fix: decode organisation details from access_token for Uniform auth…

…entication (#2571)
theopensystemslab · Dec 15, 2023 · cf8a6ab · cf8a6ab
1 parent 0864da6
commit cf8a6ab
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 15 deletions.
diff --git a/api.planx.uk/modules/send/uniform/uniform.ts b/api.planx.uk/modules/send/uniform/uniform.ts
@@ -1,11 +1,12 @@
 import axios, { AxiosRequestConfig, isAxiosError } from "axios";
 import { NextFunction, Request, Response } from "express";
-import { Buffer } from "node:buffer";
 import FormData from "form-data";
 import fs from "fs";
-import { markSessionAsSubmitted } from "../../saveAndReturn/service/utils";
 import { gql } from "graphql-request";
+import jwt from "jsonwebtoken";
+import { Buffer } from "node:buffer";
 import { $api } from "../../../client";
+import { markSessionAsSubmitted } from "../../saveAndReturn/service/utils";
 import { buildSubmissionExportZip } from "../utils/exportZip";
 
 interface UniformClient {
@@ -21,8 +22,6 @@ interface UniformSubmissionResponse {
 
 interface RawUniformAuthResponse {
   access_token: string;
-  "organisation-name": string;
-  "organisation-id": string;
 }
 
 interface UniformAuthResponse {
@@ -204,19 +203,21 @@ async function authenticate({
     throw Error("Failed to authenticate to Uniform - no access token returned");
   }
 
-  if (
-    !response.data["organisation-name"] ||
-    !response.data["organisation-id"]
-  ) {
+  // Decode access_token to get "organisation-name" & "organisation-id"
+  const decodedAccessToken = jwt.decode(response.data.access_token) as any;
+  const organisation = decodedAccessToken?.["organisation-name"];
+  const organisationId = decodedAccessToken?.["organisation-id"];
+
+  if (!organisation || !organisationId) {
     throw Error(
-      "Failed to authenticate to Uniform - no organisation details returned",
+      "Failed to authenticate to Uniform - failed to decode organisation details from access_token",
     );
   }
 
   const uniformAuthResponse: UniformAuthResponse = {
     token: response.data.access_token,
-    organisation: response.data["organisation-name"],
-    organisationId: response.data["organisation-id"],
+    organisation: organisation,
+    organisationId: organisationId,
   };
 
   return uniformAuthResponse;

diff --git a/e2e/tests/api-driven/src/invite-to-pay/mocks/server-mocks.yaml b/e2e/tests/api-driven/src/invite-to-pay/mocks/server-mocks.yaml
@@ -11,7 +11,7 @@
         "messsage": "MOCKED RESPONSE"
       }
 
-# UNIFORM token generation
+# UNIFORM token generation, access_token is mock JWT with "organisation-name" & "organisation-id" properties
 - request:
     method: POST
     path: /
@@ -21,9 +21,9 @@
       Content-Type: application/json
     body: >
       {
-        "access_token": "TEST_TOKEN",
-        "organisation-name": "MOCKED",
-        "organisation-id": "MOCKED"
+        "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJvcmdhbmlzYXRpb24tbmFtZSI6Ik1PQ0tFRCIsIm9yZ2FuaXNhdGlvbi1pZCI6Ik1PQ0tFRCJ9.p0DE8MUc9obE751XWOYPQWWtLXtq8-kJMPre4VuOBHg",
+        "token_type": "Bearer",
+        "expires_in": 35999
       }
 
 # UNIFORM submissions