Frontend/231/submit-form #383
Conversation
…nto 231-submit-form
…le, update mockstore in routes.test with requestAccess module, add requestAccess reducer and action
| @@ -0,0 +1,38 @@ | |||
| import { | |||
There was a problem hiding this comment.
This is the reducer for requestAccess which will set loading and requestAccess.
| @@ -1,15 +1,15 @@ | |||
| import reducer from './stts' | |||
| import reducer from './sttList' | |||
There was a problem hiding this comment.
Just updating the name from stt to sttList
| @@ -48,17 +54,29 @@ class Meta: | |||
| extra_kwargs = {"password": {"write_only": True}} | |||
|
|
|||
|
|
|||
| class SetUserProfileSerializer(serializers.ModelSerializer): | |||
| class UserProfileSerializer(serializers.ModelSerializer): | |||
| """Serializer used for setting a user's profile.""" | |||
There was a problem hiding this comment.
Using a more general name for this, because it is now used for both authorization-check and set-profile
| class Meta: | ||
| """Metadata.""" | ||
|
|
||
| model = User | ||
| fields = ["first_name", "last_name"] | ||
| fields = ["first_name", "last_name", "stt", "email"] |
There was a problem hiding this comment.
In order to add STT to auth-check, and email to set-profile, so they'd have the same payload.
| describe('actions/requestAccess.js', () => { | ||
| const mockStore = configureStore([thunk]) | ||
|
|
||
| it('sends a PATCH request when requestAccess is called', async () => { |
There was a problem hiding this comment.
Update the frontend to reflect the different REST method for the set_profile end point
|
|
||
|
|
||
| ---- | ||
| **Request**: | ||
|
|
||
| `Post` `v1/set_profile/` | ||
| `PATCH` `v1/set_profile/` |
There was a problem hiding this comment.
Using a patch instead of a post, required changes on both ends of the stack.
| if (requestAccessError) { | ||
| dispatch( | ||
| setAlert({ heading: requestAccessError.message, type: ALERT_ERROR }) | ||
| ) | ||
| } | ||
| dispatch(fetchSttList()) |
There was a problem hiding this comment.
Realized that the user would not know if the request itself failed so adding in that logic and added the corresponding test below.
hack
Fix header typo
tdrs-frontend/src/actions/sttList.js
Outdated
| @@ -38,6 +38,12 @@ export const fetchStts = () => async (dispatch) => { | |||
| }) | |||
|
|
|||
| if (data) { | |||
| data.forEach((item, i) => { | |||
| if (item.id === 57) { | |||
There was a problem hiding this comment.
@hilvitzs Are we sure this ID will remain constant in all environments?
|
I have no idea
…On Nov 9, 2020, 1:04 PM -0800, Carl Smith ***@***.***>, wrote:
@carltonsmith commented on this pull request.
I just had one question. After that this is ready to go.
In tdrs-frontend/src/actions/sttList.js:
> @@ -38,6 +38,12 @@ export const fetchStts = () => async (dispatch) => {
})
if (data) {
+ data.forEach((item, i) => {
+ if (item.id === 57) {
@hilvitzs Are we sure this ID will remain constant in all environments?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
| withCredentials: true, | ||
| }) | ||
|
|
||
| instance.defaults.headers['X-CSRFToken'] = csrf |
There was a problem hiding this comment.
Due to an issue in production that was not present in our development environments, the csrf token was not available in the cookies like we were expecting them to be. We decided to deal with this by passing csrf with the auth request, since we expected it to be exposed to the client via a cookie any way, we believe this solution to be as secure as using a cookie.
tdrs-frontend/src/actions/auth.js
Outdated
| if (user) { | ||
| dispatch({ type: SET_AUTH, payload: { user } }) | ||
| } else { | ||
| dispatch({ type: CLEAR_AUTH }) | ||
| } | ||
| // cookieJar.getCookies(URL, (err, cookies) => { |
There was a problem hiding this comment.
Should remove this commented code, we thought we could access the cookies via another route to fix the csrf issue, this turned out to not be true.
| try { | ||
| const URL = `${process.env.REACT_APP_BACKEND_URL}/users/set_profile/` | ||
| const user = { first_name: firstName, last_name: lastName, stt: { id } } | ||
| const { data } = await (await utils.axiosInstance).patch(URL, user, { |
There was a problem hiding this comment.
We are using a custom axios client for these authenticated patch requests, we set the csrf token as a default value here, but not for the global axios client.
| axios.defaults.xsrfCookieName = 'csrftoken' | ||
| axios.defaults.xsrfHeaderName = 'X-CSRFToken' | ||
| axios.defaults.withCredentials = true |
There was a problem hiding this comment.
I'm not sure we need these lines any more, now that we are getting csrf from auth_check
| get axiosInstance() { | ||
| if (memo) return memo | ||
| memo = axios.create({ | ||
| withCredentials: true, |
There was a problem hiding this comment.
We had some difficulty testing this, it could possibly be refactored, but we are delaying that to a future ticket since this works. We think it is possible the csrf issue is a configuration issue on the frontend ticket. The goal of adding this was to unblock the project while we pursued this
|
Closing and re-opening to re-run Snyk |
This pull request changes...
This PR allows the user to submit their profile information in order to be assigned a role by an admin user.
This adds a
requestAccessaction and reducer in order to store the information from the user endpoint.requestAccessaction will trigger theSET_AUTHaction to set user informationIt also adds associated tests for the action and reducers.
This changes the fetchStts action and reducer names to fetchSttLists.
This PR also ensures that the Federal Government is always the first option in the STT combo box.
This also adds the word
requiredto the labels for all form elements in Edit Profile based on the feedback from Robert's accessibility review.Adds a fix for space bar not triggering
skip linksanchorUpdates
App.test.js[AC] This pull request is ready to merge when...
[DoD] This feature is done when...