Merge pull request #2402 from department-of-veterans-affairs/bastosmi…

…chael/okta_breaker_service Creating Okta Breaker Pattern
department-of-veterans-affairs · Oct 30, 2018 · 0aa516b · 0aa516b
2 parents 61fe45b + 8058431
commit 0aa516b
Show file tree

Hide file tree

Showing 9 changed files with 75 additions and 22 deletions.
diff --git a/app/controllers/openid_application_controller.rb b/app/controllers/openid_application_controller.rb
@@ -71,15 +71,10 @@ def validate_token
 
   def user_identity_from_profile(ttl)
     uid = token_payload['uid']
-    conn = Faraday.new(Settings.oidc.profile_api_url)
-    profile_response = conn.get do |req|
-      req.url uid
-      req.headers['Content-Type'] = 'application/json'
-      req.headers['Accept'] = 'application/json'
-      req.headers['Authorization'] = "SSWS #{Settings.oidc.profile_api_token}"
-    end
+    okta = Okta::Service.new
+    profile_response = okta.get_url_with_token(['api/v1/users', uid].join('/'))
     if profile_response.success?
-      profile = JSON.parse(profile_response.body)['profile']
+      profile = profile_response.body['profile']
       user_identity = UserIdentity.new(profile_to_attributes(token_payload, profile))
       user_identity.expire(ttl)
       user_identity

diff --git a/config/initializers/breakers.rb b/config/initializers/breakers.rb
@@ -20,6 +20,7 @@
 require 'rx/configuration'
 require 'sm/configuration'
 require 'search/configuration'
+require 'okta/configuration'
 
 require 'evss/claims_service'
 require 'evss/common_service'
@@ -54,7 +55,8 @@
   Preneeds::Configuration.instance.breakers_service,
   SM::Configuration.instance.breakers_service,
   Vet360::ContactInformation::Configuration.instance.breakers_service,
-  Search::Configuration.instance.breakers_service
+  Search::Configuration.instance.breakers_service,
+  Okta::Configuration.instance.breakers_service
 
 ]
 

diff --git a/config/settings.yml b/config/settings.yml
@@ -297,8 +297,8 @@ oidc:
   auth_server_metadata_url: ~
   issuer: ~
   audience: ~
-  profile_api_url: ~
-  profile_api_token: ~
+  base_api_url: ~
+  base_api_token: ~
 
 sentry:
   dsn: ~

diff --git a/lib/oidc/key_service.rb b/lib/oidc/key_service.rb
@@ -35,11 +35,11 @@ def self.refresh(expected_kid)
     end
 
     def self.fetch_keys
-      # TODO: handle errors/timeouts/empty response
-      metadata_response = Faraday.get Settings.oidc.auth_server_metadata_url
-      metadata = JSON.parse(metadata_response.body)
-      key_response = Faraday.get(metadata['jwks_uri'])
-      JSON.parse(key_response.body)
+      okta = Okta::Service.new
+      metadata_response = okta.get_url_with_token Settings.oidc.auth_server_metadata_url
+      metadata = metadata_response.body
+      key_response = okta.get_url_with_token metadata['jwks_uri']
+      key_response.body
     end
 
     def self.build_key(jwks_object)

diff --git a/lib/okta/configuration.rb b/lib/okta/configuration.rb
@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require 'common/client/configuration/rest'
+
+module Okta
+  class Configuration < Common::Client::Configuration::REST
+    def base_path
+      Settings.oidc.base_api_url || ''
+    end
+
+    def connection
+      @conn ||= Faraday.new(base_path) do |faraday|
+        faraday.use :breakers
+        faraday.response :json
+        faraday.adapter Faraday.default_adapter
+      end
+    end
+
+    def service_name
+      'OKTA'
+    end
+  end
+end
diff --git a/lib/okta/service.rb b/lib/okta/service.rb
@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+require 'common/client/base'
+
+module Okta
+  class Service < Common::Client::Base
+    include Common::Client::Monitoring
+
+    STATSD_KEY_PREFIX = 'api.okta'
+
+    configuration Okta::Configuration
+
+    def get_url_with_token(url)
+      connection.get do |req|
+        req.url url
+        req.headers['Content-Type'] = 'application/json'
+        req.headers['Accept'] = 'application/json'
+        req.headers['Authorization'] = "SSWS #{Settings.oidc.base_api_token}"
+      end
+    end
+  end
+end
diff --git a/spec/lib/oidc/key_service_spec.rb b/spec/lib/oidc/key_service_spec.rb
@@ -10,8 +10,8 @@
         Settings.oidc,
         auth_server_metadata_url: 'https://example.com/oauth2/default/.well-known/oauth-authorization-server',
         issuer: 'https://example.com/oauth2/default',
-        profile_api_url: 'https://example.com/api/v1/users/',
-        profile_api_token: 'token'
+        base_api_url: 'https://example.com/api/v1/',
+        base_api_token: 'token'
       ) do
         VCR.use_cassette('okta/keys') do
           out = described_class.fetch_keys
@@ -36,8 +36,8 @@
         Settings.oidc,
         auth_server_metadata_url: 'https://example.com/oauth2/default/.well-known/oauth-authorization-server',
         issuer: 'https://example.com/oauth2/default',
-        profile_api_url: 'https://example.com/api/v1/users/',
-        profile_api_token: 'token'
+        base_api_url: 'https://example.com/',
+        base_api_token: 'token'
       ) do
         VCR.use_cassette('okta/keys') do
           key = described_class.get_key('1Z0tNc4Hxs_n7ySgwb6YT8JgWpq0wezqupEg136FZHU')

diff --git a/spec/lib/okta/configuration_spec.rb b/spec/lib/okta/configuration_spec.rb
@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe Okta::Configuration do
+  describe '#service_name' do
+    it 'has the expected service name' do
+      expect(described_class.instance.service_name).to eq('OKTA')
+    end
+  end
+end
diff --git a/spec/rails_helper.rb b/spec/rails_helper.rb
@@ -56,8 +56,8 @@ def with_okta_configured(&block)
     auth_server_metadata_url: 'https://example.com/oauth2/default/.well-known/oauth-authorization-server',
     issuer: 'https://example.com/oauth2/default',
     audience: 'api://default',
-    profile_api_url: 'https://example.com/api/v1/users/',
-    profile_api_token: 'token'
+    base_api_url: 'https://example.com/',
+    base_api_token: 'token'
   ) do
     VCR.use_cassette('okta/metadata') do
       yield block