Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FS-5044 - Add role-based auth to FAB #303

Merged
merged 1 commit into from
Mar 6, 2025
Merged

FS-5044 - Add role-based auth to FAB #303

merged 1 commit into from
Mar 6, 2025

Conversation

wjrm500
Copy link
Contributor

@wjrm500 wjrm500 commented Feb 27, 2025
edited
Loading

Ticket

Add role-based auth to FAB

Description

Users must be a member of the "FSD_ADMIN" group in Azure AD to authenticate for FAB, as per TDA requirements.

How to test

Pre-requisites

  • Get the Funding Service repos cloned locally (see Docker Runner)
  • Checkout this branch in FAB repo

Auth success

  • Request to myself or Gideon that you are added to the "FSD_ADMIN" group on the test Azure AD tenant
  • Spin up database, FAB and Pre-Award containers locally
  • Go to https://fund-application-builder.levellingup.gov.localhost:3011/ in your browser (preferably in an incognito window to avoid any previous auth state)
  • Sign in with your Microsoft credentials
  • Confirm that you end up landing on the FAB home page, with "Fund application builder" in the black banner at the top

Auth failure

  • Replace "FSD_ADMIN" with some other random string in create_app.py, to ensure that you do not have the correct role
  • Spin up database, FAB and Pre-Award containers locally (see Docker Runner)
  • Go to https://fund-application-builder.levellingup.gov.localhost:3011/ in your browser (preferably in an incognito window to avoid any previous auth state)
  • Sign in with your Microsoft credentials
  • Confirm that you end up landing on a page in the Authenticator frontend with content that includes "Contact the Forms team on Slack at #funding-service-forms-support to request access."

@wjrm500 wjrm500 requested a review from gidsg February 27, 2025 18:02
@wjrm500 wjrm500 force-pushed the FS-5044_add-role-based-auth-to-fab branch from 0b1fb37 to 50a7408 Compare February 27, 2025 18:02
@wjrm500 wjrm500 force-pushed the FS-5044_add-role-based-auth-to-fab branch from 50a7408 to 28ee3fc Compare March 5, 2025 11:21
@nuwan-samarasinghe nuwan-samarasinghe force-pushed the FS-5044_add-role-based-auth-to-fab branch from 28ee3fc to e1368f3 Compare March 5, 2025 15:07
@wjrm500 wjrm500 force-pushed the FS-5044_add-role-based-auth-to-fab branch from e1368f3 to 5cee25f Compare March 6, 2025 10:15
@wjrm500 wjrm500 marked this pull request as draft March 6, 2025 10:36
@wjrm500 wjrm500 marked this pull request as ready for review March 6, 2025 15:05
@wjrm500 wjrm500 force-pushed the FS-5044_add-role-based-auth-to-fab branch from 5cee25f to e1fa84a Compare March 6, 2025 15:05
@wjrm500 wjrm500 force-pushed the FS-5044_add-role-based-auth-to-fab branch from e1fa84a to d4d78bb Compare March 6, 2025 16:44
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Mar 6, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@wjrm500 wjrm500 merged commit ea8b769 into main Mar 6, 2025
12 checks passed
@wjrm500 wjrm500 deleted the FS-5044_add-role-based-auth-to-fab branch March 6, 2025 17:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nuwan-samarasinghe nuwan-samarasinghe nuwan-samarasinghe approved these changes

@gidsg gidsg Awaiting requested review from gidsg

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wjrm500 @nuwan-samarasinghe