Module: Common::Client::Concerns::MHVJwtSessionClient

Extended by:

ActiveSupport::Concern

Includes:

MhvLockedSessionClient

Included in:

MhvFhirSessionClient

Defined in:

lib/common/client/concerns/mhv_jwt_session_client.rb

Overview

Module mixin for overriding session logic when making MHV JWT-based client connections

See Also:

• MedicalRecords::Client

Constant Summary

Constants included from MhvLockedSessionClient

Common::Client::Concerns::MhvLockedSessionClient::LOCK_RETRY_DELAY, Common::Client::Concerns::MhvLockedSessionClient::RETRY_ATTEMPTS

Instance Attribute Summary

• #session ⇒ Hash readonly

  A hash containing session information.

Instance Method Summary

• #auth_body ⇒ Object private
• #auth_headers ⇒ Object private
• #decode_jwt_token(jwt_token) ⇒ Object private
• #extract_token_expiration(decoded_token) ⇒ Object private
• #get_jwt_from_headers(res_headers) ⇒ Object private
• #get_session ⇒ MedicalRecords::ClientSession protected

  Creates a session.

• #get_session_tagged ⇒ Object private
• #jwt_bearer_token ⇒ Object private
• #patient_fhir_id ⇒ Object private
• #session_config_key ⇒ Object protected
• #user_key ⇒ Object protected
• #validate_session_params ⇒ Object private

Methods included from MhvLockedSessionClient

#authenticate, #initialize, #invalid?, #lock_and_get_session, #obtain_redis_lock, #refresh_session, #release_redis_lock

Methods included from SentryLogging

#log_exception_to_sentry, #log_message_to_sentry, #non_nil_hash?, #normalize_level, #rails_logger, #set_sentry_metadata

Instance Attribute Details

#session ⇒ Hash (readonly)

Returns a hash containing session information.

Returns:

• (Hash) —

  a hash containing session information

# File 'lib/common/client/concerns/mhv_jwt_session_client.rb', line 16

module MHVJwtSessionClient
  extend ActiveSupport::Concern
  include MhvLockedSessionClient

  protected

  def user_key
    session.icn
  end

  def session_config_key
    :mhv_mr_fhir_session_lock
  end

  ##
  # Creates a session
  #
  # @return [MedicalRecords::ClientSession] if a MR (Medical Records) client session
  #
  def get_session
    # Call the security endpoint to create an MHV session and get a JWT token.
    validate_session_params
    env = get_session_tagged
    jwt = get_jwt_from_headers(env.response_headers)
    decoded_token = decode_jwt_token(jwt)
    session.expires_at = extract_token_expiration(decoded_token)
    @session.class.new(user_id: session.user_id.to_s,
                       icn: session.icn,
                       expires_at: session.expires_at,
                       token: jwt)
  end

  private

  def get_jwt_from_headers(res_headers)
    # Get the JWT token from the headers
    auth_header = res_headers['authorization']
    if auth_header.nil? || !auth_header.start_with?('Bearer ')
      raise Common::Exceptions::Unauthorized, detail: 'Invalid or missing authorization header'
    end

    auth_header.sub('Bearer ', '')
  end

  def decode_jwt_token(jwt_token)
    JWT.decode jwt_token, nil, false
  rescue JWT::DecodeError
    raise Common::Exceptions::Unauthorized, detail: 'Invalid JWT token'
  end

  def extract_token_expiration(decoded_token)
    if decoded_token[0]['exp']
      Time.zone.at(decoded_token[0]['exp']).to_datetime.rfc2822
    else
      1.hour.from_now.rfc2822
    end
  end

  def validate_session_params
    raise Common::Exceptions::ParameterMissing, 'ICN' if session.icn.blank?
    raise Common::Exceptions::ParameterMissing, 'MHV MR App Token' if config.app_token.blank?
  end

  def get_session_tagged
    Sentry.set_tags(error: 'mhv_session')
    env = perform(:post, '/mhvapi/security/v1/login', auth_body, auth_headers)
    Sentry.get_current_scope.tags.delete(:error)
    env
  end

  def jwt_bearer_token
    session.token
  end

  def patient_fhir_id
    session.patient_fhir_id
  end

  def auth_headers
    config.base_request_headers.merge('Content-Type' => 'application/json')
  end

  def auth_body
    {
      'appId' => '103',
      'appToken' => config.app_token,
      'subject' => session.icn,
      'userType' => 'PATIENT',
      'authParams' => {
        'PATIENT_SUBJECT_ID_TYPE' => 'ICN'
      }
    }
  end
end

Instance Method Details

#auth_body ⇒ Object (private)

# File 'lib/common/client/concerns/mhv_jwt_session_client.rb', line 98

def auth_body
  {
    'appId' => '103',
    'appToken' => config.app_token,
    'subject' => session.icn,
    'userType' => 'PATIENT',
    'authParams' => {
      'PATIENT_SUBJECT_ID_TYPE' => 'ICN'
    }
  }
end

#auth_headers ⇒ Object (private)

# File 'lib/common/client/concerns/mhv_jwt_session_client.rb', line 94

def auth_headers
  config.base_request_headers.merge('Content-Type' => 'application/json')
end

#decode_jwt_token(jwt_token) ⇒ Object (private)

# File 'lib/common/client/concerns/mhv_jwt_session_client.rb', line 60

def decode_jwt_token(jwt_token)
  JWT.decode jwt_token, nil, false
rescue JWT::DecodeError
  raise Common::Exceptions::Unauthorized, detail: 'Invalid JWT token'
end

#extract_token_expiration(decoded_token) ⇒ Object (private)

# File 'lib/common/client/concerns/mhv_jwt_session_client.rb', line 66

def extract_token_expiration(decoded_token)
  if decoded_token[0]['exp']
    Time.zone.at(decoded_token[0]['exp']).to_datetime.rfc2822
  else
    1.hour.from_now.rfc2822
  end
end

#get_jwt_from_headers(res_headers) ⇒ Object (private)

# File 'lib/common/client/concerns/mhv_jwt_session_client.rb', line 50

def get_jwt_from_headers(res_headers)
  # Get the JWT token from the headers
  auth_header = res_headers['authorization']
  if auth_header.nil? || !auth_header.start_with?('Bearer ')
    raise Common::Exceptions::Unauthorized, detail: 'Invalid or missing authorization header'
  end

  auth_header.sub('Bearer ', '')
end

#get_session ⇒ MedicalRecords::ClientSession (protected)

Creates a session

Returns:

• (MedicalRecords::ClientSession) —

  if a MR (Medical Records) client session

# File 'lib/common/client/concerns/mhv_jwt_session_client.rb', line 35

def get_session
  # Call the security endpoint to create an MHV session and get a JWT token.
  validate_session_params
  env = get_session_tagged
  jwt = get_jwt_from_headers(env.response_headers)
  decoded_token = decode_jwt_token(jwt)
  session.expires_at = extract_token_expiration(decoded_token)
  @session.class.new(user_id: session.user_id.to_s,
                     icn: session.icn,
                     expires_at: session.expires_at,
                     token: jwt)
end

#get_session_tagged ⇒ Object (private)

# File 'lib/common/client/concerns/mhv_jwt_session_client.rb', line 79

def get_session_tagged
  Sentry.set_tags(error: 'mhv_session')
  env = perform(:post, '/mhvapi/security/v1/login', auth_body, auth_headers)
  Sentry.get_current_scope.tags.delete(:error)
  env
end

#jwt_bearer_token ⇒ Object (private)

# File 'lib/common/client/concerns/mhv_jwt_session_client.rb', line 86

def jwt_bearer_token
  session.token
end

#patient_fhir_id ⇒ Object (private)

# File 'lib/common/client/concerns/mhv_jwt_session_client.rb', line 90

def patient_fhir_id
  session.patient_fhir_id
end

#session_config_key ⇒ Object (protected)

# File 'lib/common/client/concerns/mhv_jwt_session_client.rb', line 26

def session_config_key
  :mhv_mr_fhir_session_lock
end

#user_key ⇒ Object (protected)

# File 'lib/common/client/concerns/mhv_jwt_session_client.rb', line 22

def user_key
  session.icn
end

#validate_session_params ⇒ Object (private)

Raises:

• (Common::Exceptions::ParameterMissing)

# File 'lib/common/client/concerns/mhv_jwt_session_client.rb', line 74

def validate_session_params
  raise Common::Exceptions::ParameterMissing, 'ICN' if session.icn.blank?
  raise Common::Exceptions::ParameterMissing, 'MHV MR App Token' if config.app_token.blank?
end