CCM-11600: fix header lookup

masl2 · masl2 · commit 8214c5f389ee · 2025-11-12T13:29:17.000Z
diff --git a/lambdas/authorizer/src/__tests__/index.test.ts b/lambdas/authorizer/src/__tests__/index.test.ts
@@ -182,6 +182,32 @@ describe('Authorizer Lambda Function', () => {
         principalId: 'supplier-123',
       }));
     });
+
+    it('Should allow the request when the supplier ID case mismatches', async () => {
+      mockEvent.headers = { 'apim-application-id': 'Valid-Apim-Id' };
+      (mockedDeps.supplierRepo.getSupplierByApimId as jest.Mock).mockResolvedValue({
+        id: 'supplier-123',
+        apimApplicationId: 'valid-apim-id',
+        name: 'Test Supplier',
+        status: 'ENABLED'
+      });
+
+      const handler = createAuthorizerHandler(mockedDeps);
+      handler(mockEvent, mockContext, mockCallback);
+      await new Promise(process.nextTick);
+
+      expect(mockCallback).toHaveBeenCalledWith(null, expect.objectContaining({
+        policyDocument: expect.objectContaining({
+          Statement: [
+            expect.objectContaining({
+              Effect: 'Allow',
+            }),
+          ],
+        }),
+        principalId: 'supplier-123',
+      }));
+    });
+
   });
 
   it('Should deny the request the supplier is disabled', async () => {
diff --git a/lambdas/authorizer/src/authorizer.ts b/lambdas/authorizer/src/authorizer.ts
@@ -42,16 +42,16 @@ export function createAuthorizerHandler(deps: Deps): APIGatewayRequestAuthorizer
 
 async function getSupplier(headers: APIGatewayRequestAuthorizerEventHeaders | null, deps: Deps): Promise<Supplier> {
   const apimId = Object.entries(headers || {})
-    .find(([headerName, _]) => headerName.toLowerCase() === deps.env.APIM_APPLICATION_ID_HEADER)?.[1] as string;
+    .find(([headerName, _]) => headerName.toLowerCase() === deps.env.APIM_APPLICATION_ID_HEADER.toLowerCase())?.[1] as string;
 
-    if(!apimId) {
-      throw new Error('No APIM application ID found in header');
-    }
-    const supplier = await deps.supplierRepo.getSupplierByApimId(apimId);
-    if (supplier.status === 'DISABLED') {
+  if(!apimId) {
+    throw new Error('No APIM application ID found in header');
+  }
+  const supplier = await deps.supplierRepo.getSupplierByApimId(apimId);
+  if (supplier.status === 'DISABLED') {
       throw new Error(`Supplier ${supplier.id} is disabled`);
-    }
-    return supplier;
+  }
+  return supplier;
 }
 
 
