Examples with PdpClient gov.cms.ab2d.common.model.PdpClient used on opensource projects

Example 1 with PdpClient

use of gov.cms.ab2d.common.model.PdpClient in project ab2d by CMSgov.

the class ApiCommon method checkValidCreateJob.

public StartJobDTO checkValidCreateJob(HttpServletRequest request, String contractNumber, OffsetDateTime since, String resourceTypes, String outputFormat, FhirVersion version) {
    PdpClient pdpClient = pdpClientService.getCurrentClient();
    contractNumber = checkIfContractAttested(pdpClient.getContract(), contractNumber);
    checkIfInMaintenanceMode();
    checkIfCurrentClientCanAddJob();
    checkResourceTypesAndOutputFormat(resourceTypes, outputFormat);
    checkSinceTime(since);
    return new StartJobDTO(contractNumber, pdpClient.getOrganization(), resourceTypes, getCurrentUrl(request), outputFormat, since, version);
}

Example 2 with PdpClient

use of gov.cms.ab2d.common.model.PdpClient in project ab2d by CMSgov.

the class AuthenticationTests method testClientNoAuthorization.

@Test
public void testClientNoAuthorization() throws Exception {
    PdpClient pdpClient = pdpClientRepository.findByClientId(TEST_PDP_CLIENT);
    pdpClient.setRoles(Collections.emptySet());
    pdpClientRepository.save(pdpClient);
    this.mockMvc.perform(get(API_PREFIX_V1 + FHIR_PREFIX + "/Patient/$export").header("Authorization", "Bearer " + token).contentType(MediaType.APPLICATION_JSON)).andExpect(status().is(403));
    List<LoggableEvent> apiRequestEvents = loggerEventRepository.load(ApiRequestEvent.class);
    assertEquals(1, apiRequestEvents.size());
    ApiRequestEvent requestEvent = (ApiRequestEvent) apiRequestEvents.get(0);
    List<LoggableEvent> apiResponseEvents = loggerEventRepository.load(ApiResponseEvent.class);
    assertEquals(1, apiResponseEvents.size());
    ApiResponseEvent responseEvent = (ApiResponseEvent) apiResponseEvents.get(0);
    assertEquals(HttpStatus.FORBIDDEN.value(), responseEvent.getResponseCode());
    assertEquals(requestEvent.getRequestId(), responseEvent.getRequestId());
}

Example 3 with PdpClient

use of gov.cms.ab2d.common.model.PdpClient in project ab2d by CMSgov.

the class AuthenticationTests method testClientDoesNotExist.

@Test
public void testClientDoesNotExist() throws Exception {
    PdpClient pdpClient = pdpClientRepository.findByClientId(TEST_PDP_CLIENT);
    pdpClientRepository.delete(pdpClient);
    this.mockMvc.perform(get(API_PREFIX_V1 + FHIR_PREFIX + "/Patient/$export").header("Authorization", "Bearer " + token).contentType(MediaType.APPLICATION_JSON)).andExpect(status().is(403));
    List<LoggableEvent> apiRequestEvents = loggerEventRepository.load(ApiRequestEvent.class);
    assertEquals(1, apiRequestEvents.size());
    ApiRequestEvent requestEvent = (ApiRequestEvent) apiRequestEvents.get(0);
    List<LoggableEvent> apiResponseEvents = loggerEventRepository.load(ApiResponseEvent.class);
    assertEquals(1, apiResponseEvents.size());
    ApiResponseEvent responseEvent = (ApiResponseEvent) apiResponseEvents.get(0);
    assertEquals(HttpStatus.FORBIDDEN.value(), responseEvent.getResponseCode());
    assertEquals(requestEvent.getRequestId(), responseEvent.getRequestId());
}

Example 4 with PdpClient

use of gov.cms.ab2d.common.model.PdpClient in project ab2d by CMSgov.

the class JwtTokenAuthenticationFilter method doFilterInternal.

@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
    String jobId = UtilMethods.parseJobId(request.getRequestURI());
    if (shouldBePublic(request.getRequestURI())) {
        if (uriFilter.test(request.getRequestURI())) {
            logApiRequestEvent(request, null, null, jobId);
        }
        chain.doFilter(request, response);
        return;
    }
    String token = null;
    String client;
    try {
        token = getToken(request);
        client = getClientId(token);
    } catch (Exception ex) {
        logApiRequestEvent(request, token, null, jobId);
        throw ex;
    }
    if (client.isEmpty()) {
        logApiRequestEvent(request, token, null, jobId);
        String clientBlankMsg = "Client id was blank";
        log.error(clientBlankMsg);
        throw new BadJWTTokenException(clientBlankMsg);
    }
    // Attempt to get client object from repository (to check whether enabled and setup roles if enabled)
    PdpClient pdpClient;
    try {
        pdpClient = pdpClientService.getClientById(client);
    } catch (ResourceNotFoundException exception) {
        logApiRequestEvent(request, token, null, jobId);
        throw new UsernameNotFoundException("Client was not found");
    }
    // If client is null then continue throwing username not found
    if (pdpClient == null) {
        logApiRequestEvent(request, token, null, jobId);
        throw new UsernameNotFoundException("Client was not found");
    }
    // Save organization
    MDC.put(ORGANIZATION, pdpClient.getOrganization());
    // If client is disabled for any reason do not proceed
    if (!pdpClient.getEnabled()) {
        log.error("Client {} is not enabled", pdpClient.getOrganization());
        logApiRequestEvent(request, token, pdpClient.getOrganization(), jobId);
        throw new ClientNotEnabledException("Client " + pdpClient.getOrganization() + " is not enabled");
    }
    // Otherwise setup roles and context
    logApiRequestEvent(request, token, pdpClient.getOrganization(), jobId);
    pdpClientService.setupClientAndRolesInSecurityContext(pdpClient, request);
    // go to the next filter in the filter chain
    chain.doFilter(request, response);
}

Example 5 with PdpClient

use of gov.cms.ab2d.common.model.PdpClient in project ab2d by CMSgov.

the class AdminAPIPdpClientTests method testCreateDuplicateClient.

@Test
public void testCreateDuplicateClient() throws Exception {
    PdpClientDTO pdpClientDTO = new PdpClientDTO();
    pdpClientDTO.setClientId(TEST_CLIENT);
    pdpClientDTO.setEnabled(true);
    pdpClientDTO.setContract(buildContractDTO());
    pdpClientDTO.setRole(ADMIN_ROLE);
    Role role = roleService.findRoleByName(ADMIN_ROLE);
    pdpClientDTO.setRole(role.getName());
    ObjectMapper mapper = getMapper();
    this.mockMvc.perform(post(API_PREFIX_V1 + ADMIN_PREFIX + CLIENT_URL).contentType(MediaType.APPLICATION_JSON).content(mapper.writeValueAsString(pdpClientDTO)).header("Authorization", "Bearer " + token));
    this.mockMvc.perform(post(API_PREFIX_V1 + ADMIN_PREFIX + CLIENT_URL).contentType(MediaType.APPLICATION_JSON).content(mapper.writeValueAsString(pdpClientDTO)).header("Authorization", "Bearer " + token)).andExpect(status().is(500)).andExpect(jsonPath("$.resourceType", Is.is("OperationOutcome"))).andExpect(jsonPath("$.issue[0].severity", Is.is("error"))).andExpect(jsonPath("$.issue[0].code", Is.is("invalid"))).andExpect(jsonPath("$.issue[0].details.text", Is.is("An internal error occurred")));
    PdpClient anotherPdpClient = pdpClientRepository.findByClientId(("anotherEmail@test.com"));
    dataSetup.queueForCleanup(anotherPdpClient);
}