13 @@ function PropertyDetails(props: PropertyDetailsProps) { const { data, showPropertyTypeOverride, overrideAnswer } = props; const filteredData = data.filter((d) => Boolean(d.detail)); + const { trackBackwardsNavigation } = useAnalyticsTracking(); + + const handleOverrideAnswer = (fn: string) => { + trackBackwardsNavigation("change"); + overrideAnswer(fn); + }; + return ( {filteredData.map(({ heading, detail, fn }: PropertyDetail) => ( @@ -251,7 +259,7 @@ function PropertyDetails(props: PropertyDetailsProps) { onClick={(event) => { event.stopPropagation(); // Specify the passport key (eg data.fn, data.val) that should be overwritten - overrideAnswer(fn); + handleOverrideAnswer(fn); }} > Change diff --git a/editor.planx.uk/src/@planx/components/Result/Public/ResultReason.tsx b/editor.planx.uk/src/@planx/components/Result/Public/ResultReason.tsx index 6053671499..e7521ec41d 100644 --- a/editor.planx.uk/src/@planx/components/Result/Public/ResultReason.tsx +++ b/editor.planx.uk/src/@planx/components/Result/Public/ResultReason.tsx @@ -141,10 +141,10 @@ const ResultReason: React.FC = ({ : "" }`; - const { trackBackwardsNavigationByNodeId } = useAnalyticsTracking(); + const { trackBackwardsNavigation } = useAnalyticsTracking(); const handleChangeAnswer = (id: string) => { - trackBackwardsNavigationByNodeId(id, "change"); + trackBackwardsNavigation("change", id); changeAnswer(id); }; diff --git a/editor.planx.uk/src/@planx/components/Section/Public.tsx b/editor.planx.uk/src/@planx/components/Section/Public.tsx index 3e30991f9a..3eb8d22654 100644 --- a/editor.planx.uk/src/@planx/components/Section/Public.tsx +++ b/editor.planx.uk/src/@planx/components/Section/Public.tsx @@ -5,6 +5,7 @@ import Typography from "@mui/material/Typography"; import visuallyHidden from "@mui/utils/visuallyHidden"; import Tag, { TagType } from "@planx/components/shared/Buttons/Tag"; import type { PublicProps } from "@planx/components/ui"; +import { useAnalyticsTracking } from "pages/FlowEditor/lib/analyticsProvider"; import { Store, useStore } from "pages/FlowEditor/lib/store"; import React from "react"; import { SectionNode, SectionStatus } from "types"; @@ -134,11 +135,16 @@ export function SectionsOverviewList({ alteredSectionIds, }); + const { trackBackwardsNavigation } = useAnalyticsTracking(); + const changeFirstAnswerInSection = (sectionId: string) => { const sectionIndex = flow._root.edges?.indexOf(sectionId); if (sectionIndex !== undefined) { const firstNodeInSection = flow._root.edges?.[sectionIndex + 1]; - if (firstNodeInSection) changeAnswer(firstNodeInSection); + if (firstNodeInSection) { + trackBackwardsNavigation("change", firstNodeInSection); + changeAnswer(firstNodeInSection); + } } }; diff --git a/editor.planx.uk/src/@planx/components/shared/Preview/SummaryList.tsx b/editor.planx.uk/src/@planx/components/shared/Preview/SummaryList.tsx index 98bbaa411a..9f16e806a0 100644 --- a/editor.planx.uk/src/@planx/components/shared/Preview/SummaryList.tsx +++ b/editor.planx.uk/src/@planx/components/shared/Preview/SummaryList.tsx @@ -113,6 +113,8 @@ function SummaryListsBySections(props: SummaryListsBySectionsProps) { state.getSortedBreadcrumbsBySection, ]); + const { trackBackwardsNavigation } = useAnalyticsTracking(); + const isValidComponent = ([nodeId, userData]: BreadcrumbEntry) => { const node = props.flow[nodeId]; const doesNodeExist = Boolean(props.flow[nodeId]); @@ -157,6 +159,11 @@ function SummaryListsBySections(props: SummaryListsBySectionsProps) { .map(removeNonPresentationalNodes) .map((section) => section.map(makeSummaryBreadcrumb)); + const handleChangeAnswer = (id: string) => { + trackBackwardsNavigation("change", id); + props.changeAnswer(id); + }; + return ( <> {sectionsWithFilteredBreadcrumbs.map( @@ -178,7 +185,7 @@ function SummaryListsBySections(props: SummaryListsBySectionsProps) { - props.changeAnswer(filteredBreadcrumbs[0].nodeId) + handleChangeAnswer(filteredBreadcrumbs[0].nodeId) } component="button" fontSize="body1.fontSize" @@ -220,10 +227,10 @@ function SummaryListsBySections(props: SummaryListsBySectionsProps) { // For applicable component types, display a list of their question & answers with a "change" link // ref https://design-system.service.gov.uk/components/summary-list/ function SummaryList(props: SummaryListProps) { - const { trackBackwardsNavigationByNodeId } = useAnalyticsTracking(); + const { trackBackwardsNavigation } = useAnalyticsTracking(); const handleChangeAnswer = (id: string) => { - trackBackwardsNavigationByNodeId(id, "change"); + trackBackwardsNavigation("change", id); props.changeAnswer(id); }; diff --git a/editor.planx.uk/src/api/upload.ts b/editor.planx.uk/src/api/upload.ts index bc64324dd3..9806d3db72 100644 --- a/editor.planx.uk/src/api/upload.ts +++ b/editor.planx.uk/src/api/upload.ts @@ -1,5 +1,5 @@ import axios, { RawAxiosRequestHeaders } from "axios"; -import { getCookie } from "lib/cookie"; +import { useStore } from "pages/FlowEditor/lib/store"; export { uploadPrivateFile, uploadPublicFile }; @@ -9,7 +9,7 @@ async function uploadPublicFile( file: any, { onProgress }: { onProgress?: (p: any) => void } = {}, ) { - const token = getCookie("jwt"); + const token = useStore.getState().jwt; const authRequestHeader = { Authorization: `Bearer ${token}` }; const { data } = await handleUpload( file, diff --git a/editor.planx.uk/src/client/index.ts b/editor.planx.uk/src/client/index.ts index 9f40abd271..3922716ee4 100644 --- a/editor.planx.uk/src/client/index.ts +++ b/editor.planx.uk/src/client/index.ts @@ -1,5 +1,6 @@ import { CoreDomainClient } from "@opensystemslab/planx-core"; -import { getCookie } from "lib/cookie"; +import { useStore } from "pages/FlowEditor/lib/store"; + /** * core doesn't expose a graphql interface like the graphql/hasura clients do * instead, it encapsulates query and business logic to only expose declarative interfaces @@ -10,5 +11,5 @@ export const _public = new CoreDomainClient({ export const _client = new CoreDomainClient({ targetURL: process.env.REACT_APP_HASURA_URL!, - auth: { jwt: getCookie("jwt") || "" }, + auth: { jwt: useStore.getState().jwt || "" }, }); diff --git a/editor.planx.uk/src/index.tsx b/editor.planx.uk/src/index.tsx index 2f218a7b18..f4d0fa29b3 100644 --- a/editor.planx.uk/src/index.tsx +++ b/editor.planx.uk/src/index.tsx @@ -9,7 +9,6 @@ import { ApolloProvider } from "@apollo/client"; import CssBaseline from "@mui/material/CssBaseline"; import { StyledEngineProvider, ThemeProvider } from "@mui/material/styles"; import { MyMap } from "@opensystemslab/map"; -import { jwtDecode } from "jwt-decode"; import { getCookie, setCookie } from "lib/cookie"; import ErrorPage from "pages/ErrorPage"; import { AnalyticsProvider } from "pages/FlowEditor/lib/analyticsProvider"; @@ -36,30 +35,20 @@ if (!window.customElements.get("my-map")) { } const hasJWT = (): boolean | void => { - let jwt = getCookie("jwt"); - if (jwt) { - try { - if ( - Number( - (jwtDecode(jwt) as any)["https://hasura.io/jwt/claims"][ - "x-hasura-user-id" - ], - ) > 0 - ) { - return true; - } - } catch (e) {} - window.location.href = "/logout"; - } else { - jwt = new URLSearchParams(window.location.search).get("jwt"); - if (jwt) { - setCookie("jwt", jwt); - // set the jwt, and remove it from the url, then re-run this function - window.location.href = "/"; - } else { - return false; - } - } + // This cookie indicates the presence of the secure httpOnly "jwt" cookie + const authCookie = getCookie("auth"); + if (authCookie) return true; + + // If JWT not set via cookie, check search params + const jwtSearchParams = new URLSearchParams(window.location.search).get( + "jwt", + ); + if (!jwtSearchParams) return false; + + // Remove JWT from URL, and re-run this function + setCookie("jwt", jwtSearchParams); + setCookie("auth", { loggedIn: true }); + window.location.href = "/"; }; const Layout: React.FC<{ diff --git a/editor.planx.uk/src/lib/graphql.ts b/editor.planx.uk/src/lib/graphql.ts index 55ddba1af7..7c0a2aa4d6 100644 --- a/editor.planx.uk/src/lib/graphql.ts +++ b/editor.planx.uk/src/lib/graphql.ts @@ -7,14 +7,13 @@ import { Operation, } from "@apollo/client"; import { GraphQLErrors } from "@apollo/client/errors"; +import { setContext } from "@apollo/client/link/context"; import { onError } from "@apollo/client/link/error"; import { RetryLink } from "@apollo/client/link/retry"; import { logger } from "airbrake"; import { useStore } from "pages/FlowEditor/lib/store"; import { toast } from "react-toastify"; -import { getCookie } from "./cookie"; - const toastId = "error_toast"; // function used to verify response status @@ -38,9 +37,6 @@ const customFetch = async ( const authHttpLink = createHttpLink({ uri: process.env.REACT_APP_HASURA_URL, fetch: customFetch, - headers: { - authorization: `Bearer ${getCookie("jwt")}`, - }, }); const publicHttpLink = createHttpLink({ @@ -131,11 +127,48 @@ const retryLink = new RetryLink({ }, }); +/** + * Set auth header in Apollo client + * Must be done post-authentication once we have a value for JWT + */ +export const authMiddleware = setContext(async () => { + const jwt = await getJWT(); + + return { + headers: { + authorization: jwt ? `Bearer ${jwt}` : undefined, + }, + }; +}); + +/** + * Get the JWT from the store, and wait if not available + */ +const getJWT = async () => { + const jwt = useStore.getState().jwt; + if (jwt) return jwt; + + return await waitForAuthentication(); +}; + +/** + * Wait for authentication by subscribing to the JWT changes + */ +const waitForAuthentication = async () => + new Promise((resolve) => { + const unsubscribe = useStore.subscribe(({ jwt }) => { + if (jwt) { + unsubscribe(); + resolve(jwt); + } + }); + }); + /** * Client used to make all requests by authorised users */ export const client = new ApolloClient({ - link: from([retryLink, errorLink, authHttpLink]), + link: from([retryLink, errorLink, authMiddleware, authHttpLink]), cache: new InMemoryCache(), }); diff --git a/editor.planx.uk/src/pages/FlowEditor/lib/analyticsProvider.tsx b/editor.planx.uk/src/pages/FlowEditor/lib/analyticsProvider.tsx index a24255dfe8..1b23fe861a 100644 --- a/editor.planx.uk/src/pages/FlowEditor/lib/analyticsProvider.tsx +++ b/editor.planx.uk/src/pages/FlowEditor/lib/analyticsProvider.tsx @@ -33,6 +33,7 @@ type NodeMetadata = { flag?: Flag; title?: string; type?: TYPES; + id?: string; isAutoAnswered?: boolean; }; @@ -45,9 +46,9 @@ const analyticsContext = createContext<{ trackFlowDirectionChange: ( flowDirection: AnalyticsLogDirection, ) => Promise; - trackBackwardsNavigationByNodeId: ( - nodeId: string, + trackBackwardsNavigation: ( backwardsNavigationType: BackwardsNavigationInitiatorType, + nodeId?: string, ) => Promise; node: Store.node | null; trackInputErrors: (error: string) => Promise; @@ -61,7 +62,7 @@ const analyticsContext = createContext<{ trackHelpClick: () => Promise.resolve(), trackNextStepsLinkClick: () => Promise.resolve(), trackFlowDirectionChange: () => Promise.resolve(), - trackBackwardsNavigationByNodeId: () => Promise.resolve(), + trackBackwardsNavigation: () => Promise.resolve(), node: null, trackInputErrors: () => Promise.resolve(), track: () => Promise.resolve(), @@ -141,7 +142,7 @@ export const AnalyticsProvider: React.FC<{ children: React.ReactNode }> = ({ trackHelpClick, trackNextStepsLinkClick, trackFlowDirectionChange, - trackBackwardsNavigationByNodeId, + trackBackwardsNavigation, node, trackInputErrors, track, @@ -340,11 +341,11 @@ export const AnalyticsProvider: React.FC<{ children: React.ReactNode }> = ({ } } - async function trackBackwardsNavigationByNodeId( - nodeId: string, + async function trackBackwardsNavigation( initiator: BackwardsNavigationInitiatorType, + nodeId?: string, ) { - const targetNodeMetadata = getTitleAndTypeFromFlow(nodeId); + const targetNodeMetadata = nodeId ? getTargetNodeDataFromFlow(nodeId) : {}; const metadata: Record = {}; metadata[`${initiator}`] = targetNodeMetadata; @@ -431,11 +432,12 @@ export const AnalyticsProvider: React.FC<{ children: React.ReactNode }> = ({ } } - function getTitleAndTypeFromFlow(nodeId: string) { - const { data, type } = flow[nodeId]; + function getTargetNodeDataFromFlow(nodeId: string) { + const node = flow[nodeId]; const nodeMetadata: NodeMetadata = { - title: data?.text, - type: type, + title: extractNodeTitle(node), + type: node.type, + id: nodeId, }; return nodeMetadata; } diff --git a/editor.planx.uk/src/pages/FlowEditor/lib/store/editor.ts b/editor.planx.uk/src/pages/FlowEditor/lib/store/editor.ts index b60b5f6784..5e866dea52 100644 --- a/editor.planx.uk/src/pages/FlowEditor/lib/store/editor.ts +++ b/editor.planx.uk/src/pages/FlowEditor/lib/store/editor.ts @@ -10,7 +10,6 @@ import { update, } from "@planx/graph"; import axios from "axios"; -import { getCookie } from "lib/cookie"; import { client } from "lib/graphql"; import debounce from "lodash/debounce"; import isEmpty from "lodash/isEmpty"; @@ -21,7 +20,7 @@ import type { StateCreator } from "zustand"; import { FlowLayout } from "../../components/Flow"; import { connectToDB, getConnection } from "./../sharedb"; -import type { Store } from "."; +import { type Store } from "."; import type { SharedStore } from "./shared"; import { UserStore } from "./user"; @@ -141,7 +140,7 @@ export const editorStore: StateCreator< }, copyFlow: async (flowId: string) => { - const token = getCookie("jwt"); + const token = get().jwt; // when copying a flow, we make nodeIds unique by replacing part of the original nodeId string. // the onboarding script will often provide a meaningful string reflecting the team name (eg "LAM"), @@ -237,7 +236,7 @@ export const editorStore: StateCreator< }, validateAndDiffFlow(flowId: string) { - const token = getCookie("jwt"); + const token = get().jwt; return axios.post( `${process.env.REACT_APP_API_URL}/flows/${flowId}/diff`, @@ -340,7 +339,7 @@ export const editorStore: StateCreator< return Promise.resolve(); } - const token = getCookie("jwt"); + const token = get().jwt; return axios .post( @@ -390,7 +389,7 @@ export const editorStore: StateCreator< }, publishFlow(flowId: string, summary?: string) { - const token = getCookie("jwt"); + const token = get().jwt; const urlWithParams = (url: string, params: any) => [url, new URLSearchParams(omitBy(params, isEmpty))] diff --git a/editor.planx.uk/src/pages/FlowEditor/lib/store/user.ts b/editor.planx.uk/src/pages/FlowEditor/lib/store/user.ts index da46a652d8..10b0f3e00a 100644 --- a/editor.planx.uk/src/pages/FlowEditor/lib/store/user.ts +++ b/editor.planx.uk/src/pages/FlowEditor/lib/store/user.ts @@ -1,23 +1,24 @@ import { User, UserTeams } from "@opensystemslab/planx-core/types"; +import axios from "axios"; import { _client } from "client"; -import { jwtDecode } from "jwt-decode"; import { Team } from "types"; import type { StateCreator } from "zustand"; export interface UserStore { user?: User; + jwt?: string; - setUser: (user: User) => void; + setUser: (user: User & { jwt: string }) => void; getUser: () => User | undefined; canUserEditTeam: (teamSlug: Team["slug"]) => boolean; - initUserStore: (jwt: string) => Promise; + initUserStore: () => Promise; } export const userStore: StateCreator = ( set, get, ) => ({ - setUser: (user: User) => set({ user }), + setUser: ({ jwt, ...user }) => set({ jwt, user }), getUser: () => get().user, @@ -31,15 +32,24 @@ export const userStore: StateCreator = ( return user.isPlatformAdmin || user.teams.some(hasTeamEditorRole); }, - async initUserStore(jwt: string) { + async initUserStore() { const { getUser, setUser } = get(); + const currentUser = getUser(); + if (currentUser) return; - if (getUser()) return; - - const id = (jwtDecode(jwt) as any)["sub"]; - const user = await _client.user.getById(id); - if (!user) throw new Error(`Failed to get user with ID ${id}`); - + const user = await getLoggedInUser(); setUser(user); }, }); + +const getLoggedInUser = async () => { + const url = `${process.env.REACT_APP_API_URL}/user/me`; + try { + const response = await axios.get(url, { + withCredentials: true, + }); + return response.data; + } catch (error) { + throw Error("Failed to fetch user matching JWT cookie"); + } +}; diff --git a/editor.planx.uk/src/pages/Preview/Questions.tsx b/editor.planx.uk/src/pages/Preview/Questions.tsx index 495c610bd6..58b1dafaf7 100644 --- a/editor.planx.uk/src/pages/Preview/Questions.tsx +++ b/editor.planx.uk/src/pages/Preview/Questions.tsx @@ -77,7 +77,7 @@ const Questions = ({ previewEnvironment }: QuestionsProps) => { state.getType, ]); const isStandalone = previewEnvironment === "standalone"; - const { createAnalytics, node, trackBackwardsNavigationByNodeId } = + const { createAnalytics, node, trackBackwardsNavigation } = useAnalyticsTracking(); const [gotFlow, setGotFlow] = useState(false); const isUsingLocalStorage = @@ -151,7 +151,7 @@ const Questions = ({ previewEnvironment }: QuestionsProps) => { const goBack = useCallback(() => { const previous = previousCard(node); if (previous) { - trackBackwardsNavigationByNodeId(previous, "back"); + trackBackwardsNavigation("back", previous); record(previous); } }, [node?.id]); diff --git a/editor.planx.uk/src/routes/authenticated.tsx b/editor.planx.uk/src/routes/authenticated.tsx index d8a7966536..53bd9c12dd 100644 --- a/editor.planx.uk/src/routes/authenticated.tsx +++ b/editor.planx.uk/src/routes/authenticated.tsx @@ -16,7 +16,7 @@ const editorRoutes = compose( "/": route(async () => { const { data } = await client.query({ query: gql` - query { + query GetTeams { teams(order_by: { name: asc }) { id name diff --git a/editor.planx.uk/src/routes/index.tsx b/editor.planx.uk/src/routes/index.tsx index 9acce1e60f..0540fafff2 100644 --- a/editor.planx.uk/src/routes/index.tsx +++ b/editor.planx.uk/src/routes/index.tsx @@ -35,7 +35,7 @@ const editorRoutes = mount({ } catch (err) { console.error(err); } finally { - const cookieString = `jwt=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/;`; + const cookieString = `auth=; jwt=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/;`; // remove jwt cookie for non planx domains (netlify preview urls) document.cookie = cookieString; // remove jwt cookie for planx domains (staging and production) diff --git a/editor.planx.uk/src/routes/views/authenticated.tsx b/editor.planx.uk/src/routes/views/authenticated.tsx index e621d788aa..a17500fdb1 100644 --- a/editor.planx.uk/src/routes/views/authenticated.tsx +++ b/editor.planx.uk/src/routes/views/authenticated.tsx @@ -8,13 +8,13 @@ import AuthenticatedLayout from "../../pages/layout/AuthenticatedLayout"; /** * View wrapper for all authenticated routes - * Parses JWT and inits user store + * Initialises user store */ export const authenticatedView = async () => { - const jwt = getCookie("jwt"); - if (!jwt) return redirect("/login"); + const authCookie = getCookie("auth"); + if (!authCookie) return redirect("/login"); - await useStore.getState().initUserStore(jwt); + await useStore.getState().initUserStore(); useStore.getState().setPreviewEnvironment("editor"); diff --git a/infrastructure/application/Pulumi.staging.yaml b/infrastructure/application/Pulumi.staging.yaml index 704a18bfb8..785376f7be 100644 --- a/infrastructure/application/Pulumi.staging.yaml +++ b/infrastructure/application/Pulumi.staging.yaml @@ -18,6 +18,8 @@ config: secure: AAABADroqKJ1/CanxoghKyCutFA8bmiPBuafrNYGNMn1H16jXiHuytHUUByTbXZZHtANciv7rkQEJosUmyay5j/ZFKu9TeS2WaIGBD913EVlv4iXDw3Y5OU2bSocROlYQm7/ application:gov-uk-pay-token-lambeth: secure: AAABAPy5USkd8/hwq6vFXP45BXsYFUltR6gj8PoiZkOLRPUd1wgQ3Yhgc1Cyn+lb5cZrXBoVPjuVhm/UvBN82DNzRTl2TxAakCQQIrBU5xil+m9UnbY82CNSMDuEaWwMpR3C + application:gov-uk-pay-token-medway: + secure: AAABAOf9pQgmUkPWbyBQpkd2eZDtzx8WhHfPMD+V8lDLP/hqo24ZZyCrDfq6VBrcEeZVL89dvJ/PIVng9V5xFDKwpRcChTsOsen6epWGE/I0zwDdwrONmxgbPXnGgxLDtiEp application:gov-uk-pay-token-southwark: secure: AAABALGCrA9ZqRLql+ZHRQD/q6GiGNihtdgPL/7k5d37vgjqW115YR30HG9ofE00qP2Hkr2ZkYkJhVCIr9G5l1wSGXBNI+ldXxTCU8PWLGWv+Xa+Sv5Ltgd9egmwBBqUgvwe application:govuk-notify-api-key: diff --git a/scripts/seed-database/container.sh b/scripts/seed-database/container.sh index 4789a3e33c..b7327d453e 100755 --- a/scripts/seed-database/container.sh +++ b/scripts/seed-database/container.sh @@ -18,7 +18,7 @@ mkdir -p /tmp # Create sync.sql file for all our comnands which will be executed in a single transaction touch '/tmp/sync.sql' -tables=(flows users teams flow_document_templates team_members) +tables=(flows users teams flow_document_templates team_members team_themes) # run copy commands on remote db for table in "${tables[@]}"; do diff --git a/scripts/seed-database/write/main.sql b/scripts/seed-database/write/main.sql index f39a94cb10..5ae353a990 100644 --- a/scripts/seed-database/write/main.sql +++ b/scripts/seed-database/write/main.sql @@ -4,4 +4,5 @@ \include write/flow_document_templates.sql \include write/published_flows.sql \include write/team_members.sql -\include write/team_integrations.sql \ No newline at end of file +\include write/team_integrations.sql +\include write/team_themes.sql \ No newline at end of file diff --git a/scripts/seed-database/write/team_themes.sql b/scripts/seed-database/write/team_themes.sql new file mode 100644 index 0000000000..3060ef58ff --- /dev/null +++ b/scripts/seed-database/write/team_themes.sql @@ -0,0 +1,40 @@ +-- insert teams_themes overwriting conflicts +CREATE TEMPORARY TABLE sync_team_themes ( + id integer, + team_id integer, + primary_colour text, + secondary_colour text, + logo text, + favicon text +); + +\copy sync_team_themes FROM '/tmp/team_themes.csv' WITH (FORMAT csv, DELIMITER ';'); + +INSERT INTO + team_themes ( + id, + team_id, + primary_colour, + secondary_colour, + logo, + favicon + ) +SELECT + id, + team_id, + primary_colour, + secondary_colour, + logo, + favicon +FROM + sync_team_themes ON CONFLICT (id) DO +UPDATE +SET + primary_colour = EXCLUDED.primary_colour, + secondary_colour = EXCLUDED.secondary_colour, + logo = EXCLUDED.logo, + favicon = EXCLUDED.favicon; +SELECT + setval('team_themes_id_seq', max(id)) +FROM + team_themes; \ No newline at end of file diff --git a/scripts/seed-database/write/teams.sql b/scripts/seed-database/write/teams.sql index fcecd7cc85..7cc3c73dde 100644 --- a/scripts/seed-database/write/teams.sql +++ b/scripts/seed-database/write/teams.sql @@ -3,8 +3,6 @@ CREATE TEMPORARY TABLE sync_teams ( id integer, name text, slug text, - -- TODO: Drop this and fetch from team_themes - theme jsonb, created_at timestamptz, updated_at timestamptz, settings jsonb,