PUB-2365 - Removed B2C Admin Functionality

.github/workflows/close-pr.yml

@@ -28,9 +28,7 @@ jobs:
 
             - run: |
                   mediaSignInUrl="https://pip-frontend-pr-${PR_NUMBER}.dev.platform.hmcts.net/login/return"
-                  adminSignInUrl="https://pip-frontend-pr-${PR_NUMBER}.dev.platform.hmcts.net/login/admin/return"
-                  adminPasswordResetUrl="https://pip-frontend-pr-${PR_NUMBER}.dev.platform.hmcts.net/password-change-confirmation/true"
-                  mediaPasswordResetUrl="https://pip-frontend-pr-${PR_NUMBER}.dev.platform.hmcts.net/password-change-confirmation/false"
+                  mediaPasswordResetUrl="https://pip-frontend-pr-${PR_NUMBER}.dev.platform.hmcts.net/password-change-confirmation"
                   targetAppName="pip-frontend-stg"
 
                   azureClientId="${B2C_CLIENT_ID}"
@@ -48,11 +46,11 @@ jobs:
 
                   echo "Found Reply URLs"
                   echo $replyUrls
-                  if [[ "${replyUrls}" =~ "${mediaSignInUrl}" || "${replyUrls}" =~ "${adminSignInUrl}" || "${replyUrls}" =~ "${adminPasswordResetUrl}" || "${replyUrls}" =~ "${mediaPasswordResetUrl}" ]]; then
-                      echo "Reply URLs contains $mediaSignInUrl, $adminSignInUrl, $adminPasswordResetUrl or $mediaPasswordResetUrl"
+                  if [[ "${replyUrls}" =~ "${mediaSignInUrl}" || "${replyUrls}" =~ "${mediaPasswordResetUrl}" ]]; then
+                      echo "Reply URLs contains $mediaSignInUrl or $mediaPasswordResetUrl"
                       readarray -t my_array < <(echo "$replyUrls" | jq -c '.[]')
                       for item in "${my_array[@]}"; do
-                          if [[ $item != "\"$mediaSignInUrl\"" && $item != "\"$adminSignInUrl\"" && $item != "\"$adminPasswordResetUrl\"" && $item != "\"$mediaPasswordResetUrl\"" ]]; then
+                          if [[ $item != "\"$mediaSignInUrl\"" && $item != "\"$mediaPasswordResetUrl\"" ]]; then
                               if [[ "$replayUrlsStr" != "" ]]; then
                                   replayUrlsStr="$replayUrlsStr,"
                               fi
@@ -70,7 +68,7 @@ jobs:
 
                       az rest --method PATCH --header "Content-Type=application/json" --uri $restUrl --body "{\"web\":{\"redirectUris\":[$replayUrlsStr]}}" #--debug
                   else
-                      echo "Reply URLs DOES NOT contains $mediaSignInUrl, $adminSignInUrl, $adminPasswordResetUrl and $mediaPasswordResetUrl"
+                      echo "Reply URLs DOES NOT contains $mediaSignInUrl and $mediaPasswordResetUrl"
                   fi
 
               env:

.github/workflows/on-pr.yml

@@ -30,9 +30,7 @@ jobs:
 
             - run: |
                   mediaSignInUrl="https://pip-frontend-pr-${PR_NUMBER}.dev.platform.hmcts.net/login/return"
-                  adminSignInUrl="https://pip-frontend-pr-${PR_NUMBER}.dev.platform.hmcts.net/login/admin/return"
-                  adminPasswordResetUrl="https://pip-frontend-pr-${PR_NUMBER}.dev.platform.hmcts.net/password-change-confirmation/true"
-                  mediaPasswordResetUrl="https://pip-frontend-pr-${PR_NUMBER}.dev.platform.hmcts.net/password-change-confirmation/false"
+                  mediaPasswordResetUrl="https://pip-frontend-pr-${PR_NUMBER}.dev.platform.hmcts.net/password-change-confirmation"
                   targetAppName="pip-frontend-stg"
 
                   azureClientId="${B2C_CLIENT_ID}"
@@ -53,8 +51,8 @@ jobs:
                   echo "Found Reply URLs"
                   echo $replyUrls
 
-                  if [[ "${replyUrls}" =~ "${mediaSignInUrl}" && "${replyUrls}" =~ "${adminSignInUrl}" && "${replyUrls}" =~ "${adminPasswordResetUrl}" && "${replyUrls}" =~ "${mediaPasswordResetUrl}" ]]; then
-                    echo "Reply URLs contain $mediaSignInUrl, $adminSignInUrl, adminPasswordResetUrl and mediaPasswordResetUrl"
+                  if [[ "${replyUrls}" =~ "${mediaSignInUrl}" && "${replyUrls}" =~ "${mediaPasswordResetUrl}" ]]; then
+                    echo "Reply URLs contain $mediaSignInUrl and mediaPasswordResetUrl"
                   elif [ -z $replyUrls ]; then
                     echo "No Reply URLs Found. ISSUE!!"
                   else
@@ -68,20 +66,6 @@ jobs:
                       replyUrlString+="\"$mediaSignInUrl\""
                     fi
 
-                    if [[ ! "${replyUrls}" =~ "${adminSignInUrl}" ]]; then
-                      if [[ ! ${replyUrlString: -1} == "," ]]; then
-                        replyUrlString+=","
-                      fi
-                      replyUrlString+="\"$adminSignInUrl\""
-                    fi
-
-                    if [[ ! "${replyUrls}" =~ "${adminPasswordResetUrl}" ]]; then
-                      if [[ ! ${replyUrlString: -1} == "," ]]; then
-                        replyUrlString+=","
-                      fi
-                      replyUrlString+="\"$adminPasswordResetUrl\""
-                    fi
-
                     if [[ ! "${replyUrls}" =~ "${mediaPasswordResetUrl}" ]]; then
                       if [[ ! ${replyUrlString: -1} == "," ]]; then
                         replyUrlString+=","

Jenkinsfile_CNP

@@ -17,19 +17,13 @@ def setupTestSecrets() {
         secrets: [
             secret('b2c-test-account', 'B2C_USERNAME'),
             secret('b2c-test-account-pwd', 'B2C_PASSWORD'),
-            secret('b2c-test-admin-account', 'B2C_ADMIN_USERNAME'),
-            secret('b2c-test-admin-account-pwd', 'B2C_ADMIN_PASSWORD'),
             secret('cft-valid-test-account', 'CFT_VALID_USERNAME'),
             secret('cft-valid-test-account-password', 'CFT_VALID_PASSWORD'),
             secret('cft-invalid-test-account', 'CFT_INVALID_USERNAME'),
             secret('cft-invalid-test-account-password', 'CFT_INVALID_PASSWORD'),
-            secret('b2c-test-system-admin-account', 'B2C_SYSTEM_ADMIN_USERNAME'),
-            secret('b2c-test-system-admin-account-pwd', 'B2C_SYSTEM_ADMIN_PASSWORD'),
             secret('app-pip-data-management-scope', 'DATA_MANAGEMENT_AZ_API'),
             secret('app-pip-account-management-scope', 'ACCOUNT_MANAGEMENT_AZ_API'),
-            secret('b2c-test-system-admin-account-provenance-id', 'SYSTEM_ADMIN_PROVENANCE_ID'),
             secret('test-user-id', 'VERIFIED_USER_ID'),
-            secret('test-system-admin-id', 'SYSTEM_ADMIN_USER_ID'),
             secret('app-tenant', 'TENANT_ID'),
             secret('app-pip-frontend-id', 'CLIENT_ID_INTERNAL'),
             secret('app-pip-frontend-pwd', 'CLIENT_SECRET_INTERNAL'),
@@ -48,19 +42,13 @@ def setupTestSecrets() {
         ]) {
         env.B2C_USERNAME = "${B2C_USERNAME}"
         env.B2C_PASSWORD = "${B2C_PASSWORD}"
-        env.B2C_ADMIN_USERNAME = "${B2C_ADMIN_USERNAME}"
-        env.B2C_ADMIN_PASSWORD = "${B2C_ADMIN_PASSWORD}"
         env.CFT_VALID_USERNAME = "${CFT_VALID_USERNAME}"
         env.CFT_VALID_PASSWORD = "${CFT_VALID_PASSWORD}"
         env.CFT_INVALID_USERNAME = "${CFT_INVALID_USERNAME}"
         env.CFT_INVALID_PASSWORD = "${CFT_INVALID_PASSWORD}"
-        env.B2C_SYSTEM_ADMIN_USERNAME = "${B2C_SYSTEM_ADMIN_USERNAME}"
-        env.B2C_SYSTEM_ADMIN_PASSWORD = "${B2C_SYSTEM_ADMIN_PASSWORD}"
         env.DATA_MANAGEMENT_AZ_API = "${DATA_MANAGEMENT_AZ_API}"
         env.ACCOUNT_MANAGEMENT_AZ_API = "${ACCOUNT_MANAGEMENT_AZ_API}"
-        env.SYSTEM_ADMIN_PROVENANCE_ID = "${SYSTEM_ADMIN_PROVENANCE_ID}"
         env.VERIFIED_USER_ID = "${VERIFIED_USER_ID}"
-        env.SYSTEM_ADMIN_USER_ID = "${SYSTEM_ADMIN_USER_ID}"
         env.TENANT_ID = "${TENANT_ID}"
         env.CLIENT_ID_INTERNAL = "${CLIENT_ID_INTERNAL}"
         env.CLIENT_SECRET_INTERNAL = "${CLIENT_SECRET_INTERNAL}"

Jenkinsfile_nightly

@@ -20,19 +20,13 @@ def setupTestSecrets() {
         secrets: [
             secret('b2c-test-account', 'B2C_USERNAME'),
             secret('b2c-test-account-pwd', 'B2C_PASSWORD'),
-            secret('b2c-test-admin-account', 'B2C_ADMIN_USERNAME'),
-            secret('b2c-test-admin-account-pwd', 'B2C_ADMIN_PASSWORD'),
             secret('cft-valid-test-account', 'CFT_VALID_USERNAME'),
             secret('cft-valid-test-account-password', 'CFT_VALID_PASSWORD'),
             secret('cft-invalid-test-account', 'CFT_INVALID_USERNAME'),
             secret('cft-invalid-test-account-password', 'CFT_INVALID_PASSWORD'),
-            secret('b2c-test-system-admin-account', 'B2C_SYSTEM_ADMIN_USERNAME'),
-            secret('b2c-test-system-admin-account-pwd', 'B2C_SYSTEM_ADMIN_PASSWORD'),
             secret('app-pip-data-management-scope', 'DATA_MANAGEMENT_AZ_API'),
             secret('app-pip-account-management-scope', 'ACCOUNT_MANAGEMENT_AZ_API'),
-            secret('b2c-test-system-admin-account-provenance-id', 'SYSTEM_ADMIN_PROVENANCE_ID'),
             secret('test-user-id', 'VERIFIED_USER_ID'),
-            secret('test-system-admin-id', 'SYSTEM_ADMIN_USER_ID'),
             secret('app-tenant', 'TENANT_ID'),
             secret('app-pip-frontend-id', 'CLIENT_ID_INTERNAL'),
             secret('app-pip-frontend-pwd', 'CLIENT_SECRET_INTERNAL'),
@@ -51,19 +45,13 @@ def setupTestSecrets() {
         ]) {
         env.B2C_USERNAME = "${B2C_USERNAME}"
         env.B2C_PASSWORD = "${B2C_PASSWORD}"
-        env.B2C_ADMIN_USERNAME = "${B2C_ADMIN_USERNAME}"
-        env.B2C_ADMIN_PASSWORD = "${B2C_ADMIN_PASSWORD}"
         env.CFT_VALID_USERNAME = "${CFT_VALID_USERNAME}"
         env.CFT_VALID_PASSWORD = "${CFT_VALID_PASSWORD}"
         env.CFT_INVALID_USERNAME = "${CFT_INVALID_USERNAME}"
         env.CFT_INVALID_PASSWORD = "${CFT_INVALID_PASSWORD}"
-        env.B2C_SYSTEM_ADMIN_USERNAME = "${B2C_SYSTEM_ADMIN_USERNAME}"
-        env.B2C_SYSTEM_ADMIN_PASSWORD = "${B2C_SYSTEM_ADMIN_PASSWORD}"
         env.DATA_MANAGEMENT_AZ_API = "${DATA_MANAGEMENT_AZ_API}"
         env.ACCOUNT_MANAGEMENT_AZ_API = "${ACCOUNT_MANAGEMENT_AZ_API}"
-        env.SYSTEM_ADMIN_PROVENANCE_ID = "${SYSTEM_ADMIN_PROVENANCE_ID}"
         env.VERIFIED_USER_ID = "${VERIFIED_USER_ID}"
-        env.SYSTEM_ADMIN_USER_ID = "${SYSTEM_ADMIN_USER_ID}"
         env.TENANT_ID = "${TENANT_ID}"
         env.CLIENT_ID_INTERNAL = "${CLIENT_ID_INTERNAL}"
         env.CLIENT_SECRET_INTERNAL = "${CLIENT_SECRET_INTERNAL}"

README.md

@@ -131,11 +131,8 @@ Python scripts to quickly grab all environment variables (subject to Azure permi
 | ACCOUNT_MANAGEMENT_URL             | URL used for connecting to the pip-account-management service. Defaults to staging if not provided.                                                                                     | No        |
 | DATA_MANAGEMENT_URL                | URL used for connecting to the pip-data-management service. Defaults to staging if not provided.                                                                                        | No        |
 | AUTH_RETURN_URL                    | URL used to redirect user to the service after authentication with Azure B2C. Defaults to staging if not provided.                                                                      | No        |
-| ADMIN_AUTH_RETURN_URL              | Same as above, but for admin sign in.                                                                                                                                                   | No        |
 | MEDIA_VERIFICATION_RETURN_URL      | Same as above, but for after a media user verifies their account using the OTP process                                                                                                  | No        |
-| B2C_ADMIN_URL                      | URL used for routing to Azure from the service (for admin journey).                                                                                                                     | No        |
 | B2C_URL                            | Same as above but for media journey.                                                                                                                                                    | No        |
-| CONFIG_ADMIN_ENDPOINT              | URL that provides metadata about the B2C tenant's OpenID Connect configuration, such as the issuer URL, token signing keys, and supported scopes. This is for the admin journey.        | No        |
 | CONFIG_ENDPOINT                    | Same as above but for media journey.                                                                                                                                                    | No        |
 | MEDIA_VERIFICATION_CONFIG_ENDPOINT | Same as above but for verification of media accounts.                                                                                                                                   | No        |
 | SSO_CONFIG_ENDPOINT                | Same as above but for SSO sign-in.                                                                                                                                                      | No        |
@@ -158,22 +155,16 @@ Secrets required for getting tests to run correctly can be found in the below ta
 | Variable                   | Description                                                                                                                                                 |
 |----------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | B2C_USERNAME               | User's username for B2C authentication                                                                                                                      |
-| B2C_PASSWORD               | User's password for B2C authentication                                                                                                                      |
-| B2C_ADMIN_USERNAME         | B2C administrator's username                                                                                                                                |
-| B2C_ADMIN_PASSWORD         | B2C administrator's password                                                                                                                                |
+| B2C_PASSWORD               | User's password for B2C authentication                                                                                                                      | |
 | CFT_INVALID_USERNAME       | Invalid username for CFT authentication                                                                                                                     |
 | CFT_VALID_USERNAME         | Valid username for CFT authentication                                                                                                                       |
 | CFT_VALID_PASSWORD         | Valid password for CFT authentication                                                                                                                       |
-| CFT_INVALID_PASSWORD       | Invalid password for CFT authentication                                                                                                                     |
-| B2C_SYSTEM_ADMIN_USERNAME  | B2C system administrator's username                                                                                                                         |
-| B2C_SYSTEM_ADMIN_PASSWORD  | B2C system administrator's password                                                                                                                         |
+| CFT_INVALID_PASSWORD       | Invalid password for CFT authentication                                                                                                                     | |
 | TEST_URL                   | The URL of the frontend service that the tests will run against                                                                                             |
 | TEST_HEADLESS              | Whether the E2E tests should run in headless mode. Default is true                                                                                          |
 | TEST_A11Y_HEADLESS         | Whether the accessibility tests should run in headless mode. Default is true. Used for test debugging.                                                      |
 | DATA_MANAGEMENT_URL        | URL for data-management that the codecept tests use when creating test data                                                                                 |
 | ACCOUNT_MANAGEMENT_URL     | URL for account-management that the codecept tests use when creating test data                                                                              |
-| SYSTEM_ADMIN_PROVENANCE_ID | Test system admin provenance ID, used during E2E tests                                                                                                      |
-| SYSTEM_ADMIN_USER_ID       | Test system admin user ID, used during E2E tests                                                                                                            |
 | VERIFIED_USER_ID           | Test verified ID, used during E2E tests                                                                                                                     |
 | CLIENT_ID_INTERNAL         | Unique ID for the application within Azure AD. Used to identify the application during service to service authentication.                                   |
 | CLIENT_SECRET_INTERNAL     | Secret key for authentication requests during service to service communication.                                                                             |
@@ -243,6 +234,7 @@ We use a few automated tools to ensure quality and security within the service.
 ## Test Suite
 
 This microservice is comprehensively tested using unit, accessibility (a11y), routes and functional tests.
+
 You can run the entire set of tests (except e2e/functional tests) using `yarn cichecks`.
 
 ### Unit tests

charts/pip-frontend/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: '1.0'
 description: A Helm chart for pip-frontend App
 name: pip-frontend
 home: https://github.com/hmcts/pip-frontend
-version: 0.0.68
+version: 0.0.69
 maintainers:
     - name: HMCTS PIP Team
 dependencies:

charts/pip-frontend/values.dev.template.yaml

@@ -10,7 +10,6 @@ nodejs:
     environment:
         AUTH_RETURN_URL: https://${SERVICE_FQDN}/login/return
         MEDIA_VERIFICATION_RETURN_URL: https://${SERVICE_FQDN}/media-verification/return
-        ADMIN_AUTH_RETURN_URL: https://${SERVICE_FQDN}/login/admin/return
         FRONTEND_URL: https://${SERVICE_FQDN}
         EXCLUDE_E2E: true
         CFT_IDAM_URL: https://idam-web-public.aat.platform.hmcts.net
@@ -28,8 +27,6 @@ nodejs:
                     alias: CLIENT_SECRET
                 -   name: b2c-config-endpoint
                     alias: CONFIG_ENDPOINT
-                -   name: b2c-config-admin-endpoint
-                    alias: CONFIG_ADMIN_ENDPOINT
                 -   name: b2c-tenant-id
                     alias: TENANT_GUID
                 -   name: shared-storageaccount-connection-string

charts/pip-frontend/values.stg.template.yaml

@@ -9,7 +9,6 @@ nodejs:
         EXCLUDE_E2E: false
         AUTH_RETURN_URL: https://${SERVICE_FQDN}/login/return
         MEDIA_VERIFICATION_RETURN_URL: https://${SERVICE_FQDN}/media-verification/return
-        ADMIN_AUTH_RETURN_URL: https://${SERVICE_FQDN}/login/admin/return
         FRONTEND_URL: https://${SERVICE_FQDN}
         SESSION_COOKIE_SAME_SITE: ''
         CRIME_IDAM_URL: https://login.prp.cjscp.org.uk

charts/pip-frontend/values.yaml

@@ -7,7 +7,6 @@ nodejs:
     environment:
         AUTH_RETURN_URL: https://127.0.0.1/login/return
         MEDIA_VERIFICATION_RETURN_URL: https://127.0.0.1/media-verification/return
-        ADMIN_AUTH_RETURN_URL: https://127.0.0.1/login/admin/return
         SESSION_COOKIE_SAME_SITE: 'lax'
     memoryLimits: 2048Mi
     memoryRequests: 1024Mi
@@ -24,8 +23,6 @@ nodejs:
                   alias: CLIENT_SECRET
                 - name: b2c-config-endpoint
                   alias: CONFIG_ENDPOINT
-                - name: b2c-config-admin-endpoint
-                  alias: CONFIG_ADMIN_ENDPOINT
                 - name: b2c-tenant-id
                   alias: TENANT_GUID
                 - name: shared-storageaccount-connection-string