Merge branch 'master' into oidc

Author: saundersmatt

c19-backend/C19/settings.py

@@ -38,6 +38,7 @@
     'django.contrib.messages',
     'django.contrib.staticfiles',
     'mozilla_django_oidc',
+    'corsheaders',
     'rest_framework',
     'api',
 ]
@@ -50,6 +51,7 @@
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
+    'corsheaders.middleware.CorsMiddleware',
 ]
 
 ROOT_URLCONF = 'C19.urls'
@@ -108,12 +110,9 @@
 
 REST_FRAMEWORK = {
     'DEFAULT_PERMISSION_CLASSES': [
-        # 'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly',
-        # 'rest_framework.permissions.DjangoModelPermissions',
-        'rest_framework.permissions.IsAuthenticated',
+        'rest_framework.permissions.AllowAny',  # until we have OAuth
     ],
     'DEFAULT_AUTHENTICATION_CLASSES': [
-        'rest_framework_simplejwt.authentication.JWTAuthentication',
     ],
 }
 
@@ -137,10 +136,9 @@
 STATIC_URL = '/static/'
 
 EHRBASE_CONNECTION_PARAMS = dict(
-    base_url=os.environ['C19_API_EHRBASE_URL'],
+    base_url=os.environ['C19_BACKEND_EHRBASE_URL'],
 )
 
-
 # mozilla-django-oidc
 
 AUTHENTICATION_BACKENDS = (
@@ -156,4 +154,7 @@
 OIDC_OP_USER_ENDPOINT = os.environ['OIDC_OP_USER_ENDPOINT']
 
 LOGOUT_REDIRECT_URL = '/'
-LOGIN_REDIRECT_URL = '/'
+LOGIN_REDIRECT_URL = '/'
+
+CORS_ORIGIN_WHITELIST = tuple(
+    os.environ['C19_BACKEND_CORS_ORIGIN_WHITELIST'].split('|'))

c19-backend/api/models.py

@@ -1,6 +1,8 @@
 from django.conf import settings
 from django.db import models
 
+# TODO probably won't be needed once OAuth is set up
+#  remember to generate migration if you do remove it
 class C19APIPatientProfile(models.Model):
     user = models.OneToOneField(
         settings.AUTH_USER_MODEL,

c19-backend/api/urls.py

@@ -3,10 +3,6 @@
 from rest_framework import routers
 from api import views
 from rest_framework.urlpatterns import format_suffix_patterns
-from rest_framework_simplejwt.views import (
-    TokenObtainPairView,
-    TokenRefreshView,
-)
 
 
 router = routers.DefaultRouter()
@@ -16,12 +12,4 @@
 urlpatterns = [
     path('', include(router.urls)),
     path('0.1/covid-screenings/', views.CovidScreenListView.as_view()),
-    path(
-        '0.1/auth/token/',
-        TokenObtainPairView.as_view(),
-        name='token_obtain_pair'),
-    path(
-        '0.1/auth/token/refresh/',
-        TokenRefreshView.as_view(),
-        name='token_refresh'),
 ]

c19-backend/api/views.py

@@ -8,23 +8,18 @@
 
 class CovidScreenListView(APIView):
     def post(self, request, format=None):
-        if patient := request.user.c19_api_patient_profile:
-            ehr_api = OpenEHRAPI(connection=ehrbase.CONNECTION)
-            ehr_id = ehr_api.ehr_id_for_nhs_number(
-                nhs_number=patient.patient_nhs_number)
-            return Response(
-                data={
-                    # TODO we probably won't send the nhs number back,
-                    #  this is just for stubbing to check the code branches
-                    'nhs_number': patient.patient_nhs_number,
-                    'ehr_id': ehr_id,
-                },
-            )
-        else:
-            return Response(
-                data={
-                    'status': 'Unauthorized',
-                    'error': 'No patient profile record for user',
-                },
-                status=401,
-            )
+        screening_data = request.data
+        ehr_api = OpenEHRAPI(connection=ehrbase.CONNECTION)
+        ehr_id = ehr_api.ehr_id_for_nhs_number(
+            nhs_number=screening_data['nhs_number'])
+        return Response(
+            data={
+                # TODO we probably won't send the nhs number back,
+                #  this is just for stubbing to check the code branches
+                'nhs_number': screening_data['nhs_number'],
+                'ehr_id': ehr_id,
+                '_note':
+                    'Just a fake return value for stubbing purposes for now,'
+                    ' and will probably change completely',
+            },
+        )

c19-backend/ehrbase_connector/connector.py

@@ -19,7 +19,7 @@ def _url(self, suffix):
 
     def get(self, path, params=None, **kwargs):
         # TODO also pass auth=(user, pass) once basic auth implemented
-        return requests.get(self._url(path), params=None, **kwargs)
+        return requests.get(self._url(path), params=params, **kwargs)
 
     def post(self, path, data=None, json=None, **kwargs):
         # TODO also pass auth=(user, pass) once basic auth implemented
@@ -53,10 +53,9 @@ def ehr_already_existed(status_code):
                 "is_queryable": "true",
             },
         )
-        if (
-            creation_response.status_code == requests.status.ok
-            or ehr_already_existed(status_code=creation_response.status_code)
-        ):
+        if creation_response.status_code == requests.codes.ok \
+           or ehr_already_existed(status_code=creation_response.status_code)\
+        :
             # For now even if the POST was successful we have to GET because
             # EHRBase sends empty body with status 204 instead of 201 with some
             # JSON
@@ -65,9 +64,9 @@ def ehr_already_existed(status_code):
                 params={
                     'subject_id': nhs_number,
                     'subject_namespace': nhs_number_namespace,
-                }
+                },
             )
-            if fetch_response.status_code == requests.status.ok:
+            if fetch_response.status_code == requests.codes.ok:
                 return fetch_response.json()['ehr_id']['value']
             else:
                 raise APIException(

c19-backend/requirements.txt

@@ -7,3 +7,4 @@ toolz
 attrs
 djangorestframework-simplejwt==4.4.0
 mozilla-django-oidc
+django-cors-headers==3.2.1

docker-compose.yml

@@ -15,6 +15,8 @@ services:
       OIDC_OP_AUTHORIZATION_ENDPOINT: ${OIDC_OP_AUTHORIZATION_ENDPOINT}
       OIDC_OP_TOKEN_ENDPOINT: ${OIDC_OP_TOKEN_ENDPOINT}
       OIDC_OP_USER_ENDPOINT: ${OIDC_OP_USER_ENDPOINT}
+      C19_BACKEND_EHRBASE_URL: http://ehrbase:8080
+      C19_BACKEND_CORS_ORIGIN_WHITELIST: ${C19_BACKEND_CORS_ORIGIN_WHITELIST}
     volumes:
       - ./c19-backend:/app
     ports:
@@ -23,6 +25,7 @@ services:
       - django_postgres
     networks:
       - django_net
+      - ehrbase_net
 
   django_postgres:
     image: postgres:12

docs/examples/dotenv

@@ -3,6 +3,8 @@ DJANGO_POSTGRES_PASSWORD=django
 DJANGO_POSTGRES_DB=django
 # Make sure you use a different secret key in production
 C19_BACKEND_SECRET_KEY="t8z$5)6b-4y_liyeo@rh=e=z=0loz!(_6lhaw9(as+k&3!f=x0"
+# Pipe(|)-separated list of URLs to whitelist for CORS origin
+C19_BACKEND_CORS_ORIGIN_WHITELIST=http://localhost:8000
 
 POSTGRES_USER=postgres
 POSTGRES_PASSWORD=postgres