NHSDigital
diff --git a/‎package-lock.json‎
Lines changed: 102 additions & 102 deletions b/‎package-lock.json‎
Lines changed: 102 additions & 102 deletions
diff --git a/‎package.json‎
Lines changed: 1 addition & 1 deletion b/‎package.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎poetry.lock‎
Lines changed: 184 additions & 196 deletions b/‎poetry.lock‎
Lines changed: 184 additions & 196 deletions
diff --git a/‎…icationOperationOutcomeErrorResponse.xml‎ ‎…essage.OperationOutcomeErrorResponse.xml‎proxies/live/apiproxy/policies/AssignMessage.AuthenticationOperationOutcomeErrorResponse.xml renamed to proxies/live/apiproxy/policies/AssignMessage.OperationOutcomeErrorResponse.xml
Lines changed: 2 additions & 2 deletions b/‎…icationOperationOutcomeErrorResponse.xml‎ ‎…essage.OperationOutcomeErrorResponse.xml‎proxies/live/apiproxy/policies/AssignMessage.AuthenticationOperationOutcomeErrorResponse.xml renamed to proxies/live/apiproxy/policies/AssignMessage.OperationOutcomeErrorResponse.xml
Lines changed: 2 additions & 2 deletions
diff --git a/‎proxies/live/apiproxy/policies/AssignMessage.SetOperationOutcomeIssueCodeLogin.xml‎
Lines changed: 4 additions & 0 deletions b/‎proxies/live/apiproxy/policies/AssignMessage.SetOperationOutcomeIssueCodeLogin.xml‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎proxies/live/apiproxy/policies/AssignMessage.SetOperationOutcomeIssueIal.xml‎
Lines changed: 4 additions & 0 deletions b/‎proxies/live/apiproxy/policies/AssignMessage.SetOperationOutcomeIssueIal.xml‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎proxies/live/apiproxy/policies/AssignMessage.SetOperationOutcomeMissingAsid.xml‎
Lines changed: 14 additions & 0 deletions b/‎proxies/live/apiproxy/policies/AssignMessage.SetOperationOutcomeMissingAsid.xml‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎proxies/live/apiproxy/policies/RaiseFault.MissingAsid.xml‎
Lines changed: 10 additions & 0 deletions b/‎proxies/live/apiproxy/policies/RaiseFault.MissingAsid.xml‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎proxies/live/apiproxy/targets/ers-target.xml‎
Lines changed: 24 additions & 3 deletions b/‎proxies/live/apiproxy/targets/ers-target.xml‎
Lines changed: 24 additions & 3 deletions
diff --git a/‎pyproject.toml‎
Lines changed: 3 additions & 3 deletions b/‎pyproject.toml‎
Lines changed: 3 additions & 3 deletions
@@ -12,7 +12,7 @@
   "license": "MIT",
   "homepage": "https://github.com/NHSDigital/e-referrals-service-api",
   "dependencies": {
-    "@redocly/cli": "^1.34.0"
+    "@redocly/cli": "^1.34.2"
   },
   "devDependencies": {
     "apigeetool": "^0.16.5",
 
@@ -1,6 +1,6 @@
-<AssignMessage async="false" continueOnError="false" enabled="true" name="AssignMessage.AuthenticationOperationOutcomeErrorResponse">
+<AssignMessage async="false" continueOnError="false" enabled="true" name="AssignMessage.OperationOutcomeErrorResponse">
     <Set>
-        <StatusCode>401</StatusCode>
+        <StatusCode>{status_code}</StatusCode>
         <ReasonPhrase>Unauthorized</ReasonPhrase>
         <Payload contentType="application/fhir+json" variablePrefix="%" variableSuffix="#">{ "resourceType": "OperationOutcome", "meta": { "lastUpdated": "%current_timestamp#", "profile" : [ "%op_outcome_fhir_profile#" ] }, "issue": [ { "severity": "error", "code": "%op_outcome_issue_code#", "details": { "coding": [ { "system": "%op_outcome_issue_details_coding_system#", "code": "%op_outcome_issue_details_coding_code#" } ] }, "diagnostics": "%faultstring#" } ] }</Payload>
     </Set>
 
@@ -1,4 +1,8 @@
 <AssignMessage enabled="true" name="AssignMessage.SetOperationOutcomeIssueCodeLogin">
+    <AssignVariable>
+        <Name>status_code</Name>
+        <Value>401</Value>
+    </AssignVariable>
     <AssignVariable>
         <Name>op_outcome_issue_code</Name>
         <Value>login</Value>
 
@@ -1,4 +1,8 @@
 <AssignMessage enabled="true" name="AssignMessage.SetOperationOutcomeIssueIal">
+    <AssignVariable>
+        <Name>status_code</Name>
+        <Value>401</Value>
+    </AssignVariable>
     <AssignVariable>
         <Name>op_outcome_issue_code</Name>
         <Value>forbidden</Value>
 
@@ -0,0 +1,14 @@
+<AssignMessage enabled="true" name="AssignMessage.SetOperationOutcomeMissingAsid">
+    <AssignVariable>
+        <Name>op_outcome_issue_code</Name>
+        <Value>forbidden</Value>
+    </AssignVariable>
+    <AssignVariable>
+        <Name>faultstring</Name>
+        <Value>ASID is not configured in the application</Value>
+    </AssignVariable>
+    <AssignVariable>
+        <Name>status_code</Name>
+        <Value>403</Value>
+    </AssignVariable>
+</AssignMessage>
@@ -0,0 +1,10 @@
+<RaiseFault async="false" continueOnError="false" enabled="true" name="RaiseFault.MissingAsid">
+    <FaultResponse>
+        <Set>
+            <Payload contentType="text/plain"/>
+            <StatusCode>403</StatusCode>
+            <ReasonPhrase>Forbidden</ReasonPhrase>
+        </Set>
+    </FaultResponse>
+    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
+</RaiseFault>
@@ -15,7 +15,7 @@
                 <Name>AssignMessage.SetOperationOutcomeIssueCodeLogin</Name>
             </Step>
             <Step>
-                <Name>AssignMessage.AuthenticationOperationOutcomeErrorResponse</Name>
+                <Name>AssignMessage.OperationOutcomeErrorResponse</Name>
             </Step>
             <Condition>(oauthV2.OauthV2.VerifyAccessToken.failed = true) and (isFhirR4Path = true)</Condition>
         </FaultRule>
@@ -43,7 +43,7 @@
                 <Condition>aalError != true</Condition>
             </Step>
             <Step>
-                <Name>AssignMessage.AuthenticationOperationOutcomeErrorResponse</Name>
+                <Name>AssignMessage.OperationOutcomeErrorResponse</Name>
                 <Condition>aalError = true</Condition>
             </Step>
             <Condition>(oauthV2.OauthV2.VerifyAccessToken.failed = true) and (isFhirR4Path = false)</Condition>
@@ -85,10 +85,27 @@
                 <Name>AssignMessage.SetOperationOutcomeIssueIal</Name>
             </Step>
             <Step>
-                <Name>AssignMessage.AuthenticationOperationOutcomeErrorResponse</Name>
+                <Name>AssignMessage.OperationOutcomeErrorResponse</Name>
             </Step>
             <Condition>(raisefault.RaiseFault.401InsufficientIal.failed = true)</Condition>
         </FaultRule>
+        <FaultRule name="missing_asid">
+            <Step>
+                <Condition>(isFhirR4Path = true)</Condition>
+                <Name>AssignMessage.SetOperationOutcomeVariablesR4</Name>
+            </Step>
+            <Step>
+                <Condition>(isFhirR4Path = false)</Condition>
+                <Name>AssignMessage.SetOperationOutcomeVariablesPreR4</Name>
+            </Step>
+            <Step>
+                <Name>AssignMessage.SetOperationOutcomeMissingAsid</Name>
+            </Step>
+            <Step>
+                <Name>AssignMessage.OperationOutcomeErrorResponse</Name>
+            </Step>
+            <Condition>(raisefault.RaiseFault.MissingAsid.failed = true)</Condition>
+        </FaultRule>
     </FaultRules>
     <PreFlow>
         <Request>
@@ -101,6 +118,10 @@
             <Step>
                 <Name>OauthV2.VerifyAccessToken</Name>
             </Step>
+            <Step>
+                <Name>RaiseFault.MissingAsid</Name>
+                <Condition>(app.asid == null) Or (app.asid == "")</Condition>
+            </Step>
             <Step>
                 <Name>AssignMessage.PopulateAsidFromApp</Name>
             </Step>
 
@@ -28,9 +28,9 @@ semver = "^3.0.4"
 gitpython = "^3.1.44"
 lxml = "^4.9.4"
 xmlformatter = "^0.2.8"
-pytest-check = "^2.5.1"
+pytest-check = "^2.5.3"
 requests = "^2.32.3"
-openapi-core = "^0.19.4"
+openapi-core = "^0.19.5"
 
 
 [tool.poetry.group.dev.dependencies]
@@ -39,7 +39,7 @@ black = "^25.1"
 pip-licenses = "^5.0.0"
 jinja2 = "^3.1.6"
 pytest = "^8.3.5"
-pytest-asyncio = "^0.25.3"
+pytest-asyncio = "^0.26.0"
 pytest-nhsd-apim = "^3.4.5"
 
 [tool.poetry.scripts]