Show the Castle payload and verdict in the UI across all flows#25
Merged
Conversation
Add a CastleReporting controller concern that records each Castle call (endpoint, request payload and response) during a request and renders it in a shared "Castle activity" panel: an endpoint badge, a verdict banner with the policy action, risk score and signal names, and the payload and response JSON. Results from flows that redirect (login, sign up, profile update, logout, custom event) are carried over the redirect through the flash, compacted to the verdict summary so they always fit the cookie session; the login surfaces both the filter and risk steps. Replace the per-page API result partial with the shared panel on the lists, privacy and password-reset pages, and add the result-panel component styles. Send user.id to Castle as a string on the risk, log and matching_user_id calls. Add specs covering the reporting concern (compaction and cookie budget) and the rendered panel.
Raise the puma requirement to ~> 7.2 and update the lockfile to puma 7.2.1 and net-imap 0.6.4.1. Also bump the remaining gems within the existing constraints: msgpack 1.8.3, sqlite3 2.9.5, websocket-driver 0.8.1, web-console 4.3.0 and rspec-rails 8.0.4.
Mirror the Node/Python/PHP example apps by adding "valid user + pw", "valid user, bad pw" and "invalid username" quick-fill buttons to the sign-in page. Credentials are centralized in DemoAccount (env-overridable, Devise-valid defaults) and used by db/seeds.rb to seed the Clark Kent demo user so the "valid user + pw" flow actually signs in.
Mirror the other example apps with "new user" (lois.lane@dailyplanet.com) and "existing email" (the seeded clark.kent@dailyplanet.com) quick-fill buttons, demonstrating $registration / $attempted vs / $failed.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds an in-app view of what each Castle call does, across the whole demo.
CastleReportingcontroller concern that records every Castle call made during a request — the endpoint, the request payload and the response — and exposes them to the views.$login/$attemptedfilter step and the$succeededrisk step.user.idto Castle as a string on therisk,logandmatching_user_idcalls.