2901 generate auth token

raftmsohani commented 2 months ago

Summary of Changes

Pull request closes #2901_

Added an endpoint to get token (that expires after X period of time) to call API endpoints

How to Test

List the steps to test the PR These steps are generic, please adjust as necessary.

cd tdrs-frontend && docker-compose -f docker-compose.yml -f docker-compose.local.yml up -d
cd tdrs-backend && docker-compose -f docker-compose.yml -f docker-compose.local.yml up -d

Open http://localhost:3000/ and sign in.
Proceed with functional tests as described herein.
Test steps should be captured in the demo GIF(s) and/or screenshots below.

Demo GIF(s) and screenshots for testing procedure

Deliverables

More details on how deliverables herein are assessed included here.

Deliverable 1: Accepted Features

Checklist of ACs:

[x] token endpoint (/v1/security/get-token) only accessible to OFA System Admin
[x] token expires based on value of TOKEN_EXPIRATION_HOURS
[x] API access using token works as expected
[x] lfrohlich and/or adpennington confirmed that ACs are met.

Deliverable 2: Tested Code

Are all areas of code introduced in this PR meaningfully tested?
- [x] If this PR introduces backend code changes, are they meaningfully tested?
- [ ] If this PR introduces frontend code changes, are they meaningfully tested?
Are code coverage minimums met?
- [ ] Frontend coverage: [insert coverage %] (see CodeCov Report comment in PR)
- [ ] Backend coverage: [insert coverage %] (see CodeCov Report comment in PR)

Deliverable 3: Properly Styled Code

[x] Are backend code style checks passing on CircleCI?
[ ] Are frontend code style checks passing on CircleCI?
[x] Are code maintainability principles being followed?

Deliverable 4: Accessible

[ ] Does this PR complete the epic?
[ ] Are links included to any other gov-approved PRs associated with epic?
[ ] Does PR include documentation for Raft's a11y review?
[ ] Did automated and manual testing with iamjolly and ttran-hub using Accessibility Insights reveal any errors introduced in this PR?

Deliverable 5: Deployed

[x] Was the code successfully deployed via automated CircleCI process to development on Cloud.gov?

Deliverable 6: Documented

[x] Does this PR provide background for why coding decisions were made?
[ ] If this PR introduces backend code, is that code easy to understand and sufficiently documented, both inline and overall?
[ ] If this PR introduces frontend code, is that code easy to understand and sufficiently documented, both inline and overall?
[ ] If this PR introduces dependencies, are their licenses documented?
[x] Can reviewer explain and take ownership of these elements presented in this code review?

Deliverable 7: Secure

[x] Does the OWASP Scan pass on CircleCI?
[ ] Do manual code review and manual testing detect any new security issues?
[ ] If new issues detected, is investigation and/or remediation plan documented?

Deliverable 8: User Research

Research product(s) clearly articulate(s):

[ ] the purpose of the research
[ ] methods used to conduct the research
[ ] who participated in the research
[ ] what was tested and how
[ ] impact of research on TDP
[ ] (if applicable) final design mockups produced for TDP development

codecov[bot] commented 1 month ago

Codecov Report

Attention: Patch coverage is 71.69811% with 15 lines in your changes are missing coverage. Please review.

Project coverage is 92.96%. Comparing base (01c4117) to head (983aeb0). Report is 1 commits behind head on develop.

Additional details and impacted files

[![Impacted file tree graph](https://app.codecov.io/gh/raft-tech/TANF-app/pull/2967/graphs/tree.svg?width=650&height=150&src=pr&token=BA04YXPAL9&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=raft-tech)](https://app.codecov.io/gh/raft-tech/TANF-app/pull/2967?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=raft-tech) ```diff @@ Coverage Diff @@ ## develop #2967 +/- ## =========================================== - Coverage 93.11% 92.96% -0.15% =========================================== Files 273 276 +3 Lines 7087 7140 +53 Branches 598 603 +5 =========================================== + Hits 6599 6638 +39 - Misses 395 407 +12 - Partials 93 95 +2 ``` | [Flag](https://app.codecov.io/gh/raft-tech/TANF-app/pull/2967/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=raft-tech) | Coverage Δ | | |---|---|---| | [dev-backend](https://app.codecov.io/gh/raft-tech/TANF-app/pull/2967/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=raft-tech) | `93.02% <71.69%> (-0.17%)` | :arrow_down: | | [dev-frontend](https://app.codecov.io/gh/raft-tech/TANF-app/pull/2967/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=raft-tech) | `92.62% <ø> (ø)` | | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=raft-tech#carryforward-flags-in-the-pull-request-comment) to find out more. | [Files](https://app.codecov.io/gh/raft-tech/TANF-app/pull/2967?dropdown=coverage&src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=raft-tech) | Coverage Δ | | |---|---|---| | [tdrs-backend/tdpservice/security/urls.py](https://app.codecov.io/gh/raft-tech/TANF-app/pull/2967?src=pr&el=tree&filepath=tdrs-backend%2Ftdpservice%2Fsecurity%2Furls.py&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=raft-tech#diff-dGRycy1iYWNrZW5kL3RkcHNlcnZpY2Uvc2VjdXJpdHkvdXJscy5weQ==) | `100.00% <100.00%> (ø)` | | | [tdrs-backend/tdpservice/settings/common.py](https://app.codecov.io/gh/raft-tech/TANF-app/pull/2967?src=pr&el=tree&filepath=tdrs-backend%2Ftdpservice%2Fsettings%2Fcommon.py&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=raft-tech#diff-dGRycy1iYWNrZW5kL3RkcHNlcnZpY2Uvc2V0dGluZ3MvY29tbW9uLnB5) | `99.31% <100.00%> (+<0.01%)` | :arrow_up: | | [tdrs-backend/tdpservice/urls.py](https://app.codecov.io/gh/raft-tech/TANF-app/pull/2967?src=pr&el=tree&filepath=tdrs-backend%2Ftdpservice%2Furls.py&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=raft-tech#diff-dGRycy1iYWNrZW5kL3RkcHNlcnZpY2UvdXJscy5weQ==) | `92.59% <ø> (ø)` | | | [tdrs-backend/tdpservice/security/views.py](https://app.codecov.io/gh/raft-tech/TANF-app/pull/2967?src=pr&el=tree&filepath=tdrs-backend%2Ftdpservice%2Fsecurity%2Fviews.py&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=raft-tech#diff-dGRycy1iYWNrZW5kL3RkcHNlcnZpY2Uvc2VjdXJpdHkvdmlld3MucHk=) | `76.19% <76.19%> (ø)` | | | [tdrs-backend/tdpservice/security/utils.py](https://app.codecov.io/gh/raft-tech/TANF-app/pull/2967?src=pr&el=tree&filepath=tdrs-backend%2Ftdpservice%2Fsecurity%2Futils.py&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=raft-tech#diff-dGRycy1iYWNrZW5kL3RkcHNlcnZpY2Uvc2VjdXJpdHkvdXRpbHMucHk=) | `64.28% <64.28%> (ø)` | | ... and [1 file with indirect coverage changes](https://app.codecov.io/gh/raft-tech/TANF-app/pull/2967/indirect-changes?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=raft-tech) ------ [Continue to review full report in Codecov by Sentry](https://app.codecov.io/gh/raft-tech/TANF-app/pull/2967?dropdown=coverage&src=pr&el=continue&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=raft-tech). > **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=raft-tech) > `Δ = absolute (impact)`, `ø = not affected`, `? = missing data` > Powered by [Codecov](https://app.codecov.io/gh/raft-tech/TANF-app/pull/2967?dropdown=coverage&src=pr&el=footer&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=raft-tech). Last update [79ec7eb...983aeb0](https://app.codecov.io/gh/raft-tech/TANF-app/pull/2967?dropdown=coverage&src=pr&el=lastupdated&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=raft-tech). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=raft-tech).

ADPennington commented 1 month ago

@raftmsohani I'm not too sure if I'm missing something, but here are my results:

tokenp1

note:

tried this after logging in via login.gov and via ams
also got the same results via swagger (below)

raftmsohani commented 1 month ago

@raftmsohani I'm not too sure if I'm missing something, but here are my results:

note:

tried this after logging in via login.gov and via ams

also got the same results via swagger (below)

@ADPennington : The first time error above is because you have / at the end. the second error looks like you have added the environment variable as a string. If you want to add the env var for TOKEN_EXPIRATION_HOURS

raft-tech / TANF-app