change validateToken http code to 403 and fix event token claim validation

Jenkinsfile_CNP

@@ -112,6 +112,7 @@ env.BEFTA_RETRY_MAX_ATTEMPTS = "3"
 env.BEFTA_RETRY_STATUS_CODES = "500,502,503,504"
 env.BEFTA_RETRY_MAX_DELAY = "1000"
 env.BEFTA_RETRY_NON_RETRYABLE_HTTP_METHODS = "POST,PUT"
+env.TOKEN_CLAIM_VALIDATION_ENABLED="true"
 
 withPipeline(type, product, component) {
     onMaster {

Jenkinsfile_nightly

@@ -100,6 +100,7 @@ env.BEFTA_RETRY_MAX_ATTEMPTS = "3"
 env.BEFTA_RETRY_STATUS_CODES = "500,502,503,504"
 env.BEFTA_RETRY_MAX_DELAY = "1000"
 env.BEFTA_RETRY_NON_RETRYABLE_HTTP_METHODS = "POST,PUT"
+env.TOKEN_CLAIM_VALIDATION_ENABLED="true"
 
 withNightlyPipeline(type, product, component) {
     overrideVaultEnvironments(vaultOverrides)

src/aat/resources/features/F-035 - Get Case V2 External/S-156_Case_Creation_Data.td.json

@@ -11,7 +11,10 @@
 	"request": {
 		"pathVariables": {
 			"ctid": "AAT_AUTH_8"
-		}
+		},
+    "body": {
+      "event_token": "${[scenarioContext][parentContext][childContexts][S-156_Case_Creation_Data_Token_Creation][testData][actualResponse][body][token]}"
+    }
 	},
 
 	"expectedResponse": {

src/aat/resources/features/F-035 - Get Case V2 External/S-156_Case_Creation_Data_Token_Creation.td.json

@@ -0,0 +1,62 @@
+{
+	"_guid_": "S-156_Case_Creation_Data_Token_Creation",
+
+	"productName": "CCD Data Store",
+	"operationName": "Start event creation as Case worker",
+
+	"method": "GET",
+	"uri": "/caseworkers/{uid}/jurisdictions/{jid}/case-types/{ctid}/event-triggers/{etid}/token",
+
+	"specs": [
+		"to create a token for case creation"
+	],
+
+	"users": {
+		"invokingUser": {
+      "_extends_": "PrivateCaseworker"
+		}
+	},
+
+	"request": {
+		"headers": {
+			"_extends_": "Common_Request_Headers"
+		},
+		"pathVariables": {
+			"uid": "[[DEFAULT_AUTO_VALUE]]",
+			"jid": "AUTOTEST1",
+			"ctid": "AAT_AUTH_8",
+			"etid": "CREATE"
+		}
+	},
+
+	"expectedResponse": {
+		"_extends_": "Common_200_Response",
+		"headers": {
+			"Content-Encoding": "gzip",
+			"Content-Length": "[[ANY_INTEGER_NOT_NULLABLE]]"
+		},
+		"body": {
+			"token": "[[ANY_STRING_NOT_NULLABLE]]",
+			"case_details": {
+				"id": null,
+				"jurisdiction": "[[ANYTHING_PRESENT]]",
+				"state": null,
+				"version": null,
+				"case_type_id": "[[ANYTHING_PRESENT]]",
+				"created_date": null,
+				"last_modified": null,
+				"last_state_modified_date": null,
+				"security_classification": null,
+				"case_data": {},
+				"data_classification": {},
+				"supplementary_data": null,
+				"after_submit_callback_response": null,
+				"callback_response_status_code": null,
+				"callback_response_status": null,
+				"delete_draft_response_status_code": null,
+				"delete_draft_response_status": null
+			},
+			"event_id": "CREATE"
+		}
+	}
+}

src/aat/resources/features/F-042 - Get aboutToStart token V1 External/Case_Creation_Using_Caseworker1_Role.td.json

@@ -1,6 +1,6 @@
 {
 	"_guid_": "Case_Creation_Using_Caseworker1_Role",
-	"_extends_": "Case_Creation_Data_Base",
+	"_extends_": "F-042_Case_Creation_Data_Base",
 
 	"users": {
 		"invokingUser": {

src/aat/resources/features/F-042 - Get aboutToStart token V1 External/F-042_Case_Creation_Data_Base.td.json

@@ -0,0 +1,33 @@
+{
+	"_guid_": "F-042_Case_Creation_Data_Base",
+	"_extends_": "Case_Creation_Base",
+
+	"request": {
+		"body": {
+			"event_token": "${[scenarioContext][parentContext][childContexts][Case_Creation_Using_Caseworker1_Role_Token_Creation][testData][actualResponse][body][token]}"
+		}
+	},
+
+	"expectedResponse": {
+		"_extends_": "Common_201_Response",
+		"headers": {
+			"Content-Encoding": "gzip",
+			"vary": "accept-encoding",
+			"Content-Length": "[[ANYTHING_PRESENT]]"
+		},
+		"body": {
+			"id": "[[ANYTHING_PRESENT]]",
+			"state": "TODO",
+			"version": 0,
+			"last_state_modified_date": "[[ANYTHING_PRESENT]]",
+			"created_date": "[[ANYTHING_PRESENT]]",
+			"last_modified": "[[ANYTHING_PRESENT]]",
+			"security_classification": "PUBLIC",
+			"after_submit_callback_response": null,
+			"callback_response_status_code": null,
+			"callback_response_status": null,
+			"delete_draft_response_status_code": null,
+			"delete_draft_response_status": null
+		}
+	}
+}

src/aat/resources/features/F-042 - Get aboutToStart token V1 External/_Case_Creation_Using_Caseworker1_Role_Token_Creation.td.json

@@ -0,0 +1,62 @@
+{
+	"_guid_": "Case_Creation_Using_Caseworker1_Role_Token_Creation",
+
+	"productName": "CCD Data Store",
+	"operationName": "Start event creation as Case worker",
+
+	"method": "GET",
+	"uri": "/caseworkers/{uid}/jurisdictions/{jid}/case-types/{ctid}/event-triggers/{etid}/token",
+
+	"specs": [
+		"to create a token for case creation"
+	],
+
+	"users": {
+		"invokingUser": {
+      "_extends_": "BeftaCaseworker1"
+		}
+	},
+
+	"request": {
+		"headers": {
+			"_extends_": "Common_Request_Headers"
+		},
+		"pathVariables": {
+			"uid": "[[DEFAULT_AUTO_VALUE]]",
+			"jid": "BEFTA_JURISDICTION_1",
+			"ctid": "BEFTA_CASETYPE_1_1",
+			"etid": "CREATE"
+		}
+	},
+
+	"expectedResponse": {
+		"_extends_": "Common_200_Response",
+		"headers": {
+			"Content-Encoding": "gzip",
+			"Content-Length": "[[ANY_INTEGER_NOT_NULLABLE]]"
+		},
+		"body": {
+			"token": "[[ANY_STRING_NOT_NULLABLE]]",
+			"case_details": {
+				"id": null,
+				"jurisdiction": "[[ANYTHING_PRESENT]]",
+				"state": null,
+				"version": null,
+				"case_type_id": "[[ANYTHING_PRESENT]]",
+				"created_date": null,
+				"last_modified": null,
+				"last_state_modified_date": null,
+				"security_classification": null,
+				"case_data": {},
+				"data_classification": {},
+				"supplementary_data": null,
+				"after_submit_callback_response": null,
+				"callback_response_status_code": null,
+				"callback_response_status": null,
+				"delete_draft_response_status_code": null,
+				"delete_draft_response_status": null
+			},
+			"event_id": "CREATE"
+		}
+	}
+}

src/aat/resources/features/F-044 - Submit Event V1 External/F-044.feature

@@ -84,7 +84,10 @@ Scenario: must return 409 when case is altered out of the transaction
       And the response has all other details as expected.
 
 #-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-@S-283
+# After the event token validation fix(ccd-5521), we get the same error in the token creation process since the token
+# creation has to be with the same eventId; STOP_PROGRESS, which is not valid for the event process. That's why S-283
+# is not a valid scenario anymore
+@S-283 @Ignore
 Scenario: must return 422 when event submission has failed
 
     Given a user with [an active profile in CCD],

src/aat/resources/features/F-1016 - Submit Event to Update TTL/CreateCases/F-1016_GetEventTokenBase.td.json

@@ -26,7 +26,7 @@
         "data_classification": "[[ANYTHING_PRESENT]]"
       },
 
-      "event_id": "updateCaseSubmitTTL"
+      "event_id": "[[ANYTHING_PRESENT]]"
     }
   }
 }

src/aat/resources/features/F-1016 - Submit Event to Update TTL/CreateCases/S-1016.21_GetUpdateSuspendedCaseTokenCitizen.td.json

@@ -0,0 +1,23 @@
+{
+  "_guid_": "S-1016.21_GetUpdateSuspendedCaseTokenCitizen",
+  "_extends_": "F-1016_GetEventTokenBase",
+
+  "users": {
+    "invokingUser": {
+      "_extends_": "BeftaCitizen2"
+    }
+  },
+
+  "request": {
+    "pathVariables": {
+      "cid": "${[scenarioContext][parentContext][childContexts][F-1016_CreateSuspendedCasePreRequisiteCitizen][testData][actualResponse][body][id]}",
+      "etid": "updateCaseSubmitSuspendedTTL"
+    }
+  },
+
+  "expectedResponse": {
+    "body": {
+      "event_id": "updateCaseSubmitSuspendedTTL"
+    }
+  }
+}

src/aat/resources/features/F-1016 - Submit Event to Update TTL/CreateCases/S-1016.7_GetUpdateSuspendedCaseTokenCaseworker.td.json

@@ -0,0 +1,23 @@
+{
+  "_guid_": "S-1016.7_GetUpdateSuspendedCaseTokenCaseworker",
+  "_extends_": "F-1016_GetEventTokenBase",
+
+  "users": {
+    "invokingUser": {
+      "_extends_": "BeftaMasterCaseworker"
+    }
+  },
+
+  "request": {
+    "pathVariables": {
+      "cid": "${[scenarioContext][parentContext][childContexts][F-1016_CreateSuspendedCasePreRequisiteCaseworker][testData][actualResponse][body][id]}",
+      "etid": "updateCaseSubmitSuspendedTTL"
+    }
+  },
+
+  "expectedResponse": {
+    "body": {
+      "event_id": "updateCaseSubmitSuspendedTTL"
+    }
+  }
+}

src/aat/resources/features/F-1016 - Submit Event to Update TTL/S-1016.14.td.json

@@ -5,7 +5,7 @@
   "title": "TTL.Suspended changed to \"No\", SystemTTL and OverrideTTL greater than Guard value using v2 '/cases/{cid}/events'",
 
   "prerequisites" : [ {
-    "Token_Creation": "S-1016_GetUpdateSuspendedCaseTokenCaseworker"
+    "Token_Creation": "S-1016.7_GetUpdateSuspendedCaseTokenCaseworker"
   }
   ],
 

src/aat/resources/features/F-1016 - Submit Event to Update TTL/S-1016.21.td.json

@@ -5,7 +5,7 @@
   "title": "TTL.Suspended changed to \"No\", SystemTTL and OverrideTTL greater than Guard value using '/citizens/{uid}/jurisdictions/{jid}/case-types/{ctid}/cases/{cid}/events'",
 
   "prerequisites" : [{
-    "Token_Creation": "S-1016_GetUpdateSuspendedCaseTokenCitizen"
+    "Token_Creation": "S-1016.21_GetUpdateSuspendedCaseTokenCitizen"
   }],
 
   "specs": [

src/aat/resources/features/F-1016 - Submit Event to Update TTL/S-1016.7.td.json

@@ -5,7 +5,7 @@
   "title": "TTL.Suspended changed to \"No\", SystemTTL and OverrideTTL greater than Guard value using '/caseworkers/{uid}/jurisdictions/{jid}/case-types/{ctid}/cases/{cid}/events'",
 
   "prerequisites" : [ {
-    "Token_Creation": "S-1016_GetUpdateSuspendedCaseTokenCaseworker"
+    "Token_Creation": "S-1016.7_GetUpdateSuspendedCaseTokenCaseworker"
   }
   ],
 

src/aat/resources/features/F-1016 - Submit Event to Update TTL/UpdateCase/F-1016_UpdateCase_TTLCaseType_updateCaseTTLIncHidden_PreRequisiteCitizen_TokenCreation.td.json

@@ -11,7 +11,7 @@
   "request": {
     "pathVariables": {
       "cid": "${[scenarioContext][siblingContexts][CreateCase_TTLCaseType_PreRequisiteCitizen][testData][actualResponse][body][id]}",
-      "etid": "updateCaseTTLInc"
+      "etid": "updateCaseTTLIncHidden"
     }
   },
 

src/aat/resources/features/F-1018 - Submit Event Creation Handle Case Links/CreateCases/Caseworker/S-1018.11-GetUpdateEventToken.td.json

@@ -0,0 +1,30 @@
+{
+	"title": "should create an event token for correct inputs",
+	"_guid_": "S-1018.11-GetUpdateEventToken",
+  "_extends_": "Token_Creation_Data_For_Master_Caseworker_Case_Creation",
+
+  "users": {
+    "invokingUser": {
+      "_extends_": "BeftaMasterCaseworker"
+    }
+  },
+
+	"request": {
+		"pathVariables": {
+			"cid": "${[scenarioContext][siblingContexts][F-1018_CreateAnotherCasePreRequisiteCaseworkerBase][testData][actualResponse][body][id]}"
+		}
+	},
+
+  "expectedResponse": {
+    "_extends_": "Common_200_Response",
+    "headers": {
+      "Content-Encoding": "gzip",
+      "Content-Length": "[[ANYTHING_PRESENT]]"
+    },
+    "body": {
+      "token": "[[ANYTHING_PRESENT]]",
+      "case_details": "[[ANYTHING_PRESENT]]",
+      "event_id": "updateCase"
+    }
+  }
+}

src/aat/resources/features/F-1018 - Submit Event Creation Handle Case Links/CreateCases/Citizen/S-1018.21-GetCitizenUpdateEventToken.td.json

@@ -0,0 +1,11 @@
+{
+	"title": "should create an event token for correct inputs",
+	"_guid_": "S-1018.21-GetCitizenUpdateEventToken",
+  "_extends_": "F-1018-GetCitizenUpdateEventTokenBase",
+
+	"request": {
+		"pathVariables": {
+			"cid": "${[scenarioContext][siblingContexts][F-1018_CreateAnotherCasePreRequisiteCitizenBase][testData][actualResponse][body][id]}"
+		}
+	}
+}

src/aat/resources/features/F-1018 - Submit Event Creation Handle Case Links/F-1018.feature

@@ -158,7 +158,7 @@ Feature: F-1018: Submit Event Creation Handle Case Links
       And   a successful call [to create a case] as in [F-1018_CreateCasePreRequisiteCaseworkerBase]
       And   another successful call [to create a case] as in [F-1018_CreateAnotherCasePreRequisiteCaseworkerBase]
       And   another successful call [to create a case with a different case_type] as in [F-1018_CreateThirdCaseDifferentCaseTypePreRequisiteCaseworkerBase]
-      And   a successful call [to get an event token for the case just created] as in [F-1018-GetUpdateEventToken]
+      And   a successful call [to get an event token for the case just created] as in [S-1018.11-GetUpdateEventToken]
       When  a request is prepared with appropriate values
       And   the request [contains correctly configured CaseLink field as a collection]
       And   the request [specifying the case to be updated, as created in F-1018_CreateLinkedCasePreRequisiteCaseworkerBase, does not contain a CaseLink field]
@@ -314,7 +314,7 @@ Feature: F-1018: Submit Event Creation Handle Case Links
     Given   a user with [an active profile in CCD]
       And   a successful call [to create a case] as in [F-1018_CreateCasePreRequisiteCitizenBase]
       And   another successful call [to create a case] as in [F-1018_CreateAnotherCasePreRequisiteCitizenBase]
-      And   a successful call [to get an update event token for the case just created as a Citizen] as in [F-1018-GetCitizenUpdateEventToken]
+      And   a successful call [to get an update event token for the case just created as a Citizen] as in [S-1018.21-GetCitizenUpdateEventToken]
       When  a request is prepared with appropriate values
       And   the request [contains correctly configured CaseLink field with Case Reference created in F-1018_CreateCasePreRequisiteCitizenBase]
       And   the request [specifying the case to be updated, as created in F-1018_CreateAnotherCasePreRequisiteCaseworkerBase, does not contain a CaseLink field]

src/aat/resources/features/F-1018 - Submit Event Creation Handle Case Links/S-1018.11.td.json

@@ -37,7 +37,7 @@
         "description": ""
       },
       "security_classification": "PUBLIC",
-      "event_token" : "${[scenarioContext][childContexts][F-1018-GetUpdateEventToken][testData][actualResponse][body][token]}",
+      "event_token" : "${[scenarioContext][childContexts][S-1018.11-GetUpdateEventToken][testData][actualResponse][body][token]}",
       "ignore_warning": true
     }
   },

src/aat/resources/features/F-1018 - Submit Event Creation Handle Case Links/S-1018.21.td.json

@@ -27,7 +27,7 @@
         "description": ""
       },
       "security_classification": "PUBLIC",
-      "event_token" : "${[scenarioContext][childContexts][F-1018-GetCitizenUpdateEventToken][testData][actualResponse][body][token]}",
+      "event_token" : "${[scenarioContext][childContexts][S-1018.21-GetCitizenUpdateEventToken][testData][actualResponse][body][token]}",
       "ignore_warning": true
     }
   },