Accept short client ids in tokens

2026-02-26 01:33:22 +00:00 · 2025-11-14 10:00:06 +11:00
parent d7f4a5c874
commit aaad1bc0b3
4 changed files with 27 additions and 1 deletions
--- a/engines/dfc_provider/app/services/api_user.rb
+++ b/engines/dfc_provider/app/services/api_user.rb
@@ -36,8 +36,11 @@ class ApiUser
  end

  def self.from_client_id(client_id)
-    id = CLIENT_MAP[client_id]
+    # Some tokens contain a short client id:
+    return new(client_id) if PLATFORMS.key?(client_id)

+    # Some tokens have a full URI to identify the client:
+    id = CLIENT_MAP[client_id]
    new(id) if id
  end

--- a/engines/dfc_provider/spec/services/api_user_spec.rb
+++ b/engines/dfc_provider/spec/services/api_user_spec.rb
@@ -5,6 +5,20 @@ require_relative "../spec_helper"
 RSpec.describe ApiUser do
  subject(:user) { described_class.new("cqcm-dev") }

+  describe ".from_client_id" do
+    it "finds by URI" do
+      uri = "https://api.proxy-dev.cqcm.startinblox.com/profile"
+      user = ApiUser.from_client_id(uri)
+      expect(user.id).to eq "cqcm-dev"
+    end
+
+    it "finds by short id" do
+      uri = "lf-dev"
+      user = ApiUser.from_client_id(uri)
+      expect(user.id).to eq "lf-dev"
+    end
+  end
+
  describe "#customers" do
    it "returns nothing" do
      expect(user.customers).to be_empty
--- a/engines/dfc_provider/spec/services/authorization_control_spec.rb
+++ b/engines/dfc_provider/spec/services/authorization_control_spec.rb
@@ -25,6 +25,14 @@ RSpec.describe AuthorizationControl do
      end
    end

+    it "accepts a token from FDC" do
+      sib_token = file_fixture("fdc_access_token.jwt").read
+
+      travel_to(Date.parse("2025-06-13")) do
+        expect(auth(oidc_token: sib_token).user.id).to eq "lf-dev"
+      end
+    end
+
    it "finds the right user" do
      create(:oidc_user) # another user
      token = allow_token_for(email: user.email)
--- a/spec/fixtures/files/fdc_access_token.jwt
+++ b/spec/fixtures/files/fdc_access_token.jwt
@@ -0,0 +1 @@
+eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJ6MUNyNk1ZT3dtVl8zNUJLMGs1ZFlSUEphUTZ6RWcyZW9oRGgtYVR5N0NVIn0.eyJleHAiOjE3NjI5NzYxNjcsImlhdCI6MTc2Mjk3NTg2NywianRpIjoidHJydGNjOjQzZTI4YzY0LTI2ZjItMmQ5OS0yN2U4LTI1ZDg3N2I5MmMxMCIsImlzcyI6Imh0dHBzOi8vbG9naW4uZm9vZGRhdGFjb2xsYWJvcmF0aW9uLm9yZy51ay9yZWFsbXMvZGV2IiwiYXVkIjoiYWNjb3VudCIsInN1YiI6IjFkNjdlODRlLWVkYTgtNDI5Yy05Mjc0LTQ4NTMyNDExODQ4NyIsInR5cCI6IkJlYXJlciIsImF6cCI6ImxmLWRldiIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cHM6Ly9hcGkuYmV0YS5saXRlZmFybS5vcmcvIiwiaHR0cHM6Ly9sb2NhbGhvc3Q6NTAwMS8iXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbImRlZmF1bHQtcm9sZXMtZGV2Iiwib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImxmLWRldiI6eyJyb2xlcyI6WyJ1bWFfcHJvdGVjdGlvbiJdfSwiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJwcm9maWxlIGVtYWlsIiwiY2xpZW50SG9zdCI6IjEwLjAuMC4yIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJzZXJ2aWNlLWFjY291bnQtbGYtZGV2IiwiY2xpZW50QWRkcmVzcyI6IjEwLjAuMC4yIiwiY2xpZW50X2lkIjoibGYtZGV2In0.YRro7Djz5YsjpRpgJNo5z4K4fyNTgCMuf4I9AU8iG0pAr7yYe-KUJEhoj6iVvJWTDJ_s-FL8UCZHWu0iaSt6dYl3thwK8vxT5MAjdJMPI9-TMT8AlS4IeJngQYYj72Enys6W1anKGIMO7dgIe7fP4WaCIxHTQqHNmJy7GIW9RnVwz6TmpFFuDxBrryq7Jjvy8BhtqiN4niwAV-oFrZJnSmnjJzKpCnKzeyd2AMDgxf2BXSW671nr3dk-QYcgTlBSa_6OfNzETgNtbpWrcPDhC6oHsLV8rmGO4mnD7Fg0o_f7lLomvocbaEkmXzY2suCpF4J2d-XuitQBhriKFqJMGw
				`@@ -0,0 +1 @@`
				eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJ6MUNyNk1ZT3dtVl8zNUJLMGs1ZFlSUEphUTZ6RWcyZW9oRGgtYVR5N0NVIn0.eyJleHAiOjE3NjI5NzYxNjcsImlhdCI6MTc2Mjk3NTg2NywianRpIjoidHJydGNjOjQzZTI4YzY0LTI2ZjItMmQ5OS0yN2U4LTI1ZDg3N2I5MmMxMCIsImlzcyI6Imh0dHBzOi8vbG9naW4uZm9vZGRhdGFjb2xsYWJvcmF0aW9uLm9yZy51ay9yZWFsbXMvZGV2IiwiYXVkIjoiYWNjb3VudCIsInN1YiI6IjFkNjdlODRlLWVkYTgtNDI5Yy05Mjc0LTQ4NTMyNDExODQ4NyIsInR5cCI6IkJlYXJlciIsImF6cCI6ImxmLWRldiIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cHM6Ly9hcGkuYmV0YS5saXRlZmFybS5vcmcvIiwiaHR0cHM6Ly9sb2NhbGhvc3Q6NTAwMS8iXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbImRlZmF1bHQtcm9sZXMtZGV2Iiwib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImxmLWRldiI6eyJyb2xlcyI6WyJ1bWFfcHJvdGVjdGlvbiJdfSwiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJwcm9maWxlIGVtYWlsIiwiY2xpZW50SG9zdCI6IjEwLjAuMC4yIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJzZXJ2aWNlLWFjY291bnQtbGYtZGV2IiwiY2xpZW50QWRkcmVzcyI6IjEwLjAuMC4yIiwiY2xpZW50X2lkIjoibGYtZGV2In0.YRro7Djz5YsjpRpgJNo5z4K4fyNTgCMuf4I9AU8iG0pAr7yYe-KUJEhoj6iVvJWTDJ_s-FL8UCZHWu0iaSt6dYl3thwK8vxT5MAjdJMPI9-TMT8AlS4IeJngQYYj72Enys6W1anKGIMO7dgIe7fP4WaCIxHTQqHNmJy7GIW9RnVwz6TmpFFuDxBrryq7Jjvy8BhtqiN4niwAV-oFrZJnSmnjJzKpCnKzeyd2AMDgxf2BXSW671nr3dk-QYcgTlBSa_6OfNzETgNtbpWrcPDhC6oHsLV8rmGO4mnD7Fg0o_f7lLomvocbaEkmXzY2suCpF4J2d-XuitQBhriKFqJMGw