commcare-hq icon indicating copy to clipboard operation
commcare-hq copied to clipboard

Published 20 hours ago verified publisher icon dimagi

Auth updates for formplayer to allow automated app execution

Open snopoke opened this issue 10 months ago • 0 comments

See also: https://github.com/dimagi/formplayer/pull/1575

Product Description

Allow Formplayer to submit forms using HMAC auth to allow automatic submissions of forms from FP (when a user isn't making the request).

Technical Summary

The primary change is to allow 'formplayer auth' for form submissions. When requests to FP are made from CommCare use use HMAC auth instead of logging in as a user and using session auth. When this was implemented we did not enable it for form submissions since they required a POST request and there wasn't a need to add that functionality to Formplayer (computing HMAC auth for POST requests).

Some upcoming changes to HQ will require the ability to submit forms from FP to HQ using HMAC auth.

As part of this change the form submission view is refactored (bff809f338cb9c588a7d8102eea337e239d71263) to remove the per auth fake views whose only function was to support the different auth decorators. The new approach is similar to what's done in get_auth_decorator_map. I decided not to use that function since there are other decorators that need to be added as well.

Safety Assurance

Safety story

Form submission refactor

This is probably the most risky part of the change however it can be inspected manually to confirm that the changes are equivalent to the previous fake views. The approach to dynamically applying decorators is also not new as mentioned above.

Form submission auth change

This permits and existing auth mechanism to be used for the form submission API. We already use this auth on the 'ota' views. Permitting it for form submissions does increase the scope that this auth has, specifically that this is the first WRITE api to be permitted. I think this is safe.

Changing the order in which auth type is determined

(fe3f2db9deb2840cefcde1366a83b258f6398bee) This is a small change which should not have any impact. The comment in the code indicates the reason for the change (if it runs before HMAC auth then HMAC auth fails).

Automated test coverage

No additional tests were added. These changes are relying on the existing test suite.

QA Plan

This can be run on staging along with corresponding FP changes (still to come).

Rollback instructions

  • [x] This PR can be reverted after deploy with no further considerations

Labels & Review

  • [x] Risk label is set correctly
  • [x] The set of people pinged as reviewers is appropriate for the level of risk of the change

snopoke avatar Apr 16 '24 14:04 snopoke