From 4d680e5fd10938d6b260b62ce1ef2b52685be127 Mon Sep 17 00:00:00 2001
From: Maikel Linke <maikel@email.org.au>
Date: Fri, 9 Feb 2024 17:13:27 +1100
Subject: [PATCH] Use recorded auth hash including all tokens

We want to store the access and refresh token as well.
---
 config/initializers/devise.rb                 | 10 +++-
 spec/fixtures/files/omniauth.auth.json        | 48 +++++++++++++++++++
 .../omniauth_callbacks_controller_spec.rb     | 12 ++---
 3 files changed, 60 insertions(+), 10 deletions(-)
 create mode 100644 spec/fixtures/files/omniauth.auth.json

diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index ab762473db..5c3c0ca585 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -145,7 +145,13 @@ end
 
 if ENV["OPENID_APP_ID"].present? && ENV["OPENID_APP_SECRET"].present?
   Devise.setup do |config|
-    protocol = Rails.env.development? ? "http://" : "https://"
+    site = if Rails.env.development?
+             # The lescommuns server accepts localhost:3000 as valid.
+             # So you can test in development.
+             "http://localhost:3000"
+           else
+             "https://#{ENV["SITE_URL"]}"
+           end
     config.omniauth :openid_connect, {
       name: :openid_connect,
       issuer: "https://login.lescommuns.org/auth/realms/data-food-consortium",
@@ -158,7 +164,7 @@ if ENV["OPENID_APP_ID"].present? && ENV["OPENID_APP_SECRET"].present?
       client_options: {
         identifier: ENV["OPENID_APP_ID"],
         secret: ENV["OPENID_APP_SECRET"],
-        redirect_uri: "#{protocol}#{ENV["SITE_URL"]}/user/spree_user/auth/openid_connect/callback",
+        redirect_uri: "#{site}/user/spree_user/auth/openid_connect/callback",
         jwks_uri: 'https://login.lescommuns.org/auth/realms/data-food-consortium/protocol/openid-connect/certs'
       }
     }
diff --git a/spec/fixtures/files/omniauth.auth.json b/spec/fixtures/files/omniauth.auth.json
new file mode 100644
index 0000000000..d89f690f04
--- /dev/null
+++ b/spec/fixtures/files/omniauth.auth.json
@@ -0,0 +1,48 @@
+{
+  "provider": "openid_connect",
+  "uid": "ofn@example.com",
+  "info": {
+    "name": "OFN Developer",
+    "email": "ofn@example.com",
+    "email_verified": false,
+    "nickname": "ofn@example.com",
+    "first_name": "OFN",
+    "last_name": "Developer",
+    "gender": null,
+    "image": null,
+    "phone": null,
+    "urls": {
+      "website": null
+    }
+  },
+  "credentials": {
+    "id_token": "ey...id_token...zg",
+    "token": "ey...token...9g",
+    "refresh_token": "ey...refresh_token...bk",
+    "expires_in": 1800,
+    "scope": "openid profile email"
+  },
+  "extra": {
+    "raw_info": {
+      "sub": "97da8027-a7a9-44c8-9cfd-ad639cec8630",
+      "email_verified": false,
+      "name": "OFN Developer",
+      "preferred_username": "ofn@example.com",
+      "given_name": "OFN",
+      "family_name": "Developer",
+      "email": "ofn@example.com",
+      "exp": 1707458565,
+      "iat": 1707456765,
+      "auth_time": 1707456763,
+      "jti": "00643994-5914-4699-96b0-2b4a308fca65",
+      "iss": "https://login.lescommuns.org/auth/realms/data-food-consortium",
+      "aud": "coopcircuits",
+      "typ": "ID",
+      "azp": "coopcircuits",
+      "nonce": "215831991b35c70d43fb2102ee78be55",
+      "session_state": "8b5725a1-e83a-4f78-a54b-36c5a2983dd4",
+      "at_hash": "RT8oVVJdFDiaytyDxHJLyQ",
+      "sid": "8b5725a1-e83a-4f78-a54b-36c5a2983dd4"
+    }
+  }
+}
diff --git a/spec/requests/omniauth_callbacks_controller_spec.rb b/spec/requests/omniauth_callbacks_controller_spec.rb
index 8c42f305c6..6c2034bfe7 100644
--- a/spec/requests/omniauth_callbacks_controller_spec.rb
+++ b/spec/requests/omniauth_callbacks_controller_spec.rb
@@ -19,15 +19,11 @@ describe '/user/spree_user/auth/openid_connect/callback', type: :request do
   end
 
   context 'when the omniauth setup is returning with an authorization' do
+    # The auth hash data has been observed by connecting to the Keycloak server
+    # https://login.lescommuns.org/.
     before do
       OmniAuth.config.mock_auth[:openid_connect] = OmniAuth::AuthHash.new(
-        'provider' => 'openid_connect',
-        'uid' => 'john@doe.com',
-        'info' => {
-          'email' => 'john@doe.com',
-          'first_name' => 'John',
-          'last_name' => 'Doe'
-        }
+        JSON.parse(file_fixture("omniauth.auth.json").read)
       )
     end
 
@@ -35,7 +31,7 @@ describe '/user/spree_user/auth/openid_connect/callback', type: :request do
       request!
 
       expect(user.provider).to eq "openid_connect"
-      expect(user.uid).to eq "john@doe.com"
+      expect(user.uid).to eq "ofn@example.com"
       expect(response.status).to eq(302)
     end
   end