observers can only add new observees (via the UI) with pairing codes

fixes FOO-934 Why is an observer given a different "add observee" UI when SAML is the primary auth provider? Because of PFS-812 -- back in the day, there were no pairing codes. Instead, the way to add an observee was to enter their username and password into Canvas. This was problematic for a particular school that used SAML logins -- users didn't _have_ a Canvas un/pw. So we built a different flow that forwarded the observer to the configured SAML auth provider to login as the observee _there_ instead. Then came pairing codes, and later came https://gerrit.instructure.com/c/canvas-lms/+/157514 to remove the pairing code feature flag and make it the only way for an observer to add observees (in the UI -- the API remained and remains backwards compatible). Or at least that seemed to be the intention -- problem is it actually left the SAML flow behind too, and not only that, it broke it by changing the shape of the data that gets posted to Canvas (see the change to `addObservee` in UserObserveesView.coffee). This commit makes pairing codes the One True Way for an observer to add observees (again, in the UI), regardless of the account's auth configuration. Note that the SAML observer registration flow -- i.e. the half of PFS-812 that (as far as I know) hasn't been broken since the middle of 2018 -- is kept intact. test plan: - follow repro steps in ticket - when you get to the part where you're logged in as an observer and you're at Account > Settings > Observing, notice the input is for a pairing code, not a username - entering a valid pairing code in that box successfully adds the corresponding user to your observees list. Change-Id: I8c875b3824d76786c6d9a787de05c55dfb6dbc6d Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/253344 Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com> Reviewed-by: Simon Williams <simon@instructure.com> QA-Review: August Thornton <august@instructure.com> Product-Review: August Thornton <august@instructure.com>
2020-11-19 22:42:09 -08:00 · 2020-11-19 22:42:09 -08:00 · 5ca7dbaef8
parent eaee158f60
commit 5ca7dbaef8
5 changed files with 4 additions and 42 deletions
--- a/app/coffeescripts/views/UserObserveesView.coffee
+++ b/app/coffeescripts/views/UserObserveesView.coffee
@ -19,7 +19,6 @@ import $ from 'jquery'
 import _ from 'underscore'
 import I18n from 'i18n!observees'
 import pairingCodeTemplate from 'jst/PairingCodeUserObservees'
-import extAuthTemplate from 'jst/ExternalAuthUserObservees'
 import itemView from './UserObserveeView'
 import PaginatedCollectionView from './PaginatedCollectionView'

@ -28,11 +27,7 @@ export default class UserObserveesView extends PaginatedCollectionView
  itemView: itemView
  className: 'user-observees'

-  template: ->
-    if ENV.AUTH_TYPE == 'saml'
-      extAuthTemplate
-    else
-      pairingCodeTemplate
+  template: pairingCodeTemplate

  events:
    'submit .add-observee-form': 'addObservee'
--- a/app/controllers/login/saml_controller.rb
+++ b/app/controllers/login/saml_controller.rb
@ -328,8 +328,8 @@ class Login::SamlController < ApplicationController

  def observee_validation
    redirect_to
-      @domain_root_account.parent_registration_aac.generate_authn_request_redirect(host: request.host_with_port,
-                                                                                   parent_registration: session[:parent_registration])
+      @domain_root_account.parent_registration_ap.generate_authn_request_redirect(host: request.host_with_port,
+                                                                                  parent_registration: session[:parent_registration])
  end

  protected
--- a/app/controllers/profile_controller.rb
+++ b/app/controllers/profile_controller.rb
@ -483,9 +483,6 @@ class ProfileController < ApplicationController
  private :require_user_for_private_profile

  def observees
-    if @domain_root_account.parent_registration?
-      js_env(AUTH_TYPE: @domain_root_account.parent_auth_type)
-    end
    @user ||= @current_user
    set_active_tab 'observees'
    @context = @user.profile if @user == @current_user
--- a/app/models/account.rb
+++ b/app/models/account.rb
@ -1866,12 +1866,7 @@ class Account < ActiveRecord::Base
    authentication_providers.where(parent_registration: true).exists?
  end

-  def parent_auth_type
-    return nil unless parent_registration?
-    parent_registration_aac.auth_type
-  end
-
-  def parent_registration_aac
+  def parent_registration_ap
    authentication_providers.where(parent_registration: true).first
  end

--- a/app/views/jst/ExternalAuthUserObservees.handlebars
+++ b/app/views/jst/ExternalAuthUserObservees.handlebars
@ -1,25 +0,0 @@
-<h2>{{#t}}Observing{{/t}}</h2>
-
-<form class="add-observee-form">
-  <div class="row">
-    <div class="span2">
-      <label for="unique_id">
-        {{#t}}Username{{/t}}
-        <input type="text" id="unique_id" name="unique_id">
-      </label>
-    </div>
-  </div>
-  <button type="submit" class="btn btn-primary">
-      <i class="icon-plus" role="presentation"></i>
-      <span class="screenreader-only">Add</span>
-      {{#t}}Student{{/t}}
-  </button>
-</form>
-
-<h3 id="being-observed">{{#t}}Students Being Observed{{/t}}</h3>
-<div class="observees-list-container" aria-busy="false">
-  <ul class="observees-list collectionViewItems" aria-labelledby="being-observed"></ul>
-  <div class="loading-indicator" style="display:none;">
-    <img src="/images/ajax-reload-animated.gif">&nbsp;
-  </div>
-</div>