spec & mock updates

department-of-veterans-affairs · Dec 17, 2024 · b51b540 · b51b540
1 parent 082452d
commit b51b540
Show file tree

Hide file tree

Showing 10 changed files with 230 additions and 91 deletions.
diff --git a/config/settings.yml b/config/settings.yml
@@ -33,7 +33,6 @@ map_services:
   oauth_url: https://veteran.apps-staging.va.gov
   client_cert_path: spec/fixtures/map/oauth.crt
   client_key_path: spec/fixtures/map/oauth.key
-  provider_jwks_path: /sts/oauth/v1/jwks
   sign_up_service_url: https://cerner.apps-staging.va.gov
   sign_up_service_provisioning_api_key: abcd1234
   secure_token_service:

diff --git a/lib/map/security_token/configuration.rb b/lib/map/security_token/configuration.rb
@@ -35,7 +35,7 @@ def client_cert_path
       end
 
       def provider_jwks_path
-        Settings.map_services.provider_jwks_path
+        '/sts/oauth/v1/jwks'
       end
 
       def service_name

diff --git a/lib/map/security_token/service.rb b/lib/map/security_token/service.rb
@@ -21,6 +21,10 @@ def token(application:, icn:, cache: true)
         Rails.logger.error("#{config.logging_prefix} token failed, parsing error", application:, icn:,
                                                                                    context: e.message)
         raise e
+      rescue JWT::DecodeError => e
+        Rails.logger.error("#{config.logging_prefix} token failed, JWT decode error", application:, icn:,
+                                                                                      context: e.message)
+        raise e
       rescue Common::Client::Errors::ClientError => e
         parse_and_raise_error(e, icn, application)
       rescue Common::Exceptions::GatewayTimeout => e
@@ -63,9 +67,7 @@ def parse_response(response, application, icn)
           access_token: response_body['access_token'],
           expiration: Time.zone.now + response_body['expires_in']
         }
-      rescue JWT::VerificationError => e
-        message = "#{config.logging_prefix} token failed, JWT verification error"
-        Rails.logger.error(message, application:, icn:)
+      rescue JWT::DecodeError => e
         raise e
       rescue => e
         message = "#{config.logging_prefix} token failed, response unknown"

diff --git a/spec/lib/map/security_token/service_spec.rb b/spec/lib/map/security_token/service_spec.rb
@@ -127,16 +127,16 @@
         end
       end
 
-      context 'when response is malformed',
-              vcr: { cassette_name: 'map/security_token_service_200_malformed_response' } do
-        let(:expected_error) { Common::Client::Errors::ParsingError }
-        let(:expected_error_message) { "unexpected token at 'Not valid JSON'" }
-        let(:expected_logger_message) { "#{log_prefix} token failed, parsing error" }
-        let(:expected_log_values) { { application:, icn:, context: expected_error_message } }
-
-        it 'raises an gateway timeout error and creates a log' do
+      context 'when response is an invalid token',
+              vcr: { cassette_name: 'map/security_token_service_200_invalid_token' } do
+        let(:expected_error) { JWT::DecodeError }
+        let(:expected_error_context) { 'Signature verification failed' }
+        let(:expected_logger_message) { "#{log_prefix} token failed, JWT decode error" }
+        let(:expected_log_values) { { application:, icn:, context: expected_error_context } }
+
+        it 'raises a JWT Decode error and creates a log' do
           expect(Rails.logger).to receive(:error).with(expected_logger_message, expected_log_values)
-          expect { subject }.to raise_exception(expected_error, expected_error_message)
+          expect { subject }.to raise_exception(expected_error, expected_error_context)
         end
       end
 

diff --git a/spec/lib/map/sign_up/service_spec.rb b/spec/lib/map/sign_up/service_spec.rb
@@ -126,7 +126,7 @@
       let(:expected_log_message) { "#{log_prefix} agreements accept success, icn: #{icn}" }
 
       before do
-        Timecop.freeze(Time.zone.local(2023, 1, 1, 12, 0, 0))
+        Timecop.freeze(Time.zone.local(2024, 9, 1, 12, 0, 0))
         allow(Rails.logger).to receive(:info)
       end
 

diff --git a/spec/requests/v0/map_services_spec.rb b/spec/requests/v0/map_services_spec.rb
@@ -93,8 +93,8 @@
           end
         end
 
-        context 'when MAP STS client returns a token with an invalid duration',
-                vcr: { cassette_name: 'map/security_token_service_200_response_invalid_token' } do
+        context 'when MAP STS client returns an invalid token',
+                vcr: { cassette_name: 'map/security_token_service_200_invalid_token' } do
           it 'responds with error details in response body' do
             call_endpoint
             expect(JSON.parse(response.body)).to eq(

diff --git a/spec/support/vcr_cassettes/map/security_token_service_200_invalid_token.yml b/spec/support/vcr_cassettes/map/security_token_service_200_invalid_token.yml
diff --git a/spec/support/vcr_cassettes/map/security_token_service_200_malformed_response.yml b/spec/support/vcr_cassettes/map/security_token_service_200_malformed_response.yml
diff --git a/spec/support/vcr_cassettes/map/security_token_service_200_response.yml b/spec/support/vcr_cassettes/map/security_token_service_200_response.yml
diff --git a/spec/support/vcr_cassettes/map/sign_up_service_200_responses.yml b/spec/support/vcr_cassettes/map/sign_up_service_200_responses.yml