intermediary commit

Author: bwang-icf

apps/dot_ext/views/authorization.py

@@ -13,6 +13,7 @@
 from django.views.decorators.debug import sensitive_post_parameters
 from apps.dot_ext.constants import TOKEN_ENDPOINT_V3_KEY
 from oauth2_provider.exceptions import OAuthToolkitError
+from apps.fhir.bluebutton.models import Crosswalk
 from oauth2_provider.views.base import app_authorized, get_access_token_model
 from oauth2_provider.views.base import AuthorizationView as DotAuthorizationView
 from oauth2_provider.views.base import TokenView as DotTokenView
@@ -27,6 +28,7 @@
 from urllib.parse import urlparse, parse_qs
 import html
 from apps.dot_ext.scopes import CapabilitiesScopes
+from apps.mymedicare_cb.models import get_and_update_from_refresh
 import apps.logging.request_logger as bb2logging
 
 from ..signals import beneficiary_authorized_application
@@ -455,6 +457,16 @@ def post(self, request, *args, **kwargs):
                     # crosswalk = None
                 # This gets us the mbi and other info we need from the crosswalk
                 # Probably some kind of handling for if there is no mbi needs to happen here too
+                try:
+                    print(f'token.user: {token.user}')
+                    crosswalk = Crosswalk.objects.get(user=token.user)
+                    print(f'Found crosswalk for user: {crosswalk}')
+                    body['user_mbi'] = crosswalk.user_mbi
+                    body['user_id'] = crosswalk.user_id
+                    body['hicn_hash'] = crosswalk.user_hicn_hash
+                    get_and_update_from_refresh(crosswalk.user_mbi, crosswalk.user_id, crosswalk.user_hicn_hash, request)
+                except Crosswalk.DoesNotExist:
+                    crosswalk = None
                 body['access_grant_expiration'] = dag_expiry
                 body = json.dumps(body)
 

apps/mymedicare_cb/models.py

@@ -11,6 +11,7 @@
 from apps.accounts.models import UserProfile
 from apps.fhir.bluebutton.models import ArchivedCrosswalk, Crosswalk
 from apps.fhir.server.authentication import match_fhir_id
+from apps.dot_ext.utils import get_api_version_number_from_url
 
 from .authorization import OAuth2ConfigSLSx, MedicareCallbackExceptionType
 
@@ -28,77 +29,22 @@ class BBMyMedicareCallbackCrosswalkUpdateException(APIException):
     # BB2-237 custom exception
     status_code = status.HTTP_500_INTERNAL_SERVER_ERROR
 
-# def _get_and_update_user(mbi, user_id, hicn_hash, request):
-#     """
-#     Base function to get and update user from either authorize or refresh flows.
-#     """
-
-#     version = request.session['version']
-#     logger = logging.getLogger(logging.AUDIT_AUTHN_MED_CALLBACK_LOGGER, request)
-
-#     # Match a patient identifier via the backend FHIR server
-#     if version == Versions.V3:
-#         hicn_hash = None
-
-#     versioned_fhir_ids = {}
-#     # Perform fhir_id lookup for all supported versions
-#     # If the lookup for the requested version fails, raise the exception
-#     # This is wrapped in the case that if the requested version fails, match_fhir_id
-#     # will still bubble up UpstreamServerException
-#     for supported_version in Versions.latest_versions():
-#         try:
-#             fhir_id, hash_lookup_type = match_fhir_id(
-#                 mbi=mbi,
-#                 hicn_hash=hicn_hash,
-#                 request=request,
-#                 version=supported_version,
-#             )
-#             versioned_fhir_ids[supported_version] = fhir_id
-#         except UpstreamServerException as e:
-#             if supported_version == version:
-#                 raise e
-
-#     bfd_fhir_id_v2 = versioned_fhir_ids.get(Versions.V2, None)
-#     bfd_fhir_id_v3 = versioned_fhir_ids.get(Versions.V3, None)
-
-
-# def get_and_update_from_refresh(mbi, user_id, hicn_hash, request):
-#     version = request.session['version']
-#     pass
-
-def get_and_update_user_from_authorize(slsx_client: OAuth2ConfigSLSx, request):
-    """
-    Find or create the user associated
-    with the identity information from the ID provider.
 
-    Args:
-        slsx_client = OAuth2ConfigSLSx encapsulates all slsx exchanges and user info values as listed below:
-            subject = ID provider's sub or username
-            mbi = MBI from SLSx
-            hicn_hash = Previously hashed hicn
-            first_name
-            last_name
-            email
-            request = request from caller to pass along for logging info.
-    Returns:
-        The user that was existing or newly created
-        crosswalk_type =  Type of crosswalk activity:
-            'R' = Returned existing crosswalk record
-            'C' = Created new crosswalk record
-    Raises:
-        KeyError: If an expected key is missing from user_info.
-        KeyError: If response from fhir server is malformed.
-        AssertionError: If a user is matched but not all identifiers match.
+def _get_and_update_user(mbi, user_id, hicn_hash, request, auth_type, slsx_client=None):
+    """
+    Base function to get and update user from either authorize or refresh flows.
     """
 
-    version = request.session['version']
+    try:
+        version = request.session['version']
+    except KeyError:
+        path_info = request.__dict__.get('path_info')
+        version = get_api_version_number_from_url(path_info)
     logger = logging.getLogger(logging.AUDIT_AUTHN_MED_CALLBACK_LOGGER, request)
 
     # Match a patient identifier via the backend FHIR server
     if version == Versions.V3:
         hicn_hash = None
-    else:
-        hicn_hash = slsx_client.hicn_hash
 
     versioned_fhir_ids = {}
     # Perform fhir_id lookup for all supported versions
@@ -108,7 +54,7 @@ def get_and_update_user_from_authorize(slsx_client: OAuth2ConfigSLSx, request):
     for supported_version in Versions.latest_versions():
         try:
             fhir_id, hash_lookup_type = match_fhir_id(
-                mbi=slsx_client.mbi,
+                mbi=mbi,
                 hicn_hash=hicn_hash,
                 request=request,
                 version=supported_version,
@@ -122,24 +68,23 @@ def get_and_update_user_from_authorize(slsx_client: OAuth2ConfigSLSx, request):
     bfd_fhir_id_v3 = versioned_fhir_ids.get(Versions.V3, None)
 
     log_dict = {
-        'type': 'mymedicare_cb:get_and_update_user',
-        'subject': slsx_client.user_id,
+        'type': f'mymedicare_cb:get_and_update_user_{auth_type}',
+        'subject': user_id,
         'fhir_id_v2': bfd_fhir_id_v2,
         'fhir_id_v3': bfd_fhir_id_v3,
-        'hicn_hash': slsx_client.hicn_hash,
+        'hicn_hash': hicn_hash,
         'hash_lookup_type': hash_lookup_type,
         'crosswalk': {},
         'crosswalk_before': {},
     }
 
-    # Init for hicn crosswalk updates.
     hicn_updated = False
     try:
-        # Does an existing user and crosswalk exist for SLSx username?
-        user = User.objects.get(username=slsx_client.user_id)
+        # Does an existing user and crosswalk exist for this username?
+        user = User.objects.get(username=user_id)
 
         # Did the hicn change?
-        if user.crosswalk.user_hicn_hash != slsx_client.hicn_hash:
+        if user.crosswalk.user_hicn_hash != hicn_hash:
             hicn_updated = True
 
         update_fhir_id = False
@@ -153,8 +98,8 @@ def get_and_update_user_from_authorize(slsx_client: OAuth2ConfigSLSx, request):
         # Update Crosswalk if the user_mbi is null, but we have an mbi value from SLSx or
         # if the saved user_mbi value is different than what SLSx has
         if (
-            (user.crosswalk.user_mbi is None and slsx_client.mbi is not None)
-            or (user.crosswalk.user_mbi is not None and user.crosswalk.user_mbi != slsx_client.mbi)
+            (user.crosswalk.user_mbi is None and mbi is not None)
+            or (user.crosswalk.user_mbi is not None and user.crosswalk.user_mbi != mbi)
             or (user.crosswalk.user_id_type != hash_lookup_type or hicn_updated)
             or update_fhir_id
         ):
@@ -177,8 +122,8 @@ def get_and_update_user_from_authorize(slsx_client: OAuth2ConfigSLSx, request):
                     user.crosswalk.fhir_id_v3 = bfd_fhir_id_v3
                 # Update crosswalk per changes
                 user.crosswalk.user_id_type = hash_lookup_type
-                user.crosswalk.user_hicn_hash = slsx_client.hicn_hash
-                user.crosswalk.user_mbi = slsx_client.mbi
+                user.crosswalk.user_hicn_hash = hicn_hash
+                user.crosswalk.user_mbi = mbi
                 user.crosswalk.save()
 
         # Beneficiary has been successfully matched!
@@ -198,10 +143,13 @@ def get_and_update_user_from_authorize(slsx_client: OAuth2ConfigSLSx, request):
         })
         logger.info(log_dict)
 
+        print(f'Found existing user: {user.username}')
         return user, 'R'
     except User.DoesNotExist:
         pass
 
+    # This should only happen if no user exists which would mean this is an initial auth
+    # In this case, slsx_client would be provided
     user = create_beneficiary_record(
         slsx_client,
         fhir_id_v2=bfd_fhir_id_v2,
@@ -229,6 +177,27 @@ def get_and_update_user_from_authorize(slsx_client: OAuth2ConfigSLSx, request):
     return user, 'C'
 
 
+def get_and_update_from_refresh(mbi, user_id, hicn_hash, request):
+    return _get_and_update_user(
+        mbi,
+        user_id,
+        hicn_hash,
+        request,
+        'refresh'
+    )
+
+
+def get_and_update_user_from_initial_auth(slsx_client: OAuth2ConfigSLSx, request):
+    return _get_and_update_user(
+        slsx_client.mbi,
+        slsx_client.user_id,
+        slsx_client.hicn_hash,
+        request,
+        'initial_auth',
+        slsx_client=slsx_client
+    )
+
+
 def create_beneficiary_record(slsx_client: OAuth2ConfigSLSx,
                               fhir_id_v2=None, fhir_id_v3=None,
                               user_id_type='H', request=None) -> User:

apps/mymedicare_cb/tests/test_models.py

@@ -7,7 +7,7 @@
 from apps.mymedicare_cb.models import BBMyMedicareCallbackCrosswalkCreateException
 from apps.mymedicare_cb.authorization import OAuth2ConfigSLSx
 
-from ..models import create_beneficiary_record, get_and_update_user
+from ..models import create_beneficiary_record, get_and_update_user_from_initial_auth
 from unittest.mock import patch, Mock
 
 # Create the mock request
@@ -360,7 +360,7 @@ def test_user_mbi_updated_from_null(self, mock_archive, mock_match_fhir) -> None
         slsx_client.mbi = slsx_mbi
         slsx_client.hicn_hash = '50ad63a61f6bdf977f9796985d8d286a3d10476e5f7d71f16b70b1b4fbdad76b'
 
-        user, crosswalk_type = get_and_update_user(slsx_client, mock_request)
+        user, crosswalk_type = get_and_update_user_from_initial_auth(slsx_client, mock_request)
 
         user.refresh_from_db()
         crosswalk.refresh_from_db()
@@ -390,7 +390,7 @@ def test_user_mbi_updated_from_different_value(self, mock_archive, mock_match_fh
         slsx_client.mbi = slsx_mbi
         slsx_client.hicn_hash = '50ad63a61f6bdf977f9796985d8d286a3d10476e5f7d71f16b70b1b4fbdad76b'
 
-        user, crosswalk_type = get_and_update_user(slsx_client, mock_request)
+        user, crosswalk_type = get_and_update_user_from_initial_auth(slsx_client, mock_request)
 
         user.refresh_from_db()
         crosswalk.refresh_from_db()

apps/mymedicare_cb/views.py

@@ -27,7 +27,7 @@
 from .authorization import (OAuth2ConfigSLSx,
                             MedicareCallbackExceptionType,
                             BBMyMedicareCallbackAuthenticateSlsUserInfoValidateException)
-from .models import AnonUserState, get_and_update_user
+from .models import AnonUserState, get_and_update_user_from_initial_auth
 
 
 # For SLSx auth workflow info, see apps/mymedicare_db/README.md
@@ -64,7 +64,7 @@ def authenticate(request):
     slsx_client.log_event(request, {})
 
     # Find or create the user associated with the identity information from SLS.
-    user, crosswalk_action = get_and_update_user(slsx_client, request)
+    user, crosswalk_action = get_and_update_user_from_initial_auth(slsx_client, request)
 
     # Set crosswalk_action and get auth flow session values.
     set_session_auth_flow_trace_value(request, 'auth_crosswalk_action', crosswalk_action)

splunk/dasg_metrics_dashboard.xml

@@ -43,7 +43,7 @@
   </search>
   <search id="baseSearch1b">
     <!-- BASE search 1b. RETURNING Beneficiaries who have re-authorized -->
-    <query>index=application source="/bb/*/app/perf_mon.log" env=prod | spath "message.type" | search "message.type"="mymedicare_cb:get_and_update_user" | search "message.mesg"="RETURN existing beneficiary record" | dedup message.fhir_id message.auth_client_id message.auth_uuid | fields time message.auth_uuid message.fhir_id message.auth_app_name message.mesg mesg message.user_hicn_hash message.auth_pkce_method message.status</query>
+    <query>index=application source="/bb/*/app/perf_mon.log" env=prod | spath "message.type" | search "message.type"="mymedicare_cb:get_and_update_user_from_refresh" | search "message.mesg"="RETURN existing beneficiary record" | dedup message.fhir_id message.auth_client_id message.auth_uuid | fields time message.auth_uuid message.fhir_id message.auth_app_name message.mesg mesg message.user_hicn_hash message.auth_pkce_method message.status</query>
     <earliest>$t_local.earliest$</earliest>
     <latest>$t_local.latest$</latest>
     <sampleRatio>1</sampleRatio>