diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a47fb1d --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +.idea +__pycache__ \ No newline at end of file diff --git a/application/fhir_logging_client/service.py b/application/fhir_logging_client/service.py index b370e08..c5e4ea0 100644 --- a/application/fhir_logging_client/service.py +++ b/application/fhir_logging_client/service.py @@ -15,11 +15,11 @@ class FhirLoggingService: @staticmethod - def register_idp_interaction(entity_what_reference: str, trace_headers: dict): + def register_idp_interaction(entity_what_reference: str, requesting_client_id: str, trace_headers: dict): logger.info(f"Registering idp interaction for entity: [{entity_what_reference}]") - audit_event = FhirLoggingService._get_audit_event(entity_what_reference, trace_headers) + audit_event = FhirLoggingService._get_audit_event(entity_what_reference, requesting_client_id, trace_headers) access_token = token_service.get_system_access_token() endpoint = f'{current_app.config["FHIR_CLIENT_SERVERURL"]}/AuditEvent' @@ -38,7 +38,7 @@ def register_idp_interaction(entity_what_reference: str, trace_headers: dict): return response @staticmethod - def _get_audit_event(entity_what_reference: str, trace_headers: dict): + def _get_audit_event(entity_what_reference: str, requesting_client_id: str, trace_headers: dict): entity_type = entity_what_reference.split("/")[0] if entity_type != "Patient" and entity_type != "Practitioner": @@ -92,14 +92,14 @@ def _get_audit_event(entity_what_reference: str, trace_headers: dict): ] }, "who": { - "reference": f"Device/{current_app.config['SMART_BACKEND_SERVICE_DEVICE_ID']}", + "reference": f"Device/{requesting_client_id}", "type": "Device" }, "requestor": True } ], "source": { - "site": "DEFAULT tenant", + "site": current_app.config['AUTH_SERVER_ISS'], "observer": { "reference": f"Device/{current_app.config['SMART_BACKEND_SERVICE_DEVICE_ID']}", "type": "Device" diff --git a/application/idp_client/service.py b/application/idp_client/service.py index 4b8f9b8..2748794 100644 --- a/application/idp_client/service.py +++ b/application/idp_client/service.py @@ -93,7 +93,7 @@ def consume_idp_code(self) -> Tuple[str, int]: logger.info(f'[{oauth2_session.id}] user id matched between HTI and IDP by user_identifier [{user_identifier}]') - fhir_logging_service.register_idp_interaction(f'Patient/{launching_user_resource["id"]}', trace_headers) + fhir_logging_service.register_idp_interaction(f'Patient/{launching_user_resource["id"]}', oauth2_session.client_id, trace_headers) # As the user has been verified, finish the initial OAuth launch flow by responding with the code return f'{oauth2_session.redirect_uri}?{urlencode({"code": oauth2_session.code, "state": oauth2_session.state})}', 302 diff --git a/test/test_fhir_logging_service.py b/test/test_fhir_logging_service.py index 8338702..f8ff283 100644 --- a/test/test_fhir_logging_service.py +++ b/test/test_fhir_logging_service.py @@ -53,7 +53,7 @@ def testing_app(server_key: Key): 'OIDC_SMART_CONFIG_SIGNING_ALGS': ["RS384", "ES384", "RS512"], 'OIDC_JWT_PUBLIC_KEY': server_key.as_pem(), 'OIDC_JWT_PRIVATE_KEY': private_key_bytes, - 'SMART_BACKEND_SERVICE_DEVICE_ID': "my-unit-test-device-id" + 'SMART_BACKEND_SERVICE_DEVICE_ID': "my-unit-test-auth-server-device-id" }) with app.test_client() as client: @@ -65,14 +65,14 @@ def testing_app(server_key: Key): def test_happy(mock1, testing_app: FlaskClient): testing_app.get("test") # TODO: Ugly fix to initialize app context - mocking the flask.request would be nicer - resp = fhir_logging_service.register_idp_interaction("Patient/123", {}) + resp = fhir_logging_service.register_idp_interaction("Patient/123", "456", {}) json_content = resp.json()['json'] resp_audit_event = AuditEvent(**json_content) assert resp_audit_event.entity[0].what.reference == "Patient/123" - assert resp_audit_event.agent[0].who.reference == "Device/my-unit-test-device-id" - assert resp_audit_event.source.observer.reference == "Device/my-unit-test-device-id" + assert resp_audit_event.agent[0].who.reference == "Device/456" + assert resp_audit_event.source.observer.reference == "Device/my-unit-test-auth-server-device-id" assert resp_audit_event.outcome == "0" assert 'Authorization' in resp.json()['headers'] assert 'X-Request-Id' in resp.json()['headers'] @@ -86,14 +86,14 @@ def test_happy_headers(mock1, testing_app: FlaskClient): 'X-Correlation-Id': str(uuid4()), 'X-Trace-Id': str(uuid4()) } - resp = fhir_logging_service.register_idp_interaction("Patient/123", trace_headers) + resp = fhir_logging_service.register_idp_interaction("Patient/123", "456", trace_headers) json_content = resp.json()['json'] resp_audit_event = AuditEvent(**json_content) assert resp_audit_event.entity[0].what.reference == "Patient/123" - assert resp_audit_event.agent[0].who.reference == "Device/my-unit-test-device-id" - assert resp_audit_event.source.observer.reference == "Device/my-unit-test-device-id" + assert resp_audit_event.agent[0].who.reference == "Device/456" + assert resp_audit_event.source.observer.reference == "Device/my-unit-test-auth-server-device-id" assert resp_audit_event.extension[0].valueId == trace_headers['X-Request-Id'] assert resp_audit_event.extension[1].valueId == trace_headers['X-Correlation-Id'] assert resp_audit_event.extension[2].valueId == trace_headers['X-Trace-Id']