raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-01-11 18:26:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Authenticate only as platform to call webhooks

Browse Source
This commit is contained in:
Maikel Linke
2025-12-05 11:14:00 +11:00
parent d811103a71
commit 2e62531232
3 changed files with 56 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
engines/dfc_provider/app/controllers/dfc_provider/events_controller.rb
View File

@@ -13,6 +13,15 @@ module DfcProvider
# It means that our permissions to access data on another platform changed. # It means that our permissions to access data on another platform changed.
# We will need to pull the updated data. # We will need to pull the updated data.
def create def create
unless current_user.is_a? ApiUser
unauthorized "You need to authenticate as authorised platform (client_id)."
return
end
unless current_user.id == "lf-dev"
unauthorized "Your client_id is not authorised on this platform."
return
end
event = JSON.parse(request.body.read) event = JSON.parse(request.body.read)
enterprises_url = event["enterpriseUrlid"] enterprises_url = event["enterpriseUrlid"]
@@ -23,7 +32,18 @@ module DfcProvider
} }
return return
end end
render json: { success: true } render json: { success: true }
end end
private
def unauthorized(message)
render_message(:unauthorized, message)
end
def render_message(status, message)
render status:, json: { success: false, message: }
end
end end
end end

30
engines/dfc_provider/spec/requests/events_spec.rb
View File

@@ -3,9 +3,11 @@
require_relative "../swagger_helper" require_relative "../swagger_helper"
RSpec.describe "Events", swagger_doc: "dfc.yaml" do RSpec.describe "Events", swagger_doc: "dfc.yaml" do
let!(:user) { create(:oidc_user) } include_context "authenticated as platform" do
let(:access_token) {
before { login_as user } file_fixture("fdc_access_token.jwt").read
}
end
path "/api/dfc/events" do path "/api/dfc/events" do
post "Create Event" do post "Create Event" do
@@ -45,6 +47,28 @@ RSpec.describe "Events", swagger_doc: "dfc.yaml" do
end end
end end
response "401", "unauthorised" do
describe "as normal user" do
let(:Authorization) { nil }
let(:event) { { eventType: "refresh" } }
before { login_as create(:oidc_user) }
run_test!
end
describe "as other platform" do
let(:access_token) {
file_fixture("startinblox_access_token.jwt").read
}
let(:event) { { eventType: "refresh" } }
before { login_as create(:oidc_user) }
run_test!
end
end
response "200", "success" do response "200", "success" do
let(:event) do |example| let(:event) do |example|
example.metadata[:operation][:parameters].first[:schema][:example] example.metadata[:operation][:parameters].first[:schema][:example]

9
swagger/dfc.yaml
View File

@@ -595,6 +595,15 @@ paths:
value: value:
success: false success: false
message: Missing parameter `enterpriseUrlid` message: Missing parameter `enterpriseUrlid`
'401':
description: unauthorised
content:
application/json:
examples:
test_example:
value:
success: false
message: Your client_id is not authorised on this platform.
'200': '200':
description: success description: success
content: content: