Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dfpl 2499 #5573

Closed
wants to merge 11 commits into from
12 changes: 10 additions & 2 deletions Jenkinsfile_CNP
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,9 @@ def serviceSecrets = [
secret('smoke-test-la-username', 'SMOKE_TEST_LA_USER_USERNAME'),
secret('smoke-test-la-password', 'SMOKE_TEST_LA_USER_PASSWORD'),
secret('system-update-user-username', 'SYSTEM_UPDATE_USER_USERNAME'),
secret('system-update-user-password', 'SYSTEM_UPDATE_USER_PASSWORD')
secret('system-update-user-password', 'SYSTEM_UPDATE_USER_PASSWORD'),
secret('cafcass-system-update-user-username', 'CAFCASS_SYSTEM_USER_USERNAME'),
secret('cafcass-system-update-user-password', 'CAFCASS_SYSTEM_USER_PASSWORD')
]
]

Expand All @@ -27,7 +29,9 @@ def integrationTestSecrets = [
secret('e2e-test-password', 'E2E_TEST_PASSWORD'),
secret('system-update-user-username', 'SYSTEM_UPDATE_USER_USERNAME'),
secret('system-update-user-password', 'SYSTEM_UPDATE_USER_PASSWORD'),
secret('e2e-test-judge-password', 'E2E_TEST_JUDGE_PASSWORD')
secret('e2e-test-judge-password', 'E2E_TEST_JUDGE_PASSWORD'),
secret('cafcass-system-update-user-username', 'CAFCASS_SYSTEM_USER_USERNAME'),
secret('cafcass-system-update-user-password', 'CAFCASS_SYSTEM_USER_PASSWORD')
]
]

Expand Down Expand Up @@ -122,6 +126,8 @@ def setupSecretsForIntegrationTests(pipelineConf) {
env.INTEGRATION_TEST_DOCMOSIS_TORNADO_OUTPUT_FOLDER = "${WORKSPACE}/build/docmosis-generated"
env.SYSTEM_UPDATE_USER_PASSWORD = "${SYSTEM_UPDATE_USER_PASSWORD}"
env.SYSTEM_UPDATE_USER_USERNAME = "${SYSTEM_UPDATE_USER_USERNAME}"
env.CAFCASS_SYSTEM_USER_USERNAME = "${CAFCASS_SYSTEM_USER_USERNAME}"
env.CAFCASS_SYSTEM_USER_PASSWORD = "${CAFCASS_SYSTEM_USER_PASSWORD}"
}
}
}
Expand All @@ -137,6 +143,8 @@ def teardownSecretsForIntegrationTests() {
env.INTEGRATION_TEST_DOCMOSIS_TORNADO_OUTPUT_FOLDER = ''
env.SYSTEM_UPDATE_USER_PASSWORD = ''
env.SYSTEM_UPDATE_USER_USERNAME = ''
env.CAFCASS_SYSTEM_USER_USERNAME = ''
env.CAFCASS_SYSTEM_USER_PASSWORD = ''
}

def setupShutteringSecret() {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,9 @@ fpl:
system_update:
username: ${SYSTEM_UPDATE_USER_USERNAME:}
password: ${SYSTEM_UPDATE_USER_PASSWORD:}
cafcass_system_update:
username: ${CAFCASS_SYSTEM_USER_USERNAME:}
password: ${CAFCASS_SYSTEM_USER_PASSWORD:}
ctsc_inbox: '[email protected]'
court_to_court_admin:
mapping: "344=>[email protected];332=>[email protected]"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ public class CacheConfiguration {

public static final String ORGANISATION_CACHE = "organisationCache";
public static final String SYS_USER_CACHE = "systemUserCache";
public static final String CAFCASS_SYS_USER_CACHE = "cafcassSystemUserCache";

public static final int SYSTEM_USER_CACHE_EXPIRY = 120;

Expand All @@ -40,12 +41,11 @@ public CacheManager requestScopeCacheManager() {
@Bean
@Scope(value = WebApplicationContext.SCOPE_APPLICATION, proxyMode = ScopedProxyMode.TARGET_CLASS)
public CacheManager localCacheManager() {
CaffeineCacheManager caffeineCacheManager = new CaffeineCacheManager(SYS_USER_CACHE);
CaffeineCacheManager caffeineCacheManager = new CaffeineCacheManager(SYS_USER_CACHE, CAFCASS_SYS_USER_CACHE);
caffeineCacheManager.setCaffeine(Caffeine.newBuilder()
.initialCapacity(10)
.maximumSize(100)
.expireAfterWrite(Duration.ofMinutes(SYSTEM_USER_CACHE_EXPIRY)));
return caffeineCacheManager;
}

}
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
package uk.gov.hmcts.reform.fpl.config;

import lombok.Getter;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;

@Getter
@Configuration
public class CafcassSystemUpdateUserConfiguration {
private final String userName;
private final String password;

public CafcassSystemUpdateUserConfiguration(@Value("${fpl.cafcass_system_update.username}") String userName,
@Value("${fpl.cafcass_system_update.password}") String password) {
this.userName = userName;
this.password = password;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.web.servlet.HandlerInterceptor;
import uk.gov.hmcts.reform.fpl.config.CafcassSystemUpdateUserConfiguration;
import uk.gov.hmcts.reform.fpl.exceptions.api.AuthorizationException;
import uk.gov.hmcts.reform.idam.client.IdamClient;
import uk.gov.hmcts.reform.idam.client.models.UserInfo;
Expand All @@ -15,20 +16,20 @@
import javax.servlet.http.HttpServletResponse;

import static org.apache.commons.lang3.ObjectUtils.isNotEmpty;
import static uk.gov.hmcts.reform.fpl.enums.UserRole.CAFCASS_SYSTEM_UPDATE;

@Slf4j
@Service
@RequiredArgsConstructor(onConstructor = @__(@Autowired))
public class CafcassApiInterceptor implements HandlerInterceptor {
private final ObjectProvider<IdamClient> idamClient;
private final CafcassSystemUpdateUserConfiguration userConfig;

public boolean preHandle(HttpServletRequest request, HttpServletResponse response,
Object handler) throws Exception {
String authToken = request.getHeader("Authorization");
if (isNotEmpty(authToken)) {
UserInfo userInfo = Objects.requireNonNull(idamClient.getIfAvailable()).getUserInfo(authToken);
if (userInfo != null && userInfo.getRoles().contains(CAFCASS_SYSTEM_UPDATE.getRoleName())) {
if (userInfo != null && userInfo.getSub().equalsIgnoreCase(userConfig.getUserName())) {
return true;
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -57,9 +57,13 @@ public Document uploadDocument(byte[] pdf, String fileName, String contentType)
}

public byte[] downloadDocument(final String documentUrlString) {
return downloadDocument(documentUrlString, requestData.authorisation());
}

public byte[] downloadDocument(final String documentUrlString, String authorisation) {
UUID documentId = getDocumentIdFromUrl(documentUrlString);
ResponseEntity<Resource> documentDownloadResponse = caseDocumentClientApi.getDocumentBinary(
requestData.authorisation(), authTokenGenerator.generate(), documentId);
authorisation, authTokenGenerator.generate(), documentId);

if (isNotEmpty(documentDownloadResponse) && HttpStatus.OK == documentDownloadResponse.getStatusCode()) {
return Optional.of(documentDownloadResponse)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,9 @@
@RequiredArgsConstructor(onConstructor = @__(@Autowired))
public class CafcassApiDocumentService {
private final SecureDocStoreService secureDocStoreService;
private final CafcassSystemUserService cafcassSystemUserService;

public byte[] downloadDocumentByDocumentId(String documentId) throws IllegalArgumentException, EmptyFileException {
return secureDocStoreService.downloadDocument(documentId);
return secureDocStoreService.downloadDocument(documentId, cafcassSystemUserService.getUserToken());
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
package uk.gov.hmcts.reform.fpl.service.cafcass.api;

import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cache.annotation.Cacheable;
import org.springframework.cache.annotation.EnableCaching;
import org.springframework.stereotype.Service;
import uk.gov.hmcts.reform.fpl.config.CafcassSystemUpdateUserConfiguration;
import uk.gov.hmcts.reform.idam.client.IdamClient;

import static uk.gov.hmcts.reform.fpl.config.CacheConfiguration.CAFCASS_SYS_USER_CACHE;
import static uk.gov.hmcts.reform.fpl.config.CacheConfiguration.LOCAL_CACHE_MANAGER;

@Slf4j
@Service
@EnableCaching
@RequiredArgsConstructor(onConstructor_ = {@Autowired})
public class CafcassSystemUserService {

public static final String CAFCASS_SYS_USER_TOKEN_CACHE_KEY = "cafcassSysUserToken";

private final CafcassSystemUpdateUserConfiguration userConfig;
private final IdamClient idamClient;

@Cacheable(cacheManager = LOCAL_CACHE_MANAGER, cacheNames = CAFCASS_SYS_USER_CACHE,
unless = "#result == null", key = "#root.target.CAFCASS_SYS_USER_TOKEN_CACHE_KEY")
public String getUserToken() {
log.info("Requesting cafcass system-user token from IDAM");
return idamClient.getAccessToken(userConfig.getUserName(), userConfig.getPassword());
}

public String getUserId(String userToken) {
return idamClient.getUserInfo(userToken).getUid();
}

}
3 changes: 3 additions & 0 deletions service/src/main/resources/application-local.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -126,6 +126,9 @@ fpl:
system_update:
username: ${IDAM_DATA_STORE_SYSTEM_USER_USERNAME}
password: ${IDAM_DATA_STORE_SYSTEM_USER_PASSWORD}
cafcass_system_update:
username: ${CAFCASS_SYSTEM_USER_USERNAME}
password: ${CAFCASS_SYSTEM_USER_PASSWORD}
ctsc_inbox: '[email protected]'
ctsc_team_lead_inbox: '[email protected]'
rcj_family_high_court_inbox: '[email protected]'
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import org.springframework.beans.factory.ObjectProvider;
import uk.gov.hmcts.reform.fpl.config.CafcassSystemUpdateUserConfiguration;
import uk.gov.hmcts.reform.fpl.exceptions.api.AuthorizationException;
import uk.gov.hmcts.reform.idam.client.IdamClient;
import uk.gov.hmcts.reform.idam.client.models.UserInfo;
Expand All @@ -24,13 +25,17 @@
public class CafcassApiInterceptorTest {
private static final String AUTH_TOKEN_TEST = "bearerToken";
private static final UserInfo CAFCASS_SYSTEM_UPDATE_USER =
UserInfo.builder().roles(List.of(CAFCASS_SYSTEM_UPDATE.getRoleName())).build();
UserInfo.builder().sub("[email protected]")
.roles(List.of(CAFCASS_SYSTEM_UPDATE.getRoleName())).build();
private static final UserInfo LOCAL_AUTHORITY_UPDATE_USER =
UserInfo.builder().roles(List.of(LOCAL_AUTHORITY.getRoleName())).build();
UserInfo.builder().sub("[email protected]")
.roles(List.of(LOCAL_AUTHORITY.getRoleName())).build();

@Mock
private IdamClient idamClient;
@Mock
private CafcassSystemUpdateUserConfiguration userConfig;
@Mock
private ObjectProvider<IdamClient> idamClientObjectProvider;
@InjectMocks
private CafcassApiInterceptor underTest;
Expand All @@ -39,6 +44,7 @@ public class CafcassApiInterceptorTest {
public void shouldReturnTrueIfCafcassSystemUpdateUser() throws Exception {
HttpServletRequest request = mock(HttpServletRequest.class);
when(request.getHeader("Authorization")).thenReturn(AUTH_TOKEN_TEST);
when(userConfig.getUserName()).thenReturn("[email protected]");
when(idamClientObjectProvider.getIfAvailable()).thenReturn(idamClient);
when(idamClient.getUserInfo(AUTH_TOKEN_TEST)).thenReturn(CAFCASS_SYSTEM_UPDATE_USER);

Expand All @@ -49,6 +55,7 @@ public void shouldReturnTrueIfCafcassSystemUpdateUser() throws Exception {
public void shouldThrowAuthExceptionIfNotCafcassSystemUpdateUser() throws Exception {
HttpServletRequest request = mock(HttpServletRequest.class);
when(request.getHeader("Authorization")).thenReturn(AUTH_TOKEN_TEST);
when(userConfig.getUserName()).thenReturn("[email protected]");
when(idamClientObjectProvider.getIfAvailable()).thenReturn(idamClient);
when(idamClient.getUserInfo(AUTH_TOKEN_TEST)).thenReturn(LOCAL_AUTHORITY_UPDATE_USER);

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,19 +12,22 @@

public class CafcassApiDocumentServiceTest {
private SecureDocStoreService secureDocStoreService = mock(SecureDocStoreService.class);
private CafcassSystemUserService cafcassSysUser = mock(CafcassSystemUserService.class);

private CafcassApiDocumentService underTest;

@BeforeEach
void setUpWithMockConverters() {
underTest = new CafcassApiDocumentService(secureDocStoreService);
underTest = new CafcassApiDocumentService(secureDocStoreService, cafcassSysUser);
}

@Test
void shouldReturnDocumentBinary() {
UUID docId = UUID.randomUUID();
byte[] docBinary = "This is a document".getBytes();
when(secureDocStoreService.downloadDocument(docId.toString())).thenReturn(docBinary);
when(cafcassSysUser.getUserToken()).thenReturn("test token");
when(secureDocStoreService.downloadDocument(docId.toString(), cafcassSysUser.getUserToken()))
.thenReturn(docBinary);

assertArrayEquals(docBinary, underTest.downloadDocumentByDocumentId(docId.toString()));
}
Expand Down
Loading
Loading