[BACK-3923/BACK-3925/BACK-3901] Various fixes for Abbott and twiist integrations

Summary merger including three pre-approved PRs and a merge of the latest master:
- #888
- #889
- #890

Details:
- Fix unexpected Abbott OAuth error code
- Refactor twiist data ingestion to find TidepoolLinkID via ProviderSession
- Refactor ListUserProviderSessions to ListProviderSessions
- Add UserID to ProviderSessionFilter
- Add LastDataSetID to Source
- Update Abbott submodule
- Update dependencies to resolve vulnerabilities
- Update Go version to resolve vulnerabilities
- Remove duplicate data within ingested data
- https://tidepool.atlassian.net/browse/BACK-3925
- https://tidepool.atlassian.net/browse/BACK-3923
- https://tidepool.atlassian.net/browse/BACK-3901

Author: darinkrauss

.travis.yml

@@ -5,7 +5,7 @@ dist: jammy
 language: go
 
 go:
-  - 1.24.3
+  - 1.24.5
 
 services:
   - docker

Dockerfile

@@ -1,4 +1,4 @@
-ARG GOLANG_VERSION=1.24.3-alpine
+ARG GOLANG_VERSION=1.24.5-alpine
 ARG MONGO_VERSION=6.0.23
 ARG PLUGIN_VISIBILITY=public
 

auth/client/client.go

@@ -72,33 +72,6 @@ func NewClient(cfg *Config, authorizeAs platform.AuthorizeAs, name string, lgr l
 	}, nil
 }
 
-func (c *Client) ListUserProviderSessions(ctx context.Context, userID string, filter *auth.ProviderSessionFilter, pagination *page.Pagination) (auth.ProviderSessions, error) {
-	if ctx == nil {
-		return nil, errors.New("context is missing")
-	}
-	if userID == "" {
-		return nil, errors.New("user id is missing")
-	}
-	if filter == nil {
-		filter = auth.NewProviderSessionFilter()
-	} else if err := structureValidator.New(log.LoggerFromContext(ctx)).Validate(filter); err != nil {
-		return nil, errors.Wrap(err, "filter is invalid")
-	}
-	if pagination == nil {
-		pagination = page.NewPagination()
-	} else if err := structureValidator.New(log.LoggerFromContext(ctx)).Validate(pagination); err != nil {
-		return nil, errors.Wrap(err, "pagination is invalid")
-	}
-
-	url := c.client.ConstructURL("v1", "users", userID, "provider_sessions")
-	providerSessions := auth.ProviderSessions{}
-	if err := c.client.RequestData(ctx, http.MethodGet, url, []request.RequestMutator{filter, pagination}, nil, &providerSessions); err != nil {
-		return nil, err
-	}
-
-	return providerSessions, nil
-}
-
 func (c *Client) CreateUserProviderSession(ctx context.Context, userID string, create *auth.ProviderSessionCreate) (*auth.ProviderSession, error) {
 	if ctx == nil {
 		return nil, errors.New("context is missing")
@@ -133,6 +106,30 @@ func (c *Client) DeleteUserProviderSessions(ctx context.Context, userID string)
 	return c.client.RequestData(ctx, http.MethodDelete, url, nil, nil, nil)
 }
 
+func (c *Client) ListProviderSessions(ctx context.Context, filter *auth.ProviderSessionFilter, pagination *page.Pagination) (auth.ProviderSessions, error) {
+	if ctx == nil {
+		return nil, errors.New("context is missing")
+	}
+	if filter == nil {
+		filter = auth.NewProviderSessionFilter()
+	} else if err := structureValidator.New(log.LoggerFromContext(ctx)).Validate(filter); err != nil {
+		return nil, errors.Wrap(err, "filter is invalid")
+	}
+	if pagination == nil {
+		pagination = page.NewPagination()
+	} else if err := structureValidator.New(log.LoggerFromContext(ctx)).Validate(pagination); err != nil {
+		return nil, errors.Wrap(err, "pagination is invalid")
+	}
+
+	url := c.client.ConstructURL("v1", "provider_sessions")
+	providerSessions := auth.ProviderSessions{}
+	if err := c.client.RequestData(ctx, http.MethodGet, url, []request.RequestMutator{filter, pagination}, nil, &providerSessions); err != nil {
+		return nil, err
+	}
+
+	return providerSessions, nil
+}
+
 func (c *Client) GetProviderSession(ctx context.Context, id string) (*auth.ProviderSession, error) {
 	if ctx == nil {
 		return nil, errors.New("context is missing")

auth/provider_session.go

@@ -13,6 +13,7 @@ import (
 	"github.com/tidepool-org/platform/request"
 	"github.com/tidepool-org/platform/structure"
 	structureValidator "github.com/tidepool-org/platform/structure/validator"
+	"github.com/tidepool-org/platform/user"
 )
 
 const (
@@ -26,16 +27,17 @@ func ProviderTypes() []string {
 }
 
 type ProviderSessionAccessor interface {
-	ListUserProviderSessions(ctx context.Context, userID string, filter *ProviderSessionFilter, pagination *page.Pagination) (ProviderSessions, error)
 	CreateUserProviderSession(ctx context.Context, userID string, create *ProviderSessionCreate) (*ProviderSession, error)
 	DeleteUserProviderSessions(ctx context.Context, userID string) error
 
+	ListProviderSessions(ctx context.Context, filter *ProviderSessionFilter, pagination *page.Pagination) (ProviderSessions, error)
 	GetProviderSession(ctx context.Context, id string) (*ProviderSession, error)
 	UpdateProviderSession(ctx context.Context, id string, update *ProviderSessionUpdate) (*ProviderSession, error)
 	DeleteProviderSession(ctx context.Context, id string) error
 }
 
 type ProviderSessionFilter struct {
+	UserID     *string `json:"userId,omitempty"`
 	Type       *string `json:"type,omitempty"`
 	Name       *string `json:"name,omitempty"`
 	ExternalID *string `json:"externalId,omitempty"`
@@ -46,19 +48,24 @@ func NewProviderSessionFilter() *ProviderSessionFilter {
 }
 
 func (p *ProviderSessionFilter) Parse(parser structure.ObjectParser) {
+	p.UserID = parser.String("userId")
 	p.Type = parser.String("type")
 	p.Name = parser.String("name")
 	p.ExternalID = parser.String("externalId")
 }
 
 func (p *ProviderSessionFilter) Validate(validator structure.Validator) {
+	validator.String("userId", p.UserID).Using(user.IDValidator)
 	validator.String("type", p.Type).OneOf(ProviderTypes()...)
 	validator.String("name", p.Name).Using(ProviderNameValidator)
 	validator.String("externalId", p.ExternalID).Using(ProviderExternalIDValidator)
 }
 
 func (p *ProviderSessionFilter) MutateRequest(req *http.Request) error {
 	parameters := map[string]string{}
+	if p.UserID != nil {
+		parameters["userId"] = *p.UserID
+	}
 	if p.Type != nil {
 		parameters["type"] = *p.Type
 	}

auth/service/api/v1/oauth.go

@@ -94,9 +94,10 @@ func (r *Router) UserOAuthProviderAuthorizeDelete(res rest.ResponseWriter, req *
 	}
 
 	providerSessionFilter := auth.NewProviderSessionFilter()
+	providerSessionFilter.UserID = pointer.FromString(userID)
 	providerSessionFilter.Type = pointer.FromString(prvdr.Type())
 	providerSessionFilter.Name = pointer.FromString(prvdr.Name())
-	providerSessions, err := r.AuthClient().ListUserProviderSessions(ctx, userID, providerSessionFilter, page.NewPagination())
+	providerSessions, err := r.AuthClient().ListProviderSessions(ctx, providerSessionFilter, page.NewPagination())
 	if err != nil {
 		responder.Error(http.StatusInternalServerError, err)
 		return
@@ -169,7 +170,7 @@ func (r *Router) OAuthProviderRedirectGet(res rest.ResponseWriter, req *rest.Req
 		log.LoggerFromContext(ctx).WithError(err).Error("unable to delete restricted token after oauth redirect")
 	}
 
-	if errorCode := query.Get("error"); errorCode == oauth.ErrorAccessDenied {
+	if errorCode := query.Get("error"); prvdr.IsErrorCodeAccessDenied(errorCode) {
 		html := fmt.Sprintf(htmlOnRedirect, redirectURLDeclined.String())
 		r.htmlOnRedirect(res, req, html)
 		return
@@ -179,9 +180,10 @@ func (r *Router) OAuthProviderRedirectGet(res rest.ResponseWriter, req *rest.Req
 	}
 
 	filter := auth.NewProviderSessionFilter()
+	filter.UserID = pointer.FromString(restrictedToken.UserID)
 	filter.Type = pointer.FromString(prvdr.Type())
 	filter.Name = pointer.FromString(prvdr.Name())
-	providerSessions, err := r.AuthClient().ListUserProviderSessions(ctx, restrictedToken.UserID, filter, nil)
+	providerSessions, err := r.AuthClient().ListProviderSessions(ctx, filter, nil)
 	if err != nil {
 		r.htmlOnError(res, req, err)
 		return
@@ -258,7 +260,7 @@ func (r *Router) oauthProviderRestrictedToken(req *http.Request, prvdr oauth.Pro
 func (r *Router) authenticateRestrictedToken(req *http.Request, prvdr oauth.Provider, restrictedTokenID string, state string, errorCode string) (*auth.RestrictedToken, error) {
 	if restrictedToken, err := r.AuthClient().GetRestrictedToken(req.Context(), restrictedTokenID); err != nil {
 		return nil, err
-	} else if restrictedToken != nil && restrictedToken.Authenticates(req) && (state == prvdr.CalculateStateForRestrictedToken(restrictedToken.ID) || errorCode == oauth.ErrorAccessDenied) {
+	} else if restrictedToken != nil && restrictedToken.Authenticates(req) && (state == prvdr.CalculateStateForRestrictedToken(restrictedToken.ID) || prvdr.IsErrorCodeAccessDenied(errorCode)) {
 		return restrictedToken, nil
 	} else {
 		return nil, nil

auth/service/api/v1/provider_session.go

@@ -16,9 +16,9 @@ import (
 
 func (r *Router) ProviderSessionsRoutes() []*rest.Route {
 	return []*rest.Route{
-		rest.Get("/v1/users/:userId/provider_sessions", serviceApi.RequireServer(r.ListUserProviderSessions)),
 		rest.Post("/v1/users/:userId/provider_sessions", serviceApi.RequireServer(r.CreateUserProviderSession)),
 		rest.Delete("/v1/users/:userId/provider_sessions", serviceApi.RequireServer(r.DeleteUserProviderSessions)),
+		rest.Get("/v1/provider_sessions", serviceApi.RequireServer(r.ListProviderSessions)),
 		rest.Get("/v1/provider_sessions/:id", serviceApi.RequireServer(r.GetProviderSession)),
 		rest.Put("/v1/provider_sessions/:id", serviceApi.RequireServer(r.UpdateProviderSession)),
 		rest.Delete("/v1/provider_sessions/:id", serviceApi.RequireServer(r.DeleteProviderSession)),
@@ -28,7 +28,7 @@ func (r *Router) ProviderSessionsRoutes() []*rest.Route {
 	}
 }
 
-func (r *Router) ListUserProviderSessions(res rest.ResponseWriter, req *rest.Request) {
+func (r *Router) CreateUserProviderSession(res rest.ResponseWriter, req *rest.Request) {
 	responder := request.MustNewResponder(res, req)
 
 	userID := req.PathParam("userId")
@@ -37,23 +37,22 @@ func (r *Router) ListUserProviderSessions(res rest.ResponseWriter, req *rest.Req
 		return
 	}
 
-	filter := auth.NewProviderSessionFilter()
-	pagination := page.NewPagination()
-	if err := request.DecodeRequestQuery(req.Request, filter, pagination); err != nil {
+	create := auth.NewProviderSessionCreate()
+	if err := request.DecodeRequestBody(req.Request, create); err != nil {
 		responder.Error(http.StatusBadRequest, err)
 		return
 	}
 
-	providerSessions, err := r.AuthClient().ListUserProviderSessions(req.Context(), userID, filter, pagination)
+	providerSession, err := r.AuthClient().CreateUserProviderSession(req.Context(), userID, create)
 	if err != nil {
 		responder.Error(http.StatusInternalServerError, err)
 		return
 	}
 
-	responder.Data(http.StatusOK, providerSessions)
+	responder.Data(http.StatusCreated, providerSession)
 }
 
-func (r *Router) CreateUserProviderSession(res rest.ResponseWriter, req *rest.Request) {
+func (r *Router) DeleteUserProviderSessions(res rest.ResponseWriter, req *rest.Request) {
 	responder := request.MustNewResponder(res, req)
 
 	userID := req.PathParam("userId")
@@ -62,36 +61,31 @@ func (r *Router) CreateUserProviderSession(res rest.ResponseWriter, req *rest.Re
 		return
 	}
 
-	create := auth.NewProviderSessionCreate()
-	if err := request.DecodeRequestBody(req.Request, create); err != nil {
-		responder.Error(http.StatusBadRequest, err)
-		return
-	}
-
-	providerSession, err := r.AuthClient().CreateUserProviderSession(req.Context(), userID, create)
-	if err != nil {
+	if err := r.AuthClient().DeleteUserProviderSessions(req.Context(), userID); err != nil {
 		responder.Error(http.StatusInternalServerError, err)
 		return
 	}
 
-	responder.Data(http.StatusCreated, providerSession)
+	responder.Empty(http.StatusNoContent)
 }
 
-func (r *Router) DeleteUserProviderSessions(res rest.ResponseWriter, req *rest.Request) {
+func (r *Router) ListProviderSessions(res rest.ResponseWriter, req *rest.Request) {
 	responder := request.MustNewResponder(res, req)
 
-	userID := req.PathParam("userId")
-	if userID == "" {
-		responder.Error(http.StatusBadRequest, request.ErrorParameterMissing("userId"))
+	filter := auth.NewProviderSessionFilter()
+	pagination := page.NewPagination()
+	if err := request.DecodeRequestQuery(req.Request, filter, pagination); err != nil {
+		responder.Error(http.StatusBadRequest, err)
 		return
 	}
 
-	if err := r.AuthClient().DeleteUserProviderSessions(req.Context(), userID); err != nil {
+	providerSessions, err := r.AuthClient().ListProviderSessions(req.Context(), filter, pagination)
+	if err != nil {
 		responder.Error(http.StatusInternalServerError, err)
 		return
 	}
 
-	responder.Empty(http.StatusNoContent)
+	responder.Data(http.StatusOK, providerSessions)
 }
 
 func (r *Router) GetProviderSession(res rest.ResponseWriter, req *rest.Request) {

auth/service/service/client.go

@@ -10,6 +10,7 @@ import (
 	"github.com/tidepool-org/platform/log"
 	"github.com/tidepool-org/platform/page"
 	"github.com/tidepool-org/platform/platform"
+	"github.com/tidepool-org/platform/pointer"
 	"github.com/tidepool-org/platform/provider"
 	structureValidator "github.com/tidepool-org/platform/structure/validator"
 )
@@ -53,11 +54,6 @@ func NewClient(cfg *authClient.ExternalConfig, authorizeAs platform.AuthorizeAs,
 	}, nil
 }
 
-func (c *Client) ListUserProviderSessions(ctx context.Context, userID string, filter *auth.ProviderSessionFilter, pagination *page.Pagination) (auth.ProviderSessions, error) {
-	repository := c.authStore.NewProviderSessionRepository()
-	return repository.ListUserProviderSessions(ctx, userID, filter, pagination)
-}
-
 func (c *Client) CreateUserProviderSession(ctx context.Context, userID string, create *auth.ProviderSessionCreate) (*auth.ProviderSession, error) {
 	prvdr, err := c.providerFactory.Get(create.Type, create.Name)
 	if err != nil {
@@ -97,7 +93,10 @@ func (c *Client) DeleteUserProviderSessions(ctx context.Context, userID string)
 	repository := c.authStore.NewProviderSessionRepository()
 
 	// TODO: Add pagination if/when we ever get over one page of provider sessions
-	if providerSessions, err := repository.ListUserProviderSessions(ctx, userID, nil, nil); err != nil {
+	filter := &auth.ProviderSessionFilter{
+		UserID: pointer.FromString(userID),
+	}
+	if providerSessions, err := repository.ListProviderSessions(ctx, filter, nil); err != nil {
 		logger.WithError(err).Warn("Unable to list user provider sessions")
 	} else {
 		for _, providerSession := range providerSessions {
@@ -153,6 +152,11 @@ func (c *Client) DeleteAllProviderSessions(ctx context.Context, filter auth.Prov
 	return nil
 }
 
+func (c *Client) ListProviderSessions(ctx context.Context, filter *auth.ProviderSessionFilter, pagination *page.Pagination) (auth.ProviderSessions, error) {
+	repository := c.authStore.NewProviderSessionRepository()
+	return repository.ListProviderSessions(ctx, filter, pagination)
+}
+
 func (c *Client) GetProviderSession(ctx context.Context, id string) (*auth.ProviderSession, error) {
 	repository := c.authStore.NewProviderSessionRepository()
 	return repository.GetProviderSession(ctx, id)