FSPT-342 - Disable JWT auth for Dev and Test envs as well as UAT

wjrm500 · wjrm500 · commit 43fcd56086b6 · 2025-05-01T17:40:18.000+01:00
We are planning to shut down the UAT environment to save on costs. FAB in Production currently uses Form Runner in UAT for previewing forms. We are now switching Prod FAB to use Test Runner instead of UAT Runner, so that Prod FAB is unaffected when UAT is shut down. However, in order to do this we need to make sure that the /publish endpoint is unprotected by JWT auth in Test, as it has been in UAT, because otherwise we cannot preview from Prod FAB. This is because Prod FAB uses Prod Authenticator which authenticates only within the Prod env, not across envs.

This is intended as a temporary measure to unblock UAT environment shutdown. Longer-term we plan to link Prod FAB to Prod Runner. This will allow this environment-conditional disabling of JWT auth to be rightfully abandoned, but requires some thought around ensuring that preview forms don't contaminate the production repository.
diff --git a/runner/src/server/plugins/engine/api/RegisterFormPublishApi.ts b/runner/src/server/plugins/engine/api/RegisterFormPublishApi.ts
@@ -244,9 +244,9 @@ export class RegisterFormPublishApi implements RegisterApi {
             }
         }
 
-        // TODO: Stop being naughty! Conditionally disabling auth for UAT env is a temporary measure for getting FAB
-        // into production
-        if (config.jwtAuthEnabled && config.jwtAuthEnabled === "true" && config.copilotEnv !== "uat") {
+        // TODO: Stop being naughty! Conditionally disabling auth for pre-prod envs is a temporary measure for getting
+        // FAB into production
+        if (config.jwtAuthEnabled && config.jwtAuthEnabled === "true" && config.copilotEnv === "prod") {
             getOptions.options.auth = jwtAuthStrategyName
         }
 
@@ -311,7 +311,7 @@ export class RegisterFormPublishApi implements RegisterApi {
                 handler: postHandler,
             }
         }
-        if (config.jwtAuthEnabled && config.jwtAuthEnabled === "true" && config.copilotEnv !== "uat") {
+        if (config.jwtAuthEnabled && config.jwtAuthEnabled === "true" && config.copilotEnv === "prod") {
             postConfig.options.auth = jwtAuthStrategyName
         }
         server.route(postConfig);

Original file line number	Diff line number	Diff line change
`@@ -244,9 +244,9 @@ export class RegisterFormPublishApi implements RegisterApi {`
`244`	`244`	`}`
`245`	`245`	`}`
`246`	`246`
`247`		`- // TODO: Stop being naughty! Conditionally disabling auth for UAT env is a temporary measure for getting FAB`
`248`		`- // into production`
`249`		`- if (config.jwtAuthEnabled && config.jwtAuthEnabled === "true" && config.copilotEnv !== "uat") {`
	`247`	`+ // TODO: Stop being naughty! Conditionally disabling auth for pre-prod envs is a temporary measure for getting`
	`248`	`+ // FAB into production`
	`249`	`+ if (config.jwtAuthEnabled && config.jwtAuthEnabled === "true" && config.copilotEnv === "prod") {`
`250`	`250`	`getOptions.options.auth = jwtAuthStrategyName`
`251`	`251`	`}`
`252`	`252`
`@@ -311,7 +311,7 @@ export class RegisterFormPublishApi implements RegisterApi {`
`311`	`311`	`handler: postHandler,`
`312`	`312`	`}`
`313`	`313`	`}`
`314`		`- if (config.jwtAuthEnabled && config.jwtAuthEnabled === "true" && config.copilotEnv !== "uat") {`
	`314`	`+ if (config.jwtAuthEnabled && config.jwtAuthEnabled === "true" && config.copilotEnv === "prod") {`
`315`	`315`	`postConfig.options.auth = jwtAuthStrategyName`
`316`	`316`	`}`
`317`	`317`	`server.route(postConfig);`