New: [AEA-6125] - enable delegated access in Proxygen

.github/workflows/run_regression_tests.yml

@@ -79,8 +79,8 @@ jobs:
           GITHUB-TOKEN: ${{ steps.generate-token.outputs.token }}
         run: |
           if [[ "$TARGET_ENVIRONMENT" != "prod" && "$TARGET_ENVIRONMENT" != "ref" ]]; then
-            REGRESSION_TEST_REPO_TAG="v3.8.19" # This is the tag or branch of the regression test code to run, usually a version tag like v3.1.0 or a branch name
-            REGRESSION_TEST_WORKFLOW_TAG="v3.8.19" # This is the tag of the github workflow to run, usually the same as REGRESSION_TEST_REPO_TAG
+            REGRESSION_TEST_REPO_TAG="v3.8.30" # This is the tag or branch of the regression test code to run, usually a version tag like v3.1.0 or a branch name
+            REGRESSION_TEST_WORKFLOW_TAG="v3.8.30" # This is the tag of the github workflow to run, usually the same as REGRESSION_TEST_REPO_TAG
 
             if [[ -z "$REGRESSION_TEST_REPO_TAG" || -z "$REGRESSION_TEST_WORKFLOW_TAG" ]]; then
               echo "Error: One or both tag variables are not set" >&2
@@ -121,8 +121,8 @@ jobs:
           GITHUB-TOKEN: ${{ steps.generate-token.outputs.token }}
         run: |
           if [[ "$TARGET_ENVIRONMENT" != "prod" && "$TARGET_ENVIRONMENT" != "ref" ]]; then
-            REGRESSION_TEST_REPO_TAG="v3.8.19" # This is the tag or branch of the regression test code to run, usually a version tag like v3.1.0 or a branch name
-            REGRESSION_TEST_WORKFLOW_TAG="v3.8.19" # This is the tag of the github workflow to run, usually the same as REGRESSION_TEST_REPO_TAG
+            REGRESSION_TEST_REPO_TAG="v3.8.30" # This is the tag or branch of the regression test code to run, usually a version tag like v3.1.0 or a branch name
+            REGRESSION_TEST_WORKFLOW_TAG="v3.8.30" # This is the tag of the github workflow to run, usually the same as REGRESSION_TEST_REPO_TAG
 
             if [[ -z "$REGRESSION_TEST_REPO_TAG" || -z "$REGRESSION_TEST_WORKFLOW_TAG" ]]; then
               echo "Error: One or both tag variables are not set" >&2

README.md

@@ -201,7 +201,7 @@ Note - the command will keep running and should not be stopped.
 You can now call this api - note getMyPrescriptions requires an nhsd-nhslogin-user header
 
 ```bash
-curl --header "nhsd-nhslogin-user: P9:9446041481" --header "x-request-id: $(uuid)" \
+curl --header "nhsd-nhslogin-user: P9:9446041481" --header "x-request-id: $(cat /proc/sys/kernel/random/uuid)" \
   https://${stack_name}.dev.eps.national.nhs.uk/Bundle
 ```
 

packages/getMyPrescriptions/src/getMyPrescriptions.ts

@@ -44,7 +44,7 @@ const servicesCache: ServicesCache = {}
 const LAMBDA_TIMEOUT_MS = 10_000
 const SPINE_TIMEOUT_MS = 9_000
 const SERVICE_SEARCH_TIMEOUT_MS = 5_000
-export const DELEGATED_ACCESS_HDR = "delegatedaccess"
+export const DELEGATED_ACCESS_HDR = "x-nhsd-delegated-access"
 export const DELEGATED_ACCESS_SUB_HDR = "x-nhsd-subject-nhs-number"
 
 export type GetMyPrescriptionsEvent = {
@@ -192,15 +192,15 @@ export function overrideNonProductionHeadersForProxygenRequests(headers: EventHe
 
 export function adaptHeadersToSpine(headers: EventHeaders): EventHeaders {
   // AEA-3344 introduces delegated access using different headers
-  logger.debug("Testing if delegated access enabled", {headers})
   if (!headers[DELEGATED_ACCESS_HDR] || headers[DELEGATED_ACCESS_HDR].toLowerCase() !== "true") {
-    logger.info("Subject access request detected")
+    logger.info("Delegated access NOT enabled", {headers})
     headers["nhsNumber"] = extractNHSNumberFromHeaders(headers)
   } else {
-    logger.info("Delegated access request detected")
+    logger.info("Delegated access enabled", {headers})
     let subjectNHSNumber = headers[DELEGATED_ACCESS_SUB_HDR]
     if (!subjectNHSNumber) {
-      throw new NHSNumberValidationError(`${DELEGATED_ACCESS_SUB_HDR} header not present for delegated access`)
+      logger.info(`${DELEGATED_ACCESS_SUB_HDR} header missing, assuming non-delegated access request`, {headers})
+      subjectNHSNumber = extractNHSNumberFromHeaders(headers)
     }
     if (subjectNHSNumber.includes(":")) {
       logger.warn(`${DELEGATED_ACCESS_SUB_HDR} is not expected to be prefixed by proofing level, but is, removing it`)

packages/getMyPrescriptions/tests/adaptHeadersToSpine.test.ts

@@ -37,15 +37,13 @@ describe("adaptHeadersToSpine", () => {
 
       expect(result.nhsNumber).toBe("9912003071")
       expect(result["nhsd-nhslogin-user"]).toBe("P9:9912003071")
-      expect(mockLoggerInfo).toHaveBeenCalledWith("Subject access request detected")
       expect(mockLoggerInfo).toHaveBeenCalledWith(
         "after setting subject nhsNumber",
         {headers: result}
       )
     })
 
     it("should process subject access when delegated access is false", () => {
-      const mockLoggerInfo = jest.spyOn(Logger.prototype, "info")
       const headers: EventHeaders = {
         [DELEGATED_ACCESS_HDR]: "false",
         "nhsd-nhslogin-user": "P9:9912003071"
@@ -55,7 +53,6 @@ describe("adaptHeadersToSpine", () => {
 
       expect(result.nhsNumber).toBe("9912003071")
       expect(result["nhsd-nhslogin-user"]).toBe("P9:9912003071")
-      expect(mockLoggerInfo).toHaveBeenCalledWith("Subject access request detected")
     })
 
     it("should preserve other headers in subject access", () => {
@@ -87,7 +84,6 @@ describe("adaptHeadersToSpine", () => {
 
       expect(result.nhsNumber).toBe("9912003071")
       expect(result["nhsd-nhslogin-user"]).toBe("P9:9999681778")
-      expect(mockLoggerInfo).toHaveBeenCalledWith("Delegated access request detected")
       expect(mockLoggerInfo).toHaveBeenNthCalledWith(2,
         "after setting subject nhsNumber",
         {headers: result}
@@ -111,17 +107,17 @@ describe("adaptHeadersToSpine", () => {
       expect(result["nhsd-nhslogin-user"]).toBe("P9:9999681778")
     })
 
-    it("should throw NHSNumberValidationError when subject header is missing for delegated access", () => {
+    it("should perform non-delegated request when subject header is missing for delegated access", () => {
       const headers: EventHeaders = {
         [DELEGATED_ACCESS_HDR]: "true",
         "nhsd-nhslogin-user": "P9:9999681778"
         // Missing DELEGATED_ACCESS_SUB_HDR
       }
 
-      expect(() => adaptHeadersToSpine(headers))
-        .toThrow(NHSNumberValidationError)
-      expect(() => adaptHeadersToSpine(headers))
-        .toThrow(`${DELEGATED_ACCESS_SUB_HDR} header not present for delegated access`)
+      const result = adaptHeadersToSpine(headers)
+
+      expect(result.nhsNumber).toBe("9999681778")
+      expect(result["nhsd-nhslogin-user"]).toBe("P9:9999681778")
     })
   })
 
@@ -152,7 +148,6 @@ describe("adaptHeadersToSpine", () => {
 
   describe("edge cases", () => {
     it("should be case insensitive for delegated access flag", () => {
-      const mockLoggerInfo = jest.spyOn(Logger.prototype, "info")
       const headers: EventHeaders = {
         [DELEGATED_ACCESS_HDR]: "TrUe", // permit any case
         "nhsd-nhslogin-user": "P9:9999681778",
@@ -163,7 +158,6 @@ describe("adaptHeadersToSpine", () => {
 
       // Should be treated as delegated
       expect(result.nhsNumber).toBe("2219685934")
-      expect(mockLoggerInfo).toHaveBeenCalledWith("Delegated access request detected")
     })
 
     it("should handle missing headers gracefully by throwing appropriate errors", () => {

packages/specification/prescriptions-for-patients.yaml

@@ -416,6 +416,7 @@ components:
 x-nhsd-apim:
   temporary: false
   monitoring: true
+  delegatedaccess: true
   access:
     - title: User Restricted
       grants:
@@ -439,6 +440,9 @@ x-nhsd-apim:
     - name: developer.app.id
       required: false
       header: "nhsd-application-id"
+    - name: X-NHSD-Subject-NHS-Number
+      required: false
+      header: "x-nhsd-subject-nhs-number"
   ratelimiting:
     proxy:
       limit: 20000