From 4f0b8fb5619ee23bc22266d83607d82940d094dd Mon Sep 17 00:00:00 2001 From: Lee Delarm <135059743+lee-delarm6@users.noreply.github.com> Date: Tue, 16 Apr 2024 15:43:35 -0400 Subject: [PATCH] 71999 scour payload (#16308) * Add scour function, add test, fix other test * Fixed test and function Fixed test and fixed function * Rubocop fix Rubocop fix * Revert schema Revert schema * Reverting changes to schema.rb * Match updated schema Match updated schema --- .../app/services/check_in/map/client.rb | 27 ++++++++++- .../spec/services/check_in/map/client_spec.rb | 47 ++++++++++++++++++- 2 files changed, 71 insertions(+), 3 deletions(-) diff --git a/modules/check_in/app/services/check_in/map/client.rb b/modules/check_in/app/services/check_in/map/client.rb index d85a99d96ac..316e473b264 100644 --- a/modules/check_in/app/services/check_in/map/client.rb +++ b/modules/check_in/app/services/check_in/map/client.rb @@ -28,17 +28,40 @@ def initialize @settings = Settings.check_in.map_api end + def deep_analyze_and_modify(obj) + case obj + when Hash + obj.each do |key, value| + if key == :system && value.is_a?(String) + obj[key] = value.gsub('https://va.gov', '') + else + deep_analyze_and_modify(value) + end + end + when Array + obj.each do |value| + deep_analyze_and_modify(value) + end + end + end + ## # HTTP GET call to get the appointment data from MAP # # @return [Faraday::Response] # def appointments(token:, patient_icn:, query_params:) - connection.post("/vaos/v1/patients/#{patient_icn}/appointments?#{query_params}") do |req| + response = connection.post("/vaos/v1/patients/#{patient_icn}/appointments?#{query_params}") do |req| req.headers = default_headers.merge('X-VAMF-JWT' => token) end + deep_analyze_and_modify(response) + response rescue => e - Faraday::Response.new(body: e.original_body, status: e.original_status) + if e.respond_to?(:original_body) && e.respond_to?(:original_status) + Faraday::Response.new(body: e.original_body, status: e.original_status) + else + raise e + end end private diff --git a/modules/check_in/spec/services/check_in/map/client_spec.rb b/modules/check_in/spec/services/check_in/map/client_spec.rb index 0c0c8ebe46b..16aa5e6092e 100644 --- a/modules/check_in/spec/services/check_in/map/client_spec.rb +++ b/modules/check_in/spec/services/check_in/map/client_spec.rb @@ -36,7 +36,7 @@ id: '180765', identifier: [ { - system: 'Appointment/', + system: 'https://va.gov/Appointment/', value: '413938333130383735' } ], @@ -68,6 +68,51 @@ end end + context 'when appointments service returns success response takes out https://va.gov' do + let(:appointments_response) do + { + data: [ + { + id: '180765', + identifier: [ + { + system: 'https://va.gov/Appointment/', + value: '413938333130383735' + } + ], + kind: 'clinic', + status: 'booked', + serviceType: 'amputation', + patientIcn: :icn, + locationId: '983GC', + clinic: '1081', + start: '2023-11-02T17:12:30.174Z', + end: '2023-12-12T17:12:30.174Z', + minutesDuration: 30, + extension: { + preCheckinAllowed: true, + eCheckinAllowed: true + } + } + ] + } + end + + before do + allow_any_instance_of(Faraday::Connection).to receive(:post).with(anything).and_return(appointments_response) + end + + it 'strips https://va.gov from any system property in the response' do + response = subject.appointments(token: jwt_token, patient_icn: icn, query_params:) + response[:data].each do |appointment| + appointment[:identifier].each do |identifier| + puts identifier[:system] + expect(identifier[:system]).not_to start_with('https://va.gov') + end + end + end + end + context 'when appointments service returns a 500 error response' do let(:error_msg) do {