401 unauthorized issue resolved

[indraniBan]

📋 Description

JIRA ID:

Please provide a summary of the change and the motivation behind it. Include relevant context and details.

---

✅ Type of Change

• 🐞 Bug fix (non-breaking change which resolves an issue)
• ✨ New feature (non-breaking change which adds functionality)
• 🔥 Breaking change (fix or feature that would cause existing functionality to not work as expected)
• 🛠 Refactor (change that is neither a fix nor a new feature)
• ⚙️ Config change (configuration file or build script updates)
• 📚 Documentation (updates to docs or readme)
• 🧪 Tests (adding new or updating existing tests)
• 🎨 UI/UX (changes that affect the user interface)
• 🚀 Performance (improves performance)
• 🧹 Chore (miscellaneous changes that don't modify src or test files)

---

ℹ️ Additional Information

Please describe how the changes were tested, and include any relevant screenshots, logs, or other information that provides additional context.

Summary by CodeRabbit

• New Features
  • Enhanced secure API interactions by automatically including authentication tokens in service requests.
  • Improved authorization across various functionalities—such as screening, appointment bookings, data synchronization, and tele-consultation—to ensure reliable communication with external systems.
  • Streamlined token handling leads to a more robust and secure overall user experience.
• Chores
  • Updated the version of the actions/upload-artifact GitHub Action from version 3 to version 4.

[coderabbitai]

Walkthrough

This pull request introduces JWT token handling across multiple service classes. Each modified class now injects a CookieUtil to extract JWT tokens from the current HTTP request’s cookies using RequestContextHolder and ServletRequestAttributes. The extracted token is then added to HTTP request headers to ensure that outgoing API calls are authenticated. These adjustments are applied within the cancer screening, common transaction, data synchronization, registrar, and tele-consultation services.

Changes

Files	Change Summary
src/.../cancerScreening/CSCarestreamServiceImpl.java src/.../common/transaction/CommonDoctorServiceImpl.java src/.../common/transaction/CommonServiceImpl.java src/.../registrar/RegistrarServiceImpl.java src/.../tele_consultation/TeleConsultationServiceImpl.java	Injects and utilizes CookieUtil to extract JWT tokens from cookies via RequestContextHolder/ServletRequestAttributes and adds the token to HTTP request headers for authentication.
src/.../dataSyncActivity/DownloadDataFromServerImpl.java src/.../dataSyncActivity/DownloadDataFromServerTransactionalImpl.java src/.../dataSyncActivity/UploadDataToServerImpl.java	Adds CookieUtil for retrieving JWT tokens from cookies and modifies HTTP requests during data synchronization and upload operations to include the token in headers.
.github/workflows/package.yml	Updates the version of actions/upload-artifact from v3 to v4.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant Service
    participant CookieUtil
    participant ExternalAPI

    Client->>Service: Sends HTTP request
    Service->>Service: Retrieve HttpServletRequest via RequestContextHolder
    Service->>CookieUtil: Extract JWT token from cookie
    CookieUtil-->>Service: Returns JWT token
    Service->>ExternalAPI: HTTP request with header "Cookie: Jwttoken=<token>"
    ExternalAPI-->>Service: Returns response
    Service-->>Client: Responds back

Loading

Poem

I’m a hopping coder with ears so keen,
Scouring cookies for tokens, swift and clean.
With JWT magic tucked in each request,
My code’s secured and stands the test.
I celebrate each change with a joyful bound—
A rabbit’s cheer in every line found! 🐇🎉

Tip

⚡🧪 Multi-step agentic review comment chat (experimental)

• We're introducing multi-step agentic chat in review comments. This experimental feature enhances review discussions with the CodeRabbit agentic chat by enabling advanced interactions, including the ability to create pull requests directly from comments.
  - To enable this feature, set early_access to true under in the settings.

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ea1a551 and 22a9e60.

📒 Files selected for processing (1)

• .github/workflows/package.yml (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• .github/workflows/package.yml

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[sonarqubecloud]

Quality Gate passed

Issues
10 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.9% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 4

🔭 Outside diff range comments (1)

src/main/java/com/iemr/mmu/service/registrar/RegistrarServiceImpl.java (1)

735-797: 🛠️ Refactor suggestion

Significant code duplication across multiple methods.

The same JWT token extraction logic is repeated in four different methods (registerBeneficiary, updateBeneficiary, beneficiaryQuickSearch, and beneficiaryAdvanceSearch).

Extract this common code into a private helper method:

+ private HttpEntity<Object> createAuthenticatedRequest(String requestBody, String authorization) {
+     ServletRequestAttributes requestAttributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
+     String jwtTokenFromCookie = null;
+     if (requestAttributes != null) {
+         HttpServletRequest requestHeader = requestAttributes.getRequest();
+         jwtTokenFromCookie = cookieUtil.getJwtTokenFromCookie(requestHeader);
+     }
+     
+     MultiValueMap<String, String> headers = new LinkedMultiValueMap<>();
+     headers.add("Content-Type", "application/json");
+     headers.add("AUTHORIZATION", authorization);
+     if (jwtTokenFromCookie != null) {
+         headers.add("Cookie", "Jwttoken=" + jwtTokenFromCookie);
+     }
+     
+     return new HttpEntity<>(requestBody, headers);
+ }

Then update all the methods to use this helper:

// Example for registerBeneficiary
- HttpServletRequest requestHeader = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes())
-         .getRequest();
- String jwtTokenFromCookie = cookieUtil.getJwtTokenFromCookie(requestHeader);
- MultiValueMap<String, String> headers = new LinkedMultiValueMap<String, String>();
- headers.add("Content-Type", "application/json");
- headers.add("AUTHORIZATION", Authorization);
- headers.add("Cookie", "Jwttoken=" + jwtTokenFromCookie);
- HttpEntity<Object> request = new HttpEntity<Object>(comingRequest, headers);
+ HttpEntity<Object> request = createAuthenticatedRequest(comingRequest, Authorization);

🧹 Nitpick comments (2)

src/main/java/com/iemr/mmu/service/dataSyncActivity/DownloadDataFromServerTransactionalImpl.java (1)

277-280: Code duplication - JWT token extraction logic is repeated.

The same JWT token extraction logic is used in both downloadDataFromCentral and updateProcessedFlagToCentral methods.

Extract this logic into a private helper method to improve maintainability:

+ private String getJwtTokenFromCurrentRequest() {
+     ServletRequestAttributes requestAttributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
+     if (requestAttributes != null) {
+         HttpServletRequest requestHeader = requestAttributes.getRequest();
+         return cookieUtil.getJwtTokenFromCookie(requestHeader);
+     }
+     return null;
+ }

Then use this method in both places where the token is needed.

src/main/java/com/iemr/mmu/service/common/transaction/CommonServiceImpl.java (1)

715-719: Code duplication - JWT token extraction logic is repeated.

The same JWT token extraction logic is used in multiple methods (getTmCaseSheet and getCaseSheetFromCentralServer).

Extract this logic into a private helper method to improve maintainability:

+ private String getJwtTokenFromCurrentRequest() {
+     ServletRequestAttributes requestAttributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
+     if (requestAttributes != null) {
+         HttpServletRequest requestHeader = requestAttributes.getRequest();
+         return cookieUtil.getJwtTokenFromCookie(requestHeader);
+     }
+     return null;
+ }

Then use this method in all places where the token is needed.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4d76aad and ea1a551.

📒 Files selected for processing (8)

• src/main/java/com/iemr/mmu/service/cancerScreening/CSCarestreamServiceImpl.java (2 hunks)
• src/main/java/com/iemr/mmu/service/common/transaction/CommonDoctorServiceImpl.java (4 hunks)
• src/main/java/com/iemr/mmu/service/common/transaction/CommonServiceImpl.java (5 hunks)
• src/main/java/com/iemr/mmu/service/dataSyncActivity/DownloadDataFromServerImpl.java (4 hunks)
• src/main/java/com/iemr/mmu/service/dataSyncActivity/DownloadDataFromServerTransactionalImpl.java (5 hunks)
• src/main/java/com/iemr/mmu/service/dataSyncActivity/UploadDataToServerImpl.java (5 hunks)
• src/main/java/com/iemr/mmu/service/registrar/RegistrarServiceImpl.java (7 hunks)
• src/main/java/com/iemr/mmu/service/tele_consultation/TeleConsultationServiceImpl.java (4 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: Analyze (java)

🔇 Additional comments (21)

src/main/java/com/iemr/mmu/service/dataSyncActivity/UploadDataToServerImpl.java (3)

43-45: Necessary imports added for JWT token extraction.

These imports enable the use of RequestContextHolder and ServletRequestAttributes for accessing the current HTTP request, along with CookieUtil for extracting JWT tokens from cookies.

Also applies to: 54-56

---

87-88: CookieUtil dependency properly injected.

The CookieUtil is correctly autowired to allow extraction of JWT tokens from cookies.

---

352-355: Properly implemented JWT token extraction and header inclusion.

The code correctly:

1. Retrieves the current HTTP request using RequestContextHolder
2. Extracts the JWT token from cookies using the cookieUtil
3. Adds the token to the request headers, resolving the 401 unauthorized issue

This implementation ensures proper authentication when making API calls to the data sync upload URL.

Also applies to: 380-380

src/main/java/com/iemr/mmu/service/tele_consultation/TeleConsultationServiceImpl.java (3)

45-47: Necessary imports added for JWT token handling.

These imports enable access to the current HTTP request context and cookie utilities needed for JWT token extraction.

Also applies to: 61-65

---

79-80: CookieUtil dependency properly injected.

The CookieUtil is correctly autowired for JWT token extraction from cookies.

---

195-198: JWT token extraction and header inclusion implemented correctly.

This implementation:

1. Obtains the current HTTP request from the RequestContextHolder
2. Extracts the JWT token from cookies using cookieUtil
3. Adds the token to the request headers when calling the teleconsultation specialist slot cancellation API

This ensures proper authentication for the external API call, resolving potential 401 unauthorized errors.

Also applies to: 201-201

src/main/java/com/iemr/mmu/service/cancerScreening/CSCarestreamServiceImpl.java (3)

42-44: Required imports added for JWT token handling.

These imports provide the necessary classes for accessing the current HTTP request and extracting JWT tokens from cookies.

Also applies to: 46-48

---

56-57: CookieUtil dependency properly injected.

The CookieUtil is correctly autowired for JWT token extraction.

---

64-67: JWT token extraction and header inclusion properly implemented.

The implementation correctly:

1. Retrieves the current HTTP request context
2. Extracts the JWT token from cookies
3. Adds the token to the request headers for the mammography request API call

This ensures proper authentication when interacting with the Carestream service.

Also applies to: 72-72

src/main/java/com/iemr/mmu/service/dataSyncActivity/DownloadDataFromServerImpl.java (4)

46-47: Required imports added for JWT token handling.

These imports enable access to the current HTTP request and cookie utilities for JWT token extraction.

Also applies to: 55-55, 58-58

---

73-74: CookieUtil dependency properly injected.

The CookieUtil is correctly autowired for JWT token extraction from cookies.

---

188-191: JWT token extraction and header inclusion implemented in downloadDataFromServer method.

The implementation correctly retrieves the current HTTP request, extracts the JWT token from cookies, and adds it to the request headers when downloading master data from the server.

Also applies to: 196-196

---

345-348: JWT token handling implemented in callCentralAPIToGenerateBenIDAndimportToLocal method.

The code correctly implements JWT token extraction and includes it in the request headers when calling the central API for beneficiary ID generation, ensuring proper authentication.

Also applies to: 353-353

src/main/java/com/iemr/mmu/service/dataSyncActivity/DownloadDataFromServerTransactionalImpl.java (2)

81-82: New dependency injection for JWT token handling.

The CookieUtil injection enables the extraction of JWT tokens from cookies to solve the 401 unauthorized issue.

---

253-253: Added JWT token to request headers.

The JWT token is correctly added to the Cookie header for authentication with the server.

src/main/java/com/iemr/mmu/service/common/transaction/CommonDoctorServiceImpl.java (2)

114-115: New dependency injection for JWT token handling.

The CookieUtil injection enables the extraction of JWT tokens from cookies to solve the 401 unauthorized issue.

---

915-915: Added JWT token to request headers.

The JWT token is correctly added to the Cookie header for authentication with the server.

src/main/java/com/iemr/mmu/service/common/transaction/CommonServiceImpl.java (2)

132-133: New dependency injection for JWT token handling.

The CookieUtil injection enables the extraction of JWT tokens from cookies to solve the 401 unauthorized issue.

---

649-649: Added JWT token to request headers.

The JWT token is correctly added to the Cookie header for authentication with the server.

src/main/java/com/iemr/mmu/service/registrar/RegistrarServiceImpl.java (2)

112-113: New dependency injection for JWT token handling.

The CookieUtil injection enables the extraction of JWT tokens from cookies to solve the 401 unauthorized issue.

---

707-707: Added JWT token to request headers.

The JWT token is correctly added to the Cookie header for authentication with the server.

[coderabbitai]

⚠️ Potential issue

Missing error handling for RequestContextHolder.

The current implementation assumes RequestContextHolder.getRequestAttributes() will never return null, which could happen in non-HTTP contexts (background jobs, scheduled tasks, etc.).

Add null check to prevent NullPointerException:

- HttpServletRequest requestHeader = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes())
-         .getRequest();
- String jwtTokenFromCookie = cookieUtil.getJwtTokenFromCookie(requestHeader);
+ ServletRequestAttributes requestAttributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
+ String jwtTokenFromCookie = null;
+ if (requestAttributes != null) {
+     HttpServletRequest requestHeader = requestAttributes.getRequest();
+     jwtTokenFromCookie = cookieUtil.getJwtTokenFromCookie(requestHeader);
+ }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	HttpServletRequest requestHeader = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes())
	.getRequest();
	String jwtTokenFromCookie = cookieUtil.getJwtTokenFromCookie(requestHeader);
	SyncUploadDataDigester syncUploadDataDigester = new SyncUploadDataDigester(schemaName, tableName,
	ServletRequestAttributes requestAttributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
	String jwtTokenFromCookie = null;
	if (requestAttributes != null) {
	HttpServletRequest requestHeader = requestAttributes.getRequest();
	jwtTokenFromCookie = cookieUtil.getJwtTokenFromCookie(requestHeader);
	}
	SyncUploadDataDigester syncUploadDataDigester = new SyncUploadDataDigester(schemaName, tableName,

[coderabbitai]

⚠️ Potential issue

Missing error handling for RequestContextHolder.

The current implementation assumes RequestContextHolder.getRequestAttributes() will never return null, which could happen in non-HTTP contexts.

Add null check to prevent NullPointerException:

- HttpServletRequest requestHeader = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes())
-         .getRequest();
- String jwtTokenFromCookie = cookieUtil.getJwtTokenFromCookie(requestHeader);
+ ServletRequestAttributes requestAttributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
+ String jwtTokenFromCookie = null;
+ if (requestAttributes != null) {
+     HttpServletRequest requestHeader = requestAttributes.getRequest();
+     jwtTokenFromCookie = cookieUtil.getJwtTokenFromCookie(requestHeader);
+ }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	HttpServletRequest requestHeader = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes())
	.getRequest();
	String jwtTokenFromCookie = cookieUtil.getJwtTokenFromCookie(requestHeader);
	MultiValueMap<String, String> headers = new LinkedMultiValueMap<String, String>();
	ServletRequestAttributes requestAttributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
	String jwtTokenFromCookie = null;
	if (requestAttributes != null) {
	HttpServletRequest requestHeader = requestAttributes.getRequest();
	jwtTokenFromCookie = cookieUtil.getJwtTokenFromCookie(requestHeader);
	}
	MultiValueMap<String, String> headers = new LinkedMultiValueMap<String, String>();

[coderabbitai]

⚠️ Potential issue

Missing error handling for RequestContextHolder.

The current implementation assumes RequestContextHolder.getRequestAttributes() will never return null, which could happen in non-HTTP contexts.

Add null check to prevent NullPointerException:

- HttpServletRequest requestHeader = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes())
-         .getRequest();
- String jwtTokenFromCookie = cookieUtil.getJwtTokenFromCookie(requestHeader);
+ ServletRequestAttributes requestAttributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
+ String jwtTokenFromCookie = null;
+ if (requestAttributes != null) {
+     HttpServletRequest requestHeader = requestAttributes.getRequest();
+     jwtTokenFromCookie = cookieUtil.getJwtTokenFromCookie(requestHeader);
+ }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	HttpServletRequest requestHeader = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes())
	.getRequest();
	String jwtTokenFromCookie = cookieUtil.getJwtTokenFromCookie(requestHeader);
	MultiValueMap<String, String> headers = new LinkedMultiValueMap<String, String>();
	ServletRequestAttributes requestAttributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
	String jwtTokenFromCookie = null;
	if (requestAttributes != null) {
	HttpServletRequest requestHeader = requestAttributes.getRequest();
	jwtTokenFromCookie = cookieUtil.getJwtTokenFromCookie(requestHeader);
	}
	MultiValueMap<String, String> headers = new LinkedMultiValueMap<String, String>();

[coderabbitai]

⚠️ Potential issue

Missing error handling for RequestContextHolder.

The current implementation assumes RequestContextHolder.getRequestAttributes() will never return null, which could happen in non-HTTP contexts.

Add null check to prevent NullPointerException:

- HttpServletRequest requestHeader = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes())
-         .getRequest();
- String jwtTokenFromCookie = cookieUtil.getJwtTokenFromCookie(requestHeader);
+ ServletRequestAttributes requestAttributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
+ String jwtTokenFromCookie = null;
+ if (requestAttributes != null) {
+     HttpServletRequest requestHeader = requestAttributes.getRequest();
+     jwtTokenFromCookie = cookieUtil.getJwtTokenFromCookie(requestHeader);
+ }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	HttpServletRequest requestHeader = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes())
	.getRequest();
	String jwtTokenFromCookie = cookieUtil.getJwtTokenFromCookie(requestHeader);
	MultiValueMap<String, String> headers = new LinkedMultiValueMap<String, String>();
	ServletRequestAttributes requestAttributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
	String jwtTokenFromCookie = null;
	if (requestAttributes != null) {
	HttpServletRequest requestHeader = requestAttributes.getRequest();
	jwtTokenFromCookie = cookieUtil.getJwtTokenFromCookie(requestHeader);
	}
	MultiValueMap<String, String> headers = new LinkedMultiValueMap<String, String>();

[ravishanigarapu]

looks fine