From c857a43d2215c753703f6e411da4c748c59063cb Mon Sep 17 00:00:00 2001 From: Eric Boehs Date: Wed, 17 Apr 2024 14:23:31 -0500 Subject: [PATCH] Merge master into k8s (#16384) * Refactor uploads spec, simple forms (#16380) * Refactor uploads spec, simple forms * rubocop * BTSSS-77372 Add mocked responses for BTSSS (#16231) * Revert to original token URL in service * Add authorized ping mock, too * Handle Bearer Token parsing failures gracefully * Clean up services config * Revert some accidental deletions * Final bit of cleanup * Switch to correct file path * Move authorize method to a before_action * Update mockdata paths * Fix some linting errors --------- Co-authored-by: Eric Tillberg Co-authored-by: Dan Hinze --- config/betamocks/services_config.yml | 16 + config/settings.yml | 1 + .../spec/requests/v1/uploads_spec.rb | 460 +++++++++--------- .../travel_pay/application_controller.rb | 10 + .../travel_pay/claims_controller.rb | 3 +- .../travel_pay/pings_controller.rb | 2 + .../app/services/travel_pay/client.rb | 6 +- 7 files changed, 271 insertions(+), 227 deletions(-) diff --git a/config/betamocks/services_config.yml b/config/betamocks/services_config.yml index d0d17e6763f..0c8d6f0e546 100644 --- a/config/betamocks/services_config.yml +++ b/config/betamocks/services_config.yml @@ -9,6 +9,18 @@ :path: <%= "/#{Settings.ask_va_api.crm_api.veis_api_path}/ping" %> :file_path: "/ask_va/dynamics_api" :response_delay: 15 + - :method: :get + :path: "/veis/api/btsss/travelclaim/api/v1/Sample/ping" + :file_path: "/travel_pay/ping/default" + :response_delay: 0.3 + - :method: :get + :path: "/veis/api/btsss/travelclaim/api/v1/Sample/authorized-ping" + :file_path: "/travel_pay/ping/default" + :response_delay: 0.3 + - :method: :post + :path: "/veis/api/btsss/travelclaim/api/v1/Auth/access-token" + :file_path: "/travel_pay/token/default" + :response_delay: 0.3 - :method: :post :path: <%= "/#{Settings.ask_va_api.crm_api.veis_api_path}/inquiries/new" %> :file_path: "/ask_va/crm_api/post_inquiries/default" @@ -22,6 +34,10 @@ :path: <%= "/#{Settings.ask_va_api.crm_api.tenant_id}/oauth2/v2.0/token" %> :file_path: "/ask_va/token/default" :response_delay: 0.3 + - :method: :post + :path: <%= "/#{Settings.travel_pay.veis.tenant_id}/oauth2/token" %> + :file_path: "/travel_pay/token/default" + :response_delay: 0.3 - :name: 'carma' :base_uri: <%= "#{URI(Settings['salesforce-carma'].url).host}:#{URI(Settings['salesforce-carma'].url).port}" %> diff --git a/config/settings.yml b/config/settings.yml index 47154515059..bc29f317582 100644 --- a/config/settings.yml +++ b/config/settings.yml @@ -1669,6 +1669,7 @@ brd: travel_pay: + mock: true veis: client_id: ~ client_secret: ~ diff --git a/modules/simple_forms_api/spec/requests/v1/uploads_spec.rb b/modules/simple_forms_api/spec/requests/v1/uploads_spec.rb index f32b0bba503..b68a647fd8b 100644 --- a/modules/simple_forms_api/spec/requests/v1/uploads_spec.rb +++ b/modules/simple_forms_api/spec/requests/v1/uploads_spec.rb @@ -31,92 +31,105 @@ ] describe '#submit' do - let(:metadata_file) { "#{file_seed}.SimpleFormsApi.metadata.json" } - let(:file_seed) { 'tmp/some-unique-simple-forms-file-seed' } + context 'going to Lighthouse Benefits Intake API' do + let(:metadata_file) { "#{file_seed}.SimpleFormsApi.metadata.json" } + let(:file_seed) { 'tmp/some-unique-simple-forms-file-seed' } - before { allow(Common::FileHelpers).to receive(:random_file_path).and_return(file_seed) } + before do + VCR.insert_cassette('lighthouse/benefits_intake/200_lighthouse_intake_upload_location') + VCR.insert_cassette('lighthouse/benefits_intake/200_lighthouse_intake_upload') + allow(Common::FileHelpers).to receive(:random_file_path).and_return(file_seed) + end - after { Common::FileHelpers.delete_file_if_exists(metadata_file) } + after do + VCR.eject_cassette('lighthouse/benefits_intake/200_lighthouse_intake_upload_location') + VCR.eject_cassette('lighthouse/benefits_intake/200_lighthouse_intake_upload') + Common::FileHelpers.delete_file_if_exists(metadata_file) + end - non_ivc_forms.each do |form| - fixture_path = Rails.root.join('modules', 'simple_forms_api', 'spec', 'fixtures', 'form_json', form) - data = JSON.parse(fixture_path.read) + non_ivc_forms.each do |form| + fixture_path = Rails.root.join('modules', 'simple_forms_api', 'spec', 'fixtures', 'form_json', form) + data = JSON.parse(fixture_path.read) - it 'makes the request' do - VCR.use_cassette('lighthouse/benefits_intake/200_lighthouse_intake_upload_location') do - VCR.use_cassette('lighthouse/benefits_intake/200_lighthouse_intake_upload') do - allow(SimpleFormsApiSubmission::MetadataValidator).to receive(:validate) + it 'makes the request' do + allow(SimpleFormsApiSubmission::MetadataValidator).to receive(:validate) - post '/simple_forms_api/v1/simple_forms', params: data + post '/simple_forms_api/v1/simple_forms', params: data - expect(SimpleFormsApiSubmission::MetadataValidator).to have_received(:validate) - expect(response).to have_http_status(:ok) - end + expect(SimpleFormsApiSubmission::MetadataValidator).to have_received(:validate) + expect(response).to have_http_status(:ok) + end + + it 'saves a FormSubmissionAttempt' do + allow(SimpleFormsApiSubmission::MetadataValidator).to receive(:validate) + + expect do + post '/simple_forms_api/v1/simple_forms', params: data + end.to change(FormSubmissionAttempt, :count).by(1) end end - it 'saves a FormSubmissionAttempt' do - VCR.use_cassette('lighthouse/benefits_intake/200_lighthouse_intake_upload_location') do - VCR.use_cassette('lighthouse/benefits_intake/200_lighthouse_intake_upload') do + authenticated_non_ivc_forms.each do |form| + fixture_path = Rails.root.join('modules', 'simple_forms_api', 'spec', 'fixtures', 'form_json', form) + data = JSON.parse(fixture_path.read) + + context 'authenticated user' do + before do + user = create(:user) + sign_in_as(user) + create(:in_progress_form, user_uuid: user.uuid, form_id: data['form_number']) + end + + it 'clears the InProgressForm' do allow(SimpleFormsApiSubmission::MetadataValidator).to receive(:validate) expect do post '/simple_forms_api/v1/simple_forms', params: data - end.to change(FormSubmissionAttempt, :count).by(1) + end.to change(InProgressForm, :count).by(-1) end end end - end - authenticated_non_ivc_forms.each do |form| - fixture_path = Rails.root.join('modules', 'simple_forms_api', 'spec', 'fixtures', 'form_json', form) - data = JSON.parse(fixture_path.read) + context 'request with intent to file' do + context 'authenticated' do + before do + sign_in + allow_any_instance_of(User).to receive(:icn).and_return('123498767V234859') + allow_any_instance_of(Auth::ClientCredentials::Service).to receive(:get_token).and_return('fake_token') + end - context 'authenticated user' do - before do - user = create(:user) - sign_in_as(user) - create(:in_progress_form, user_uuid: user.uuid, form_id: data['form_number']) - end + context 'third party' do + let(:expiration_date) { Time.zone.now } - it 'clears the InProgressForm' do - VCR.use_cassette('lighthouse/benefits_intake/200_lighthouse_intake_upload_location') do - VCR.use_cassette('lighthouse/benefits_intake/200_lighthouse_intake_upload') do - allow(SimpleFormsApiSubmission::MetadataValidator).to receive(:validate) + before do + allow_any_instance_of(ActiveSupport::TimeZone).to receive(:now).and_return(expiration_date) + end + + %w[THIRD_PARTY_VETERAN THIRD_PARTY_SURVIVING_DEPENDENT].each do |identification| + it 'returns an expiration date' do + fixture_path = Rails.root.join('modules', 'simple_forms_api', 'spec', 'fixtures', 'form_json', + 'vba_21_0966.json') + data = JSON.parse(fixture_path.read) + data['preparer_identification'] = identification - expect do post '/simple_forms_api/v1/simple_forms', params: data - end.to change(InProgressForm, :count).by(-1) + + parsed_response_body = JSON.parse(response.body) + parsed_expiration_date = Time.zone.parse(parsed_response_body['expiration_date']) + expect(parsed_expiration_date.to_s).to eq (expiration_date + 1.year).to_s + end end end end - end - end - - ivc_forms.each do |form| - fixture_path = Rails.root.join('modules', 'simple_forms_api', 'spec', 'fixtures', 'form_json', form) - data = JSON.parse(fixture_path.read) - it 'uploads a PDF file to S3' do - allow(SimpleFormsApiSubmission::MetadataValidator).to receive(:validate) - allow_any_instance_of(Aws::S3::Client).to receive(:put_object).and_return(true) - - post '/simple_forms_api/v1/simple_forms', params: data - - expect(response).to have_http_status(:ok) - end - end - - describe 'request with intent to file unauthenticated' do - let(:expiration_date) { Time.zone.now } + context 'unauthenticated' do + let(:expiration_date) { Time.zone.now } - before do - allow_any_instance_of(ActiveSupport::TimeZone).to receive(:now).and_return(expiration_date) - end + before do + allow_any_instance_of(ActiveSupport::TimeZone).to receive(:now).and_return(expiration_date) + end - it 'returns an expiration date' do - VCR.use_cassette('lighthouse/benefits_intake/200_lighthouse_intake_upload_location') do - VCR.use_cassette('lighthouse/benefits_intake/200_lighthouse_intake_upload') do + it 'returns an expiration date' do fixture_path = Rails.root.join('modules', 'simple_forms_api', 'spec', 'fixtures', 'form_json', 'vba_21_0966.json') data = JSON.parse(fixture_path.read) @@ -129,114 +142,135 @@ end end end - end - describe 'authenticated' do - before do - sign_in - allow_any_instance_of(User).to receive(:icn).and_return('123498767V234859') - allow_any_instance_of(Auth::ClientCredentials::Service).to receive(:get_token).and_return('fake_token') - allow(Common::VirusScan).to receive(:scan).and_return(true) - allow_any_instance_of(Common::VirusScan).to receive(:scan).and_return(true) - end + context 'request with attached documents' do + it 'appends the attachments to the 40-0247 PDF' do + fixture_path = Rails.root.join('modules', 'simple_forms_api', 'spec', 'fixtures', 'form_json', + 'vba_40_0247_with_supporting_document.json') + pdf_path = Rails.root.join('spec', 'fixtures', 'files', 'doctors-note.pdf') + data = JSON.parse(fixture_path.read) + attachment = double + allow(attachment).to receive(:to_pdf).and_return(pdf_path) - describe 'request with intent to file' do - describe 'veteran' do - it 'makes the request with an intent to file' do - VCR.use_cassette('lighthouse/benefits_claims/intent_to_file/404_response') do - VCR.use_cassette('lighthouse/benefits_claims/intent_to_file/200_response_pension') do - VCR.use_cassette('lighthouse/benefits_claims/intent_to_file/200_response_survivor') do - VCR.use_cassette('lighthouse/benefits_claims/intent_to_file/create_compensation_200_response') do - fixture_path = Rails.root.join('modules', 'simple_forms_api', 'spec', 'fixtures', 'form_json', - 'vba_21_0966-min.json') - data = JSON.parse(fixture_path.read) - data['preparer_identification'] = 'VETERAN' + expect(PersistentAttachment).to receive(:where).with(guid: ['a-random-uuid']).and_return([attachment]) - post '/simple_forms_api/v1/simple_forms', params: data + post '/simple_forms_api/v1/simple_forms', params: data - expect(response).to have_http_status(:ok) - end - end - end - end - end + expect(response).to have_http_status(:ok) end - describe 'third party' do - let(:expiration_date) { Time.zone.now } + it 'appends the attachments to the 40-10007 PDF' do + fixture_path = Rails.root.join('modules', 'simple_forms_api', 'spec', 'fixtures', 'form_json', + 'vba_40_10007_with_supporting_document.json') + pdf_path = Rails.root.join('spec', 'fixtures', 'files', 'doctors-note.pdf') + data = JSON.parse(fixture_path.read) + attachment = double + allow(attachment).to receive(:to_pdf).and_return(pdf_path) + expect(PersistentAttachment).to receive(:where).with(guid: ['a-random-uuid']).and_return([attachment]) + post '/simple_forms_api/v1/simple_forms', params: data + expect(response).to have_http_status(:ok) + end + end - before do - allow_any_instance_of(ActiveSupport::TimeZone).to receive(:now).and_return(expiration_date) - end + context 'LOA3 authenticated' do + before do + sign_in + allow_any_instance_of(User).to receive(:icn).and_return('123498767V234859') + allow_any_instance_of(Auth::ClientCredentials::Service).to receive(:get_token).and_return('fake_token') + end - %w[THIRD_PARTY_VETERAN THIRD_PARTY_SURVIVING_DEPENDENT].each do |identification| - it 'returns an expiration date' do - VCR.use_cassette('lighthouse/benefits_intake/200_lighthouse_intake_upload_location') do - VCR.use_cassette('lighthouse/benefits_intake/200_lighthouse_intake_upload') do - fixture_path = Rails.root.join('modules', 'simple_forms_api', 'spec', 'fixtures', 'form_json', - 'vba_21_0966.json') - data = JSON.parse(fixture_path.read) - data['preparer_identification'] = identification - - post '/simple_forms_api/v1/simple_forms', params: data - - parsed_response_body = JSON.parse(response.body) - parsed_expiration_date = Time.zone.parse(parsed_response_body['expiration_date']) - expect(parsed_expiration_date.to_s).to eq (expiration_date + 1.year).to_s - end - end - end - end + it 'stamps the LOA3 text on the PDF' do + fixture_path = Rails.root.join('modules', 'simple_forms_api', 'spec', 'fixtures', 'form_json', + 'vba_21_4142.json') + data = JSON.parse(fixture_path.read) + + allow(SimpleFormsApiSubmission::MetadataValidator).to receive(:validate) + expect_any_instance_of(SimpleFormsApi::PdfFiller).to receive(:generate).with(3) + + post '/simple_forms_api/v1/simple_forms', params: data end end - it 'stamps the LOA3 text on the PDF' do - VCR.use_cassette('lighthouse/benefits_intake/200_lighthouse_intake_upload_location') do - VCR.use_cassette('lighthouse/benefits_intake/200_lighthouse_intake_upload') do + context 'transliterating fields' do + context 'transliteration succeeds' do + it 'responds with ok' do fixture_path = Rails.root.join('modules', 'simple_forms_api', 'spec', 'fixtures', 'form_json', - 'vba_21_4142.json') + 'form_with_accented_chars_21_0966.json') data = JSON.parse(fixture_path.read) - allow(SimpleFormsApiSubmission::MetadataValidator).to receive(:validate) - expect_any_instance_of(SimpleFormsApi::PdfFiller).to receive(:generate).with(3) post '/simple_forms_api/v1/simple_forms', params: data + + expect(response).to have_http_status(:ok) end end - end - end - describe 'request with attached documents' do - it 'appends the attachments to the 40-0247 PDF' do - VCR.use_cassette('lighthouse/benefits_intake/200_lighthouse_intake_upload_location') do - VCR.use_cassette('lighthouse/benefits_intake/200_lighthouse_intake_upload') do + context 'transliteration fails' do + it 'responds with an error' do fixture_path = Rails.root.join('modules', 'simple_forms_api', 'spec', 'fixtures', 'form_json', - 'vba_40_0247_with_supporting_document.json') - pdf_path = Rails.root.join('spec', 'fixtures', 'files', 'doctors-note.pdf') + 'form_with_non_latin_chars_21_0966.json') data = JSON.parse(fixture_path.read) - attachment = double - allow(attachment).to receive(:to_pdf).and_return(pdf_path) - - expect(PersistentAttachment).to receive(:where).with(guid: ['a-random-uuid']).and_return([attachment]) post '/simple_forms_api/v1/simple_forms', params: data - expect(response).to have_http_status(:ok) + expect(response).to have_http_status(:error) + expect(response.body).to include('not compatible with the Windows-1252 character set') end end end + end - it 'appends the attachments to the 40-10007 PDF' do - VCR.use_cassette('lighthouse/benefits_intake/200_lighthouse_intake_upload_location') do - VCR.use_cassette('lighthouse/benefits_intake/200_lighthouse_intake_upload') do - fixture_path = Rails.root.join('modules', 'simple_forms_api', 'spec', 'fixtures', 'form_json', - 'vba_40_10007_with_supporting_document.json') - pdf_path = Rails.root.join('spec', 'fixtures', 'files', 'doctors-note.pdf') - data = JSON.parse(fixture_path.read) - attachment = double - allow(attachment).to receive(:to_pdf).and_return(pdf_path) - expect(PersistentAttachment).to receive(:where).with(guid: ['a-random-uuid']).and_return([attachment]) - post '/simple_forms_api/v1/simple_forms', params: data - expect(response).to have_http_status(:ok) + context 'going to S3' do + ivc_forms.each do |form| + fixture_path = Rails.root.join('modules', 'simple_forms_api', 'spec', 'fixtures', 'form_json', form) + data = JSON.parse(fixture_path.read) + + it 'uploads a PDF file to S3' do + allow(SimpleFormsApiSubmission::MetadataValidator).to receive(:validate) + allow_any_instance_of(Aws::S3::Client).to receive(:put_object).and_return(true) + + post '/simple_forms_api/v1/simple_forms', params: data + + expect(response).to have_http_status(:ok) + end + end + end + + context 'going to Lighthouse Benefits Claims API' do + before do + allow(Common::VirusScan).to receive(:scan).and_return(true) + allow_any_instance_of(Common::VirusScan).to receive(:scan).and_return(true) + VCR.insert_cassette('lighthouse/benefits_claims/intent_to_file/404_response') + VCR.insert_cassette('lighthouse/benefits_claims/intent_to_file/200_response_pension') + VCR.insert_cassette('lighthouse/benefits_claims/intent_to_file/200_response_survivor') + VCR.insert_cassette('lighthouse/benefits_claims/intent_to_file/create_compensation_200_response') + end + + after do + VCR.eject_cassette('lighthouse/benefits_claims/intent_to_file/404_response') + VCR.eject_cassette('lighthouse/benefits_claims/intent_to_file/200_response_pension') + VCR.eject_cassette('lighthouse/benefits_claims/intent_to_file/200_response_survivor') + VCR.eject_cassette('lighthouse/benefits_claims/intent_to_file/create_compensation_200_response') + end + + context 'authenticated' do + before do + sign_in + allow_any_instance_of(User).to receive(:icn).and_return('123498767V234859') + allow_any_instance_of(Auth::ClientCredentials::Service).to receive(:get_token).and_return('fake_token') + end + + context 'request with intent to file' do + context 'veteran' do + it 'makes the request with an intent to file' do + fixture_path = Rails.root.join('modules', 'simple_forms_api', 'spec', 'fixtures', 'form_json', + 'vba_21_0966-min.json') + data = JSON.parse(fixture_path.read) + data['preparer_identification'] = 'VETERAN' + + post '/simple_forms_api/v1/simple_forms', params: data + + expect(response).to have_http_status(:ok) + end end end end @@ -370,37 +404,6 @@ end end end - - describe 'transliterating fields' do - context 'transliteration succeeds' do - it 'responds with ok' do - VCR.use_cassette('lighthouse/benefits_intake/200_lighthouse_intake_upload_location') do - VCR.use_cassette('lighthouse/benefits_intake/200_lighthouse_intake_upload') do - fixture_path = Rails.root.join('modules', 'simple_forms_api', 'spec', 'fixtures', 'form_json', - 'form_with_accented_chars_21_0966.json') - data = JSON.parse(fixture_path.read) - - post '/simple_forms_api/v1/simple_forms', params: data - - expect(response).to have_http_status(:ok) - end - end - end - end - - context 'transliteration fails' do - it 'responds with an error' do - fixture_path = Rails.root.join('modules', 'simple_forms_api', 'spec', 'fixtures', 'form_json', - 'form_with_non_latin_chars_21_0966.json') - data = JSON.parse(fixture_path.read) - - post '/simple_forms_api/v1/simple_forms', params: data - - expect(response).to have_http_status(:error) - expect(response.body).to include('not compatible with the Windows-1252 character set') - end - end - end end describe '#submit_supporting_documents' do @@ -431,80 +434,91 @@ describe '#get_intents_to_file' do before do + VCR.insert_cassette('lighthouse/benefits_claims/intent_to_file/404_response') + VCR.insert_cassette('lighthouse/benefits_claims/intent_to_file/404_response_pension') + VCR.insert_cassette('lighthouse/benefits_claims/intent_to_file/404_response_survivor') sign_in allow_any_instance_of(User).to receive(:icn).and_return('123498767V234859') allow_any_instance_of(Auth::ClientCredentials::Service).to receive(:get_token).and_return('fake_token') end + after do + VCR.eject_cassette('lighthouse/benefits_claims/intent_to_file/404_response') + VCR.eject_cassette('lighthouse/benefits_claims/intent_to_file/404_response_pension') + VCR.eject_cassette('lighthouse/benefits_claims/intent_to_file/404_response_survivor') + end + describe 'no intents on file' do it 'returns no intents' do - VCR.use_cassette('lighthouse/benefits_claims/intent_to_file/404_response') do - VCR.use_cassette('lighthouse/benefits_claims/intent_to_file/404_response_pension') do - VCR.use_cassette('lighthouse/benefits_claims/intent_to_file/404_response_survivor') do - get '/simple_forms_api/v1/simple_forms/get_intents_to_file' - - parsed_response = JSON.parse(response.body) - expect(parsed_response['compensation_intent']).to eq nil - expect(parsed_response['pension_intent']).to eq nil - expect(parsed_response['survivor_intent']).to eq nil - expect(response).to have_http_status(:ok) - end - end - end + get '/simple_forms_api/v1/simple_forms/get_intents_to_file' + + parsed_response = JSON.parse(response.body) + expect(parsed_response['compensation_intent']).to eq nil + expect(parsed_response['pension_intent']).to eq nil + expect(parsed_response['survivor_intent']).to eq nil + expect(response).to have_http_status(:ok) end end describe 'compensation intent on file' do + before do + VCR.insert_cassette('lighthouse/benefits_claims/intent_to_file/200_response') + end + + after do + VCR.eject_cassette('lighthouse/benefits_claims/intent_to_file/200_response') + end + it 'returns a compensation intent' do - VCR.use_cassette('lighthouse/benefits_claims/intent_to_file/200_response') do - VCR.use_cassette('lighthouse/benefits_claims/intent_to_file/404_response_pension') do - VCR.use_cassette('lighthouse/benefits_claims/intent_to_file/404_response_survivor') do - get '/simple_forms_api/v1/simple_forms/get_intents_to_file' - - parsed_response = JSON.parse(response.body) - expect(parsed_response['compensation_intent']['type']).to eq 'compensation' - expect(parsed_response['pension_intent']).to eq nil - expect(parsed_response['survivor_intent']).to eq nil - expect(response).to have_http_status(:ok) - end - end - end + get '/simple_forms_api/v1/simple_forms/get_intents_to_file' + + parsed_response = JSON.parse(response.body) + expect(parsed_response['compensation_intent']['type']).to eq 'compensation' + expect(parsed_response['pension_intent']).to eq nil + expect(parsed_response['survivor_intent']).to eq nil + expect(response).to have_http_status(:ok) end end describe 'pension intent on file' do + before do + VCR.insert_cassette('lighthouse/benefits_claims/intent_to_file/200_response_pension') + end + + after do + VCR.eject_cassette('lighthouse/benefits_claims/intent_to_file/200_response_pension') + end + it 'returns a pension intent' do - VCR.use_cassette('lighthouse/benefits_claims/intent_to_file/404_response') do - VCR.use_cassette('lighthouse/benefits_claims/intent_to_file/200_response_pension') do - VCR.use_cassette('lighthouse/benefits_claims/intent_to_file/404_response_survivor') do - get '/simple_forms_api/v1/simple_forms/get_intents_to_file' - - parsed_response = JSON.parse(response.body) - expect(parsed_response['compensation_intent']).to eq nil - expect(parsed_response['pension_intent']['type']).to eq 'pension' - expect(parsed_response['survivor_intent']).to eq nil - expect(response).to have_http_status(:ok) - end - end - end + get '/simple_forms_api/v1/simple_forms/get_intents_to_file' + + parsed_response = JSON.parse(response.body) + expect(parsed_response['compensation_intent']).to eq nil + expect(parsed_response['pension_intent']['type']).to eq 'pension' + expect(parsed_response['survivor_intent']).to eq nil + expect(response).to have_http_status(:ok) end end describe 'both intents on file' do + before do + VCR.insert_cassette('lighthouse/benefits_claims/intent_to_file/200_response') + VCR.insert_cassette('lighthouse/benefits_claims/intent_to_file/200_response_pension') + end + + after do + VCR.eject_cassette('lighthouse/benefits_claims/intent_to_file/200_response') + VCR.eject_cassette('lighthouse/benefits_claims/intent_to_file/200_response_pension') + end + it 'returns a pension intent' do - VCR.use_cassette('lighthouse/benefits_claims/intent_to_file/200_response') do - VCR.use_cassette('lighthouse/benefits_claims/intent_to_file/200_response_pension') do - VCR.use_cassette('lighthouse/benefits_claims/intent_to_file/404_response_survivor') do - get '/simple_forms_api/v1/simple_forms/get_intents_to_file' - - parsed_response = JSON.parse(response.body) - expect(parsed_response['compensation_intent']['type']).to eq 'compensation' - expect(parsed_response['pension_intent']['type']).to eq 'pension' - expect(parsed_response['survivor_intent']).to eq nil - expect(response).to have_http_status(:ok) - end - end - end + get '/simple_forms_api/v1/simple_forms/get_intents_to_file' + + parsed_response = JSON.parse(response.body) + expect(parsed_response['compensation_intent']['type']).to eq 'compensation' + expect(parsed_response['pension_intent']['type']).to eq 'pension' + expect(parsed_response['survivor_intent']).to eq nil + expect(response).to have_http_status(:ok) end end end diff --git a/modules/travel_pay/app/controllers/travel_pay/application_controller.rb b/modules/travel_pay/app/controllers/travel_pay/application_controller.rb index 7e522c1a4a1..ae4696eb0a0 100644 --- a/modules/travel_pay/app/controllers/travel_pay/application_controller.rb +++ b/modules/travel_pay/app/controllers/travel_pay/application_controller.rb @@ -38,6 +38,16 @@ def after_logger logger.info('travel-pay') { Utils::Logger.build(self).after } end + def authorize + auth_header = request.headers['Authorization'] + raise_unauthorized('Missing Authorization header') if auth_header.nil? + raise_unauthorized('Authorization header missing Bearer token') unless auth_header.start_with?('Bearer ') + end + + def raise_unauthorized(detail) + raise Common::Exceptions::Unauthorized.new(detail:) + end + # Blocks requests from being handled if feature flag is disabled def block_if_flag_disabled unless Flipper.enabled?(:travel_pay_power_switch, @current_user) diff --git a/modules/travel_pay/app/controllers/travel_pay/claims_controller.rb b/modules/travel_pay/app/controllers/travel_pay/claims_controller.rb index 413d9ea4a68..18136f9f7e6 100644 --- a/modules/travel_pay/app/controllers/travel_pay/claims_controller.rb +++ b/modules/travel_pay/app/controllers/travel_pay/claims_controller.rb @@ -2,9 +2,10 @@ module TravelPay class ClaimsController < ApplicationController + before_action :authorize + def index veis_token = client.request_veis_token - # Non-intuitive Ruby behavior: #split splits a string on space by default vagov_token = request.headers['Authorization'].split[1] btsss_token = client.request_btsss_token(veis_token, vagov_token) diff --git a/modules/travel_pay/app/controllers/travel_pay/pings_controller.rb b/modules/travel_pay/app/controllers/travel_pay/pings_controller.rb index 8529b72d842..c0d12814307 100644 --- a/modules/travel_pay/app/controllers/travel_pay/pings_controller.rb +++ b/modules/travel_pay/app/controllers/travel_pay/pings_controller.rb @@ -2,6 +2,8 @@ module TravelPay class PingsController < ApplicationController + before_action :authorize, only: [:authorized_ping] + def ping veis_token = client.request_veis_token diff --git a/modules/travel_pay/app/services/travel_pay/client.rb b/modules/travel_pay/app/services/travel_pay/client.rb index 7cafe4a677f..e48b5f52c3a 100644 --- a/modules/travel_pay/app/services/travel_pay/client.rb +++ b/modules/travel_pay/app/services/travel_pay/client.rb @@ -112,7 +112,7 @@ def connection(server_url:) Faraday.new(url: server_url) do |conn| conn.use :breakers conn.response :raise_error, error_prefix: service_name, include_request: true - conn.response :betamocks if use_fakes? + conn.response :betamocks if mock_enabled? conn.response :json conn.request :json @@ -123,8 +123,8 @@ def connection(server_url:) ## # Syntactic sugar for determining if the client should use # fake api responses or actually connect to the BTSSS API - def use_fakes? - Settings.useFakes + def mock_enabled? + Settings.travel_pay.mock end end end