Using the user token to get user details (#352)

* Using the user token to get user details

* Removing manage-users-api env variables

* Addressing comments

CHANGELOG.md

@@ -1,19 +1,31 @@
 # Change log
 
+**May 10th 2024** – Derive user details from the `authorization_code` "user" token instead of making an API call to `hmpps-manage-users-api`, thereby removing an unnecessary dependency.
+
+PR: [#352](https://github.com/ministryofjustice/hmpps-template-typescript/pull/352)
+
+---
+
 **February 29th 2024** – Use same node version for outdated check and security scan. This currently defaults to node 16
 
 PR: [#321](https://github.com/ministryofjustice/hmpps-template-typescript/pull/321)
 
+---
+
 **February 15th 2024** – Move over to use Debian 12 based image (bookworm)
 
 PR: [#316](https://github.com/ministryofjustice/hmpps-template-typescript/pull/316)
 
+---
+
 **January 9th 2024** – Move over to Gov UK Frontend 5.0 and MoJ Frontend 2.0
 
 Note, this removed support for IE8,9,10 etc.
 
 PR: [#297](https://github.com/ministryofjustice/hmpps-template-typescript/pull/297)
 
+---
+
 **November 29th 2023** – Remove getUserRoles as an api call and add as decoded from the token #274
 
 This is to encourage services not to make additional calls to retrieve a user's role information. 

cypress.config.ts

@@ -1,7 +1,6 @@
 import { defineConfig } from 'cypress'
 import { resetStubs } from './integration_tests/mockApis/wiremock'
 import auth from './integration_tests/mockApis/auth'
-import manageUsersApi from './integration_tests/mockApis/manageUsersApi'
 import tokenVerification from './integration_tests/mockApis/tokenVerification'
 
 export default defineConfig({
@@ -19,7 +18,6 @@ export default defineConfig({
       on('task', {
         reset: resetStubs,
         ...auth,
-        ...manageUsersApi,
         ...tokenVerification,
       })
     },

feature.env

@@ -1,6 +1,5 @@
 PORT=3007
 HMPPS_AUTH_URL=http://localhost:9091/auth
-MANAGE_USERS_API_URL=http://localhost:9091/manage-users-api
 TOKEN_VERIFICATION_API_URL=http://localhost:9091/verification
 TOKEN_VERIFICATION_ENABLED=true
 REDIS_ENABLED=false

helm_deploy/values-dev.yaml

@@ -10,7 +10,6 @@ generic-service:
   env:
     INGRESS_URL: "https://hmpps-template-typescript-dev.hmpps.service.justice.gov.uk"
     HMPPS_AUTH_URL: "https://sign-in-dev.hmpps.service.justice.gov.uk/auth"
-    MANAGE_USERS_API_URL: "https://manage-users-api-dev.hmpps.service.justice.gov.uk"
     TOKEN_VERIFICATION_API_URL: "https://token-verification-api-dev.prison.service.justice.gov.uk"
     ENVIRONMENT_NAME: DEV
     AUDIT_ENABLED: "false"

helm_deploy/values-preprod.yaml

@@ -10,7 +10,6 @@ generic-service:
   env:
     INGRESS_URL: "https://hmpps-template-typescript-preprod.hmpps.service.justice.gov.uk"
     HMPPS_AUTH_URL: "https://sign-in-preprod.hmpps.service.justice.gov.uk/auth"
-    MANAGE_USERS_API_URL: "https://manage-users-api-preprod.hmpps.service.justice.gov.uk"
     TOKEN_VERIFICATION_API_URL: "https://token-verification-api-preprod.prison.service.justice.gov.uk"
     ENVIRONMENT_NAME: PRE-PRODUCTION
     AUDIT_ENABLED: "false"

helm_deploy/values-prod.yaml

@@ -8,7 +8,6 @@ generic-service:
   env:
     INGRESS_URL: "https://hmpps-template-typescript.hmpps.service.justice.gov.uk"
     HMPPS_AUTH_URL: "https://sign-in.hmpps.service.justice.gov.uk/auth"
-    MANAGE_USERS_API_URL: "https://manage-users-api.hmpps.service.justice.gov.uk"
     TOKEN_VERIFICATION_API_URL: "https://token-verification-api.prison.service.justice.gov.uk"
     AUDIT_ENABLED: "false"
 

integration_tests/e2e/health.cy.ts

@@ -3,7 +3,6 @@ context('Healthcheck', () => {
     beforeEach(() => {
       cy.task('reset')
       cy.task('stubAuthPing')
-      cy.task('stubManageUsersPing')
       cy.task('stubTokenVerificationPing')
     })
 
@@ -24,14 +23,12 @@ context('Healthcheck', () => {
     beforeEach(() => {
       cy.task('reset')
       cy.task('stubAuthPing')
-      cy.task('stubManageUsersPing')
       cy.task('stubTokenVerificationPing', 500)
     })
 
     it('Reports correctly when token verification down', () => {
       cy.request({ url: '/health', method: 'GET', failOnStatusCode: false }).then(response => {
         expect(response.body.components.hmppsAuth.status).to.equal('UP')
-        expect(response.body.components.manageUsersApi.status).to.equal('UP')
         expect(response.body.components.tokenVerification.status).to.equal('DOWN')
         expect(response.body.components.tokenVerification.details).to.contain({ status: 500, retries: 2 })
       })

integration_tests/e2e/signIn.cy.ts

@@ -7,7 +7,6 @@ context('Sign In', () => {
   beforeEach(() => {
     cy.task('reset')
     cy.task('stubSignIn')
-    cy.task('stubManageUser')
   })
 
   it('Unauthenticated user directed to auth', () => {
@@ -67,7 +66,8 @@ context('Sign In', () => {
     cy.request('/').its('body').should('contain', 'Sign in')
 
     cy.task('stubVerifyToken', true)
-    cy.task('stubManageUser', 'bobby brown')
+    cy.task('stubSignIn', { name: 'bobby brown' })
+
     cy.signIn()
 
     indexPage.headerUserName().contains('B. Brown')

integration_tests/mockApis/auth.ts

@@ -4,10 +4,16 @@ import { Response } from 'superagent'
 import { stubFor, getMatchingRequests } from './wiremock'
 import tokenVerification from './tokenVerification'
 
-const createToken = (roles: string[] = []) => {
+interface UserToken {
+  name?: string
+  roles?: string[]
+}
+
+const createToken = (userToken: UserToken) => {
   // authorities in the session are always prefixed by ROLE.
-  const authorities = roles.map(role => (role.startsWith('ROLE_') ? role : `ROLE_${role}`))
+  const authorities = userToken.roles?.map(role => (role.startsWith('ROLE_') ? role : `ROLE_${role}`)) || []
   const payload = {
+    name: userToken.name || 'john smith',
     user_name: 'USER1',
     scope: ['read'],
     auth_source: 'nomis',
@@ -97,7 +103,7 @@ const manageDetails = () =>
     },
   })
 
-const token = (roles: string[] = []) =>
+const token = (userToken: UserToken) =>
   stubFor({
     request: {
       method: 'POST',
@@ -110,7 +116,7 @@ const token = (roles: string[] = []) =>
         Location: 'http://localhost:3007/sign-in/callback?code=codexxxx&state=stateyyyy',
       },
       jsonBody: {
-        access_token: createToken(roles),
+        access_token: createToken(userToken),
         token_type: 'bearer',
         user_name: 'USER1',
         expires_in: 599,
@@ -119,10 +125,11 @@ const token = (roles: string[] = []) =>
       },
     },
   })
+
 export default {
   getSignInUrl,
   stubAuthPing: ping,
   stubAuthManageDetails: manageDetails,
-  stubSignIn: (roles: string[]): Promise<[Response, Response, Response, Response, Response]> =>
-    Promise.all([favicon(), redirect(), signOut(), token(roles), tokenVerification.stubVerifyToken()]),
+  stubSignIn: (userToken: UserToken = {}): Promise<[Response, Response, Response, Response, Response]> =>
+    Promise.all([favicon(), redirect(), signOut(), token(userToken), tokenVerification.stubVerifyToken()]),
 }

server/@types/express/index.d.ts

@@ -1,8 +1,6 @@
-import type { UserDetails } from '../../services/userService'
+import { HmppsUser } from '../../interfaces/hmppsUser'
 
-export default {}
-
-declare module 'express-session' {
+export declare module 'express-session' {
   // Declare that the session will potentially contain these additional fields
   interface SessionData {
     returnTo: string
@@ -12,7 +10,8 @@ declare module 'express-session' {
 
 export declare global {
   namespace Express {
-    interface User extends Partial<UserDetails> {
+    interface User {
+      username: string
       token: string
       authSource: string
     }
@@ -24,7 +23,7 @@ export declare global {
     }
 
     interface Locals {
-      user: Express.User
+      user: HmppsUser
     }
   }
 }

server/app.ts

@@ -38,7 +38,7 @@ export default function createApp(services: Services): express.Application {
   app.use(setUpAuthentication())
   app.use(authorisationMiddleware())
   app.use(setUpCsrf())
-  app.use(setUpCurrentUser(services))
+  app.use(setUpCurrentUser())
 
   app.use(routes(services))
 

server/config.ts

@@ -81,14 +81,6 @@ export default {
       systemClientId: get('SYSTEM_CLIENT_ID', 'clientid', requiredInProduction),
       systemClientSecret: get('SYSTEM_CLIENT_SECRET', 'clientsecret', requiredInProduction),
     },
-    manageUsersApi: {
-      url: get('MANAGE_USERS_API_URL', 'http://localhost:9091', requiredInProduction),
-      timeout: {
-        response: Number(get('MANAGE_USERS_API_TIMEOUT_RESPONSE', 10000)),
-        deadline: Number(get('MANAGE_USERS_API_TIMEOUT_DEADLINE', 10000)),
-      },
-      agent: new AgentConfig(Number(get('MANAGE_USERS_API_TIMEOUT_RESPONSE', 10000))),
-    },
     tokenVerification: {
       url: get('TOKEN_VERIFICATION_API_URL', 'http://localhost:8100', requiredInProduction),
       timeout: {

server/data/index.ts

@@ -11,7 +11,6 @@ initialiseAppInsights()
 buildAppInsightsClient(applicationInfo)
 
 import HmppsAuthClient from './hmppsAuthClient'
-import ManageUsersApiClient from './manageUsersApiClient'
 import { createRedisClient } from './redisClient'
 import RedisTokenStore from './tokenStore/redisTokenStore'
 import InMemoryTokenStore from './tokenStore/inMemoryTokenStore'
@@ -25,10 +24,9 @@ export const dataAccess = () => ({
   hmppsAuthClient: new HmppsAuthClient(
     config.redis.enabled ? new RedisTokenStore(createRedisClient()) : new InMemoryTokenStore(),
   ),
-  manageUsersApiClient: new ManageUsersApiClient(),
   hmppsAuditClient: new HmppsAuditClient(config.sqs.audit),
 })
 
 export type DataAccess = ReturnType<typeof dataAccess>
 
-export { HmppsAuthClient, RestClientBuilder, ManageUsersApiClient, HmppsAuditClient }
+export { HmppsAuthClient, RestClientBuilder, HmppsAuditClient }