User Story or Bug Summary:
This is a continuation of work done in https://github.com/CMSgov/bluebutton-web-server/pull/1203. There was some discussion during that PR about where some logic should go, but we ended up not making a change because we couldn't get that working. We've since delivered that PR, but this PR covers those adjustments.
What Does This PR Do?
This PR moves all of the logic for the hardcoding of the oauth settings into the clean function instead of the save function. It also reintroduces some unit tests, but where before they would verify that the form is invalid, they now verify that regardless of input, the resulting cleaned data is the same. It may be useful to compare the new form of those tests with what was there before #1203.
What Should Reviewers Watch For?
All of the same things that were relevant in #1203 are still relevant. We should make sure there is no regression by testing adding/editing apps locally.
What Security Implications Does This PR Have?
None.
Submitters should complete the following questionnaire:
If the answer to any of the questions below is Yes, then here's a link to the associated Security Impact Assessment (SIA), security checklist, or other similar document in Confluence: N/A.
Does this PR add any new software dependencies? Yes or No.
Does this PR modify or invalidate any of our security controls? Yes or No.
Does this PR store or transmit data that was not stored or transmitted before? Yes or No.
If the answer to any of the questions below is Yes, then please add a Security Engineer and ISSO as a reviewer, and note that this PR should not be merged unless/until he also approves it.
Do you think this PR requires additional review of its security implications for other reasons? Yes or No.
What Needs to Be Merged and Deployed Before this PR?
None
Any Migrations?
None
Submitter Checklist
I have gone through and verified that...:
[x] This PR is reasonably limited in scope, to help ensure that:
It doesn't unnecessarily tie a bunch of disparate features, fixes, refactorings, etc. together.
There isn't too much of a burden on reviewers.
Any problems it causes have a small "blast radius".
It'll be easier to rollback if that becomes necessary.
[x] This PR includes any required documentation changes, including README updates and changelog / release notes entries.
[x] All new and modified code is appropriately commented, such that the what and why of its design would be reasonably clear to engineers, preferably ones unfamiliar with the project.
[x] All tech debt and/or shortcomings introduced by this PR are detailed in TODO and/or FIXME comments, which include a JIRA ticket ID for any items that require urgent attention.
[x] Reviews are requested from both:
At least two other engineers on this project, at least one of whom is a senior engineer or owns the relevant component(s) here.
Any relevant engineers on other projects (e.g. BFD, SLS, etc.).
[x] Any deviations from the other policies in the DASG Engineering Standards are specifically called out in this PR, above.
Please review the standards every few months to ensure you're familiar with them.
JIRA Ticket: BB2-2660
User Story or Bug Summary: This is a continuation of work done in https://github.com/CMSgov/bluebutton-web-server/pull/1203. There was some discussion during that PR about where some logic should go, but we ended up not making a change because we couldn't get that working. We've since delivered that PR, but this PR covers those adjustments.
What Does This PR Do?
This PR moves all of the logic for the hardcoding of the oauth settings into the clean function instead of the save function. It also reintroduces some unit tests, but where before they would verify that the form is invalid, they now verify that regardless of input, the resulting cleaned data is the same. It may be useful to compare the new form of those tests with what was there before #1203.
What Should Reviewers Watch For?
All of the same things that were relevant in #1203 are still relevant. We should make sure there is no regression by testing adding/editing apps locally.
What Security Implications Does This PR Have?
None.
Submitters should complete the following questionnaire:
What Needs to Be Merged and Deployed Before this PR?
None
Any Migrations?
None
Submitter Checklist
I have gone through and verified that...:
READMEupdates and changelog / release notes entries.TODOand/orFIXMEcomments, which include a JIRA ticket ID for any items that require urgent attention.