diff --git a/.github/workflows/run_regression_tests.yml b/.github/workflows/run_regression_tests.yml index c370d83d4..ee2f713d0 100644 --- a/.github/workflows/run_regression_tests.yml +++ b/.github/workflows/run_regression_tests.yml @@ -79,8 +79,8 @@ jobs: GITHUB-TOKEN: ${{ steps.generate-token.outputs.token }} run: | if [[ "$TARGET_ENVIRONMENT" != "prod" && "$TARGET_ENVIRONMENT" != "ref" ]]; then - REGRESSION_TEST_REPO_TAG="v3.8.19" # This is the tag or branch of the regression test code to run, usually a version tag like v3.1.0 or a branch name - REGRESSION_TEST_WORKFLOW_TAG="v3.8.19" # This is the tag of the github workflow to run, usually the same as REGRESSION_TEST_REPO_TAG + REGRESSION_TEST_REPO_TAG="v3.8.30" # This is the tag or branch of the regression test code to run, usually a version tag like v3.1.0 or a branch name + REGRESSION_TEST_WORKFLOW_TAG="v3.8.30" # This is the tag of the github workflow to run, usually the same as REGRESSION_TEST_REPO_TAG if [[ -z "$REGRESSION_TEST_REPO_TAG" || -z "$REGRESSION_TEST_WORKFLOW_TAG" ]]; then echo "Error: One or both tag variables are not set" >&2 @@ -121,8 +121,8 @@ jobs: GITHUB-TOKEN: ${{ steps.generate-token.outputs.token }} run: | if [[ "$TARGET_ENVIRONMENT" != "prod" && "$TARGET_ENVIRONMENT" != "ref" ]]; then - REGRESSION_TEST_REPO_TAG="v3.8.19" # This is the tag or branch of the regression test code to run, usually a version tag like v3.1.0 or a branch name - REGRESSION_TEST_WORKFLOW_TAG="v3.8.19" # This is the tag of the github workflow to run, usually the same as REGRESSION_TEST_REPO_TAG + REGRESSION_TEST_REPO_TAG="v3.8.30" # This is the tag or branch of the regression test code to run, usually a version tag like v3.1.0 or a branch name + REGRESSION_TEST_WORKFLOW_TAG="v3.8.30" # This is the tag of the github workflow to run, usually the same as REGRESSION_TEST_REPO_TAG if [[ -z "$REGRESSION_TEST_REPO_TAG" || -z "$REGRESSION_TEST_WORKFLOW_TAG" ]]; then echo "Error: One or both tag variables are not set" >&2 diff --git a/README.md b/README.md index a73dd7449..b23cc062c 100644 --- a/README.md +++ b/README.md @@ -201,7 +201,7 @@ Note - the command will keep running and should not be stopped. You can now call this api - note getMyPrescriptions requires an nhsd-nhslogin-user header ```bash -curl --header "nhsd-nhslogin-user: P9:9446041481" --header "x-request-id: $(uuid)" \ +curl --header "nhsd-nhslogin-user: P9:9446041481" --header "x-request-id: $(cat /proc/sys/kernel/random/uuid)" \ https://${stack_name}.dev.eps.national.nhs.uk/Bundle ``` diff --git a/packages/getMyPrescriptions/src/getMyPrescriptions.ts b/packages/getMyPrescriptions/src/getMyPrescriptions.ts index be5e7a422..80277934b 100644 --- a/packages/getMyPrescriptions/src/getMyPrescriptions.ts +++ b/packages/getMyPrescriptions/src/getMyPrescriptions.ts @@ -44,7 +44,7 @@ const servicesCache: ServicesCache = {} const LAMBDA_TIMEOUT_MS = 10_000 const SPINE_TIMEOUT_MS = 9_000 const SERVICE_SEARCH_TIMEOUT_MS = 5_000 -export const DELEGATED_ACCESS_HDR = "delegatedaccess" +export const DELEGATED_ACCESS_HDR = "x-nhsd-delegated-access" export const DELEGATED_ACCESS_SUB_HDR = "x-nhsd-subject-nhs-number" export type GetMyPrescriptionsEvent = { @@ -192,15 +192,15 @@ export function overrideNonProductionHeadersForProxygenRequests(headers: EventHe export function adaptHeadersToSpine(headers: EventHeaders): EventHeaders { // AEA-3344 introduces delegated access using different headers - logger.debug("Testing if delegated access enabled", {headers}) if (!headers[DELEGATED_ACCESS_HDR] || headers[DELEGATED_ACCESS_HDR].toLowerCase() !== "true") { - logger.info("Subject access request detected") + logger.info("Delegated access NOT enabled", {headers}) headers["nhsNumber"] = extractNHSNumberFromHeaders(headers) } else { - logger.info("Delegated access request detected") + logger.info("Delegated access enabled", {headers}) let subjectNHSNumber = headers[DELEGATED_ACCESS_SUB_HDR] if (!subjectNHSNumber) { - throw new NHSNumberValidationError(`${DELEGATED_ACCESS_SUB_HDR} header not present for delegated access`) + logger.info(`${DELEGATED_ACCESS_SUB_HDR} header missing, assuming non-delegated access request`, {headers}) + subjectNHSNumber = extractNHSNumberFromHeaders(headers) } if (subjectNHSNumber.includes(":")) { logger.warn(`${DELEGATED_ACCESS_SUB_HDR} is not expected to be prefixed by proofing level, but is, removing it`) diff --git a/packages/getMyPrescriptions/tests/adaptHeadersToSpine.test.ts b/packages/getMyPrescriptions/tests/adaptHeadersToSpine.test.ts index fef0d98aa..1c0ad2081 100644 --- a/packages/getMyPrescriptions/tests/adaptHeadersToSpine.test.ts +++ b/packages/getMyPrescriptions/tests/adaptHeadersToSpine.test.ts @@ -37,7 +37,6 @@ describe("adaptHeadersToSpine", () => { expect(result.nhsNumber).toBe("9912003071") expect(result["nhsd-nhslogin-user"]).toBe("P9:9912003071") - expect(mockLoggerInfo).toHaveBeenCalledWith("Subject access request detected") expect(mockLoggerInfo).toHaveBeenCalledWith( "after setting subject nhsNumber", {headers: result} @@ -45,7 +44,6 @@ describe("adaptHeadersToSpine", () => { }) it("should process subject access when delegated access is false", () => { - const mockLoggerInfo = jest.spyOn(Logger.prototype, "info") const headers: EventHeaders = { [DELEGATED_ACCESS_HDR]: "false", "nhsd-nhslogin-user": "P9:9912003071" @@ -55,7 +53,6 @@ describe("adaptHeadersToSpine", () => { expect(result.nhsNumber).toBe("9912003071") expect(result["nhsd-nhslogin-user"]).toBe("P9:9912003071") - expect(mockLoggerInfo).toHaveBeenCalledWith("Subject access request detected") }) it("should preserve other headers in subject access", () => { @@ -87,7 +84,6 @@ describe("adaptHeadersToSpine", () => { expect(result.nhsNumber).toBe("9912003071") expect(result["nhsd-nhslogin-user"]).toBe("P9:9999681778") - expect(mockLoggerInfo).toHaveBeenCalledWith("Delegated access request detected") expect(mockLoggerInfo).toHaveBeenNthCalledWith(2, "after setting subject nhsNumber", {headers: result} @@ -111,17 +107,17 @@ describe("adaptHeadersToSpine", () => { expect(result["nhsd-nhslogin-user"]).toBe("P9:9999681778") }) - it("should throw NHSNumberValidationError when subject header is missing for delegated access", () => { + it("should perform non-delegated request when subject header is missing for delegated access", () => { const headers: EventHeaders = { [DELEGATED_ACCESS_HDR]: "true", "nhsd-nhslogin-user": "P9:9999681778" // Missing DELEGATED_ACCESS_SUB_HDR } - expect(() => adaptHeadersToSpine(headers)) - .toThrow(NHSNumberValidationError) - expect(() => adaptHeadersToSpine(headers)) - .toThrow(`${DELEGATED_ACCESS_SUB_HDR} header not present for delegated access`) + const result = adaptHeadersToSpine(headers) + + expect(result.nhsNumber).toBe("9999681778") + expect(result["nhsd-nhslogin-user"]).toBe("P9:9999681778") }) }) @@ -152,7 +148,6 @@ describe("adaptHeadersToSpine", () => { describe("edge cases", () => { it("should be case insensitive for delegated access flag", () => { - const mockLoggerInfo = jest.spyOn(Logger.prototype, "info") const headers: EventHeaders = { [DELEGATED_ACCESS_HDR]: "TrUe", // permit any case "nhsd-nhslogin-user": "P9:9999681778", @@ -163,7 +158,6 @@ describe("adaptHeadersToSpine", () => { // Should be treated as delegated expect(result.nhsNumber).toBe("2219685934") - expect(mockLoggerInfo).toHaveBeenCalledWith("Delegated access request detected") }) it("should handle missing headers gracefully by throwing appropriate errors", () => { diff --git a/packages/specification/prescriptions-for-patients.yaml b/packages/specification/prescriptions-for-patients.yaml index 419cf0007..f1feb8b6f 100644 --- a/packages/specification/prescriptions-for-patients.yaml +++ b/packages/specification/prescriptions-for-patients.yaml @@ -416,6 +416,7 @@ components: x-nhsd-apim: temporary: false monitoring: true + delegatedaccess: true access: - title: User Restricted grants: @@ -439,6 +440,9 @@ x-nhsd-apim: - name: developer.app.id required: false header: "nhsd-application-id" + - name: X-NHSD-Subject-NHS-Number + required: false + header: "x-nhsd-subject-nhs-number" ratelimiting: proxy: limit: 20000