Authorization tests

[Warsama-Gabriel]

PR note:

This PR includes a migration to remove the Identities table and removes the omniauth-identities gem. Developers will need to run the following commands on their local machines to apply the changes:
bundle install
rails db:migrate:up VERSION=20250117012345

Summary of Changes:

• Implemented the OmniAuth developer strategy to facilitate authentication in the development environment.
• Added RSpec tests to ensure the functionality of the OmniAuth developer strategy.
• Created factories to support comprehensive testing of the Ability.rb model.
• Added RSpec tests for Ability.rb, verifying permissions and authorization logic across various roles.
• Removed Identity-based login system and transitioned to using the OmniAuth Developer strategy.
• Added a custom Developer login form for local authentication in non-production environments.
• Refactored user roles logic and ensured roles are applied correctly in the new login flow.
• Updated RSpec tests to reflect the changes, removing Identity-related tests and adding Developer login tests.

[mfall3]

Part of implementing the developer strategy for development and testing is to use it to replace the identity strategy. So, for local development the login path should go to a page where one can log in using the developer strategy. It would be useful for that page to have text on it describing how to log in for various purposes (based on the test GroupResolover) Currently it looks like the login still uses the identity strategy.

[mfall3]

For Developer strategy in interface:
match '/auth/:provider', to: 'sessions#new', via: [:get, :post]
match '/auth/:provider/callback', to: 'sessions#create', via: [:get, :post]
https://github.com/medusa-project/databank/blob/main/app/views/sessions/new.html.haml

[mfall3]

To avoid these routes stepping on shib for prod, this is in the sessions controller:
https://github.com/medusa-project/databank/blob/main/app/controllers/sessions_controller.rb

# Responds to `GET /#`
  def new
    unless Rails.env.test? || Rails.env.development?
      session[:login_return_referer] = request.env['HTTP_REFERER']
      redirect_to(shibboleth_login_path(Databank::Application.shibboleth_host))
      return
    end
  end

[mfall3]

Improved example for new sessions view from Illinois Data bank for local login using developer strategy:

%h1 Login
%p You can # using the developer strategy using any email address and name combination. The role you select will determine the permissions you have in the application.
%figure
  %figcaption Pre-loaded Depositors (association with dataset is by email address, which is the identifier field for users)
  %ul
    %li Researcher1 - researcher1@mailinator.com
    %li Researcher2 - researcher2@mailinator.com
%figure
  %figcaption Selectable Roles
  %ul
    %li Depositor: Can create datasets, and edit created datasets
    %li Curator: Can do anything to anything
    %li Guest: Not signed in. Can view info (guides, policies), and released datasets
    %li No Deposit: Signed in, but not authorized to create datasets.
%hr
=form_tag('/auth/developer/callback', method: :post, no_validate: 'noValidate') do
  = label_tag :email, 'Email:'
  = text_field_tag :email
  = label_tag :name, 'Name:'
  = text_field_tag :name
  = label_tag :role, 'Role:'
  = select_tag :role, options_for_select([['Depositor', 'depositor'], ['Curator', 'admin'], ['Guest', 'guest'], ['No Deposit', 'no_deposit']]), {:prompt => "Please select"}
  %button{type: 'submit'} #
%hr