Added logic for current and previous hash checks.

Author: ayeshalshukri1-nhs

src/eligibility_signposting_api/processors/hashing_service.py

@@ -10,6 +10,8 @@
 
 
 def _hash(nhs_number: str, secret_value: str) -> str:
+    if not secret_value: return None
+
     nhs_str = str(nhs_number)
 
     return hmac.new(
@@ -37,3 +39,17 @@ def hash_with_current_secret(self, nhs_number: str) -> str:
     def hash_with_previous_secret(self, nhs_number: str) -> str:
         secret_value = self.secret_repo.get_secret_previous(self.hash_secret_name)["AWSPREVIOUS"]
         return _hash(nhs_number, secret_value)
+
+    # def hash_with_secret(self, nhs_number: str, version_stage: str) -> str:
+    #     if version_stage == "AWSCURRENT":
+    #         secret_dict = self.secret_repo.get_secret_current(self.hash_secret_name)
+    #     elif version_stage == "AWSPREVIOUS":
+    #         secret_dict = self.secret_repo.get_secret_previous(self.hash_secret_name)
+    #     #
+    #
+    #     if secret_dict:
+    #         secret_value = secret_dict.get(version_stage)
+    #         hashed_value = _hash(nhs_number, secret_value)
+    #         return hashed_value
+    #     else:
+    #         return None

src/eligibility_signposting_api/repos/person_repo.py

@@ -39,20 +39,34 @@ def __init__(self, table: Annotated[Any, Inject(qualifier="person_table")],
         self.table = table
         self._hashing_service = hashing_service
 
+    def get_person_record(self, nhs_hash):
+        if nhs_hash:
+            response = self.table.query(KeyConditionExpression=Key("NHS_NUMBER").eq(nhs_hash))
+
+            items = response.get("Items", [])
+            has_person = any(item.get("ATTRIBUTE_TYPE") == "PERSON" for item in items)
+
+            if has_person:
+                return items
+            else:
+                logger.error("No person record found for hash of nhs_number")
+
+        return None
+
+
     def get_eligibility_data(self, nhs_number: NHSNumber) -> Person:
+
+        # AWSCURRENT secret
         nhs_hash = self._hashing_service.hash_with_current_secret(nhs_number)
-        response = self.table.query(KeyConditionExpression=Key("NHS_NUMBER").eq(nhs_hash))
+        items = self.get_person_record(nhs_hash)
 
-        if not (items := response.get("Items")) or not next(
-            (item for item in items if item.get("ATTRIBUTE_TYPE") == "PERSON"), None
-        ):
+        if not items:
+            # AWSPREVIOUS secret
             nhs_hash = self._hashing_service.hash_with_previous_secret(nhs_number)
-            response = self.table.query(KeyConditionExpression=Key("NHS_NUMBER").eq(nhs_hash))
+            items = self.get_person_record(nhs_hash)
 
-            if not (items := response.get("Items")) or not next(
-                (item for item in items if item.get("ATTRIBUTE_TYPE") == "PERSON"), None
-            ):
-                message = f"Person not found with nhs_number {nhs_number}"
+            if not items:
+                message = f"Person not found for NHS number hash with current or previous secret."
                 raise NotFoundError(message)
 
         return Person(data=items)

src/eligibility_signposting_api/repos/secret_repo.py

@@ -27,9 +27,11 @@ def _get_secret_by_stage(self, secret_name: str, stage: str) -> dict[str, str]:
                 VersionStage=stage,
             )
             return {stage: response["SecretString"]}
+        # Add in other errors for AWS Secrets Manager
         except ClientError as e:
             logger.error("Failed to get secret %s at stage %s: %s", secret_name, stage, e)
-            raise
+            #raise
+            return {}
 
     def get_secret_current(self, secret_name: str) -> dict[str, str]:
         """Fetch the AWSCURRENT version of the secret."""

tests/integration/repo/test_person_repo.py

@@ -55,3 +55,24 @@ def test_items_found_but_person_attribute_type_not_found_raises_error(
     ## When, Then
     with pytest.raises(NotFoundError):
         repo.get_eligibility_data(persisted_person_with_no_person_attribute_type)
+
+
+# def test_person_found_with_current_secret(person_table: Any,
+#                     persisted_person: NHSNumber,
+#                     hashing_service: HashingService,):
+#     # Given
+#     repo = PersonRepo(person_table, hashing_service)
+#
+#     # When
+#     actual = repo.get_eligibility_data(persisted_person)
+#
+#     # Then
+#     nhs_num_hash = hashing_service.hash_with_current_secret(persisted_person)
+#
+#     assert_that(
+#         actual.data,
+#         contains_inanyorder(
+#             has_entries({"NHS_NUMBER": nhs_num_hash, "ATTRIBUTE_TYPE": "PERSON"}),
+#             has_entries({"NHS_NUMBER": nhs_num_hash, "ATTRIBUTE_TYPE": "COHORTS"}),
+#         ),
+#     )