Search in sources :

Example 1 with PdpClient

use of gov.cms.ab2d.common.model.PdpClient in project ab2d by CMSgov.

the class ApiCommon method checkValidCreateJob.

public StartJobDTO checkValidCreateJob(HttpServletRequest request, String contractNumber, OffsetDateTime since, String resourceTypes, String outputFormat, FhirVersion version) {
    PdpClient pdpClient = pdpClientService.getCurrentClient();
    contractNumber = checkIfContractAttested(pdpClient.getContract(), contractNumber);
    checkIfInMaintenanceMode();
    checkIfCurrentClientCanAddJob();
    checkResourceTypesAndOutputFormat(resourceTypes, outputFormat);
    checkSinceTime(since);
    return new StartJobDTO(contractNumber, pdpClient.getOrganization(), resourceTypes, getCurrentUrl(request), outputFormat, since, version);
}
Also used : StartJobDTO(gov.cms.ab2d.common.dto.StartJobDTO) PdpClient(gov.cms.ab2d.common.model.PdpClient)

Example 2 with PdpClient

use of gov.cms.ab2d.common.model.PdpClient in project ab2d by CMSgov.

the class AuthenticationTests method testClientNoAuthorization.

@Test
public void testClientNoAuthorization() throws Exception {
    PdpClient pdpClient = pdpClientRepository.findByClientId(TEST_PDP_CLIENT);
    pdpClient.setRoles(Collections.emptySet());
    pdpClientRepository.save(pdpClient);
    this.mockMvc.perform(get(API_PREFIX_V1 + FHIR_PREFIX + "/Patient/$export").header("Authorization", "Bearer " + token).contentType(MediaType.APPLICATION_JSON)).andExpect(status().is(403));
    List<LoggableEvent> apiRequestEvents = loggerEventRepository.load(ApiRequestEvent.class);
    assertEquals(1, apiRequestEvents.size());
    ApiRequestEvent requestEvent = (ApiRequestEvent) apiRequestEvents.get(0);
    List<LoggableEvent> apiResponseEvents = loggerEventRepository.load(ApiResponseEvent.class);
    assertEquals(1, apiResponseEvents.size());
    ApiResponseEvent responseEvent = (ApiResponseEvent) apiResponseEvents.get(0);
    assertEquals(HttpStatus.FORBIDDEN.value(), responseEvent.getResponseCode());
    assertEquals(requestEvent.getRequestId(), responseEvent.getRequestId());
}
Also used : LoggableEvent(gov.cms.ab2d.eventlogger.LoggableEvent) PdpClient(gov.cms.ab2d.common.model.PdpClient) ApiRequestEvent(gov.cms.ab2d.eventlogger.events.ApiRequestEvent) ApiResponseEvent(gov.cms.ab2d.eventlogger.events.ApiResponseEvent) SpringBootTest(org.springframework.boot.test.context.SpringBootTest)

Example 3 with PdpClient

use of gov.cms.ab2d.common.model.PdpClient in project ab2d by CMSgov.

the class AuthenticationTests method testClientDoesNotExist.

@Test
public void testClientDoesNotExist() throws Exception {
    PdpClient pdpClient = pdpClientRepository.findByClientId(TEST_PDP_CLIENT);
    pdpClientRepository.delete(pdpClient);
    this.mockMvc.perform(get(API_PREFIX_V1 + FHIR_PREFIX + "/Patient/$export").header("Authorization", "Bearer " + token).contentType(MediaType.APPLICATION_JSON)).andExpect(status().is(403));
    List<LoggableEvent> apiRequestEvents = loggerEventRepository.load(ApiRequestEvent.class);
    assertEquals(1, apiRequestEvents.size());
    ApiRequestEvent requestEvent = (ApiRequestEvent) apiRequestEvents.get(0);
    List<LoggableEvent> apiResponseEvents = loggerEventRepository.load(ApiResponseEvent.class);
    assertEquals(1, apiResponseEvents.size());
    ApiResponseEvent responseEvent = (ApiResponseEvent) apiResponseEvents.get(0);
    assertEquals(HttpStatus.FORBIDDEN.value(), responseEvent.getResponseCode());
    assertEquals(requestEvent.getRequestId(), responseEvent.getRequestId());
}
Also used : LoggableEvent(gov.cms.ab2d.eventlogger.LoggableEvent) PdpClient(gov.cms.ab2d.common.model.PdpClient) ApiRequestEvent(gov.cms.ab2d.eventlogger.events.ApiRequestEvent) ApiResponseEvent(gov.cms.ab2d.eventlogger.events.ApiResponseEvent) SpringBootTest(org.springframework.boot.test.context.SpringBootTest)

Example 4 with PdpClient

use of gov.cms.ab2d.common.model.PdpClient in project ab2d by CMSgov.

the class JwtTokenAuthenticationFilter method doFilterInternal.

@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
    String jobId = UtilMethods.parseJobId(request.getRequestURI());
    if (shouldBePublic(request.getRequestURI())) {
        if (uriFilter.test(request.getRequestURI())) {
            logApiRequestEvent(request, null, null, jobId);
        }
        chain.doFilter(request, response);
        return;
    }
    String token = null;
    String client;
    try {
        token = getToken(request);
        client = getClientId(token);
    } catch (Exception ex) {
        logApiRequestEvent(request, token, null, jobId);
        throw ex;
    }
    if (client.isEmpty()) {
        logApiRequestEvent(request, token, null, jobId);
        String clientBlankMsg = "Client id was blank";
        log.error(clientBlankMsg);
        throw new BadJWTTokenException(clientBlankMsg);
    }
    // Attempt to get client object from repository (to check whether enabled and setup roles if enabled)
    PdpClient pdpClient;
    try {
        pdpClient = pdpClientService.getClientById(client);
    } catch (ResourceNotFoundException exception) {
        logApiRequestEvent(request, token, null, jobId);
        throw new UsernameNotFoundException("Client was not found");
    }
    // If client is null then continue throwing username not found
    if (pdpClient == null) {
        logApiRequestEvent(request, token, null, jobId);
        throw new UsernameNotFoundException("Client was not found");
    }
    // Save organization
    MDC.put(ORGANIZATION, pdpClient.getOrganization());
    // If client is disabled for any reason do not proceed
    if (!pdpClient.getEnabled()) {
        log.error("Client {} is not enabled", pdpClient.getOrganization());
        logApiRequestEvent(request, token, pdpClient.getOrganization(), jobId);
        throw new ClientNotEnabledException("Client " + pdpClient.getOrganization() + " is not enabled");
    }
    // Otherwise setup roles and context
    logApiRequestEvent(request, token, pdpClient.getOrganization(), jobId);
    pdpClientService.setupClientAndRolesInSecurityContext(pdpClient, request);
    // go to the next filter in the filter chain
    chain.doFilter(request, response);
}
Also used : UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException) ResourceNotFoundException(gov.cms.ab2d.common.service.ResourceNotFoundException) PdpClient(gov.cms.ab2d.common.model.PdpClient) UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException) ServletException(javax.servlet.ServletException) ResourceNotFoundException(gov.cms.ab2d.common.service.ResourceNotFoundException) IOException(java.io.IOException) JwtVerificationException(com.okta.jwt.JwtVerificationException)

Example 5 with PdpClient

use of gov.cms.ab2d.common.model.PdpClient in project ab2d by CMSgov.

the class AdminAPIPdpClientTests method testCreateDuplicateClient.

@Test
public void testCreateDuplicateClient() throws Exception {
    PdpClientDTO pdpClientDTO = new PdpClientDTO();
    pdpClientDTO.setClientId(TEST_CLIENT);
    pdpClientDTO.setEnabled(true);
    pdpClientDTO.setContract(buildContractDTO());
    pdpClientDTO.setRole(ADMIN_ROLE);
    Role role = roleService.findRoleByName(ADMIN_ROLE);
    pdpClientDTO.setRole(role.getName());
    ObjectMapper mapper = getMapper();
    this.mockMvc.perform(post(API_PREFIX_V1 + ADMIN_PREFIX + CLIENT_URL).contentType(MediaType.APPLICATION_JSON).content(mapper.writeValueAsString(pdpClientDTO)).header("Authorization", "Bearer " + token));
    this.mockMvc.perform(post(API_PREFIX_V1 + ADMIN_PREFIX + CLIENT_URL).contentType(MediaType.APPLICATION_JSON).content(mapper.writeValueAsString(pdpClientDTO)).header("Authorization", "Bearer " + token)).andExpect(status().is(500)).andExpect(jsonPath("$.resourceType", Is.is("OperationOutcome"))).andExpect(jsonPath("$.issue[0].severity", Is.is("error"))).andExpect(jsonPath("$.issue[0].code", Is.is("invalid"))).andExpect(jsonPath("$.issue[0].details.text", Is.is("An internal error occurred")));
    PdpClient anotherPdpClient = pdpClientRepository.findByClientId(("anotherEmail@test.com"));
    dataSetup.queueForCleanup(anotherPdpClient);
}
Also used : Role(gov.cms.ab2d.common.model.Role) PdpClientDTO(gov.cms.ab2d.common.dto.PdpClientDTO) PdpClient(gov.cms.ab2d.common.model.PdpClient) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) Test(org.junit.jupiter.api.Test) SpringBootTest(org.springframework.boot.test.context.SpringBootTest)

Aggregations

PdpClient (gov.cms.ab2d.common.model.PdpClient)43 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)11 BeforeEach (org.junit.jupiter.api.BeforeEach)8 Test (org.junit.jupiter.api.Test)7 Contract (gov.cms.ab2d.common.model.Contract)6 Job (gov.cms.ab2d.common.model.Job)5 ApiResponseEvent (gov.cms.ab2d.eventlogger.events.ApiResponseEvent)5 Role (gov.cms.ab2d.common.model.Role)4 PdpClientDTO (gov.cms.ab2d.common.dto.PdpClientDTO)3 LoggableEvent (gov.cms.ab2d.eventlogger.LoggableEvent)3 ApiRequestEvent (gov.cms.ab2d.eventlogger.events.ApiRequestEvent)3 ContractToContractCoverageMapping (gov.cms.ab2d.worker.config.ContractToContractCoverageMapping)3 ThreadPoolTaskExecutor (org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor)3 TooManyRequestsException (gov.cms.ab2d.api.controller.TooManyRequestsException)2 BFDClient (gov.cms.ab2d.bfd.client.BFDClient)2 ContractDTO (gov.cms.ab2d.common.dto.ContractDTO)2 StaleJob (gov.cms.ab2d.common.dto.StaleJob)2 StartJobDTO (gov.cms.ab2d.common.dto.StartJobDTO)2 JobOutput (gov.cms.ab2d.common.model.JobOutput)2 LogManager (gov.cms.ab2d.eventlogger.LogManager)2