Introduce proofing level check

Signed-off-by: Connor Avery <[email protected]>

Author: connoravo-nhs

.github/workflows/release.yml

@@ -100,7 +100,7 @@ jobs:
       STACK_NAME: pfp-sandbox
       TARGET_ENVIRONMENT: dev
       APIGEE_ENVIRONMENT: internal-dev-sandbox
-      ENABLE_MUTUAL_TLS: true
+      ENABLE_MUTUAL_TLS: false
       MTLS_KEY: prescriptions-for-patients-mtls-1
       BUILD_ARTIFACT: packaged_sandbox_code
       TRUSTSTORE_FILE: pfp-sandbox-truststore.pem

packages/getMyPrescriptions/src/extractNHSNumber.ts

@@ -1,3 +1,5 @@
+import type {EventHeaders} from "./types"
+
 export class NHSNumberValidationError extends Error {
   constructor(msg: string) {
     super(msg)
@@ -7,6 +9,14 @@ export class NHSNumberValidationError extends Error {
   }
 }
 
+export function extractNHSNumberFromHeaders(headers: EventHeaders): string {
+  if (headers["nhs-login-identity-proofing-level"]) {
+    return validateNHSNumber(headers["nhsd-nhslogin-user"]!)
+  } else {
+    return extractNHSNumber(headers["nhsd-nhslogin-user"])
+  }
+}
+
 export function extractNHSNumber(nhsloginUser: string | undefined): string {
   if (nhsloginUser === undefined || nhsloginUser === null) {
     throw new NHSNumberValidationError("nhsdloginUser not passed in")

packages/getMyPrescriptions/src/getMyPrescriptions.ts

@@ -23,11 +23,12 @@ import {
   TraceIDs,
   ResponseFunc
 } from "./responses"
-import {extractNHSNumber, NHSNumberValidationError, validateNHSNumber} from "./extractNHSNumber"
+import {extractNHSNumberFromHeaders, NHSNumberValidationError, validateNHSNumber} from "./extractNHSNumber"
 import {deepCopy, hasTimedOut, jobWithTimeout} from "./utils"
 import {buildStatusUpdateData, shouldGetStatusUpdates} from "./statusUpdate"
 import {extractOdsCodes, isolateOperationOutcome} from "./fhirUtils"
 import {pfpConfig, PfPConfig} from "@pfp-common/utilities"
+import type {EventHeaders} from "./types"
 
 const LOG_LEVEL = process.env.LOG_LEVEL as LogLevel
 export const logger = new Logger({serviceName: "getMyPrescriptions", logLevel: LOG_LEVEL})
@@ -41,8 +42,6 @@ const SERVICE_SEARCH_TIMEOUT_MS = 5_000
 export const DELEGATED_ACCESS_HDR = "delegatedaccess"
 export const DELEGATED_ACCESS_SUB_HDR = "x-nhsd-subject-nhs-number"
 
-type EventHeaders = Record<string, string | undefined>
-
 export type GetMyPrescriptionsEvent = {
   rawHeaders: Record<string, string>
   headers: EventHeaders
@@ -149,6 +148,7 @@ async function eventHandler(
       params.pfpConfig, statusUpdateData
     )
   } catch (error) {
+    logger.info("Error caught in getMyPrescriptions handler", {error})
     if (error instanceof NHSNumberValidationError) {
       return INVALID_NHS_NUMBER_RESPONSE
     } else {
@@ -162,7 +162,7 @@ export function adaptHeadersToSpine(headers: EventHeaders): EventHeaders {
   logger.debug("Testing if delegated access enabled", {headers})
   if (!headers[DELEGATED_ACCESS_HDR] || headers[DELEGATED_ACCESS_HDR].toLowerCase() !== "true") {
     logger.info("Subject access request detected")
-    headers["nhsNumber"] = extractNHSNumber(headers["nhsd-nhslogin-user"])
+    headers["nhsNumber"] = extractNHSNumberFromHeaders(headers)
   } else {
     logger.info("Delegated access request detected")
     let subjectNHSNumber = headers[DELEGATED_ACCESS_SUB_HDR]

packages/specification/prescriptions-for-patients.yaml

@@ -430,6 +430,8 @@ x-nhsd-apim:
   target-identity:
     - name: nhs-login-nhs-number
       header: "nhsd-nhslogin-user"
+    - name: nhs-login-identity-proofing-level
+      header: "nhs-login-identity-proofing-level"
   ratelimiting:
     proxy:
       limit: 20000