BB2-4193: Remove mbi hash usage (#1402)

* BB2-4193: Initial work to remove references to unhashed_mbi

* Fix failing unit tests

* Remove remaining references to mbi hash, fix some tests

* Fix CodeQL issue

* Fix failing unit test, some cleanup, single quotes

* More single quotes and some clean up

* Ensure generate_random_mbi conforms with MBI structure and is synthetic

* Add context to docstring

* Modify generate_random_mbi and add TODOs

Author: JamesDemeryNava

apps/authorization/tests/test_data_access_grant.py

@@ -151,6 +151,7 @@ def test_delete_authenticated_user_grant(self):
             app_name="test_app1",
             app_username="devuser1",
             app_user_organization="org1",
+            mbi=self._generate_random_mbi(),
         )
 
         user, application_2, ac = self._create_user_app_token_grant(
@@ -161,6 +162,7 @@ def test_delete_authenticated_user_grant(self):
             app_name="test_app2",
             app_username="devuser2",
             app_user_organization="org2",
+            mbi=self._generate_random_mbi(),
         )
 
         # 2. verify grant creation - errors if DNE or more than one is found

apps/authorization/tests/test_data_access_grant_permissions.py

@@ -289,6 +289,7 @@ def test_revoked_data_access_grant(self):
             app_name="test_app1",
             app_username="devuser1",
             app_user_organization="org1",
+            mbi=self._generate_random_mbi(),
             app_data_access_type="RESEARCH_STUDY",
         )
 
@@ -357,6 +358,7 @@ def test_research_study_app_type(self):
             app_name="test_app1",
             app_username="devuser1",
             app_user_organization="org1",
+            mbi=self._generate_random_mbi(),
             app_data_access_type="RESEARCH_STUDY",
         )
         self.assertEqual(app.data_access_type, "RESEARCH_STUDY")
@@ -439,6 +441,7 @@ def test_one_time_app_type(self):
             app_name="test_app1",
             app_username="devuser1",
             app_user_organization="org1",
+            mbi=self._generate_random_mbi(),
             app_data_access_type="ONE_TIME",
         )
 
@@ -481,6 +484,7 @@ def test_thirteen_month_app_type(self):
             app_name="test_app1",
             app_username="devuser1",
             app_user_organization="org1",
+            mbi=self._generate_random_mbi(),
             app_data_access_type="THIRTEEN_MONTH",
         )
 
@@ -555,6 +559,7 @@ def test_thirteen_month_app_type(self):
             app_name="test_app1",
             app_username="devuser1",
             app_user_organization="org1",
+            mbi=self._generate_random_mbi(),
             app_data_access_type="THIRTEEN_MONTH",
         )
 
@@ -607,6 +612,7 @@ def test_data_access_grant_permissions_has_permission(self):
             app_name="test_app1",
             app_username="devuser1",
             app_user_organization="org1",
+            mbi=self._generate_random_mbi(),
         )
 
         # 2. Test grant obj created OK.

apps/bb2_tools/admin.py

@@ -333,9 +333,9 @@ class BeneficiaryDashboardAdmin(ReadOnlyAdmin):
         "date_created",
     )
     # BB2-4166-TODO: add support for v3
-    search_fields = ("user__username", "fhir_id_v2", "_user_id_hash", "_user_mbi_hash")
-    readonly_fields = ("date_created",)
-    raw_id_fields = ("user",)
+    search_fields = ('user__username', 'fhir_id_v2', '_user_id_hash', '_user_mbi')
+    readonly_fields = ('date_created',)
+    raw_id_fields = ('user',)
 
     def get_queryset(self, request):
         qs = super(BeneficiaryDashboardAdmin, self).get_queryset(request)
@@ -363,8 +363,8 @@ def get_access_tokens(self, obj):
     def get_identities(self, obj):
         # BB2-4166-TODO: add support for v3
         return format_html(
-            "<div><ul><li>FHIR_ID_V2:{}</li><li>HICN HASH:{}</li><li>MBI HASH:{}</li>".format(
-                obj.fhir_id(2), obj.user_hicn_hash, obj.user_mbi_hash
+            '<div><ul><li>FHIR_ID_V2:{}</li><li>HICN HASH:{}</li><li>MBI:{}</li>'.format(
+                obj.fhir_id(2), obj.user_hicn_hash, obj.user_mbi
             )
         )
 

apps/dot_ext/tests/test_views.py

@@ -535,31 +535,31 @@ def test_get_tokens_on_inactive_app(self):
         application.save()
 
     def test_delete_token_success(self):
-        anna = self._create_user(self.test_username, "123456", fhir_id_v2="19990000000002", fhir_id_v3="39990000000002")
+        anna = self._create_user(self.test_username, '123456', fhir_id_v2='19990000000002', fhir_id_v3='39990000000002')
         bob = self._create_user(
-            "bob",
-            "123456",
-            fhir_id_v2="19990000000001",
+            'bob',
+            '123456',
+            fhir_id_v2='19990000000001',
             fhir_id_v3=None,
-            user_hicn_hash="86228a57f37efea543f4f370f96f1dbf01c3e3129041dba3ea4367545507c6e7",
-            user_mbi_hash="98765432137efea543f4f370f96f1dbf01c3e3129041dba3ea4367545507c6e7",
+            user_hicn_hash='86228a57f37efea543f4f370f96f1dbf01c3e3129041dba3ea4367545507c6e7',
+            user_mbi='1SA0A00AA02',
         )
         # create a couple of capabilities
         capability_a = self._create_capability(
-            "token_management", [["DELETE", r"/v1/o/tokens/\d+/"]], default=False
+            'token_management', [['DELETE', r'/v1/o/tokens/\d+/']], default=False
         )
         # create an application and add capabilities
         anna_application = self._create_application(
-            "an app",
+            'an app',
             grant_type=Application.GRANT_AUTHORIZATION_CODE,
-            redirect_uris="http://example.it",
+            redirect_uris='http://example.it',
         )
         anna_application.scope.add(capability_a)
         bob_application = self._create_application(
-            "another app",
+            'another app',
             grant_type=Application.GRANT_IMPLICIT,
             client_type=Application.CLIENT_PUBLIC,
-            redirect_uris="http://example.it",
+            redirect_uris='http://example.it',
             user=anna_application.user,
         )
         bob_application.scope.add(capability_a)
@@ -579,10 +579,10 @@ def test_delete_token_success(self):
         # Post Django 2.2:  An OSError exception is expected when trying to reach the
         #                   backend FHIR server and proves authentication worked.
         with self.assertRaisesRegexp(
-            OSError, "Could not find the TLS certificate file"
+            OSError, 'Could not find the TLS certificate file'
         ):
             response = self.client.get(
-                "/v1/fhir/Patient", headers={"authorization": "Bearer " + anna_token.token}
+                '/v1/fhir/Patient', headers={'authorization': 'Bearer ' + anna_token.token}
             )
 
         bob_tkn = self._create_test_token(bob, bob_application)
@@ -594,12 +594,12 @@ def test_delete_token_success(self):
         )
 
         response = self.client.get(
-            reverse("token_management:token-list"),
+            reverse('token_management:token-list'),
             headers={
-                "authorization": self._create_authorization_header(
+                'authorization': self._create_authorization_header(
                     anna_application.client_id, anna_application.client_secret_plain
                 ),
-                "x-authentication": self._create_authentication_header(self.test_uuid),
+                'x-authentication': self._create_authentication_header(self.test_uuid),
             },
         )
         grant_list = response.json()
@@ -609,21 +609,21 @@ def test_delete_token_success(self):
         )
         http_authn = self._create_authentication_header(self.test_uuid)
         response = self.client.delete(
-            reverse("token_management:token-detail", args=[grant_list[0]["id"]]),
-            headers={"authorization": http_authz, "x-authentication": http_authn},
+            reverse('token_management:token-detail', args=[grant_list[0]['id']]),
+            headers={'authorization': http_authz, 'x-authentication': http_authn},
         )
         self.assertEqual(response.status_code, 204)
-        url_1 = reverse("token_management:token-detail", args=[grant_list[0]["id"]])
+        url_1 = reverse('token_management:token-detail', args=[grant_list[0]['id']])
         http_authz = self._create_authorization_header(
             anna_application.client_id, anna_application.client_secret_plain
         )
         http_authn = self._create_authentication_header(self.test_uuid)
         failed_response = self.client.delete(
-            url_1, headers={"authorization": http_authz, "x-authentication": http_authn}
+            url_1, headers={'authorization': http_authz, 'x-authentication': http_authn}
         )
         self.assertEqual(failed_response.status_code, 404)
         response = self.client.get(
-            "/v1/fhir/Patient", headers={"authorization": "Bearer " + anna_token.token}
+            '/v1/fhir/Patient', headers={'authorization': 'Bearer ' + anna_token.token}
         )
         self.assertEqual(response.status_code, 401)
 
@@ -637,22 +637,22 @@ def test_delete_token_success(self):
         # Post Django 2.2:  An OSError exception is expected when trying to reach the
         #                   backend FHIR server and proves authentication worked.
         with self.assertRaisesRegexp(
-            OSError, "Could not find the TLS certificate file"
+            OSError, 'Could not find the TLS certificate file'
         ):
             response = self.client.get(
-                "/v1/fhir/Patient", headers={"authorization": "Bearer " + bob_tkn.token}
+                '/v1/fhir/Patient', headers={'authorization': 'Bearer ' + bob_tkn.token}
             )
 
         next_tkn = self._create_test_token(anna, anna_application)
 
         # Post Django 2.2:  An OSError exception is expected when trying to reach the
         #                   backend FHIR server and proves authentication worked.
         with self.assertRaisesRegexp(
-            OSError, "Could not find the TLS certificate file"
+            OSError, 'Could not find the TLS certificate file'
         ):
             response = self.client.get(
-                "/v1/fhir/Patient",
-                headers={"authorization": "Bearer " + next_tkn.token},
+                '/v1/fhir/Patient',
+                headers={'authorization': 'Bearer ' + next_tkn.token},
             )
 
         # self.assertEqual(next_tkn.token, tkn.token)

apps/fhir/bluebutton/admin.py

@@ -4,13 +4,13 @@
 
 @admin.register(Crosswalk)
 class CrosswalkAdmin(admin.ModelAdmin):
-    list_display = ("get_user_username", "fhir_id_v2", "fhir_id_v3")
-    search_fields = ("user__username", "fhir_id_v2", "fhir_id_v3")
-    raw_id_fields = ("user",)
+    list_display = ('get_user_username', 'fhir_id_v2', 'fhir_id_v3')
+    search_fields = ('user__username', 'fhir_id_v2', 'fhir_id_v3')
+    raw_id_fields = ('user',)
 
     @admin.display(
-        description="User Name",
-        ordering="username",
+        description='User Name',
+        ordering='username',
     )
     def get_user_username(self, obj):
         return obj.user.username
@@ -19,12 +19,12 @@ def get_user_username(self, obj):
 @admin.register(ArchivedCrosswalk)
 class ArchivedCrosswalkAdmin(admin.ModelAdmin):
     list_display = (
-        "archived_at",
-        "username",
-        "fhir_id_v2",
-        "fhir_id_v3",
-        "user_id_type",
-        "_user_id_hash",
-        "_user_mbi_hash",
+        'archived_at',
+        'username',
+        'fhir_id_v2',
+        'fhir_id_v3',
+        'user_id_type',
+        '_user_id_hash',
+        '_user_mbi',
     )
-    search_fields = ("fhir_id_v2", "fhir_id_v3", "username", "_user_id_hash", "_user_mbi_hash")
+    search_fields = ('fhir_id_v2', 'fhir_id_v3', 'username', '_user_id_hash', '_user_mbi')

apps/fhir/bluebutton/management/commands/user_mbi_backfill.py

@@ -105,7 +105,8 @@ def process_records(self, crosswalk_records: List[Crosswalk], execute: bool) ->
                     user_mbi_hash = crosswalk.user_mbi_hash
                     rf = RequestFactory()
                     request = rf.get('/')
-                    print('fhir_id %s' % (crosswalk.fhir_id))
+                    # TODO - tied to BB2-4193, remove these references to user_mbi_hash as part
+                    # of the ticket to remove the user_mbi_hash column from the crosswalk table 
                     print('user_mbi_hash %s' % (user_mbi_hash))
                     if not user_mbi_hash:
                         print('can\'t update this record, no user_mbi_hash')

apps/fhir/bluebutton/models.py

@@ -67,18 +67,6 @@ def hash_hicn(hicn):
     return hash_id_value(hicn)
 
 
-def hash_mbi(mbi):
-    # BB2-237: Replaces ASSERT with exception. We should never reach this condition.
-    if mbi == "":
-        raise BBFhirBluebuttonModelException("MBI cannot be the empty string")
-
-    # NOTE: mbi value can be None here.
-    if mbi is None:
-        return None
-    else:
-        return hash_id_value(mbi)
-
-
 class Crosswalk(models.Model):
     """Represents a crosswalk between a Django user (auth_user) and their MBI/HICN/FHIR IDs
 
@@ -302,7 +290,7 @@ def create(crosswalk):
             fhir_id_v3=crosswalk.fhir_id(3),
             user_id_type=crosswalk.user_id_type,
             _user_id_hash=crosswalk.user_hicn_hash,
-            _user_mbi_hash=crosswalk.user_mbi_hash,
+            _user_mbi=crosswalk._user_mbi,
             date_created=crosswalk.date_created,
         )
         acw.save()