async def test_token_exchange_both_header_and_exchange(
api_client: APISessionClient, test_product_and_app,
authorised_headers):
test_product, test_app = test_product_and_app
correlation_id = str(uuid4())
authorised_headers["X-Correlation-ID"] = correlation_id
authorised_headers["NHSD-User-Identity"] = conftest.nhs_login_id_token(
test_app)
# Use token exchange token in conjunction with JWT header
token_response = await conftest.get_token_nhs_login_token_exchange(test_app
)
token = token_response["access_token"]
authorised_headers["Authorization"] = f"Bearer {token}"
async with api_client.get(_valid_uri("9912003888", "90640007"),
headers=authorised_headers,
allow_retries=True) as resp:
assert resp.status == 200
body = await resp.json()
assert "x-correlation-id" in resp.headers, resp.headers
assert resp.headers["x-correlation-id"] == correlation_id
assert body["resourceType"] == "Bundle", body
# no data for this nhs number ...
assert len(body["entry"]) == 0, body
async def test_user_restricted_access_not_permitted(
api_client: APISessionClient, test_product_and_app):
await asyncio.sleep(1
) # Add delay to tests to avoid 429 on service callout
test_product, test_app = test_product_and_app
await test_product.update_scopes(
["urn:nhsd:apim:user-nhs-id:aal3:immunisation-history"])
await test_app.add_api_product([test_product.name])
token_response = await conftest.get_token(test_app)
authorised_headers = {
"Authorization": f"Bearer {token_response['access_token']}",
"NHSD-User-Identity": conftest.nhs_login_id_token(test_app)
}
async with api_client.get(_valid_uri("9912003888", "90640007"),
headers=authorised_headers,
allow_retries=True) as resp:
assert resp.status == 401
body = await resp.json()
assert body["resourceType"] == "OperationOutcome"
assert body["issue"][0]["severity"] == "error"
assert body["issue"][0][
"diagnostics"] == "Provided access token is invalid"
assert body["issue"][0]["code"] == "forbidden"
async def test_immunisation_id_token_error_scenarios(
test_app, api_client: APISessionClient, authorised_headers,
request_data: dict):
await asyncio.sleep(1
) # Add delay to tests to avoid 429 on service callout
id_token = conftest.nhs_login_id_token(
test_app=test_app,
id_token_claims=request_data.get("claims"),
id_token_headers=request_data.get("headers"))
if request_data.get("id_token") is not None:
authorised_headers["NHSD-User-Identity"] = request_data.get("id_token")
else:
authorised_headers["NHSD-User-Identity"] = id_token
async with api_client.get(_valid_uri("9912003888", "90640007"),
headers=authorised_headers,
allow_retries=True) as resp:
assert resp.status == request_data["expected_status_code"]
body = await resp.json()
assert body["resourceType"] == "OperationOutcome"
assert body["issue"][0]["severity"] == request_data[
"expected_response"]["severity"]
assert body["issue"][0]["diagnostics"] == request_data[
"expected_response"]["error_diagnostics"]
assert body["issue"][0]["code"] == request_data["expected_response"][
"error_code"]
async def test_p5_without_allowed_proofing_level_attribute(
test_app, api_client: APISessionClient, authorised_headers):
correlation_id = str(uuid4())
authorised_headers["X-Correlation-ID"] = correlation_id
authorised_headers["NHSD-User-Identity"] = conftest.nhs_login_id_token(
test_app, allowed_proofing_level='P5')
async with api_client.get(_valid_uri("9912003888", "90640007"),
headers=authorised_headers,
allow_retries=True) as resp:
assert resp.status == 401
# body = await resp.json()
assert "x-correlation-id" in resp.headers, resp.headers
assert resp.headers["x-correlation-id"] == correlation_id
async def test_immunization_happy_path(test_app, api_client: APISessionClient,
authorised_headers):
correlation_id = str(uuid4())
authorised_headers["X-Correlation-ID"] = correlation_id
authorised_headers["NHSD-User-Identity"] = conftest.nhs_login_id_token(
test_app)
async with api_client.get(_valid_uri("9912003888", "90640007"),
headers=authorised_headers,
allow_retries=True) as resp:
assert resp.status == 200
body = await resp.json()
assert "x-correlation-id" in resp.headers, resp.headers
assert resp.headers["x-correlation-id"] == correlation_id
assert body["resourceType"] == "Bundle", body
# no data for this nhs number ...
assert len(body["entry"]) == 0, body
async def test_bad_nhs_number(test_app, api_client: APISessionClient,
authorised_headers):
sleep(1) # Add delay to tests to avoid 429 on service callout
authorised_headers["NHSD-User-Identity"] = conftest.nhs_login_id_token(
test_app)
async with api_client.get(_valid_uri("90000000009", "90640007"),
headers=authorised_headers,
allow_retries=True) as resp:
assert resp.status == 400
body = await resp.json()
assert body["resourceType"] == "OperationOutcome", body
issue = next(
(i for i in body.get('issue', []) if i.get('severity') == 'error'),
None)
assert issue.get(
"diagnostics"
) == "Missing required request parameters: [patient.identifier]", body