INTYGFV-16799: Add (back!) legacy launch controllers. Removed unneces…

…sary legacy code. (#1101)
sklintyg · Sep 2, 2024 · 99676b8 · 99676b8
1 parent ba65e8b
commit 99676b8
Show file tree

Hide file tree

Showing 11 changed files with 431 additions and 18 deletions.
diff --git a/web/src/main/java/se/inera/intyg/webcert/web/auth/WebcertAuthenticationSuccessHandler.java b/web/src/main/java/se/inera/intyg/webcert/web/auth/WebcertAuthenticationSuccessHandler.java
@@ -76,7 +76,7 @@ public void onAuthenticationSuccess(HttpServletRequest request,
         clearAuthenticationAttributes(request);
 
         // Use the DefaultSavedRequest URL
-        String targetUrl = savedRequest.getRedirectUrl();
+        String targetUrl = savedRequest.getRedirectUrl().replace("localhost", webcertDomainName);
         String targetUri = ((DefaultSavedRequest) savedRequest).getRequestURI();
 
         // If original req was POST for djupintegration, we need to extract parameters
@@ -113,7 +113,6 @@ public void onAuthenticationSuccess(HttpServletRequest request,
             );
 
             webCertUser.setParameters(integrationParameters);
-            targetUrl = targetUrl.replaceAll("(?<=https://).+(?=" + REGEXP_REQUESTURI_DJUPINTEGRATION + ")", webcertDomainName);
 
             // Modify so the redirect is to /visa/intyg/{intygsId}/saved which ignores reading the params above from
             // GET params or POST body.

diff --git a/...java/se/inera/intyg/webcert/web/web/controller/integration/BaseIntegrationController.java b/...java/se/inera/intyg/webcert/web/web/controller/integration/BaseIntegrationController.java
@@ -34,17 +34,10 @@ public abstract class BaseIntegrationController {
 
     protected WebCertUserService webCertUserService;
 
-    private String urlBaseTemplate;
-
     protected AuthoritiesValidator authoritiesValidator = new AuthoritiesValidator();
 
     // api
 
-    @Autowired
-    public void setUrlBaseTemplate(String urlBaseTemplate) {
-        this.urlBaseTemplate = urlBaseTemplate;
-    }
-
     @Autowired
     public void setWebCertUserService(WebCertUserService webCertUserService) {
         this.webCertUserService = webCertUserService;
@@ -59,10 +52,6 @@ public void setWebCertUserService(WebCertUserService webCertUserService) {
 
     protected abstract UserOriginType getGrantedRequestOrigin();
 
-    protected String getUrlBaseTemplate() {
-        return urlBaseTemplate;
-    }
-
     protected WebCertUserService getWebCertUserService() {
         return webCertUserService;
     }

diff --git a/.../intyg/webcert/web/web/controller/legacyintegration/CertificateIntegrationController.java b/.../intyg/webcert/web/web/controller/legacyintegration/CertificateIntegrationController.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) 2024 Inera AB (http://www.inera.se)
+ *
+ * This file is part of sklintyg (https://github.com/sklintyg).
+ *
+ * sklintyg is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * sklintyg is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package se.inera.intyg.webcert.web.web.controller.legacyintegration;
+
+import io.swagger.annotations.Api;
+import javax.ws.rs.Path;
+import javax.ws.rs.core.MediaType;
+import se.inera.intyg.infra.security.common.model.UserOriginType;
+
+/**
+ * Controller to enable a landsting user to access certificates directly from a link.
+ *
+ * This controller inherits from the FragaSvarUthoppController which manages
+ * request for UTHOPP links. This inheritance is somewhat confusing but it make
+ * sense if we look at it from a functional perspective.
+ */
+// CHECKSTYLE:OFF LineLength
+@Path("/basic-certificate")
+@Api(value = "/webcert/web/user/basic-certificate", produces = MediaType.APPLICATION_JSON)
+public class CertificateIntegrationController extends FragaSvarUthoppController {
+    // CHECKSTYLE:ON LineLength
+
+    @Override
+    protected UserOriginType getGrantedRequestOrigin() {
+        return UserOriginType.NORMAL;
+    }
+
+}
diff --git a/...e/inera/intyg/webcert/web/web/controller/legacyintegration/FragaSvarUthoppController.java b/...e/inera/intyg/webcert/web/web/controller/legacyintegration/FragaSvarUthoppController.java
@@ -0,0 +1,160 @@
+/*
+ * Copyright (C) 2024 Inera AB (http://www.inera.se)
+ *
+ * This file is part of sklintyg (https://github.com/sklintyg).
+ *
+ * sklintyg is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * sklintyg is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package se.inera.intyg.webcert.web.web.controller.legacyintegration;
+
+import com.google.common.base.Strings;
+import io.swagger.annotations.Api;
+import java.util.Arrays;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.Response.Status;
+import javax.ws.rs.core.UriInfo;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import se.inera.intyg.infra.monitoring.annotation.PrometheusTimeMethod;
+import se.inera.intyg.infra.security.authorities.CommonAuthoritiesResolver;
+import se.inera.intyg.infra.security.common.model.AuthoritiesConstants;
+import se.inera.intyg.infra.security.common.model.UserOriginType;
+import se.inera.intyg.webcert.common.service.exception.WebCertServiceErrorCodeEnum;
+import se.inera.intyg.webcert.common.service.exception.WebCertServiceException;
+import se.inera.intyg.webcert.web.service.intyg.IntygService;
+import se.inera.intyg.webcert.web.service.user.dto.WebCertUser;
+import se.inera.intyg.webcert.web.web.controller.facade.util.ReactUriFactory;
+import se.inera.intyg.webcert.web.web.controller.integration.BaseIntegrationController;
+
+/**
+ * Controller to enable an external user to access certificates directly from a
+ * link in an external patient care system.
+ *
+ * @author nikpet
+ */
+// CHECKSTYLE:OFF LineLength
+@Path("/certificate")
+@Api(value = "webcert web user certificate (Fråga/Svar uthopp)", description = "REST API för fråga/svar via uthoppslänk, landstingspersonal", produces = MediaType.APPLICATION_JSON)
+public class FragaSvarUthoppController extends BaseIntegrationController {
+// CHECKSTYLE:ON LineLength
+
+    private static final Logger LOG = LoggerFactory.getLogger(FragaSvarUthoppController.class);
+
+    private static final String[] GRANTED_ROLES = new String[]{AuthoritiesConstants.ROLE_ADMIN, AuthoritiesConstants.ROLE_LAKARE,
+        AuthoritiesConstants.ROLE_TANDLAKARE, AuthoritiesConstants.ROLE_SJUKSKOTERSKA, AuthoritiesConstants.ROLE_BARNMORSKA};
+    private static final UserOriginType GRANTED_ORIGIN = UserOriginType.NORMAL;
+
+    @Autowired
+    private IntygService intygService;
+
+    @Autowired
+    private ReactUriFactory reactUriFactory;
+
+    @Autowired
+    private CommonAuthoritiesResolver commonAuthoritiesResolver;
+
+    /**
+     * Fetches a certificate from IT and then performs a redirect to the view that displays
+     * the certificate. Can be used for all types of certificates.
+     *
+     * @param intygId The id of the certificate to view.
+     */
+    @GET
+    @Path("/{type}/{intygId}/questions")
+    @PrometheusTimeMethod
+    public Response redirectToIntyg(@Context UriInfo uriInfo,
+        @PathParam("type") String type,
+        @PathParam("intygId") String intygId,
+        @QueryParam("enhet") String enhetHsaId) {
+
+        super.validateParameter("type", type);
+        super.validateParameter("intygId", intygId);
+        super.validateAuthorities();
+        this.validateAndChangeEnhet(intygId, enhetHsaId);
+
+        LOG.debug("Redirecting to view intyg {} of type {}", intygId, type);
+        return buildRedirectResponse(uriInfo, intygId);
+    }
+
+    @GET
+    @Path("/{intygId}/questions")
+    @PrometheusTimeMethod
+    public Response redirectToIntyg(@Context UriInfo uriInfo,
+        @PathParam("intygId") String intygId,
+        @QueryParam("enhet") String enhetHsaId) {
+
+        super.validateParameter("intygId", intygId);
+        super.validateAuthorities();
+        this.validateAndChangeEnhet(intygId, enhetHsaId);
+
+        LOG.debug("Redirecting to view intyg {}", intygId);
+        return buildRedirectResponse(uriInfo, intygId);
+    }
+
+    @Override
+    protected String[] getGrantedRoles() {
+        return GRANTED_ROLES;
+    }
+
+    @Override
+    protected UserOriginType getGrantedRequestOrigin() {
+        return GRANTED_ORIGIN;
+    }
+
+    /**
+     * Makes sure we change (if possible) the current vardEnhet to the one either specified in the URL or to the one
+     * the intyg was issued on.
+     */
+    private void validateAndChangeEnhet(String intygsId, String enhetHsaId) {
+        WebCertUser user = webCertUserService.getUser();
+        if (user == null) {
+            LOG.error("No user in session, cannot continue");
+            throw new WebCertServiceException(WebCertServiceErrorCodeEnum.AUTHORIZATION_PROBLEM,
+                "No user session, cannot view questions for intyg " + intygsId);
+        }
+
+        if (!Strings.nullToEmpty(enhetHsaId).trim().isEmpty()) {
+            // Link contained not empty ?enhet= query param, try to set on user!
+            if (!user.changeValdVardenhet(enhetHsaId)) {
+                throw new WebCertServiceException(WebCertServiceErrorCodeEnum.AUTHORIZATION_PROBLEM,
+                    "User does not have access to enhet " + enhetHsaId);
+            }
+        } else {
+            // No enhet on link (legacy fallback for pre WC 5.0 links)
+            String enhet = intygService.getIssuingVardenhetHsaId(intygsId, null);
+            if (!user.changeValdVardenhet(enhet)) {
+                throw new WebCertServiceException(WebCertServiceErrorCodeEnum.AUTHORIZATION_PROBLEM,
+                    "User does not have access to enhet " + enhetHsaId);
+            }
+        }
+
+        user.setFeatures(
+            commonAuthoritiesResolver.getFeatures(
+                Arrays.asList(user.getValdVardenhet().getId(), user.getValdVardgivare().getId())
+            )
+        );
+    }
+
+    private Response buildRedirectResponse(UriInfo uriInfo, String certificateId) {
+        final var uri = reactUriFactory.uriForCertificate(uriInfo, certificateId);
+        return Response.status(Status.SEE_OTHER).location(uri).build();
+    }
+}
diff --git a/...rt/web/web/controller/legacyintegration/PrivatePractitionerFragaSvarUthoppController.java b/...rt/web/web/controller/legacyintegration/PrivatePractitionerFragaSvarUthoppController.java
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2024 Inera AB (http://www.inera.se)
+ *
+ * This file is part of sklintyg (https://github.com/sklintyg).
+ *
+ * sklintyg is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * sklintyg is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package se.inera.intyg.webcert.web.web.controller.legacyintegration;
+
+import static se.inera.intyg.infra.security.common.model.AuthoritiesConstants.ROLE_PRIVATLAKARE;
+
+import io.swagger.annotations.Api;
+import javax.ws.rs.Path;
+import javax.ws.rs.core.MediaType;
+import se.inera.intyg.infra.security.common.model.UserOriginType;
+
+/**
+ * Created by eriklupander on 2015-10-08.
+ */
+// CHECKSTYLE:OFF LineLength
+@Path("/pp-certificate")
+@Api(value = "webcert web user pp-certificate (Fråga/Svar, uthopp privatläkare)", description = "REST API för fråga/svar via uthoppslänk, privatläkare", produces = MediaType.APPLICATION_JSON)
+public class PrivatePractitionerFragaSvarUthoppController extends FragaSvarUthoppController {
+// CHECKSTYLE:ON LineLength
+
+    @Override
+    protected String[] getGrantedRoles() {
+        return new String[]{ROLE_PRIVATLAKARE};
+    }
+
+    @Override
+    protected UserOriginType getGrantedRequestOrigin() {
+        return UserOriginType.NORMAL;
+    }
+
+}
diff --git a/web/src/main/webapp/WEB-INF/integration-cxf-servlet.xml b/web/src/main/webapp/WEB-INF/integration-cxf-servlet.xml
@@ -52,12 +52,10 @@
 
   <bean id="intygIntegrationController"
       class="se.inera.intyg.webcert.web.web.controller.integration.IntygIntegrationController">
-    <property name="urlBaseTemplate" value="${certificate.view.url.base}" />
   </bean>
 
   <bean id="userIntegrationController"
       class="se.inera.intyg.webcert.web.web.controller.integration.UserIntegrationController">
-    <property name="urlBaseTemplate" value="${certificate.view.url.base}" />
   </bean>
 
 </beans>
diff --git a/web/src/main/webapp/WEB-INF/uthopp-integration-cxf-servlet.xml b/web/src/main/webapp/WEB-INF/uthopp-integration-cxf-servlet.xml
@@ -38,6 +38,9 @@
 
   <jaxrs:server address="/">
     <jaxrs:serviceBeans>
+      <ref bean="fragaSvarUthoppController" />
+      <ref bean="privatePractitionerFragaSvarUthoppController" />
+      <ref bean="certificateIntegrationController" />
       <ref bean="launchIntegrationController" />
     </jaxrs:serviceBeans>
     <jaxrs:providers>
@@ -49,9 +52,20 @@
     </jaxrs:extensionMappings>
   </jaxrs:server>
 
+  <bean id="fragaSvarUthoppController"
+      class="se.inera.intyg.webcert.web.web.controller.legacyintegration.FragaSvarUthoppController">
+  </bean>
+
+  <bean id="privatePractitionerFragaSvarUthoppController"
+      class="se.inera.intyg.webcert.web.web.controller.legacyintegration.PrivatePractitionerFragaSvarUthoppController">
+  </bean>
+
+  <bean id="certificateIntegrationController"
+      class="se.inera.intyg.webcert.web.web.controller.legacyintegration.CertificateIntegrationController">
+  </bean>
+
   <bean id="launchIntegrationController"
       class="se.inera.intyg.webcert.web.web.controller.integration.LaunchIntegrationController">
-    <property name="urlBaseTemplate" value="${certificate.view.url.base}" />
   </bean>
 
 </beans>
diff --git a/...rc/test/java/se/inera/intyg/webcert/web/auth/WebcertAuthenticationSuccessHandlerTest.java b/...rc/test/java/se/inera/intyg/webcert/web/auth/WebcertAuthenticationSuccessHandlerTest.java
@@ -47,6 +47,7 @@
 import org.springframework.security.web.RedirectStrategy;
 import org.springframework.security.web.savedrequest.DefaultSavedRequest;
 import org.springframework.security.web.savedrequest.RequestCache;
+import org.springframework.test.util.ReflectionTestUtils;
 import se.inera.intyg.webcert.common.service.exception.WebCertServiceException;
 import se.inera.intyg.webcert.web.service.user.dto.WebCertUser;
 import se.inera.intyg.webcert.web.web.controller.integration.IntygIntegrationController;
@@ -88,6 +89,8 @@ public void init() {
         when(savedRequest.getMethod()).thenReturn("GET");
         when(savedRequest.getRedirectUrl()).thenReturn(URL);
 
+        ReflectionTestUtils.setField(testee, "webcertDomainName", "webcert.test.se");
+
         Authentication auth = mock(Authentication.class);
         when(auth.getPrincipal()).thenReturn(user);
         SecurityContextHolder.getContext().setAuthentication(auth);

diff --git a/...se/inera/intyg/webcert/web/web/controller/integration/IntygIntegrationControllerTest.java b/...se/inera/intyg/webcert/web/web/controller/integration/IntygIntegrationControllerTest.java
@@ -327,8 +327,6 @@ void setup() {
                 .thenReturn(createPrepareRedirectToIntyg());
             when(authoritiesResolver.getFeatures(any())).thenReturn(new HashMap<>());
 
-            intygIntegrationController.setUrlBaseTemplate("/");
-
             final var session = mock(HttpSession.class);
             when(httpServletRequest.getSession()).thenReturn(session);
             when(httpServletRequest.getSession().getId()).thenReturn("12345");