feat(cb2-15629): add path for ATI authentication

dvsa · Dec 16, 2024 · 6a73271 · 6a73271
1 parent d172e2b
commit 6a73271
Show file tree

Hide file tree

Showing 3 changed files with 51 additions and 9 deletions.
diff --git a/src/models/user.ts b/src/models/user.ts
@@ -4,4 +4,5 @@ export type AuthorisationJwtBearerToken = {
   email: string,
   preferred_username: string,
   upn: string,
+  appid: string;
 };
diff --git a/src/services/user.ts b/src/services/user.ts
@@ -31,6 +31,14 @@ export const getUserDetails = (jwt: string): UserDetails => {
       return userDetails;
     }
 
+    // Similarly, if the token is from the ATI app, we can set the username and email to ATI_SYSTEM_USER.
+    // We don't want to use the above path as the ATI app is a different entity to the data remediation app.
+    if (!!decodedToken.appid && (decodedToken.appid === process.env.ATI_APP_ID)) {
+      userDetails.username = 'ATI_SYSTEM_USER';
+      userDetails.email = 'ATI_SYSTEM_USER';
+      return userDetails;
+    }
+
     throw new Error(ERRORS.MISSING_USER_DETAILS);
   }
   return userDetails;

diff --git a/tests/unit/services/users.unit.test.ts b/tests/unit/services/users.unit.test.ts
@@ -1,21 +1,23 @@
-import { getUserDetails, UserDetails } from '../../../src/services/user';
-import { ERRORS } from '../../../src/util/enum';
+import {getUserDetails, UserDetails} from '../../../src/services/user';
+import {ERRORS} from '../../../src/util/enum';
 
 describe('Test User Service', () => {
   describe('Should process user details and return them', () => {
     it('should successfully process a jwt token and return the relevant fields', () => {
       const header = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9';
       const payload = 'eyJuYW1lIjoiSm9obiBEb2UiLCJvaWQiOjE1MTYyMzkwMjJ9';
       const signature = 'n_aQxbA3-fsgfEdIMS61YGu-u8flaPYESJxRuaFzEXc';
-      const res : UserDetails = getUserDetails(`${header}.${payload}.${signature}`);
-      expect(res.username).toBe('John Doe');
+      const res: UserDetails = getUserDetails(`${header}.${payload}.${signature}`);
+      expect(res.username)
+        .toBe('John Doe');
     });
     it('should throw an error if user details are missing', () => {
       const header = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9';
       const payload = 'eyJvaWQiOjE1MTYyMzkwMjJ9';
       const signature = 'OeYj2GlIUPh1y-xb6UMvq5m8V_nPFX5D_sBA4Fcnmz8';
 
-      expect(() => getUserDetails(`${header}.${payload}.${signature}`)).toThrow(ERRORS.MISSING_USER_DETAILS);
+      expect(() => getUserDetails(`${header}.${payload}.${signature}`))
+        .toThrow(ERRORS.MISSING_USER_DETAILS);
     });
   });
 
@@ -24,17 +26,23 @@ describe('Test User Service', () => {
       process.env.ENABLE_SYSTEM_USER_IMPERSONATION = undefined;
     });
 
+    afterEach(() => {
+      process.env.ENABLE_SYSTEM_USER_IMPERSONATION = undefined;
+    });
+
     it('should successfully get the system user', () => {
       process.env.ENABLE_SYSTEM_USER_IMPERSONATION = 'true';
 
       const header = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9';
       const payload = 'eyJvaWQiOjE1MTYyMzkwMjJ9';
       const signature = 'OeYj2GlIUPh1y-xb6UMvq5m8V_nPFX5D_sBA4Fcnmz8';
 
-      const res : UserDetails = getUserDetails(`${header}.${payload}.${signature}`);
+      const res: UserDetails = getUserDetails(`${header}.${payload}.${signature}`);
 
-      expect(res.username).toBe('SYSTEM_USER');
-      expect(res.email).toBe('SYSTEM_USER');
+      expect(res.username)
+        .toBe('SYSTEM_USER');
+      expect(res.email)
+        .toBe('SYSTEM_USER');
     });
 
     it('should throw an error if the environment variable is not set', () => {
@@ -43,7 +51,32 @@ describe('Test User Service', () => {
       const payload = 'eyJvaWQiOjE1MTYyMzkwMjJ9';
       const signature = 'OeYj2GlIUPh1y-xb6UMvq5m8V_nPFX5D_sBA4Fcnmz8';
 
-      expect(() => getUserDetails(`${header}.${payload}.${signature}`)).toThrow(ERRORS.MISSING_USER_DETAILS);
+      expect(() => getUserDetails(`${header}.${payload}.${signature}`))
+        .toThrow(ERRORS.MISSING_USER_DETAILS);
+    });
+  });
+
+  describe('Should override with ATI system user when the ATI environment variable is set', () => {
+    beforeEach(() => {
+      process.env.ATI_APP_ID = undefined;
+    });
+
+    afterEach(() => {
+      process.env.ATI_APP_ID = undefined;
+    });
+
+    it('should successfully get the system user', () => {
+      process.env.ATI_APP_ID = 'app-id-123';
+
+      // eslint-disable-next-line max-len
+      const jwt = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqd3QtYnVpbGRlciIsImlhdCI6MTczNDM2NTcyMywiZXhwIjoxNzY1OTAxNzIzLCJhdWQiOiJzb21lLWF1ZCIsInN1YiI6InNvbWUtc3ViIiwiYXBwaWQiOiJhcHAtaWQtMTIzIiwib2lkIjoib2lkLTEyMyIsImVtYWlsIjoic29tZW9uZUBzb21ld2hlcmUuY29tIn0.itSUmFZOGP6sVAGXzr3rCpTTNd9kL5UB7qou__2EVdI';
+
+      const res: UserDetails = getUserDetails(jwt);
+
+      expect(res.username)
+        .toBe('ATI_SYSTEM_USER');
+      expect(res.email)
+        .toBe('ATI_SYSTEM_USER');
     });
   });
 });