updates & unit specs

department-of-veterans-affairs · Dec 2, 2024 · 0f749ed · 0f749ed
1 parent 5207b17
commit 0f749ed
Show file tree

Hide file tree

Showing 5 changed files with 115 additions and 11 deletions.
diff --git a/app/controllers/v0/map_services_controller.rb b/app/controllers/v0/map_services_controller.rb
@@ -11,7 +11,9 @@ def token
       result = MAP::SecurityToken::Service.new.token(application: params[:application].to_sym, icn:, cache: false)
 
       render json: result, status: :ok
-    rescue Common::Client::Errors::ClientError, Common::Exceptions::GatewayTimeout
+    rescue Common::Client::Errors::ClientError,
+           Common::Exceptions::GatewayTimeout,
+           MAP::SecurityToken::Errors::InvalidTokenDurationError
       render json: sts_client_error, status: :bad_gateway
     rescue MAP::SecurityToken::Errors::ApplicationMismatchError
       render json: application_mismatch_error, status: :bad_request

diff --git a/lib/map/security_token/service.rb b/lib/map/security_token/service.rb
@@ -41,13 +41,7 @@ def request_token(application, icn)
                            config.token_path,
                            token_params(application, icn),
                            { 'Content-Type' => 'application/x-www-form-urlencoded' })
-        current_time = Time.zone.now
-        parsed_response = parse_response(response, application, icn, current_time)
-        if parsed_response[:expiration] > (current_time + config.max_token_duration)
-          raise Errors::InvalidTokenDurationError, "#{config.logging_prefix} token failed, token duration exceeds maximum"
-        else
-          parsed_response
-        end
+        parse_response(response, application, icn)
       end
 
       def parse_and_raise_error(e, icn, application)
@@ -61,13 +55,19 @@ def parse_and_raise_error(e, icn, application)
         raise e, "#{message}, status: #{status}, application: #{application}, icn: #{icn}, context: #{context}"
       end
 
-      def parse_response(response, application, icn, current_time)
+      def parse_response(response, application, icn)
         response_body = response.body
+        if response_body['expires_in'].to_i > config.max_token_duration
+          raise Errors::InvalidTokenDurationError,
+                "#{config.logging_prefix} token failed, token duration exceeds maximum"
+        end
 
         {
           access_token: response_body['access_token'],
-          expiration: current_time + response_body['expires_in']
+          expiration: Time.zone.now + response_body['expires_in']
         }
+      rescue Errors::InvalidTokenDurationError => e
+        raise e
       rescue => e
         message = "#{config.logging_prefix} token failed, response unknown"
         Rails.logger.error(message, application:, icn:)

diff --git a/spec/lib/map/security_token/service_spec.rb b/spec/lib/map/security_token/service_spec.rb
@@ -140,6 +140,18 @@
         end
       end
 
+      context 'when response is successful with an invalid token duration',
+              vcr: { cassette_name: 'map/security_token_service_200_response_invalid_token' } do
+        let(:expected_error) { MAP::SecurityToken::Errors::InvalidTokenDurationError }
+        let(:expected_error_message) { "#{log_prefix} token failed, token duration exceeds maximum" }
+        let(:expected_log_values) { { application:, icn: } }
+
+        it 'raises an invalid token duration error and creates a log' do
+          expect(Rails.logger).to receive(:error).with(expected_error_message, expected_log_values)
+          expect { subject }.to raise_exception(expected_error, expected_error_message)
+        end
+      end
+
       context 'and response is successful' do
         let(:expected_log_message) { "#{log_prefix} token success" }
         let(:expected_log_payload) { { application:, icn:, cached_response: false } }

diff --git a/spec/requests/v0/map_services_spec.rb b/spec/requests/v0/map_services_spec.rb
@@ -93,7 +93,25 @@
           end
         end
 
-        context 'when MAP STS client returns an access token',
+        context 'when MAP STS client returns a token with an invalid duration',
+                vcr: { cassette_name: 'map/security_token_service_200_response_invalid_token' } do
+          it 'responds with error details in response body' do
+            call_endpoint
+            expect(JSON.parse(response.body)).to eq(
+              {
+                'error' => 'server_error',
+                'error_description' => 'STS failed to return a valid token.'
+              }
+            )
+          end
+
+          it 'returns HTTP status bad_gateway' do
+            call_endpoint
+            expect(response).to have_http_status(:bad_gateway)
+          end
+        end
+
+        context 'when MAP STS client returns a valid access token',
                 vcr: { cassette_name: 'map/security_token_service_200_response' } do
           it 'responds with STS-issued token in response body' do
             call_endpoint

diff --git a/spec/support/vcr_cassettes/map/security_token_service_200_response_invalid_token.yml b/spec/support/vcr_cassettes/map/security_token_service_200_response_invalid_token.yml