Skip to content

Latest commit

 

History

History
140 lines (94 loc) · 3.33 KB

README.md

File metadata and controls

140 lines (94 loc) · 3.33 KB

Petitions

This is the code base for the UK Government and Parliament's petitions service.

Setup

We recommend using Docker Desktop to get setup quickly. If you'd prefer not to use Docker then you'll need Ruby (3.2+), Node (20+) and PostgreSQL (16+) installed.

Create the databases

bin/run rake db:setup

Load the country list

bin/run rake epets:countries:load

Fetch the regions list

bin/run rails runner 'FetchRegionsJob.perform_now'

Fetch the constituencies list

bin/run rails runner 'FetchConstituenciesJob.perform_now'

Fetch the department list

bin/run rails runner 'FetchDepartmentsJob.perform_now'

Enable signature counting

bin/run rails runner 'Site.enable_signature_counts!(interval: 10)'

Start the services

docker compose up

Once the services have started you can access the front end, back end and any emails sent.

Tests

Before running any tests the database needs to be prepared:

bin/run rake db:test:prepare

You can run the full test suite using following command:

bin/run rake

Individual specs can be run using the following command:

bin/run rspec spec/models/parliament_spec.rb

Similarly, individual cucumber features can be run using the following command:

bin/run cucumber features/suzie_views_a_petition.feature

Moderation Portal SSO

The moderation portal is authenticated using the OmniAuth gem and implements a light wrapper around strategies so that multiple configurations of a strategy can be supported, e.g. two or more SAML identity providers.

The config/sso.yml has a configuration of the Developer strategy for local development which should not be used in production. The test configuration in the file shows how a typical SAML IdP would be configured.

There are four key attributes that need to be returned in the OmniAuth auth_info hash, these being first_name, last_name, email and groups. The email attribute acts as the uid for the user and the groups attribute controls what role they get assigned.

The configuration attributes are:

  • name

    This is a required attribute and must be unique. It also must be suitable for use in a url as it forms part of the callback url for OmniAuth.

  • strategy

    This is the OmniAuth strategy to use as the parent class for the identity provider.

  • domains

    The list of email domains to use with this identity provider, e.g.

    domains:
  - "example.com"

  • roles

    Controls the mapping of the groups attribute to the assigned role, e.g.

    roles:
  sysadmin:
    - "System Administrators"
  moderator:
    - "Petition Moderators"
  reviewer:
    - "Petition Reviewers"

    The default for any of the three roles is an empty set so if an identity provider is only being used for one of the roles then there's no need to configure the others.

  • config

    This is the configuration that is passed to the OmniAuth strategy and should be a hash of the documented options supported by the strategy.