ADO-2787 basic auth configured in api call

[NicolaSDPR1]

What changes did you make?

getSavedFormFromPortal has two potential POST calls it will make depending on the following conditions:

• IF environment variable has portalAuth === "basic" AND include either basicAuth username & password OR apiSecret, it will set the auth values in the code as Basic authentication with the environment variables encoded in base64.
• ELSE it will just call the POST function without any authorization value in header as it was doing before.

Additionally, added values to APP_CONFIG in my .env, so those do not appear here in this change. If I need to add them to .env.example, please let me know.

Why did you make these changes?

As per https://dev.azure.com/BC-SDPR/Forms%20Modernization/_workitems/edit/2787/, basic authentication needs to be enabled in order to make calls to FF. If the auth is not in place, the call will error and Edit Form for portal values will not be allowed.

What alternatives did you consider?

I considered using several if-else statements in order to separate the environment variables triggering auth required in POST call. If I did this, then I would not need to write out code for base64 conversion of basicAuth username & password environment variables. Axois has an auth part that does basic auth. HOWEVER, if there's ever a chance a different authentication process is needed, then a new conditional statement would be required (like how basicAuth vs. apiSecret would then require an if/else-if for each). Because of everything included in the POST request, this greatly increases the lines of code and makes it harder to track updates for all API calls in the code.

I went with one if-statement for all the auth, and then one else-statement for no auth because this reduces the coding required if there's any changes. It also allows all auth checks to be in one place, and if non-basic auth types are required then it can be configured to include them in the if-statement.

  const auth = (portal.basicAuth && portal.basicAuth.username && portal.basicAuth.password)
    ? "Basic " + btoa(portal.basicAuth.username + ":" + portal.basicAuth.password)
    : "Basic " + btoa(portal.apiSecret);

Future Concerns

While testing this call from Kiln -> Comm Layer -> Local Server, there were two things of note:

1. In Kiln, the call that activates this endpoint is in EditPortalFormPage. It is supposed to take in the body of params, however in doing so it was not passing along the id from the url. Instead, I had to change the body being passed along from what it is below to: body: JSON.stringify({"id": params[""]}),

   const body: Record<string, any> = { ...params };

   const response = await fetch(loadDataEndpoint, {
   method: "POST",
   headers,
   body: JSON.stringify(body),
   });

   If this edit portal functionality does not work once in dev/tst/prod, then we may need to look into this as the potential issue.

2. Leaving this for reference if someone else is trying to connect Comm Layer to a local server that's not in docker. I had to set my apiHost to 0.0.0.0 and had to proxy the host in POST + turn off VPN before it would work.

       `proxy: {
          protocol: "http",
          host: "[ IPv4 Address here ]",
          port: 8090
        }`
   

Checklist

• I have assigned at least one reviewer
• My code meets the style guide
• My code has adequate test coverage (if applicable)

[NicolaSDPR1]

@bzimonjaSDPR would you like me to include basic auth for additional functions in this request like the expireTokenInPortal and getParametersFromPortal? Or should this auth be tested first and then added to the others?

[NicolaSDPR1]

@bzimonjaSDPR also-also, the error handling from this will just change the page to Error: The form cannot be generated. Should there be a new error message for basic auth rejection? And, if so, what response status (401, 400, etc...) will be the rejected auth? (Need to know status to separate error messages)