Merge branch 'main' into add_temporary_instance

Author: anthony-nhs

.github/cfg/ods_codes_int.txt

@@ -1,2 +1,104 @@
-A83008
-FA565
+FA090
+FAC08
+FCD08
+FCF21
+FCM53
+FCP28
+FD444
+Fd976
+FDW46
+FE302
+FEH17
+FEW47
+FEW57
+FEX32
+FEX56
+FF403
+FF736
+FFD93
+FFR23
+FFR55
+FFV85
+FFX28
+FG043
+FG236
+FGR00
+FGX57
+FH657
+FHD08
+FHF37
+FHV89
+fj438
+FJG01
+FJR35
+FK857
+FKJ13
+FKP67
+FKR57
+FKT41
+FL080
+FL584
+FL669
+FLG00
+FLH14
+FLK02
+FM623
+FMA26
+FMC81
+FMG07
+FMP08
+FMQ08
+FMR16
+FNG76
+FNK11
+FNQ36
+FNQ40
+FP237
+FPG70
+FQ056
+FQD41
+FQF92
+FQL64
+FQR12
+FR035
+FR116
+Fr664
+FR791
+FRD48
+FRH86
+FRN27
+FRQ45
+FRT44
+FRV24
+FT095
+FT608
+FT774
+FTF34
+FTG55
+FTL32
+FTL60
+FTP37
+FTQ69
+FTT94
+FTY56
+FV528
+FV585
+FVC24
+FVD61
+FVJ67
+FVN59
+FVP34
+FVQ48
+FW047
+FW122
+FW252
+FW270
+FWC44
+FWE04
+FWR95
+FWW39
+FX237
+FXE88
+FXF99
+FXH76
+FXR02

.github/workflows/release.yml

@@ -300,8 +300,8 @@ jobs:
       ENABLE_BACKUP: True
       ENABLE_NOTIFICATIONS_INTERNAL: true
       ENABLE_NOTIFICATIONS_EXTERNAL: true
-      ENABLED_SYSTEMS: "Internal Test System, Apotec Ltd - Apotec CRM - Production, CrxPatientApp, nhsPrescriptionApp, Titan PSU Prod"
-      BLOCKED_SITE_ODS_CODES: "B3J1Z"
+      ENABLED_SYSTEMS: "Internal Test System"  # Workaround empty string handling
+      BLOCKED_SITE_ODS_CODES: "XXXXX"  # Workaround empty string handling
       NOTIFY_ROUTING_PLAN_ID: "e57fe5cc-0567-4854-abe2-b7dd9014a50c"
       NOTIFY_API_BASE_URL: "https://int.api.service.nhs.uk"
       MTLS_KEY: psu-mtls-1
@@ -383,8 +383,8 @@ jobs:
       ENABLE_BACKUP: True
       ENABLE_NOTIFICATIONS_INTERNAL: true
       ENABLE_NOTIFICATIONS_EXTERNAL: true
-      ENABLED_SYSTEMS: "Internal Test System"
-      BLOCKED_SITE_ODS_CODES: "XXXXX" # Workaround empty string handling
+      ENABLED_SYSTEMS: "Internal Test System"  # Workaround empty string handling
+      BLOCKED_SITE_ODS_CODES: "XXXXX"  # Workaround empty string handling
       NOTIFY_ROUTING_PLAN_ID: "e57fe5cc-0567-4854-abe2-b7dd9014a50c" # INT and PROD share a value
       NOTIFY_API_BASE_URL: "https://api.service.nhs.uk"
       MTLS_KEY: psu-mtls-1

packages/nhsNotifyLambda/src/utils/auth.ts

@@ -19,7 +19,7 @@ export async function tokenExchange(
   ])
 
   const API_KEY = apiKeyRaw?.toString().trim()
-  const PRIVATE_KEY = privateKeyRaw?.toString()
+  const PRIVATE_KEY = privateKeyRaw?.toString().trim()
   const KID = kidRaw?.toString().trim()
 
   if (!API_KEY || !PRIVATE_KEY || !KID) {

packages/nhsNotifyUpdateCallback/src/helpers.ts

@@ -61,8 +61,8 @@ export async function fetchSecrets(logger: Logger): Promise<void> {
     throw new Error("Failed to get secret values from the AWS secret manager")
   }
 
-  APP_ID = appIdValue.toString()
-  API_KEY = apiKeyValue.toString()
+  APP_ID = appIdValue.toString().trim()
+  API_KEY = apiKeyValue.toString().trim()
 
   // Check again to catch empty strings
   if (!appIdValue || !apiKeyValue) {

packages/updatePrescriptionStatus/src/updatePrescriptionStatus.ts

@@ -111,6 +111,20 @@ const lambdaHandler = async (event: APIGatewayProxyEvent): Promise<APIGatewayPro
 
   const dataItems = buildDataItems(requestEntries, xRequestID, applicationName)
 
+  // If the dataItems contain any invalid ODS codes, then return an error
+  const invalidODSCodes = dataItems
+    .filter(item => {
+      const odsCode = item.PharmacyODSCode
+      if (!odsCode || !/^[A-Z0-9]+$/.test(odsCode)) return true
+      return false
+    })
+    .map(it => it.PharmacyODSCode)
+  if (invalidODSCodes.length) {
+    logger.error("Received invalid ODS codes", {invalidODSCodes})
+    responseEntries = [badRequest(`Received invalid ODS codes: ${JSON.stringify(invalidODSCodes)}`)]
+    return response(400, responseEntries)
+  }
+
   // AEA-4317 (AEA-4365) - Intercept INT test prescriptions
   let testPrescription1Forced201 = false
   let testPrescriptionForcedError = false
@@ -318,7 +332,7 @@ export function buildDataItems(
       LastModified: task.lastModified!,
       LineItemID: task.focus!.identifier!.value!.toUpperCase(),
       PatientNHSNumber: task.for!.identifier!.value!,
-      PharmacyODSCode: task.owner!.identifier!.value!.toUpperCase(),
+      PharmacyODSCode: task.owner!.identifier!.value!.toUpperCase().trim(),
       PrescriptionID: task.basedOn![0].identifier!.value!.toUpperCase(),
       ...(repeatNo !== undefined && {RepeatNo: repeatNo}),
       RequestID: xRequestID,

packages/updatePrescriptionStatus/tests/testHandler.test.ts

@@ -217,6 +217,33 @@ describe("Integration tests for updatePrescriptionStatus handler", () => {
     )
   })
 
+  const testInvalidODSCode = async (invalidODSCode: string, expectedErrorCode: string) => {
+    const body = generateBody()
+    const entryResource: any = body.entry?.[0]?.resource
+    if (entryResource?.owner?.identifier) {
+      entryResource.owner.identifier.value = invalidODSCode
+    }
+
+    const event: APIGatewayProxyEvent = generateMockEvent(body)
+
+    const response: APIGatewayProxyResult = await handler(event, {})
+
+    expect(response.statusCode).toBe(400)
+    expect(JSON.parse(response.body)).toEqual(
+      bundleWrap([
+        badRequest(`Received invalid ODS codes: ["${expectedErrorCode}"]`)
+      ])
+    )
+  }
+
+  it("When the ODS code contains a special character, the handler returns a 400 error", async () => {
+    await testInvalidODSCode("AB1$%2", "AB1$%2")
+  })
+
+  it("When the ODS code is a space character, the handler returns a 400 error", async () => {
+    await testInvalidODSCode(" ", "")
+  })
+
   it("when dynamo call fails, expect 500 status code and internal server error message", async () => {
     const event = generateMockEvent(requestDispatched)
     dynamoDBMockSend.mockRejectedValue(new Error() as never)