From 6063e54d847c7997593a79c067497d1c98b356dd Mon Sep 17 00:00:00 2001 From: Jon Shipley Date: Thu, 3 Oct 2024 10:36:47 +0100 Subject: [PATCH] Bug/65538 show system unavailable page for teachers (#2925) * Remove short circuit that was teacher only from auth module * Move `isAdminWindowAvailable` to first middleware position * asset version bump * Revert "Remove short circuit that was teacher only from auth module" This reverts commit 805d9b931bdb154e6ed98264b79e05eef3873ed4. * Bugfix - system unavailable error for teachers * Lint update --- admin/app.js | 2 +- admin/authentication/dfe-signin-strategy.js | 9 +++++++++ admin/routes/access-arrangements.js | 16 +++++++-------- admin/routes/check-window.js | 2 +- admin/routes/group.js | 12 +++++------ admin/routes/hdf.js | 22 ++++++++++----------- admin/routes/pupil-pin.js | 10 +++++----- admin/routes/pupil-register.js | 8 ++++++++ admin/routes/pupil-status.js | 2 ++ admin/routes/pupils-not-taking-the-check.js | 14 ++++++------- admin/routes/restart.js | 12 +++++------ admin/routes/results.js | 3 +++ admin/routes/school.js | 2 +- 13 files changed, 68 insertions(+), 46 deletions(-) diff --git a/admin/app.js b/admin/app.js index c12554cd9c..d316b25cc5 100644 --- a/admin/app.js +++ b/admin/app.js @@ -394,7 +394,7 @@ app.use(function (err, req, res, next) { if (err.code === 'EBADCSRFTOKEN') return res.redirect('back') // catch system unavailable errors and redirect to the relevant page - if (err.code === 'SYSTEM_UNAVAILABLE') { + if (err.name === 'SystemUnavailableError' || err.code === 'SYSTEM_UNAVAILABLE') { res.locals.pageTitle = 'The service is currently closed' return res.render('availability/admin-window-unavailable', {}) } diff --git a/admin/authentication/dfe-signin-strategy.js b/admin/authentication/dfe-signin-strategy.js index cf8c88d265..2b9ccd6baf 100644 --- a/admin/authentication/dfe-signin-strategy.js +++ b/admin/authentication/dfe-signin-strategy.js @@ -9,6 +9,7 @@ const passport = require('passport') const authModes = require('../lib/consts/auth-modes') const { DfeSignInError } = require('../error-types/dfe-signin-error') const { DsiSchoolNotFoundError } = require('../error-types/DsiSchoolNotFoundError') +const { SystemUnavailableError } = require('../error-types/system-unavailable-error') /** * Asynchronous setup of DfE signin with retry strategy for issuer discovery * @returns {Promise} configured Passport Strategy @@ -54,6 +55,14 @@ const initSignOnAsync = async () => { if (error instanceof DsiSchoolNotFoundError) { userMessage = error.message } + // The SystemUnavailableError is generated from `initialiseUser` when the role is TEACHER and + // the system is not available (as defined in the SM Settings page). This is not a sign-on error + // so we don't wrap it up as a DfeSIgnInError. Instead, let app.js handle it and render the correct error + // page. + if (error instanceof SystemUnavailableError) { + done(SystemUnavailableError) + return + } const dfeSignInError = new DfeSignInError(systemErrorMessage, userMessage, error) done(dfeSignInError) } diff --git a/admin/routes/access-arrangements.js b/admin/routes/access-arrangements.js index 1cac1f0cc0..95ffbf2143 100644 --- a/admin/routes/access-arrangements.js +++ b/admin/routes/access-arrangements.js @@ -13,50 +13,50 @@ if (featureToggles.isFeatureEnabled('accessArrangements')) { /* Access arrangements routing */ router.get( '/overview', - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), accessArrangementsController.getOverview ) router.get( '/select-access-arrangements', - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), accessArrangementsController.getSelectAccessArrangements ) router.get( '/select-access-arrangements/:pupilUrlSlug', - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), accessArrangementsController.getEditAccessArrangements ) router.post( '/submit', - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), accessArrangementsController.postSubmitAccessArrangements ) router.get( '/delete-access-arrangements/:pupilUrlSlug', - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), accessArrangementsController.getDeleteAccessArrangements ) router.get( '/retro-add-input-assistant', - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), (req, res, next) => retroInputAssistantController.getAddRetroInputAssistant(req, res, next) ) router.post( '/retro-add-input-assistant-submit', - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), (req, res, next) => retroInputAssistantController.postSubmitRetroInputAssistant(req, res, next) ) router.get( '/delete-retro-input-assistant/:pupilUrlSlug', - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), (req, res, next) => retroInputAssistantController.getDeleteRetroInputAssistant(req, res, next) ) } diff --git a/admin/routes/check-window.js b/admin/routes/check-window.js index 20825743fc..26670df8be 100644 --- a/admin/routes/check-window.js +++ b/admin/routes/check-window.js @@ -8,7 +8,7 @@ const checkWindowController = require('../controllers/check-window') const featureToggles = require('feature-toggles') if (featureToggles.isFeatureEnabled('newCheckWindow')) { - /* Check Window routing */ + /* Check Window routing - SM feature */ router.get('/manage-check-windows', isAuthenticated(roles.serviceManager), checkWindowController.getManageCheckWindows diff --git a/admin/routes/group.js b/admin/routes/group.js index f03c20e64b..f72c9459b6 100644 --- a/admin/routes/group.js +++ b/admin/routes/group.js @@ -8,38 +8,38 @@ const group = require('../controllers/group') router.get( '/pupils-list', - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), group.groupPupilsPage ) router.get( '/pupils-list/add', - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), group.manageGroupPage ) router.get( '/pupils-list/edit/:groupId', - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), group.manageGroupPage ) router.post( '/pupils-list/add', - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), group.addGroup ) router.post( '/pupils-list/edit', - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), group.editGroup ) router.get( '/pupils-list/delete/:groupId', - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), group.removeGroup ) diff --git a/admin/routes/hdf.js b/admin/routes/hdf.js index 02b381da46..e6f23ce2d8 100644 --- a/admin/routes/hdf.js +++ b/admin/routes/hdf.js @@ -8,69 +8,69 @@ const hdfController = require('../controllers/hdf') router.get( ['/', '/results'], - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), hdfController.getResults ) router.get( '/download-results', - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), hdfController.downloadResults ) router.get( '/declaration-form', - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), hdfController.getDeclarationForm ) router.post( '/submit-declaration-form', - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), hdfController.postDeclarationForm ) router.get( '/review-pupil-details', - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), hdfController.getReviewPupilDetails ) router.get( '/edit-reason/:urlSlug', - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), hdfController.getEditReason ) router.post( '/submit-edit-reason', - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), hdfController.postSubmitEditReason ) router.get( '/confirm-and-submit', - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), hdfController.getConfirmSubmit ) router.post( '/confirm-and-submit', - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), hdfController.postConfirmSubmit ) router.get( '/submitted', - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), hdfController.getHDFSubmitted ) router.get( '/submitted-form', - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), hdfController.getHDFSubmittedForm ) diff --git a/admin/routes/pupil-pin.js b/admin/routes/pupil-pin.js index 1e262f0e4b..33500383b1 100644 --- a/admin/routes/pupil-pin.js +++ b/admin/routes/pupil-pin.js @@ -14,33 +14,33 @@ const { router.get( '/select-official-or-try-it-out', - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), getSelectOfficialOrTryItOutPinGen ) router.get( '/generate-:pinEnv-pins-overview', - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), getGeneratePinsOverview ) router.get( '/generate-:pinEnv-pins-list/:groupIds?', - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), getGeneratePinsList ) router.post( '/generate-:pinEnv-pins', - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), postGeneratePins ) router.get( '/view-and-custom-print-:pinEnv-pins', - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), getViewAndCustomPrintPins ) diff --git a/admin/routes/pupil-register.js b/admin/routes/pupil-register.js index 9aff6d07bf..aa3fc50af6 100644 --- a/admin/routes/pupil-register.js +++ b/admin/routes/pupil-register.js @@ -16,48 +16,56 @@ router.get( ) router.get( '/pupil/add', + isAdminWindowAvailable, isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), ifNotRole(roles.staAdmin, isPostLiveOrLaterCheckPhase), pupilController.getAddPupil ) router.post( '/pupil/add', + isAdminWindowAvailable, isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), ifNotRole(roles.staAdmin, isPostLiveOrLaterCheckPhase), pupilController.postAddPupil ) router.get( '/pupil/add-batch-pupils', + isAdminWindowAvailable, isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isPostLiveOrLaterCheckPhase, pupilController.getAddMultiplePupils ) router.post( '/pupil/add-batch-pupils', + isAdminWindowAvailable, isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isPostLiveOrLaterCheckPhase, pupilController.postAddMultiplePupils ) router.get( '/pupil/download-error-csv', + isAdminWindowAvailable, isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isPostLiveOrLaterCheckPhase, pupilController.getErrorCSVFile ) router.get( '/pupil/edit/:id', + isAdminWindowAvailable, isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isPostLiveOrLaterCheckPhase, pupilController.getEditPupilById ) router.post( '/pupil/edit', + isAdminWindowAvailable, isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isPostLiveOrLaterCheckPhase, pupilController.postEditPupil ) router.get( '/history/:urlSlug', + isAdminWindowAvailable, isAuthenticated([roles.staAdmin, roles.helpdesk]), isAdminWindowAvailable, pupilController.getViewPupilHistory diff --git a/admin/routes/pupil-status.js b/admin/routes/pupil-status.js index dd0564bb39..a174bfecae 100644 --- a/admin/routes/pupil-status.js +++ b/admin/routes/pupil-status.js @@ -5,9 +5,11 @@ const router = express.Router() const isAuthenticated = require('../authentication/middleware') const roles = require('../lib/consts/roles') const pupilStatusController = require('../controllers/pupil-status') +const { isAdminWindowAvailable } = require('../availability/middleware') /* Pupil Status routing */ router.get('/', + isAdminWindowAvailable, isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), pupilStatusController.getViewPupilStatus ) diff --git a/admin/routes/pupils-not-taking-the-check.js b/admin/routes/pupils-not-taking-the-check.js index c570eee255..b10fa58c98 100644 --- a/admin/routes/pupils-not-taking-the-check.js +++ b/admin/routes/pupils-not-taking-the-check.js @@ -7,45 +7,45 @@ const pupilsNotTakingTheCheck = require('../controllers/pupils-not-taking-the-ch router.get( '/select-pupils/:groupIds?', - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), pupilsNotTakingTheCheck.getSelectPupilNotTakingCheck ) router.get( '/save-pupils', - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), pupilsNotTakingTheCheck.getSelectPupilNotTakingCheck ) router.post( '/save-pupils', - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), pupilsNotTakingTheCheck.savePupilNotTakingCheck ) router.get( '/remove/:pupilId', - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), refuseIfHdfSigned, (req, res, next) => pupilsNotTakingTheCheck.removePupilNotTakingCheck(req, res, next) ) router.get( '/view', - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), pupilsNotTakingTheCheck.viewPupilsNotTakingTheCheck ) router.get( ['/', '/pupils-list'], - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), pupilsNotTakingTheCheck.getPupilNotTakingCheck ) router.get( '/:removed', - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), pupilsNotTakingTheCheck.getPupilNotTakingCheck ) diff --git a/admin/routes/restart.js b/admin/routes/restart.js index fdd44a81b5..8ff43f4d74 100644 --- a/admin/routes/restart.js +++ b/admin/routes/restart.js @@ -7,40 +7,40 @@ const restartController = require('../controllers/restart') router.get( '/overview', - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), restartController.getRestartOverview ) router.get( '/select-restart-list', - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), restartController.getSelectRestartList ) router.post( '/submit-restart-list', - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), restartController.postSubmitRestartList ) router.post( '/delete', - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), restartController.postDeleteRestart ) router.post( '/allow-discretionary-restart', - isAuthenticated([roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.staAdmin]), restartController.postSubmitAllowDiscretionaryRestart ) router.post( '/remove-discretionary-restart', - isAuthenticated([roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.staAdmin]), restartController.postSubmitRevokeDiscretionaryRestart ) diff --git a/admin/routes/results.js b/admin/routes/results.js index c85105bdc9..bba8de2489 100644 --- a/admin/routes/results.js +++ b/admin/routes/results.js @@ -5,14 +5,17 @@ const router = express.Router() const isAuthenticated = require('../authentication/middleware') const roles = require('../lib/consts/roles') const resultsController = require('../controllers/results') +const { isAdminWindowAvailable } = require('../availability/middleware') /* Check Form v2 routing */ router.get('/view-results', + isAdminWindowAvailable, isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), resultsController.getViewResultsPage ) router.get('/ctf-download', + isAdminWindowAvailable, isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), resultsController.getCtfDownload ) diff --git a/admin/routes/school.js b/admin/routes/school.js index 8748692e0f..5928838f56 100644 --- a/admin/routes/school.js +++ b/admin/routes/school.js @@ -10,8 +10,8 @@ const schoolController = require('../controllers/school') router.get( ['/', '/school-home'], - isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), isAdminWindowAvailable, + isAuthenticated([roles.teacher, roles.helpdesk, roles.staAdmin]), schoolController.getSchoolLandingPage )