search

GCTC-NTGC / gc-digital-talent

GC Digital Talent is the new recruitment platform for digital and tech jobs in the Government of Canada. // Talents numériques du GC est la nouvelle plateforme de recrutement pour les emplois numériques et technologiques au gouvernement du Canada.
https://talent.canada.ca
GNU Affero General Public License v3.0
15 stars 7 forks source link

✨ Improve error handling for off-VPN admin access #10371

Open petertgiles opened 1 month ago

petertgiles commented 1 month ago

✨ Feature

The new protected endpoint is now active for off-VPN admin usage. It's secure, but pretty ugly. Some pages dump out the HTML of the error page and some just load up an empty table.

📸 Screenshot

image image

🙋‍♀️ Proposed Implementation

image

@substrae design file: https://www.figma.com/design/IMotJGU7wGMpKWGWC9nVDv/Restriction-error-page-(All-users)?node-id=1-2&t=O9CscJb7vkheWukq-0

✅ Acceptance Criteria

🛑 Blockers

### Blocked By
substrae commented 1 month ago

@petertgiles Just a note that we can change the "refresh this page" language if we're redirecting to a static page (because I'm assuming that would just refresh the error page, not actually attempt to reconnect to the previous, restricted page).

petertgiles commented 1 month ago

can change the "refresh this page" language if we're redirecting to a static page

Unfortunately, there's some nuance here because we're a SPA. If your browser requests a page at /admin/whatever our app won't even boot and you'll get redirected to the very bare-bones error page directly from the firewall. image

If the app is booted and you navigate (in-app, not a full browser navigate) to an admin page and the app makes an unauthorized API request then you're in the scenario I showed above. We can show a rich error experience that's localized, themed, and all the rest. Really, this is against the spirit of our security restrictions. I think IMTD would like our app to not boot at all if an admin page is requested.

I can think of two ways to make this better:

1) There's interest on the team of exploring SSG pages. This would let us generate nice-looking static error pages even when the app doesn't boot. Unfortunately we've got a lot of groundwork to lay before this can be done and it's not really being prioritized by the product owners.

2) Maybe we can convince IMTD that with the protected endpoint the firewall only needs to block /admin/graphql and let the app boot normally for all other paths. This seems sensible to me but I imagine they would be quite uncomfortable loosening any existing security measures.