NIAD-3112 - Regenerate the Authorization token before each GPC request (#761)

martin-nhs · adrianclay · web-flow · commit b9531431995a · 2024-06-17T11:47:48.000+01:00
* Regenerate the Authorization token before each GPC request That way the token is always "fresh". * [NIAD-3112] Minor adjustments. * [NIAD-3112] Add additional verifications to tests within GpcWebClientTest.java * [NIAD-3112] Modified verifications to be stricter in nature * [NIAD-3112] Update CHANGELOG.md to include fixes * [NIAD-3112] Added test to ensure tokens are present within Authorization header. * [NIAD-3112] Addressed PR comment https://github.com/NHSDigital/integration-adaptor-gp2gp/pull/758/files#r1639807041 and https://github.com/NHSDigital/integration-adaptor-gp2gp/pull/758/files#r1639804884 * [NIAD-3112] Tidied up logic. * [NIAD-3112] Tidied up logic. * [NIAD-3112] Improvements, renamed variable. * [NIAD-3112] Add comment. * [NIAD-3112] Enhance test readability, reduced clutter. * [NIAD-3112] Remove wildcard imports. --------- Co-authored-by: Adrian Clay <adrian@madetech.com>
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Fixed
+
+* The GPCC Adaptor JWT token is now refreshed with every request to prevent expiration issues during retries and ensure continuous, uninterrupted access; previously, we were seeing the JWT expire when a request failed and retried.
+
 ## [2.0.3] - 2024-05-20
 
 ### Fixed
diff --git a/service/src/intTest/java/uk/nhs/adaptors/gp2gp/gpc/GpcWebClientTest.java b/service/src/intTest/java/uk/nhs/adaptors/gp2gp/gpc/GpcWebClientTest.java
@@ -2,11 +2,17 @@
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.mockito.Mockito.doAnswer;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 import static org.springframework.http.HttpStatus.INTERNAL_SERVER_ERROR;
 import static org.springframework.http.HttpStatus.OK;
 
 import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Objects;
 import java.util.concurrent.TimeoutException;
 
 import org.junit.jupiter.api.AfterEach;
@@ -17,13 +23,15 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.mock.mockito.SpyBean;
+import org.springframework.http.HttpHeaders;
 import org.springframework.test.annotation.DirtiesContext;
 import org.springframework.test.context.junit.jupiter.SpringExtension;
 
 import okhttp3.mockwebserver.MockResponse;
 import okhttp3.mockwebserver.MockWebServer;
 import okhttp3.mockwebserver.SocketPolicy;
 import uk.nhs.adaptors.gp2gp.common.exception.RetryLimitReachedException;
+import uk.nhs.adaptors.gp2gp.gpc.builder.GpcTokenBuilder;
 import uk.nhs.adaptors.gp2gp.gpc.configuration.GpcConfiguration;
 import uk.nhs.adaptors.gp2gp.gpc.exception.GpcServerErrorException;
 import uk.nhs.adaptors.gp2gp.testcontainers.MongoDBExtension;
@@ -54,6 +62,8 @@ public class GpcWebClientTest {
     private String baseUrl;
     @SpyBean
     private GpcConfiguration gpcConfiguration;
+    @SpyBean
+    private GpcTokenBuilder gpcTokenBuilder;
     @Autowired
     private GpcClient gpcWebClient;
 
@@ -102,18 +112,17 @@ public void tearDown() throws IOException {
 
     @Test
     public void When_GetDocumentRecord_With_HttpStatus200_Expect_NoException() {
-
         mockWebServer.enqueue(STUB_OK);
 
         var taskDefinition = buildDocumentTaskDefinition();
         var result = gpcWebClient.getDocumentRecord(taskDefinition);
 
         assertThat(result).isEqualTo(TEST_BODY);
+        verify(gpcTokenBuilder).buildToken(taskDefinition.getFromOdsCode());
     }
 
     @Test
     public void When_GetDocumentRecord_With_HttpStatus5xx_Expect_RetryExceptionWithGpcServerErrorExceptionAsRootCause() {
-
         for (int i = 0; i < FOUR; i++) {
             mockWebServer.enqueue(STUB_INTERNAL_SERVER_ERROR);
         }
@@ -128,11 +137,11 @@ public void When_GetDocumentRecord_With_HttpStatus5xx_Expect_RetryExceptionWithG
 
 
         assertThat(mockWebServer.getRequestCount()).isEqualTo(FOUR);
+        verify(gpcTokenBuilder, times(FOUR)).buildToken(taskDefinition.getFromOdsCode());
     }
 
     @Test
     public void When_GetDocumentRecord_With_HttpStatus5xxAndNoBody_Expect_AlternativeExceptionMessage() {
-
         for (int i = 0; i < FOUR; i++) {
             mockWebServer.enqueue(STUB_INTERNAL_SERVER_ERROR_NO_BODY);
         }
@@ -147,11 +156,11 @@ public void When_GetDocumentRecord_With_HttpStatus5xxAndNoBody_Expect_Alternativ
 
 
         assertThat(mockWebServer.getRequestCount()).isEqualTo(FOUR);
+        verify(gpcTokenBuilder, times(FOUR)).buildToken(taskDefinition.getFromOdsCode());
     }
 
     @Test
     public void When_GetDocumentRecord_With_NoResponse_Expect_RetryExceptionWithTimeoutAsRootCause() {
-
         for (int i = 0; i < FOUR; i++) {
             mockWebServer.enqueue(STUB_NO_RESPONSE);
         }
@@ -164,18 +173,19 @@ public void When_GetDocumentRecord_With_NoResponse_Expect_RetryExceptionWithTime
             .hasMessage("Retries exhausted: 3/3");
 
         assertThat(mockWebServer.getRequestCount()).isEqualTo(FOUR);
+        verify(gpcTokenBuilder, times(FOUR)).buildToken(taskDefinition.getFromOdsCode());
     }
 
     @Test
     public void When_GetDocumentRecord_With_NoResponseBeforeHttpStatus200_Expect_RetryBeforeSuccess() {
-
         mockWebServer.enqueue(STUB_NO_RESPONSE);
         mockWebServer.enqueue(STUB_OK);
 
         var taskDefinition = buildDocumentTaskDefinition();
         var result = gpcWebClient.getDocumentRecord(taskDefinition);
 
         assertThat(result).isEqualTo(TEST_BODY);
+        verify(gpcTokenBuilder, times(2)).buildToken(taskDefinition.getFromOdsCode());
     }
 
     @Test
@@ -187,11 +197,11 @@ public void When_GetStructuredRecord_With_HttpStatus200_Expect_NoException() {
         var result = gpcWebClient.getStructuredRecord(taskDefinition);
 
         assertThat(result).isEqualTo(TEST_BODY);
+        verify(gpcTokenBuilder).buildToken(taskDefinition.getFromOdsCode());
     }
 
     @Test
     public void When_GetStructuredRecord_With_NoResponse_Expect_RetryExceptionWithTimeoutAsRootCause() {
-
         for (int i = 0; i < FOUR; i++) {
             mockWebServer.enqueue(STUB_NO_RESPONSE);
         }
@@ -204,11 +214,11 @@ public void When_GetStructuredRecord_With_NoResponse_Expect_RetryExceptionWithTi
             .hasMessage("Retries exhausted: 3/3");
 
         assertThat(mockWebServer.getRequestCount()).isEqualTo(FOUR);
+        verify(gpcTokenBuilder, times(FOUR)).buildToken(taskDefinition.getFromOdsCode());
     }
 
     @Test
     public void When_GetStructuredRecord_With_HttpStatus5xx_Expect_RetryWithGpcServerErrorExceptionAsRootCause() {
-
         for (int i = 0; i < FOUR; i++) {
             mockWebServer.enqueue(STUB_INTERNAL_SERVER_ERROR);
         }
@@ -222,6 +232,34 @@ public void When_GetStructuredRecord_With_HttpStatus5xx_Expect_RetryWithGpcServe
             .hasRootCauseMessage("The following error occurred during GPC request: " + TEST_BODY);
 
         assertThat(mockWebServer.getRequestCount()).isEqualTo(FOUR);
+        verify(gpcTokenBuilder, times(FOUR)).buildToken(taskDefinition.getFromOdsCode());
+    }
+
+    @Test
+    void When_GetStructuredRecord_With_HttpStatus200_Expect_AuthorizationHeaderToBePresent() throws InterruptedException {
+        // given
+        final GetGpcStructuredTaskDefinition taskDefinition = getStructuredDefinition();
+        final String fromOdsCode = taskDefinition.getFromOdsCode();
+        final Collection<String> tokens = new ArrayList<>();
+
+        // when
+        doAnswer(invocation -> {
+            final String tokenFromSpy = (String) invocation.callRealMethod();
+            tokens.add("Bearer %s".formatted(tokenFromSpy)); // Add initial token generated by gpcTokenBuilder.buildToken();
+            return tokenFromSpy;
+        }).when(gpcTokenBuilder).buildToken(fromOdsCode);
+
+        mockWebServer.enqueue(STUB_OK);
+        gpcWebClient.getStructuredRecord(taskDefinition);
+        tokens.add(Objects.requireNonNull(mockWebServer
+                        .takeRequest()
+                        .getHeader(HttpHeaders.AUTHORIZATION))); // Add token from Authorisation header (WebClient call).
+
+        // then
+        final long distinctTokens = tokens.stream().distinct().count();
+        verify(gpcTokenBuilder).buildToken(fromOdsCode);
+        assertThat(tokens).hasSize(2).doesNotContainNull();
+        assertThat(distinctTokens).isEqualTo(1);
     }
 
     private GetGpcDocumentTaskDefinition buildDocumentTaskDefinition() {
diff --git a/service/src/main/java/uk/nhs/adaptors/gp2gp/gpc/builder/GpcRequestBuilder.java b/service/src/main/java/uk/nhs/adaptors/gp2gp/gpc/builder/GpcRequestBuilder.java
@@ -18,9 +18,12 @@
 import org.springframework.stereotype.Component;
 import org.springframework.web.reactive.function.BodyInserter;
 import org.springframework.web.reactive.function.BodyInserters;
+import org.springframework.web.reactive.function.client.ClientRequest;
+import org.springframework.web.reactive.function.client.ExchangeFilterFunction;
 import org.springframework.web.reactive.function.client.WebClient;
 import org.springframework.web.reactive.function.client.WebClient.RequestBodySpec;
 import org.springframework.web.reactive.function.client.WebClient.RequestHeadersSpec;
+import reactor.core.publisher.Mono;
 import reactor.netty.http.client.HttpClient;
 import uk.nhs.adaptors.gp2gp.common.service.RequestBuilderService;
 import uk.nhs.adaptors.gp2gp.common.service.WebClientFilterService;
@@ -85,7 +88,7 @@ public RequestHeadersSpec<?> buildGetStructuredRecordRequest(
         GetGpcStructuredTaskDefinition structuredTaskDefinition, String gpcBaseUrl) {
         SslContext sslContext = requestBuilderService.buildSSLContext();
         HttpClient httpClient = buildHttpClient(sslContext);
-        WebClient client = buildWebClient(httpClient, gpcBaseUrl);
+        WebClient client = buildWebClient(httpClient, gpcBaseUrl, structuredTaskDefinition);
 
         WebClient.RequestBodySpec uri = client
             .method(HttpMethod.POST)
@@ -101,7 +104,7 @@ public RequestHeadersSpec<?> buildGetStructuredRecordRequest(
     public RequestHeadersSpec<?> buildGetDocumentRecordRequest(GetGpcDocumentTaskDefinition documentTaskDefinition, String gpcBaseUrl) {
         SslContext sslContext = requestBuilderService.buildSSLContext();
         HttpClient httpClient = buildHttpClient(sslContext);
-        WebClient client = buildWebClient(httpClient, gpcBaseUrl);
+        WebClient client = buildWebClient(httpClient, gpcBaseUrl, documentTaskDefinition);
 
         WebClient.RequestBodySpec uri = client
             .method(HttpMethod.GET)
@@ -115,14 +118,24 @@ private HttpClient buildHttpClient(SslContext sslContext) {
             .secure(t -> t.sslContext(sslContext));
     }
 
-    private WebClient buildWebClient(HttpClient httpClient, String baseUrl) {
+    private WebClient buildWebClient(HttpClient httpClient, String baseUrl, TaskDefinition taskDefinition) {
         return WebClient
             .builder()
             .codecs(cfg -> cfg.defaultCodecs().maxInMemorySize(gpcConfiguration.getMaxRequestSize()))
             .exchangeStrategies(requestBuilderService.buildExchangeStrategies())
             .clientConnector(new ReactorClientHttpConnector(httpClient))
             .filters(filters -> WebClientFilterService
                 .addWebClientFilters(filters, WebClientFilterService.RequestType.GPC, HttpStatus.OK, gpcClientConfig))
+            .filter(ExchangeFilterFunction.ofRequestProcessor(clientRequest -> Mono.defer(
+                () -> {
+                    final ClientRequest filteredRequest = ClientRequest
+                            .from(clientRequest)
+                            .header(AUTHORIZATION, AUTHORIZATION_BEARER + gpcTokenBuilder.buildToken(taskDefinition.getFromOdsCode()))
+                            .build();
+
+                    return Mono.just(filteredRequest);
+                })
+            ))
             .baseUrl(baseUrl)
             .defaultUriVariables(Collections.singletonMap("url", baseUrl))
             .build();
@@ -133,7 +146,6 @@ private RequestBodySpec buildRequestWithHeaders(RequestBodySpec uri, TaskDefinit
         return uri.accept(MediaType.valueOf(FHIR_CONTENT_TYPE))
             .header(SSP_INTERACTION_ID, interactionId)
             .header(SSP_TRACE_ID, taskDefinition.getConversationId())
-            .header(AUTHORIZATION, AUTHORIZATION_BEARER + gpcTokenBuilder.buildToken(taskDefinition.getFromOdsCode()))
             .header(CONTENT_TYPE, FHIR_CONTENT_TYPE);
     }
 
