Merge pull request #204 from navikt/RunningLocal_kan_ha_3_verdier

isRunningLocal kan ha 3 verdier (local, test, nais)

common/src/main/kotlin/no/nav/su/se/bakover/common/Config.kt

@@ -37,7 +37,7 @@ private object EnvironmentConfig {
 }
 
 data class ApplicationConfig(
-    val isRunningLocally: Boolean,
+    val runtimeEnvironment: RuntimeEnvironment,
     val leaderPodLookupPath: String,
     val pdfgenLocal: Boolean,
     val corsAllowOrigin: String,
@@ -48,6 +48,11 @@ data class ApplicationConfig(
     val clientsConfig: ClientsConfig,
     val kafkaConfig: KafkaConfig,
 ) {
+    enum class RuntimeEnvironment {
+        Test,
+        Local,
+        Nais
+    }
 
     data class ServiceUserConfig(
         val username: String,
@@ -357,7 +362,7 @@ data class ApplicationConfig(
         fun createConfig() = if (isRunningLocally()) createLocalConfig() else createFromEnvironmentVariables()
 
         fun createFromEnvironmentVariables() = ApplicationConfig(
-            isRunningLocally = false,
+            runtimeEnvironment = RuntimeEnvironment.Nais,
             leaderPodLookupPath = getEnvironmentVariableOrThrow("ELECTOR_PATH"),
             pdfgenLocal = false,
             corsAllowOrigin = getEnvironmentVariableOrThrow("ALLOW_CORS_ORIGIN"),
@@ -370,7 +375,7 @@ data class ApplicationConfig(
         )
 
         fun createLocalConfig() = ApplicationConfig(
-            isRunningLocally = true,
+            runtimeEnvironment = RuntimeEnvironment.Local,
             leaderPodLookupPath = "",
             pdfgenLocal = getEnvironmentVariableOrDefault("PDFGEN_LOCAL", "false").toBoolean(),
             corsAllowOrigin = "localhost:1234",

common/src/test/kotlin/no/nav/su/se/bakover/common/ApplicationConfigTest.kt

@@ -8,7 +8,7 @@ import org.junit.jupiter.api.Test
 internal class ApplicationConfigTest {
 
     private val expectedApplicationConfig = ApplicationConfig(
-        isRunningLocally = false,
+        runtimeEnvironment = ApplicationConfig.RuntimeEnvironment.Nais,
         leaderPodLookupPath = "leaderPodLookupPath",
         pdfgenLocal = false,
         corsAllowOrigin = "corsAllowOrigin",
@@ -152,7 +152,7 @@ internal class ApplicationConfigTest {
             )
         ) {
             ApplicationConfig.createLocalConfig() shouldBe expectedApplicationConfig.copy(
-                isRunningLocally = true,
+                runtimeEnvironment = ApplicationConfig.RuntimeEnvironment.Local,
                 corsAllowOrigin = "localhost:1234",
                 leaderPodLookupPath = "",
                 serviceUser = ApplicationConfig.ServiceUserConfig(

web/src/main/kotlin/no/nav/su/se/bakover/web/Application.kt

@@ -98,7 +98,7 @@ internal fun Application.susebakover(
     applicationConfig: ApplicationConfig = ApplicationConfig.createConfig(),
     databaseRepos: DatabaseRepos = DatabaseBuilder.build(behandlingFactory, applicationConfig.database),
     jmsConfig: JmsConfig = JmsConfig(applicationConfig),
-    clients: Clients = if (applicationConfig.isRunningLocally) StubClientsBuilder.build(applicationConfig) else ProdClientsBuilder(
+    clients: Clients = if (applicationConfig.runtimeEnvironment != ApplicationConfig.RuntimeEnvironment.Nais) StubClientsBuilder.build(applicationConfig) else ProdClientsBuilder(
         jmsConfig,
         clock = clock,
     ).build(applicationConfig),
@@ -249,7 +249,7 @@ internal fun Application.susebakover(
         behandlingService = services.behandling,
         clock = clock,
     )
-    if (!applicationConfig.isRunningLocally) {
+    if (applicationConfig.runtimeEnvironment == ApplicationConfig.RuntimeEnvironment.Nais) {
         UtbetalingKvitteringIbmMqConsumer(
             kvitteringQueueName = applicationConfig.oppdrag.utbetaling.mqReplyTo,
             globalJmsContext = jmsConfig.jmsContext,

web/src/main/kotlin/no/nav/su/se/bakover/web/AuthenticationConfig.kt

@@ -8,6 +8,7 @@ import io.ktor.auth.jwt.JWTPrincipal
 import io.ktor.auth.jwt.jwt
 import no.nav.su.se.bakover.client.azure.OAuth
 import no.nav.su.se.bakover.common.ApplicationConfig
+import no.nav.su.se.bakover.web.stubs.JwkProviderStub
 import java.net.URL
 import java.util.concurrent.TimeUnit
 
@@ -17,14 +18,18 @@ internal fun Application.configureAuthentication(
 ) {
     val jwkConfig = oAuth.jwkConfig()
     val jwkProvider =
-        JwkProviderBuilder(URL(jwkConfig.getString("jwks_uri")))
-            .cached(10, 24, TimeUnit.HOURS) // cache up to 10 JWKs for 24 hours
-            .rateLimited(
-                10,
-                1,
-                TimeUnit.MINUTES
-            ) // if not cached, only allow max 10 different keys per minute to be fetched from external provider
-            .build()
+        if (applicationConfig.runtimeEnvironment == ApplicationConfig.RuntimeEnvironment.Test) {
+            JwkProviderStub
+        } else {
+            JwkProviderBuilder(URL(jwkConfig.getString("jwks_uri")))
+                .cached(10, 24, TimeUnit.HOURS) // cache up to 10 JWKs for 24 hours
+                .rateLimited(
+                    10,
+                    1,
+                    TimeUnit.MINUTES
+                ) // if not cached, only allow max 10 different keys per minute to be fetched from external provider
+                .build()
+        }
 
     install(Authentication) {
         jwt("jwt") {

web/src/main/kotlin/no/nav/su/se/bakover/web/Extensions.kt

@@ -31,7 +31,7 @@ internal fun getGroupsFromJWT(applicationConfig: ApplicationConfig, credential:
 
 private fun getGroupsFromJWT(applicationConfig: ApplicationConfig, payload: Payload): List<String> =
     // Token som genereres lokalt (av navikt/oauth2-mock-server) vil ikke inneholde gruppene, så vi legger dem på her
-    if (applicationConfig.isRunningLocally) {
+    if (applicationConfig.runtimeEnvironment == ApplicationConfig.RuntimeEnvironment.Local) {
         applicationConfig.azure.groups.let {
             listOf(
                 it.veileder,

web/src/test/kotlin/no/nav/su/se/bakover/web/AuthenticationTest.kt

@@ -1,14 +1,7 @@
 package no.nav.su.se.bakover.web
 
-import ch.qos.logback.classic.Logger
-import ch.qos.logback.classic.spi.ILoggingEvent
-import ch.qos.logback.core.read.ListAppender
-import io.kotest.matchers.shouldBe
-import io.kotest.matchers.string.shouldNotContain
 import io.ktor.http.HttpHeaders.Authorization
 import io.ktor.http.HttpMethod.Companion.Get
-import io.ktor.http.HttpStatusCode.Companion.Forbidden
-import io.ktor.http.HttpStatusCode.Companion.Found
 import io.ktor.http.HttpStatusCode.Companion.OK
 import io.ktor.http.HttpStatusCode.Companion.Unauthorized
 import io.ktor.server.testing.handleRequest
@@ -47,15 +40,15 @@ internal class AuthenticationTest {
     }
 
     @Test
-    fun `forespørsel uten påkrevet audience skal svare med 403`() {
+    fun `forespørsel uten påkrevet audience skal svare med 401`() {
         withTestApplication({
             testSusebakover()
         }) {
             handleRequest(Get, secureEndpoint) {
                 addHeader(Authorization, jwtStub.createJwtToken(audience = "wrong_audience").asBearerToken())
             }
         }.apply {
-            assertEquals(Forbidden, response.status())
+            assertEquals(Unauthorized, response.status())
         }
     }
 
@@ -86,55 +79,15 @@ internal class AuthenticationTest {
     }
 
     @Test
-    fun `skal ikke logge access eller refresh token ved redirect til frontend`() {
-        val appender = ListAppender<ILoggingEvent>().apply { start() }
-        lateinit var applog: Logger
-        withTestApplication({
-            testSusebakover()
-            applog = environment.log as Logger
-        }) {
-            applog.apply { addAppender(appender) }
-            defaultRequest(
-                Get,
-                "/callback?code=code&state=state&session_state=session_state",
-                listOf(Brukerrolle.Veileder)
-            ) {
-            }
-        }.apply {
-            appender.list.forEach {
-                it.message shouldNotContain "302 Found"
-                it.message shouldNotContain "callback"
-            }
-            response.status() shouldBe Found
-            response.headers["Location"] shouldBe "frontendBaseUrl/auth/complete#access#refresh"
-        }
-    }
-
-    @Test
-    fun `kan refreshe tokens`() {
-        withTestApplication({
-            testSusebakover()
-        }) {
-            defaultRequest(Get, "auth/refresh", listOf(Brukerrolle.Veileder)) {
-                addHeader("refresh_token", "my.refresh.token")
-            }
-        }.apply {
-            response.headers.contains("access_token") shouldBe true
-            response.headers.contains("refresh_token") shouldBe true
-            response.status() shouldBe OK
-        }
-    }
-
-    @Test
-    fun `forespørsel med feil issuer skal svare med 403`() {
+    fun `forespørsel med feil issuer skal svare med 401`() {
         withTestApplication({
             testSusebakover()
         }) {
             handleRequest(Get, secureEndpoint) {
                 addHeader(Authorization, jwtStub.createJwtToken(issuer = "wrong_issuer").asBearerToken())
             }
         }.apply {
-            assertEquals(Forbidden, response.status())
+            assertEquals(Unauthorized, response.status())
         }
     }
 }

web/src/test/kotlin/no/nav/su/se/bakover/web/TestEnvironment.kt

@@ -31,7 +31,7 @@ internal val fixedClock: Clock = Clock.fixed(1.januar(2021).startOfDay().instant
 internal val behandlingFactory = BehandlingFactory(mock(), fixedClock)
 
 val applicationConfig = ApplicationConfig(
-    isRunningLocally = false,
+    runtimeEnvironment = ApplicationConfig.RuntimeEnvironment.Test,
     leaderPodLookupPath = "leaderPodLookupPath",
     pdfgenLocal = false,
     corsAllowOrigin = "corsAllowOrigin",