Merge pull request #3 from hmrc/API-1345

Api 1345 Ability for End-User to view a list of Authorised Applications

Author: tom59

app/connectors/DelegatedAuthorityConnector.scala

@@ -0,0 +1,37 @@
+/*
+ * Copyright 2016 HM Revenue & Customs
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package connectors
+
+import config.WSHttp
+import models.AppAuthorisation
+import uk.gov.hmrc.play.config.ServicesConfig
+import uk.gov.hmrc.play.http.{HeaderCarrier, HttpGet, HttpPost}
+
+trait DelegatedAuthorityConnector {
+
+  val delegatedAuthorityUrl: String
+  val http: HttpPost with HttpGet
+
+  def fetchApplicationAuthorities()(implicit hc: HeaderCarrier) = {
+    http.GET[Seq[AppAuthorisation]](s"$delegatedAuthorityUrl/authority/granted-applications")
+  }
+}
+
+object DelegatedAuthorityConnector extends DelegatedAuthorityConnector with ServicesConfig {
+  override val delegatedAuthorityUrl = s"${baseUrl("third-party-delegated-authority")}"
+  override val http = WSHttp
+}

app/controllers/Revocation.scala

@@ -16,6 +16,7 @@
 
 package controllers
 
+import connectors.DelegatedAuthorityConnector
 import play.api.mvc.Action
 import uk.gov.hmrc.play.frontend.auth.connectors.AuthConnector
 import uk.gov.hmrc.play.frontend.controller.FrontendController
@@ -26,16 +27,19 @@ import scala.concurrent.Future
 trait Revocation extends FrontendController with Authentication {
 
   val authConnector: AuthConnector
+  val delegatedAuthorityConnector: DelegatedAuthorityConnector
 
   val start = Action.async { implicit request =>
     Future.successful(Ok(views.html.revocation.start()))
   }
 
   val listAuthorizedApplications = authenticated.async { implicit user => implicit request =>
-    Future.successful(Ok(views.html.revocation.authorizedApplications()))
+    delegatedAuthorityConnector.fetchApplicationAuthorities()
+      .map(applications => Ok(views.html.revocation.authorizedApplications(applications)))
   }
 }
 
 object Revocation extends Revocation {
   override val authConnector = FrontendAuthConnector
+  override val delegatedAuthorityConnector = DelegatedAuthorityConnector
 }

app/models/Authority.scala

@@ -0,0 +1,40 @@
+/*
+ * Copyright 2016 HM Revenue & Customs
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package models
+
+import org.joda.time.DateTime
+import play.api.libs.json.Json
+
+case class Scope(key: String, name: String, description: String)
+
+object Scope {
+  implicit val format = Json.format[Scope]
+}
+
+case class ThirdPartyApplication(id: String, name: String)
+
+object ThirdPartyApplication {
+  implicit val format = Json.format[ThirdPartyApplication]
+}
+
+case class AppAuthorisation(application: ThirdPartyApplication,
+                            scopes: Set[Scope],
+                            earliestGrantDate: DateTime)
+
+object AppAuthorisation {
+  implicit val format = Json.format[AppAuthorisation]
+}

app/views/govuk_wrapper.scala.html

@@ -29,7 +29,7 @@
 
 @insideHeader = {
     @uiLayouts.header_nav(
-      navTitle = None,
+      navTitle = Some("Data permissions withdrawal"),
       navTitleLink = None,
       showBetaLink = false,
       navLinks = Some(headerNavLinks))

app/views/revocation/authorizedApplications.scala.html

@@ -1,4 +1,5 @@
-@()(implicit request: Request[_])
+@import org.joda.time.format.DateTimeFormat
+@(applications: Seq[AppAuthorisation])(implicit request: Request[_])
 
 @body = {
 
@@ -8,57 +9,46 @@
             <h1>Authorised software applications</h1>
         </header>
 
-        <p>You have granted permission to the following software applications to access HMRC data. You can with withdraw this permission at any time.</p>
-
-        <ul>
-            <li>
-                <details>
-                    <summary>Lion</summary>
-                    <div class="panel-indent">
-                        <p>
-                            <strong>This application can perform the following actions in relation to HMRC data:</strong>
-                        </p>
-                        <ul class="bullets">
-                            <li>access national insurance information</li>
-                            <li>access tax account information</li>
-                            <li>access income information</li>
-                            <li>access benefits information</li>
-                        </ul>
-                        <p>
-                            <strong>Permission granted on:</strong> 6 April 2016
-                        </p>
-                        <form action="">
-                            <input type="submit" class="button" value="Withdraw permission"/>
-                        </form>
-                    </div>
-                </details>
-            </li>
-            <li>
-                <details>
-                    <summary>Fast Trax Tax</summary>
-                    <div class="panel-indent">
-                        <p>
-                            <strong>Has access to your clients' data relating to:</strong>
-                        </p>
-                        <ul class="bullets">
-                            <li>access income information</li>
-                            <li>access benefits information</li>
-                        </ul>
-                        <p>
-                            <strong>Permission granted on:</strong> 21 January 2015
-                        </p>
-                        <form action="">
-                            <input type="submit" class="button" value="Withdraw permission"/>
-                        </form>
-                    </div>
-                </details>
-            </li>
-        </ul>
-
-        <p class="faded-text">You can grant permission to software to access data in the software application itself.</p>
-
+        @if(applications.isEmpty) {
+            <p data-info-message>There are currently no applications which have access to HMRC data. If you want to grant permission to an application, you must do so in the application itself.</p>
+        } else {
+            <p data-info-message>You have granted permission to the following software applications to access HMRC data. You can with withdraw this permission at any time.</p>
+
+            @defining(DateTimeFormat.forPattern("dd MMMM yyyy")) { dateFormatter =>
+                <ul>
+                    @for(application <- applications) {
+                        <li>
+                            <details data-@{application.application.id}>
+                                <summary data-name-@{application.application.id}>
+                                    @{application.application.name}
+                                </summary>
+                                <div class="panel-indent">
+                                    <p>
+                                        <strong>This application can perform the following actions in relation to HMRC data:</strong>
+                                    </p>
+                                    <ul class="bullets">
+                                    @for(scope <- application.scopes) {
+                                        <li data-scope-@{application.application.id}='@{scope.key}'>
+                                            @{scope.description}
+                                        </li>
+                                    }
+                                    </ul>
+                                    <p data-grant-date-@{application.application.id}>
+                                        <strong>Permission granted on:</strong> @{dateFormatter.print(application.earliestGrantDate)}
+                                    </p>
+                                    <form action="">
+                                        <input type="submit" class="button" value="Withdraw permission"/>
+                                    </form>
+                                </div>
+                            </details>
+                        </li>
+                    }
+                </ul>
+            }
+
+            <p class="faded-text">You can grant permission to software to access data in the software application itself.</p>
+        }
     </div>
-
 }
 
 @main_template(title = "Authorised software applications", bodyClasses = None) {

conf/application.conf

@@ -36,6 +36,11 @@ microservice {
           host = localhost
           port = 8500
         }
+
+        third-party-delegated-authority {
+          host = localhost
+          port = 9606
+        }
     }
 }
 

test/acceptance/BaseSpec.scala

@@ -41,6 +41,8 @@ trait BaseSpec extends FeatureSpec with BeforeAndAfterAll with BeforeAndAfterEac
         "auditing.traceRequests" -> false,
         "microservice.services.auth.host" -> stubHost,
         "microservice.services.auth.port" -> stubPort,
+        "microservice.services.third-party-delegated-authority.host" -> stubHost,
+        "microservice.services.third-party-delegated-authority.port" -> stubPort,
         "api-revocation-frontend.host" -> "",
         "ca-frontend.host" -> s"http://localhost:$stubPort"
       ))

test/acceptance/NavigationSugar.scala

@@ -16,13 +16,12 @@
 
 package acceptance
 
-import acceptance.{WebLink, WebPage}
 import org.openqa.selenium.support.ui.{ExpectedCondition, WebDriverWait}
 import org.openqa.selenium.{By, WebDriver, WebElement}
-import org.scalatest.{Assertions, Matchers}
 import org.scalatest.concurrent.Eventually
 import org.scalatest.selenium.WebBrowser
 import org.scalatest.selenium.WebBrowser.{go => goo}
+import org.scalatest.{Assertions, Matchers}
 
 trait NavigationSugar extends WebBrowser with Eventually with Assertions with Matchers {
 
@@ -35,6 +34,14 @@ trait NavigationSugar extends WebBrowser with Eventually with Assertions with Ma
     goo to page
   }
 
+  def clickOnElement(selectorId: String)(implicit webDriver: WebDriver) = {
+    webDriver.findElement(By.cssSelector(s"[$selectorId]")).click()
+  }
+
+  def verifyText(selectorId: String, expected: String)(implicit webDriver: WebDriver) = {
+    webDriver.findElement(By.cssSelector(s"[$selectorId]")).getText contains expected
+  }
+
   def redirectedTo(page: WebLink)(implicit webDriver: WebDriver) = {
     assertResult(page.url)(webDriver.getCurrentUrl)
   }

test/acceptance/specs/AuthorizedApplicationsSpec.scala

@@ -16,29 +16,65 @@
 
 package acceptance.specs
 
-import acceptance.BaseSpec
-import acceptance.pages.{LoginPage, AuthorizedApplicationsPage}
-import acceptance.stubs.LoginStub
+import acceptance.pages.{AuthorizedApplicationsPage, LoginPage}
+import acceptance.stubs.{DelegatedAuthorityStub, LoginStub}
+import acceptance.{BaseSpec, NavigationSugar}
+import models.{AppAuthorisation, Scope, ThirdPartyApplication}
+import org.joda.time.DateTime
 
-class AuthorizedApplicationsSpec extends BaseSpec {
+class AuthorizedApplicationsSpec extends BaseSpec with NavigationSugar {
 
   feature("Logged in") {
 
     scenario("User is redirected to the sign in page when not logged in") {
 
       go(AuthorizedApplicationsPage)
-
       redirectedTo(LoginPage)
     }
 
     scenario("User sees his authorized applications when logged in") {
 
+      val applications = Seq(
+        applicationAuthority("firstAppId", "First Application",
+          Set(Scope("read:api-1", "scope name", "Access personal information"),
+              Scope("read:api-3", "scope name", "Access tax information")), DateTime.now),
+
+        applicationAuthority("secondAppId", "Second Application",
+          Set(Scope("read:api-2", "scope name", "Access confidential information")), DateTime.now.minusDays(2)),
+
+        applicationAuthority("thirdAppId", "Third Application",
+          Set(), DateTime.now.minusMonths(2))
+      )
+
       LoginStub.stubSuccessfulLogin()
+      DelegatedAuthorityStub.stubSuccessfulFetchApplicationAuthorities(applications)
 
       go(AuthorizedApplicationsPage)
+      on(AuthorizedApplicationsPage)
+
+      verifyText("data-info-message", "You have granted permission to the following software applications to access HMRC data. You can with withdraw this permission at any time.")
+      applications.foreach(assertApplication)
+    }
 
+    scenario("User sees correct message if there are not authorized applications") {
+      LoginStub.stubSuccessfulLogin()
+      DelegatedAuthorityStub.stubSuccessfulFetchApplicationAuthorities(Seq.empty)
+
+      go(AuthorizedApplicationsPage)
       on(AuthorizedApplicationsPage)
+
+      verifyText("data-info-message", "There are currently no applications which have access to HMRC data. If you want to grant permission to an application, you must do so in the application itself.")
     }
+  }
+
+  private def assertApplication(app: AppAuthorisation) = {
+    verifyText(s"data-name-${app.application.id}", app.application.name)
+    clickOnElement(s"data-name-${app.application.id}")
+    app.scopes.foreach(scope => verifyText(s"data-scope-${app.application.id}='${scope.key}'", scope.description))
+    verifyText(s"data-grant-date-${app.application.id}", app.earliestGrantDate.toString("dd MMMM yyyy"))
+  }
 
+  private def applicationAuthority(appId: String, appName: String, scopes: Set[Scope], earliestGrantDate: DateTime) = {
+    AppAuthorisation(ThirdPartyApplication(appId, appName), scopes, earliestGrantDate)
   }
 }

test/acceptance/stubs/DelegatedAuthorityStub.scala

@@ -0,0 +1,51 @@
+/*
+ * Copyright 2016 HM Revenue & Customs
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package acceptance.stubs
+
+import com.github.tomakehurst.wiremock.client.WireMock._
+import models.{Scope, AppAuthorisation}
+
+object DelegatedAuthorityStub {
+  def stubSuccessfulFetchApplicationAuthorities(applications: Seq[AppAuthorisation]) = {
+
+    def toScopeJson(scope: Scope) =
+      s"""
+         |{
+         |  "key":"${scope.key}",
+         |  "name":"${scope.name}",
+         |  "description":"${scope.description}"
+         |}
+         """.stripMargin
+
+    def toAppJson(application: AppAuthorisation) = {
+      s"""
+         |{
+         |  "application" : {
+         |    "id":"${application.application.id}",
+         |    "name":"${application.application.name}"
+         |    },
+         |  "scopes": [${application.scopes.map(toScopeJson).mkString(",")}],
+         |  "earliestGrantDate":${application.earliestGrantDate.getMillis}
+         |}
+       """.stripMargin
+    }
+
+    stubFor(get(urlEqualTo(s"/authority/granted-applications")).willReturn(
+      aResponse().withStatus(200).withBody(
+        s"""[${applications.map(toAppJson).mkString(",")}]""".stripMargin)))
+  }
+}