VED-812: Use Python library for TOTP code generation. Add some missing env vars.

mfjarvis · mfjarvis · commit eff76afaa6ef · 2025-10-14T15:31:43.000+01:00
diff --git a/.github/workflows/run-e2e-tests.yml b/.github/workflows/run-e2e-tests.yml
@@ -61,35 +61,27 @@ jobs:
           cache: "poetry"
 
       - name: Install e2e test dependencies
-        run: poetry install --no-root
         working-directory: e2e
-
-      - name: Install oathtool
-        run: sudo apt-get update && sudo apt-get install -y oathtool
+        run: poetry install --no-root
 
       - name: Get Apigee access token
+        working-directory: e2e
         env:
           APIGEE_PASSWORD: ${{ secrets.APIGEE_PASSWORD }}
           APIGEE_BASIC_AUTH_TOKEN: ${{ secrets.APIGEE_BASIC_AUTH_TOKEN }}
           APIGEE_OTP_KEY: ${{ secrets.APIGEE_OTP_KEY }}
         run: |
-          CODE=$(oathtool --totp -b "$APIGEE_OTP_KEY")
+          CODE=$(poetry run python utils/compute_totp_code.py "$APIGEE_OTP_KEY")
           echo "::add-mask::$CODE"
+
           echo "Requesting access token from Apigee..."
           response=$(curl -s -X POST "https://login.apigee.com/oauth/token" \
             -H "Content-Type: application/x-www-form-urlencoded" \
             -H "Accept: application/json;charset=utf-8" \
             -H "Authorization: Basic $APIGEE_BASIC_AUTH_TOKEN" \
             -d "username=$APIGEE_USERNAME&password=$APIGEE_PASSWORD&mfa_token=$CODE&grant_type=password")
 
-          # TODO - REMOVE
-          echo "$response"
-
-          token=$(echo "$response" | jq -e -r '.access_token')
-          if [[ -z "$token" ]]; then
-            echo "Failed to retrieve access token"
-            exit 1
-          fi
+          token=$(jq -e -r '.access_token' <<<"$response")
           echo "::add-mask::$token"
           echo "APIGEE_ACCESS_TOKEN=$token" >> $GITHUB_ENV
 
@@ -98,4 +90,11 @@ jobs:
         run: |
           export PROXY_NAME=immunisation-fhir-api-internal-dev
           export SERVICE_BASE_PATH=immunisation-fhir-api/FHIR/R4
+
+          export IMMS_DELTA_TABLE_NAME=imms-internal-dev-delta
+          export AWS_DOMAIN_NAME=internal-dev.imms.dev.vds.platform.nhs.uk
+          export DYNAMODB_TABLE_NAME=imms-internal-dev-imms-events
+          export AWS_SQS_QUEUE_NAME=imms-internal-dev-delta-dlq
+          export AWS_SNS_TOPIC_NAME=imms-internal-dev-delta-sns
+
           make run-immunization
diff --git a/e2e/poetry.lock b/e2e/poetry.lock
diff --git a/e2e/pyproject.toml b/e2e/pyproject.toml
@@ -17,6 +17,7 @@ requests = "^2.32.5"
 pyjwt = "^2.10.1"
 cryptography = "^42.0.3"
 lxml = "~4.9.0"
+oath = "^1.4.4"
 
 [build-system]
 requires = ["poetry-core"]
diff --git a/e2e/utils/compute_totp_code.py b/e2e/utils/compute_totp_code.py
@@ -0,0 +1,13 @@
+import base64
+import sys
+
+import oath
+
+
+def compute_totp_code(key_base32: str) -> str:
+    key_hex = base64.b32decode(key_base32).hex()
+    return oath.totp(key_hex)
+
+
+if __name__ == "__main__":
+    print(compute_totp_code(sys.argv[1]))
