Merge pull request #233 from alphagov/msw/data-activities

Show DeanonymiseToken calls as data exchange activities on the security page
alphagov · Oct 22, 2020 · 31c9395 · 31c9395
2 parents b6ea494 + 071b750
commit 31c9395
Show file tree

Hide file tree

Showing 8 changed files with 66 additions and 11 deletions.
diff --git a/app/controllers/api/v1/deanonymise_token_controller.rb b/app/controllers/api/v1/deanonymise_token_controller.rb
@@ -13,6 +13,13 @@ def show
     elsif token.expired?
       head 410
     else
+      DataActivity.create!(
+        user_id: token.resource_owner_id,
+        oauth_application_id: token.application_id,
+        token: token.token,
+        scopes: token.scopes.to_a.join(" "),
+      )
+
       render json: {
         true_subject_identifier: token.resource_owner_id,
         pairwise_subject_identifier: Doorkeeper::OpenidConnect::UserInfo.new(token).claims[:sub],

diff --git a/app/controllers/security_controller.rb b/app/controllers/security_controller.rb
@@ -4,21 +4,21 @@ class SecurityController < ApplicationController
   def show
     @activity = current_user.security_activities.order(created_at: :desc)
     @data_exchanges = current_user
-      .access_grants
+      .data_activities
       .order(created_at: :desc)
-      .map { |g| grant_to_exchange(g) }
+      .map { |a| activity_to_exchange(a) }
       .compact
   end
 
 private
 
-  def grant_to_exchange(grant)
-    scopes = grant.scopes.map(&:to_sym) - ScopeDefinition.new.hidden_scopes
+  def activity_to_exchange(activity)
+    scopes = activity.scopes.split(" ").map(&:to_sym) - ScopeDefinition.new.hidden_scopes
     return if scopes.empty?
 
     {
-      application_name: grant.application.name,
-      created_at: grant.created_at,
+      application_name: activity.oauth_application.name,
+      created_at: activity.created_at,
       scopes: scopes,
     }
   end

diff --git a/app/models/data_activity.rb b/app/models/data_activity.rb
@@ -0,0 +1,6 @@
+class DataActivity < ApplicationRecord
+  belongs_to :user
+
+  belongs_to :oauth_application,
+             class_name: "Doorkeeper::Application"
+end
diff --git a/app/models/user.rb b/app/models/user.rb
@@ -28,6 +28,9 @@ def send_devise_notification(notification, *args)
            foreign_key: :resource_owner_id,
            dependent: :destroy
 
+  has_many :data_activities,
+           dependent: :destroy
+
   has_many :security_activities,
            dependent: :destroy
 

diff --git a/db/migrate/20201022082056_create_data_activity.rb b/db/migrate/20201022082056_create_data_activity.rb
@@ -0,0 +1,15 @@
+class CreateDataActivity < ActiveRecord::Migration[6.0]
+  def change
+    create_table :data_activities do |t|
+      t.references :user,              null: false
+      t.references :oauth_application, null: false
+      t.string     :token,             null: false
+      t.string     :scopes,            null: false
+
+      t.timestamps null: false
+    end
+
+    add_foreign_key :data_activities, :users, column: :user_id
+    add_foreign_key :data_activities, :oauth_applications, column: :oauth_application_id
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 2020_10_22_075518) do
+ActiveRecord::Schema.define(version: 2020_10_22_082056) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "pgcrypto"
@@ -23,6 +23,17 @@
     t.index ["application_uid"], name: "index_application_keys_on_application_uid"
   end
 
+  create_table "data_activities", force: :cascade do |t|
+    t.bigint "user_id", null: false
+    t.bigint "oauth_application_id", null: false
+    t.string "token", null: false
+    t.string "scopes", null: false
+    t.datetime "created_at", precision: 6, null: false
+    t.datetime "updated_at", precision: 6, null: false
+    t.index ["oauth_application_id"], name: "index_data_activities_on_oauth_application_id"
+    t.index ["user_id"], name: "index_data_activities_on_user_id"
+  end
+
   create_table "email_subscriptions", force: :cascade do |t|
     t.bigint "user_id", null: false
     t.string "topic_slug", null: false
@@ -151,6 +162,8 @@
     t.index ["unlock_token"], name: "index_users_on_unlock_token", unique: true
   end
 
+  add_foreign_key "data_activities", "oauth_applications"
+  add_foreign_key "data_activities", "users"
   add_foreign_key "email_subscriptions", "users"
   add_foreign_key "login_states", "users"
   add_foreign_key "oauth_access_grants", "oauth_applications", column: "application_id"

diff --git a/spec/factories/activities.rb b/spec/factories/activities.rb
@@ -5,4 +5,7 @@
     client_id { "MyString" }
     ip_address { "MyString" }
   end
+
+  factory :data_activity do
+  end
 end
diff --git a/spec/requests/data_exchange_spec.rb b/spec/requests/data_exchange_spec.rb
@@ -12,15 +12,23 @@
     )
   end
 
-  let!(:access_grant) do
+  let(:token) do
     FactoryBot.create(
-      :oauth_access_grant,
+      :oauth_access_token,
       resource_owner_id: user.id,
       application_id: application.id,
+      scopes: application.scopes,
+    )
+  end
+
+  let!(:activity) do
+    FactoryBot.create(
+      :data_activity,
+      user_id: user.id,
+      oauth_application_id: application.id,
       created_at: Time.zone.now,
       scopes: "openid email transition_checker",
-      redirect_uri: "https://www.gov.uk",
-      expires_in: 600,
+      token: token.token,
     )
   end