use of gov.cms.ab2d.common.model.PdpClient in project ab2d by CMSgov.
the class ApiCommon method checkValidCreateJob.
public StartJobDTO checkValidCreateJob(HttpServletRequest request, String contractNumber, OffsetDateTime since, String resourceTypes, String outputFormat, FhirVersion version) {
PdpClient pdpClient = pdpClientService.getCurrentClient();
contractNumber = checkIfContractAttested(pdpClient.getContract(), contractNumber);
checkIfInMaintenanceMode();
checkIfCurrentClientCanAddJob();
checkResourceTypesAndOutputFormat(resourceTypes, outputFormat);
checkSinceTime(since);
return new StartJobDTO(contractNumber, pdpClient.getOrganization(), resourceTypes, getCurrentUrl(request), outputFormat, since, version);
}
use of gov.cms.ab2d.common.model.PdpClient in project ab2d by CMSgov.
the class AuthenticationTests method testClientNoAuthorization.
@Test
public void testClientNoAuthorization() throws Exception {
PdpClient pdpClient = pdpClientRepository.findByClientId(TEST_PDP_CLIENT);
pdpClient.setRoles(Collections.emptySet());
pdpClientRepository.save(pdpClient);
this.mockMvc.perform(get(API_PREFIX_V1 + FHIR_PREFIX + "/Patient/$export").header("Authorization", "Bearer " + token).contentType(MediaType.APPLICATION_JSON)).andExpect(status().is(403));
List<LoggableEvent> apiRequestEvents = loggerEventRepository.load(ApiRequestEvent.class);
assertEquals(1, apiRequestEvents.size());
ApiRequestEvent requestEvent = (ApiRequestEvent) apiRequestEvents.get(0);
List<LoggableEvent> apiResponseEvents = loggerEventRepository.load(ApiResponseEvent.class);
assertEquals(1, apiResponseEvents.size());
ApiResponseEvent responseEvent = (ApiResponseEvent) apiResponseEvents.get(0);
assertEquals(HttpStatus.FORBIDDEN.value(), responseEvent.getResponseCode());
assertEquals(requestEvent.getRequestId(), responseEvent.getRequestId());
}
use of gov.cms.ab2d.common.model.PdpClient in project ab2d by CMSgov.
the class AuthenticationTests method testClientDoesNotExist.
@Test
public void testClientDoesNotExist() throws Exception {
PdpClient pdpClient = pdpClientRepository.findByClientId(TEST_PDP_CLIENT);
pdpClientRepository.delete(pdpClient);
this.mockMvc.perform(get(API_PREFIX_V1 + FHIR_PREFIX + "/Patient/$export").header("Authorization", "Bearer " + token).contentType(MediaType.APPLICATION_JSON)).andExpect(status().is(403));
List<LoggableEvent> apiRequestEvents = loggerEventRepository.load(ApiRequestEvent.class);
assertEquals(1, apiRequestEvents.size());
ApiRequestEvent requestEvent = (ApiRequestEvent) apiRequestEvents.get(0);
List<LoggableEvent> apiResponseEvents = loggerEventRepository.load(ApiResponseEvent.class);
assertEquals(1, apiResponseEvents.size());
ApiResponseEvent responseEvent = (ApiResponseEvent) apiResponseEvents.get(0);
assertEquals(HttpStatus.FORBIDDEN.value(), responseEvent.getResponseCode());
assertEquals(requestEvent.getRequestId(), responseEvent.getRequestId());
}
use of gov.cms.ab2d.common.model.PdpClient in project ab2d by CMSgov.
the class JwtTokenAuthenticationFilter method doFilterInternal.
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
String jobId = UtilMethods.parseJobId(request.getRequestURI());
if (shouldBePublic(request.getRequestURI())) {
if (uriFilter.test(request.getRequestURI())) {
logApiRequestEvent(request, null, null, jobId);
}
chain.doFilter(request, response);
return;
}
String token = null;
String client;
try {
token = getToken(request);
client = getClientId(token);
} catch (Exception ex) {
logApiRequestEvent(request, token, null, jobId);
throw ex;
}
if (client.isEmpty()) {
logApiRequestEvent(request, token, null, jobId);
String clientBlankMsg = "Client id was blank";
log.error(clientBlankMsg);
throw new BadJWTTokenException(clientBlankMsg);
}
// Attempt to get client object from repository (to check whether enabled and setup roles if enabled)
PdpClient pdpClient;
try {
pdpClient = pdpClientService.getClientById(client);
} catch (ResourceNotFoundException exception) {
logApiRequestEvent(request, token, null, jobId);
throw new UsernameNotFoundException("Client was not found");
}
// If client is null then continue throwing username not found
if (pdpClient == null) {
logApiRequestEvent(request, token, null, jobId);
throw new UsernameNotFoundException("Client was not found");
}
// Save organization
MDC.put(ORGANIZATION, pdpClient.getOrganization());
// If client is disabled for any reason do not proceed
if (!pdpClient.getEnabled()) {
log.error("Client {} is not enabled", pdpClient.getOrganization());
logApiRequestEvent(request, token, pdpClient.getOrganization(), jobId);
throw new ClientNotEnabledException("Client " + pdpClient.getOrganization() + " is not enabled");
}
// Otherwise setup roles and context
logApiRequestEvent(request, token, pdpClient.getOrganization(), jobId);
pdpClientService.setupClientAndRolesInSecurityContext(pdpClient, request);
// go to the next filter in the filter chain
chain.doFilter(request, response);
}
use of gov.cms.ab2d.common.model.PdpClient in project ab2d by CMSgov.
the class AdminAPIPdpClientTests method testCreateDuplicateClient.
@Test
public void testCreateDuplicateClient() throws Exception {
PdpClientDTO pdpClientDTO = new PdpClientDTO();
pdpClientDTO.setClientId(TEST_CLIENT);
pdpClientDTO.setEnabled(true);
pdpClientDTO.setContract(buildContractDTO());
pdpClientDTO.setRole(ADMIN_ROLE);
Role role = roleService.findRoleByName(ADMIN_ROLE);
pdpClientDTO.setRole(role.getName());
ObjectMapper mapper = getMapper();
this.mockMvc.perform(post(API_PREFIX_V1 + ADMIN_PREFIX + CLIENT_URL).contentType(MediaType.APPLICATION_JSON).content(mapper.writeValueAsString(pdpClientDTO)).header("Authorization", "Bearer " + token));
this.mockMvc.perform(post(API_PREFIX_V1 + ADMIN_PREFIX + CLIENT_URL).contentType(MediaType.APPLICATION_JSON).content(mapper.writeValueAsString(pdpClientDTO)).header("Authorization", "Bearer " + token)).andExpect(status().is(500)).andExpect(jsonPath("$.resourceType", Is.is("OperationOutcome"))).andExpect(jsonPath("$.issue[0].severity", Is.is("error"))).andExpect(jsonPath("$.issue[0].code", Is.is("invalid"))).andExpect(jsonPath("$.issue[0].details.text", Is.is("An internal error occurred")));
PdpClient anotherPdpClient = pdpClientRepository.findByClientId(("anotherEmail@test.com"));
dataSetup.queueForCleanup(anotherPdpClient);
}
Aggregations