GPII-2538: Secure /untrusted-settings endpoint

[cindyli]

This pull request secures /untrusted-settings endpoint provided by Cloud Based Flow Manager. Now to use this endpoint, these steps need to be followed:

1. Request an access token from /access_token endpoint;
2. Embed the access token in the Authorization header when sending the /untrusted-settings request.

Refer to this documentation for the detail of these steps.

The local flow manager has been modified to use these steps for retrieving untrusted user settings from /untrusted-settings endpoint.

Note that this implementation requires GPII tokens to be tracked/saved in the auth database in order for them to be authorized to receive untrusted user settings.

@simonbates, @amb26 could you review this pull request? Thanks.

[gpii-bot]

CI job passed: https://ci.gpii.net/job/universal-tests/533/

[simonbates]

I tried running the Windows repo automated tests against this Universal branch and got an error when running node tests\AcceptanceTests.js builtIn:

C:\vagrant>node tests\AcceptanceTests.js builtIn
Infusion at path \\vboxsrv\vagrant\node_modules\infusion is at top level
12:32:19.052:  Registering module gpii-windows from path \\vboxsrv\vagrant\
12:32:19.068:  Registering module infusion from path \\vboxsrv\vagrant\node_modules\infusion\
12:32:19.068:  Registering module infusion from path \\vboxsrv\vagrant\node_modules\infusion
12:32:19.068:  Registering module universal from path \\vboxsrv\vagrant\node_modules\universal
12:32:19.115:  Registering module deviceReporter from path \\vboxsrv\vagrant\node_modules\universal\gpii\node_modules\deviceReporter
12:32:19.162:  Registering module kettle from path \\vboxsrv\vagrant\node_modules\kettle
12:32:21.630:  Registering module lifecycleManager from path \\vboxsrv\vagrant\node_modules\universal\gpii\node_modules\lifecycleManager
12:32:21.693:  Registering module lifecycleActions from path \\vboxsrv\vagrant\node_modules\universal\gpii\node_modules\lifecycleActions
12:32:21.724:  Registering module flowManager from path \\vboxsrv\vagrant\node_modules\universal\gpii\node_modules\flowManager
12:32:21.896:  Registering module gpii-oauth2 from path \\vboxsrv\vagrant\node_modules\universal\gpii\node_modules\gpii-oauth2
12:32:23.475:  Registering module accessRequester from path \\vboxsrv\vagrant\node_modules\universal\gpii\node_modules\accessRequester
12:32:23.506:  Registering module journal from path \\vboxsrv\vagrant\node_modules\universal\gpii\node_modules\journal
12:32:23.709:  Registering module singleInstance from path \\vboxsrv\vagrant\node_modules\universal\gpii\node_modules\singleInstance
12:32:23.725:  Registering module eventLog from path \\vboxsrv\vagrant\node_modules\universal\gpii\node_modules\eventLog
12:32:23.802:  Registering module settingsHandlers from path \\vboxsrv\vagrant\node_modules\universal\gpii\node_modules\settingsHandlers
12:32:23.974:  Registering module preferencesServer from path \\vboxsrv\vagrant\node_modules\universal\gpii\node_modules\preferencesServer
12:32:23.990:  Registering module ontologyHandler from path \\vboxsrv\vagrant\node_modules\universal\gpii\node_modules\ontologyHandler
12:32:24.084:  Registering module rawPreferencesServer from path \\vboxsrv\vagrant\node_modules\universal\gpii\node_modules\rawPreferencesServer
12:32:24.163:  Registering module flatMatchMaker from path \\vboxsrv\vagrant\node_modules\universal\gpii\node_modules\flatMatchMaker
12:32:24.193:  Registering module canopyMatchMaker from path \\vboxsrv\vagrant\node_modules\universal\gpii\node_modules\canopyMatchMaker
12:32:24.225:  Registering module contextManager from path \\vboxsrv\vagrant\node_modules\universal\gpii\node_modules\contextManager
12:32:24.271:  Registering module pouchManager from path \\vboxsrv\vagrant\node_modules\universal\gpii\node_modules\pouchManager
12:32:24.287:  Registering module processReporter from path \\vboxsrv\vagrant\node_modules\universal\gpii\node_modules\processReporter
12:32:25.021:  Resolved infusion from path \\vboxsrv\vagrant\node_modules\gpii-pouchdb\node_modules\infusion\src\module to \\vboxsrv/vagrant/node_modules/infusion
12:32:25.021:  Registering module gpii-pouchdb from path \\vboxsrv\vagrant\node_modules\gpii-pouchdb
12:32:32.412:  Resolved infusion from path \\vboxsrv\vagrant\node_modules\gpii-express\node_modules\infusion\src\module to \\vboxsrv/vagrant/node_modules/infusion
12:32:32.412:  Registering module gpii-express from path \\vboxsrv\vagrant\node_modules\gpii-express
12:32:34.365:  FATAL ERROR: Uncaught exception: Cannot find module 'nock'
Error: Cannot find module 'nock'
    at Function.Module._resolveFilename (module.js:469:15)
    at Function.Module._load (module.js:417:25)
    at Module.require (module.js:497:17)
    at require (internal/module.js:20:19)
    at Object.<anonymous> (\\vboxsrv\vagrant\node_modules\universal\gpii\node_modules\testing\src\NockUtils.js:21:12)
    at Module._compile (module.js:570:32)
    at Object.Module._extensions..js (module.js:579:10)
    at Module.load (module.js:487:32)
    at tryModuleLoad (module.js:446:12)
    at Function.Module._load (module.js:438:3)
    at Module.require (module.js:497:17)
    at require (internal/module.js:20:19)
    at Object.<anonymous> (\\vboxsrv\vagrant\node_modules\universal\gpii\node_modules\testing\index.js:30:1)
    at Module._compile (module.js:570:32)
    at Object.Module._extensions..js (module.js:579:10)
    at Module.load (module.js:487:32)
    at tryModuleLoad (module.js:446:12)
    at Function.Module._load (module.js:438:3)
    at Module.require (module.js:497:17)
    at require (internal/module.js:20:19)
    at Object.gpii.loadTestingSupport (\\vboxsrv\vagrant\node_modules\universal\index.js:50:5)
    at Object.<anonymous> (\\vboxsrv\vagrant\tests\AcceptanceTests.js:22:6)
    at Module._compile (module.js:570:32)
    at Object.Module._extensions..js (module.js:579:10)
    at Module.load (module.js:487:32)
    at tryModuleLoad (module.js:446:12)
    at Function.Module._load (module.js:438:3)
    at Module.runMain (module.js:604:10)
    at run (bootstrap_node.js:394:7)
    at startup (bootstrap_node.js:149:9)
    at bootstrap_node.js:509:3
12:32:34.365:  Current activity:

The Windows repo code is calling gpii.loadTestingSupport(), which ends up requiring Nock. This fails as Nock is a devDependency of Universal.

[cindyli]

Good catch, @simonbates. I've moved nock into "dependencies" block and the problem should be fixed.

[gpii-bot]

CI job failed: https://ci.gpii.net/job/universal-tests/587/

[cindyli]

ok to test

[gpii-bot]

CI job failed: https://ci.gpii.net/job/universal-tests/588/

[cindyli]

ok to test

[gpii-bot]

CI job passed: https://ci.gpii.net/job/universal-tests/589/

[simonbates]

@cindyli @amb26 I was going to say that I didn't think that moving Nock to the dependencies block (cindyli@de51af1) was the best solution (as it really isn't a runtime dependency) but I see that we have a precedent with "node-jqunit" in the universal dependencies block -- so maybe it's ok?

https://github.com/GPII/universal/blob/master/package.json#L21

[cindyli]

@simonbates I agree with you that having nock as a dependency doesn't seem like the best solution from the perspective of the universal repo as nock is only used for running node tests. However, if our windows or linux repos are designed to be able to run tests from universal, one of their dependency module, this might be a suitable approach.

This approach was also used by havinggpii-pouchdb in the universal dependencies block.

[gpii-bot]

CI job passed: https://ci.gpii.net/job/universal-tests/597/

[gpii-bot]

CI job passed: https://ci.gpii.net/job/universal-tests/610/

[gpii-bot]

CI job passed: https://ci.gpii.net/job/universal-tests/619/

[simonbates]

I've created a JIRA to record the state of universal prior to merge:

https://issues.gpii.net/browse/GPII-2771

[gpii-bot]

CI job passed: https://ci.gpii.net/job/universal-tests/645/

[simonbates]

Merged at 7f8ac79