From 82bbd54e2acca2c69c91d2401f46ffc6c6fa33d3 Mon Sep 17 00:00:00 2001
From: Phil-NHS <philip.tate@nhs.net>
Date: Tue, 6 Aug 2024 16:01:39 +0100
Subject: [PATCH 1/2] Swagger file was missing certificates endpoint

---
 .../SwaggerDefinitions/v1.3.0.json            | 33 +++++++++++++++++--
 1 file changed, 31 insertions(+), 2 deletions(-)

diff --git a/OpenAPI/LearningHub.Nhs.OpenApi/SwaggerDefinitions/v1.3.0.json b/OpenAPI/LearningHub.Nhs.OpenApi/SwaggerDefinitions/v1.3.0.json
index e7644d565..4fdbbba8b 100644
--- a/OpenAPI/LearningHub.Nhs.OpenApi/SwaggerDefinitions/v1.3.0.json
+++ b/OpenAPI/LearningHub.Nhs.OpenApi/SwaggerDefinitions/v1.3.0.json
@@ -1,5 +1,5 @@
 {
-  "openapi": "3.0.1",
+  "openapi": "3.0.2",
     "info": {
         "title": "LearningHub.NHS.OpenAPI",
         "version": "1.3.0",
@@ -296,7 +296,7 @@
         }
       }
     },
-    "/Resource/ActivityStatus/{activityStatusId}": {
+    "/Resource/User/{activityStatusId}": {
       "get": {
         "tags": [ "Resource" ],
         "summary": "Get resource references by activity status",
@@ -341,6 +341,35 @@
           }
         }
       }
+    },
+    "/Resource/User/Certificates": {
+      "get": {
+        "tags": [ "Resource" ],
+        "summary": "Get resource references where a major version has a certificate",
+        "operationId": "GetResourceReferencesByCertificates",
+        "parameters": [],
+        "responses": {
+          "200": {
+            "description": "Success",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "type": "array",
+                  "items": {
+                    "$ref": "#/components/schemas/ResourceReferenceWithResourceDetailsViewModel"
+                  }
+                }
+              }
+            }
+          },
+          "401": {
+            "description": "Unauthorized: User Id required."
+          },
+          "500": {
+            "description": "Internal server error: An unexpected error occurred while processing the request."
+          }
+        }
+      }
     }
   },
   "components": {

From 17ca95a04b30a636c391ae80c2541dba994d7300 Mon Sep 17 00:00:00 2001
From: Phil-NHS <philip.tate@nhs.net>
Date: Wed, 7 Aug 2024 12:07:41 +0100
Subject: [PATCH 2/2] No task, quick fix, to bookmark endpoint which needs
 oauth token handling

---
 .gitignore                                     |  2 ++
 .../Controllers/BookmarkController.cs          |  9 +++------
 .../Controllers/OpenApiControllerBase.cs       | 18 ++++++++++++++++++
 3 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/.gitignore b/.gitignore
index 04baa838f..5e8ca2030 100644
--- a/.gitignore
+++ b/.gitignore
@@ -50,3 +50,5 @@ obj
 /LearningHub.Nhs.WebUI.AutomatedUiTests/appsettings.Development.json
 /OpenAPI/LearningHub.Nhs.OpenApi/appsettings.Development.json
 /OpenAPI/LearningHub.Nhs.OpenApi/web.config
+/AdminUI/LearningHub.Nhs.AdminUI/LearningHub.Nhs.AdminUI.csproj.user
+/WebAPI/LearningHub.Nhs.API/LearningHub.Nhs.Api.csproj.user
diff --git a/OpenAPI/LearningHub.Nhs.OpenApi/Controllers/BookmarkController.cs b/OpenAPI/LearningHub.Nhs.OpenApi/Controllers/BookmarkController.cs
index d5897aa2a..9c7d8f0b9 100644
--- a/OpenAPI/LearningHub.Nhs.OpenApi/Controllers/BookmarkController.cs
+++ b/OpenAPI/LearningHub.Nhs.OpenApi/Controllers/BookmarkController.cs
@@ -15,7 +15,7 @@
     [Authorize]
     [Route("Bookmark")]
     [ApiController]
-    public class BookmarkController : Controller
+    public class BookmarkController : OpenApiControllerBase
     {
         private readonly IBookmarkService bookmarkService;
 
@@ -28,6 +28,7 @@ public BookmarkController(IBookmarkService bookmarkService)
             this.bookmarkService = bookmarkService;
         }
 
+        /// <summary>
         /// <summary>
         /// Gets all bookmarks by parent.
         /// </summary>
@@ -36,11 +37,7 @@ public BookmarkController(IBookmarkService bookmarkService)
         [Route("GetAllByParent")]
         public async Task<IEnumerable<UserBookmarkViewModel>> GetAllByParent()
         {
-            var accessToken = await this.HttpContext
-                .GetTokenAsync(OpenIdConnectParameterNames.AccessToken);
-
-            return await this.bookmarkService.GetAllByParent(
-                accessToken);
+            return await this.bookmarkService.GetAllByParent(this.TokenWithoutBearer);
         }
     }
 }
diff --git a/OpenAPI/LearningHub.Nhs.OpenApi/Controllers/OpenApiControllerBase.cs b/OpenAPI/LearningHub.Nhs.OpenApi/Controllers/OpenApiControllerBase.cs
index 799c15190..16fd3799c 100644
--- a/OpenAPI/LearningHub.Nhs.OpenApi/Controllers/OpenApiControllerBase.cs
+++ b/OpenAPI/LearningHub.Nhs.OpenApi/Controllers/OpenApiControllerBase.cs
@@ -38,5 +38,23 @@ public int? CurrentUserId
                 }
             }
         }
+
+        /// <summary>
+        /// Gets the bearer token from OAuth and removes "Bearer " prepend.
+        /// </summary>
+        public string TokenWithoutBearer
+        {
+            get
+            {
+                string accessToken = this.HttpContext.Request.Headers["Authorization"].ToString();
+
+                if (string.IsNullOrEmpty(accessToken))
+                {
+                    throw new HttpResponseException($"No token provided please use OAuth", HttpStatusCode.Unauthorized);
+                }
+
+                return accessToken.StartsWith("Bearer ") ? accessToken.Substring("Bearer ".Length) : accessToken;
+            }
+        }
     }
 }