VIA-630 Fix updating token and session with age details from login profile

donna-belsey-nhs · donna-belsey-nhs · commit 5f4e0a583eab · 2025-12-15T14:12:40.000Z
diff --git a/src/utils/auth/callbacks/get-token.test.ts b/src/utils/auth/callbacks/get-token.test.ts
@@ -50,6 +50,7 @@ describe("getToken", () => {
 
   const profile: Profile = {
     nhs_number: "test_nhs_number",
+    birthdate: "1994-08-04",
   };
 
   const account = {
@@ -101,15 +102,14 @@ describe("getToken", () => {
       expectResultToMatchTokenWith(
         result,
         profile.nhs_number,
-        "",
+        profile.birthdate,
         "newIdToken",
         "new-apim-access-token",
         nowInSeconds + 1111,
         maxAgeInSeconds,
       );
     });
 
-    // todo: check the apim assertion still holds
     it("should return token with empty values on initial login if account and profile are undefined", async () => {
       const undefinedToken = {} as JWT;
       const undefinedAccount = {} as Account;
@@ -136,6 +136,7 @@ describe("getToken", () => {
       expect(result).toMatchObject({
         user: {
           nhs_number: "",
+          birthdate: "",
         },
         nhs_login: {
           id_token: "",
@@ -167,7 +168,7 @@ describe("getToken", () => {
 
       const result = await getToken(token, account, profile, maxAgeInSeconds);
 
-      expectResultToMatchTokenWith(result, profile.nhs_number, "","newIdToken", "", 0, maxAgeInSeconds);
+      expectResultToMatchTokenWith(result, profile.nhs_number, profile.birthdate, "newIdToken", "", 0, maxAgeInSeconds);
     });
   });
 
@@ -183,14 +184,14 @@ describe("getToken", () => {
 
       const result = await getToken(token, account, profile, maxAgeInSeconds);
 
-      expectResultToMatchTokenWith(result, profile.nhs_number, "", "newIdToken", "", 0, maxAgeInSeconds);
+      expectResultToMatchTokenWith(result, profile.nhs_number, profile.birthdate, "newIdToken", "", 0, maxAgeInSeconds);
     });
   });
 
   const expectResultToMatchTokenWith = (
     result: JWT | null,
     nhsNumber: string,
-    birthdate: string,
+    birthdate: string | null | undefined,
     idToken: string,
     apimToken: string,
     apimExpiresAt: number,
diff --git a/src/utils/auth/callbacks/get-token.ts b/src/utils/auth/callbacks/get-token.ts
@@ -10,22 +10,6 @@ import { JWT } from "next-auth/jwt";
 import { headers } from "next/headers";
 import { Logger } from "pino";
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
 const log: Logger = logger.child({ module: "utils-auth-callbacks-get-token" });
 
 /* from Next Auth documentation:
@@ -102,11 +86,11 @@ const fillMissingFieldsInTokenWithDefaultValues = (token: JWT, apimAccessCredent
   return {
     ...token,
     user: {
-      nhs_number: token.user?.nhs_number ?? "" as NhsNumber,
-      birthdate: token.user?.birthdate ?? "" as BirthDate,
+      nhs_number: token.user?.nhs_number ?? ("" as NhsNumber),
+      birthdate: token.user?.birthdate ?? ("" as BirthDate),
     },
     nhs_login: {
-      id_token: token.nhs_login?.id_token ?? "" as IdToken,
+      id_token: token.nhs_login?.id_token ?? ("" as IdToken),
     },
     apim: {
       access_token: (apimAccessCredentials ? apimAccessCredentials.accessToken : token.apim?.access_token) ?? "",
@@ -130,7 +114,7 @@ const updateTokenWithValuesFromAccountAndProfile = (
     ...token,
     user: {
       nhs_number: (profile.nhs_number ?? "") as NhsNumber,
-      birthdate: token.user?.birthdate ?? "" as BirthDate,
+      birthdate: (profile.birthdate ?? "") as BirthDate,
     },
     nhs_login: {
       id_token: (account.id_token ?? "") as IdToken,
diff --git a/src/utils/auth/callbacks/get-updated-session.test.ts b/src/utils/auth/callbacks/get-updated-session.test.ts
@@ -1,12 +1,21 @@
 import { NhsNumber } from "@src/models/vaccine";
 import { getUpdatedSession } from "@src/utils/auth/callbacks/get-updated-session";
-import { AccessToken, Age, ExpiresAt, IdToken } from "@src/utils/auth/types";
+import { AccessToken, Age, BirthDate, ExpiresAt, IdToken } from "@src/utils/auth/types";
+import { calculateAge } from "@src/utils/date";
 import { Session } from "next-auth";
 import { JWT } from "next-auth/jwt";
 
 jest.mock("sanitize-data", () => ({ sanitize: jest.fn() }));
+jest.mock("@src/utils/date", () => ({ calculateAge: jest.fn() }));
+
+const mockBirthdate = "1995-01-01";
+const mockCalculatedAge = 30;
 
 describe("getSession", () => {
+  beforeEach(() => {
+    (calculateAge as jest.Mock).mockImplementation(() => mockCalculatedAge);
+  });
+
   it("updates session user fields from token when both defined", () => {
     const session: Session = {
       user: {
@@ -19,7 +28,7 @@ describe("getSession", () => {
     const token = {
       user: {
         nhs_number: "test-nhs-number" as NhsNumber,
-        birthdate: "1995-01-01",
+        birthdate: mockBirthdate as BirthDate,
       },
       nhs_login: {
         id_token: "test-id-token" as IdToken,
@@ -33,7 +42,7 @@ describe("getSession", () => {
     const result: Session = getUpdatedSession(session, token);
 
     expect(result.user.nhs_number).toBe("test-nhs-number");
-    expect(result.user.age).toBe(30);
+    expect(result.user.age).toBe(mockCalculatedAge);
   });
 
   it("does not update session if token.user is missing", () => {
@@ -61,6 +70,7 @@ describe("getSession", () => {
     const token = {
       user: {
         nhs_number: "test-nhs-number",
+        birthdate: mockBirthdate,
       },
     } as JWT;
 
diff --git a/src/utils/auth/types.d.ts b/src/utils/auth/types.d.ts
@@ -51,6 +51,7 @@ declare module "next-auth" {
 
   interface Profile {
     nhs_number: string;
+    birthdate: string;
   }
 }
 
diff --git a/src/utils/date.ts b/src/utils/date.ts
@@ -2,7 +2,7 @@ import { Age } from "@src/utils/auth/types";
 import { differenceInYears } from "date-fns";
 import { z } from "zod";
 
-export const UtcDateFromStringSchema = z
+const UtcDateFromStringSchema = z
   .string()
   .regex(/^\d{4}-\d{2}-\d{2}$/, "Date must be in YYYY-MM-DD format")
   .transform((str, ctx) => {
@@ -18,7 +18,7 @@ export const UtcDateFromStringSchema = z
     return date;
   });
 
-export const UtcDateTimeFromStringSchema = z.iso
+const UtcDateTimeFromStringSchema = z.iso
   .datetime({ offset: true, message: "Invalid ISO 8601 datetime format" })
   .transform((str, ctx) => {
     const date = new Date(str);
@@ -31,9 +31,11 @@ export const UtcDateTimeFromStringSchema = z.iso
     return date;
   });
 
-export const calculateAge = (date: string): Age => {
+const calculateAge = (date: string): Age => {
   const today: Date = new Date();
   const birthDate: Date = UtcDateFromStringSchema.parse(date);
 
   return differenceInYears(today, birthDate) as Age;
 };
+
+export { UtcDateFromStringSchema, UtcDateTimeFromStringSchema, calculateAge };
diff --git a/src/utils/logger.ts b/src/utils/logger.ts
@@ -13,6 +13,7 @@ const REDACT_KEYS: string[] = [
   "ELIGIBILITY_API_KEY",
   "accessToken",
   "access_token",
+  "age",
   "apiKey",
   "apikey",
   "api_key",

Original file line number	Diff line number	Diff line change
`@@ -51,6 +51,7 @@ declare module "next-auth" {`
`51`	`51`
`52`	`52`	`interface Profile {`
`53`	`53`	`nhs_number: string;`
	`54`	`+ birthdate: string;`
`54`	`55`	`}`
`55`	`56`	`}`
`56`	`57`