AUT-2578: Use new getInternalRequestConfigWithSecurityHeaders functio…

…n in authorize service This ensures that the security headers from the govuk-one-login/frontend-passthrough-headers library are being set on authorize service requests.
govuk-one-login · May 17, 2024 · 993c2f2 · 993c2f2
1 parent 2b70a45
commit 993c2f2
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 13 deletions.
diff --git a/src/components/authorize/authorize-controller.ts b/src/components/authorize/authorize-controller.ts
@@ -60,6 +60,7 @@ export function authorizeGet(
       clientSessionId,
       req.ip,
       persistentSessionId,
+      req,
       claims.reauthenticate
     );
 

diff --git a/src/components/authorize/authorize-service.ts b/src/components/authorize/authorize-service.ts
@@ -3,11 +3,12 @@ import { ApiResponseResult } from "../../types";
 import { API_ENDPOINTS } from "../../app.constants";
 import {
   createApiResponse,
-  getRequestConfig,
+  getInternalRequestConfigWithSecurityHeaders,
   http,
   Http,
 } from "../../utils/http";
 import { supportReauthentication } from "../../config";
+import { Request } from "express";
 
 export function authorizeService(
   axios: Http = http
@@ -17,6 +18,7 @@ export function authorizeService(
     clientSessionId: string,
     sourceIp: string,
     persistentSessionId: string,
+    req: Request,
     reauthenticate?: string
   ): Promise<ApiResponseResult<StartAuthResponse>> {
     let reauthenticateOption = undefined;
@@ -25,13 +27,17 @@ export function authorizeService(
     }
     const response = await axios.client.get<StartAuthResponse>(
       API_ENDPOINTS.START,
-      getRequestConfig({
-        sessionId: sessionId,
-        clientSessionId: clientSessionId,
-        sourceIp: sourceIp,
-        persistentSessionId: persistentSessionId,
-        reauthenticate: reauthenticateOption,
-      })
+      getInternalRequestConfigWithSecurityHeaders(
+        {
+          sessionId: sessionId,
+          clientSessionId: clientSessionId,
+          sourceIp: sourceIp,
+          persistentSessionId: persistentSessionId,
+          reauthenticate: reauthenticateOption,
+        },
+        req,
+        API_ENDPOINTS.START
+      )
     );
 
     return createApiResponse<StartAuthResponse>(response);

diff --git a/src/components/authorize/tests/authorize-service.test.ts b/src/components/authorize/tests/authorize-service.test.ts
@@ -3,30 +3,39 @@ import { expect } from "chai";
 import { Http } from "../../../utils/http";
 import { authorizeService } from "../authorize-service";
 import { sinon } from "../../../../test/utils/test-utils";
-import { API_ENDPOINTS } from "../../../app.constants";
+import { API_ENDPOINTS, PATH_NAMES } from "../../../app.constants";
 import { SinonStub } from "sinon";
 import { AuthorizeServiceInterface } from "../types";
+import { createMockRequest } from "../../../../test/helpers/mock-request-helper";
 
 describe("authorize service", () => {
   const sessionId = "some-session-id";
   const clientSessionId = "client-session-id";
   const ip = "123.123.123.123";
   const persistentSessionId = "persistent-session-id";
   const apiKey = "api-key";
+  const auditEncodedString =
+    "R21vLmd3QilNKHJsaGkvTFxhZDZrKF44SStoLFsieG0oSUY3aEhWRVtOMFRNMVw1dyInKzB8OVV5N09hOi8kLmlLcWJjJGQiK1NPUEJPPHBrYWJHP358NDg2ZDVc";
+  const req = createMockRequest(PATH_NAMES.AUTHORIZE);
+  req.ip = ip;
+  req.headers = {
+    "txma-audit-encoded": auditEncodedString,
+    "x-forwarded-for": ip,
+  };
   const expectedHeaders = {
     "X-API-Key": apiKey,
     "Session-Id": sessionId,
     "Client-Session-Id": clientSessionId,
-    "X-Forwarded-For": ip,
+    "x-forwarded-for": ip,
+    "txma-audit-encoded": auditEncodedString,
     "di-persistent-session-id": persistentSessionId,
   };
   let getStub: SinonStub;
   let service: AuthorizeServiceInterface;
 
   beforeEach(() => {
     process.env.API_KEY = apiKey;
-    process.env.FRONTEND_API_BASE_URL = "some-base-url";
-    process.env.API_BASE_URL = "another-base-url";
+    process.env.FRONTEND_API_BASE_URL = "https://some-base-url";
     const httpInstance = new Http();
     service = authorizeService(httpInstance);
     getStub = sinon.stub(httpInstance.client, "get");
@@ -43,6 +52,7 @@ describe("authorize service", () => {
       clientSessionId,
       ip,
       persistentSessionId,
+      req,
       "123456"
     );
 
@@ -61,6 +71,7 @@ describe("authorize service", () => {
       clientSessionId,
       ip,
       persistentSessionId,
+      req,
       "123456"
     );
 
@@ -74,7 +85,7 @@ describe("authorize service", () => {
 
   it("sends a request without a reauth header when reauth is not requested", () => {
     process.env.SUPPORT_REAUTHENTICATION = "1";
-    service.start(sessionId, clientSessionId, ip, persistentSessionId);
+    service.start(sessionId, clientSessionId, ip, persistentSessionId, req);
 
     expect(
       getStub.calledWithMatch(API_ENDPOINTS.START, {

diff --git a/src/components/authorize/types.ts b/src/components/authorize/types.ts
@@ -1,5 +1,6 @@
 import { ApiResponseResult, DefaultApiResponse } from "../../types";
 import { Claims } from "./claims-config";
+import { Request } from "express";
 
 export interface StartAuthResponse extends DefaultApiResponse {
   user: UserSessionInfo;
@@ -23,6 +24,7 @@ export interface AuthorizeServiceInterface {
     clientSessionId: string,
     sourceIp: string,
     persistentSessionId: string,
+    req: Request,
     reauthenticate?: string
   ) => Promise<ApiResponseResult<StartAuthResponse>>;
 }
-Original file line number
+Diff line change
@@ Expand Up / @@ -60,6 +60,7 @@ export function authorizeGet( @@
           clientSessionId,
           req.ip,
           persistentSessionId,
+          req,
           claims.reauthenticate
         );
@@ Expand Down @@