Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Orders Gateway #1396

Merged
merged 85 commits into from Mar 15, 2019
Merged
Changes from 1 commit
Commits
Show all changes
85 commits
Select commit Hold shift + click to select a range
707d80f
Electronic Orders: Update documentation strings to remove references …
jamesatheyDDS Nov 29, 2018
449f7d8
separate warrant officer ranks from lower commissioned officer ranks …
jamesatheyDDS Nov 29, 2018
95b1e15
Electronic Orders: add new needed columns and tables to the db schema
jamesatheyDDS Nov 29, 2018
20cc339
fizz doesn't like comments
jamesatheyDDS Nov 29, 2018
654826e
Electronic Orders: the orders table already has a status column
jamesatheyDDS Nov 29, 2018
e28a806
Electronic Orders: give losing_unit_id and gaining_unit_id differentl…
jamesatheyDDS Nov 29, 2018
a56dfc4
Electronic Orders: allow most of the new columns to be null strings
jamesatheyDDS Nov 29, 2018
9cca972
Electronic Orders: allow a few more columns to be null
jamesatheyDDS Nov 30, 2018
7dba7aa
Merge branch 'client-certs' into electronic-orders
jamesatheyDDS Jan 7, 2019
4b3927f
Restore simpler W-2 to W-5 abbreviations instead of CW-2 to CW-5, whi…
jamesatheyDDS Jan 8, 2019
15de51e
Add electronic orders fields to models
jamesatheyDDS Jan 8, 2019
837ab33
Merge branch 'client-certs' into electronic-orders
jamesatheyDDS Jan 8, 2019
4a5a8bb
Merge branch 'master' into electronic-orders
jamesatheyDDS Jan 9, 2019
1a2e606
Merge branch 'master' into electronic-orders
jamesatheyDDS Jan 10, 2019
76bed11
follow naming convention of other columns in the orders table
jamesatheyDDS Feb 6, 2019
851dddf
First draft of implementation of GetOrders endpoint. Many changes req…
jamesatheyDDS Feb 6, 2019
18570d9
Merge branch 'master' into electronic-orders
jamesatheyDDS Feb 7, 2019
fc340fe
store service member and unit info directly in order row, so that fut…
jamesatheyDDS Feb 13, 2019
7f73bc9
remove units table
jamesatheyDDS Feb 13, 2019
90fda4e
Put electronic orders into their own table for now; postponing the pa…
jamesatheyDDS Feb 14, 2019
584df9d
PostRevision and GetOrders working, but nullable / optional fields do…
jamesatheyDDS Feb 15, 2019
dc76b05
sort revisions in ascending sequence number order, to make appending …
jamesatheyDDS Feb 15, 2019
8e1aafa
Merge branch 'master' into electronic-orders
jamesatheyDDS Feb 15, 2019
93e9c46
reduce diff with master
jamesatheyDDS Feb 15, 2019
c6de256
remove Orders API <=> Internal API converters now that they are unused
jamesatheyDDS Feb 15, 2019
d854a68
implement PostRevisionToOrders
jamesatheyDDS Feb 15, 2019
29fc05c
check client cert for permission to read or write electronic orders b…
jamesatheyDDS Feb 15, 2019
038b747
generated swagger code checks the enumerations for correctness
jamesatheyDDS Feb 15, 2019
d513df1
deploy electronic_orders branch to experimental for a data transfer test
jamesatheyDDS Feb 15, 2019
8bc7f5c
update spelling of branch
jamesatheyDDS Feb 15, 2019
5ec7be8
The RNLT date is also optional, therefore nullable in the DB
jamesatheyDDS Feb 25, 2019
23a50ca
Merge branch 'master' into electronic-orders
jamesatheyDDS Feb 25, 2019
d1e4384
Merge branch 'master' into electronic-orders
jamesatheyDDS Feb 28, 2019
9dbde13
orders API v1.0 with new GET endpoints for orders by EDIPI and orders…
jamesatheyDDS Feb 28, 2019
2f1e8b0
Merge branch 'master' into electronic-orders
jamesatheyDDS Feb 28, 2019
765b1bd
fix build error, and don't deploy to experimental
jamesatheyDDS Feb 28, 2019
f66da3b
orders.yaml - update some doc strings
jamesatheyDDS Mar 4, 2019
2b50e7e
added tests for the ElectronicOrder and ElectronicOrdersRevision models
jamesatheyDDS Mar 7, 2019
17fe45e
added tests for GetOrders and GetOrdersByIssuerAndOrdersNum endpoints
jamesatheyDDS Mar 7, 2019
bd120f4
get EDIPI for SSN from DMDC
jamesatheyDDS Mar 7, 2019
48e6ea5
added tests for IndexOrdersForMember endpoint
jamesatheyDDS Mar 7, 2019
5577e3a
Merge branch 'master' into electronic-orders
jamesatheyDDS Mar 7, 2019
567de70
Use sub-tests to reduce overhead of DB truncate calls every test, and…
jamesatheyDDS Mar 8, 2019
338526f
Merge branch 'master' into electronic-orders
jamesatheyDDS Mar 8, 2019
75a2b37
make seqNum not nullable, since it's a required field, and that will …
jamesatheyDDS Mar 8, 2019
b490ef2
fix TestFetchElectronicOrderByIssuerAndOrdersNum (wrong order of para…
jamesatheyDDS Mar 8, 2019
1d1c1ff
checking in a blank line to make go-imports happy
jamesatheyDDS Mar 8, 2019
5c64a00
Make hasDependents not nullable - it's a required field
jamesatheyDDS Mar 8, 2019
56f1498
don't assume LosingUnit or GainingUnit structures will be present - t…
jamesatheyDDS Mar 8, 2019
0f7ffb3
PostRevision unit tests, both new and with an amendment
jamesatheyDDS Mar 8, 2019
0e940c4
add tests for PostRevisionToOrders
jamesatheyDDS Mar 8, 2019
4640aae
Merge branch 'master' into electronic-orders
jamesatheyDDS Mar 8, 2019
b16d854
Following "Querying the Database Safely" guidelines, make the FetchEl…
jamesatheyDDS Mar 8, 2019
9aef69f
Fix FetchElectronicOrdersByEdipi's slice-to-sliceOfPointers logic
jamesatheyDDS Mar 8, 2019
ca2349f
Log blocked attempts to read or write orders from specific issuers wi…
jamesatheyDDS Mar 8, 2019
417d773
Merge branch 'master' into electronic-orders
jamesatheyDDS Mar 8, 2019
f08e9c1
addressing PR feedback
jamesatheyDDS Mar 12, 2019
3b0d825
Revert adding x-nullable: false to the hasDependents field in Revisio…
jamesatheyDDS Mar 12, 2019
e012624
Merge branch 'master' into electronic-orders
jamesatheyDDS Mar 12, 2019
4578667
HasDependents is a bool* again in the ordersmessages.Revision, so upd…
jamesatheyDDS Mar 12, 2019
9a7bda1
Validate string enums using StringInclusion
jamesatheyDDS Mar 12, 2019
d574169
refactor client cert permissions checking for reading and writing ord…
jamesatheyDDS Mar 13, 2019
106ed0d
Merge branch 'master' into electronic-orders
jamesatheyDDS Mar 13, 2019
79042ec
Add URL to Appendix K-1 of the DTR to documentation of entitlements d…
jamesatheyDDS Mar 13, 2019
c85ffec
documents toElectronicOrdersRevision function
jamesatheyDDS Mar 13, 2019
6712dbb
Add indexes to electronic_orders table for orders_number+issuer and f…
jamesatheyDDS Mar 13, 2019
ea85cf7
small logging updates in the Orders API
jamesatheyDDS Mar 13, 2019
1fcd7ef
revert adding hs.DB().TruncateAll() to models.TestModelSuite()
jamesatheyDDS Mar 13, 2019
8b49cc4
Create an ElectronicOrder and its first ElectronicOrdersRevision in a…
jamesatheyDDS Mar 13, 2019
53b203b
Use master branch of golang.org/x/lint instead of travis-1.9 branch o…
jamesatheyDDS Mar 13, 2019
5f6e147
install the correct golint in 'make server_deps'
jamesatheyDDS Mar 13, 2019
44b1da4
deploy electronic-orders to experimental
jamesatheyDDS Mar 13, 2019
54fdbaa
Merge branch 'master' into electronic-orders
jamesatheyDDS Mar 13, 2019
03b5dfe
correctly format 10-digit edipi numbers into strings
jamesatheyDDS Mar 13, 2019
8713fcd
Verify orders read permission before hitting the DB in GetOrdersByIss…
jamesatheyDDS Mar 14, 2019
5262db5
use handlers.FmtDate{Time}Ptr() in payload creation function, like ot…
jamesatheyDDS Mar 14, 2019
6ba8986
Have the DB filter ElectronicOrders by allowed Issuers instead of doi…
jamesatheyDDS Mar 14, 2019
eaf087b
Remove migration that won't run on experimental. Will revisit creatin…
jamesatheyDDS Mar 14, 2019
c805896
reduce code duplication in creating ClientCert structs with all permi…
jamesatheyDDS Mar 14, 2019
666108a
clear the electronic_orders table so that adding indexes in a migrati…
jamesatheyDDS Mar 14, 2019
4df8b7b
Use handlers.ResponseForError() wherever possible in the Orders API i…
jamesatheyDDS Mar 15, 2019
a4d0318
Add new models.ErrWriteConflict error type, and use that instead of a…
jamesatheyDDS Mar 15, 2019
c4a7980
Add testdatagen.MakeDefaultElectronicOrder; refactor testdatagen.Make…
jamesatheyDDS Mar 15, 2019
dfb2957
Revert "deploy electronic-orders to experimental"
jamesatheyDDS Mar 15, 2019
651636b
Merge branch 'master' into electronic-orders
jamesatheyDDS Mar 15, 2019
File filter...
Filter file types
Jump to…
Jump to file or symbol
Failed to load files and symbols.
+310 −299
Diff settings

Always

Just for now

Use handlers.ResponseForError() wherever possible in the Orders API i…

…nstead of returning generated Swagger response types
  • Loading branch information...
jamesatheyDDS committed Mar 15, 2019
commit 4df8b7b3f267bba7b9d95e2688c3df6edb6f381c
@@ -86,6 +86,9 @@ func responseForBaseError(logger *zap.Logger, err error) middleware.Responder {
case models.ErrFetchForbidden:
skipLogger.Debug("forbidden", zap.Error(err))
return newErrResponse(http.StatusForbidden, err)
case models.ErrWriteForbidden:
skipLogger.Debug("forbidden", zap.Error(err))
return newErrResponse(http.StatusForbidden, err)
case models.ErrUserUnauthorized:
skipLogger.Debug("unauthorized", zap.Error(err))
return newErrResponse(http.StatusUnauthorized, err)
@@ -1,13 +1,11 @@
package ordersapi

import (
"fmt"
"log"
"net/http"

"github.com/go-openapi/loads"
"github.com/go-openapi/strfmt"
"go.uber.org/zap"

"github.com/transcom/mymove/pkg/gen/ordersapi"
"github.com/transcom/mymove/pkg/gen/ordersapi/ordersoperations"
@@ -122,82 +120,38 @@ func payloadForElectronicOrdersRevisionModel(revision models.ElectronicOrdersRev
return revisionPayload, nil
}

func verifyOrdersReadAccess(issuer models.Issuer, cert *models.ClientCert, logger *zap.Logger, logFailure bool) bool {
func verifyOrdersReadAccess(issuer models.Issuer, cert *models.ClientCert) bool {
switch issuer {
case models.IssuerAirForce:
if !cert.AllowAirForceOrdersRead {
if logFailure {
logger.Info("Client certificate is not permitted to read Air Force Orders")
}
return false
}
return cert.AllowAirForceOrdersRead
case models.IssuerArmy:
if !cert.AllowArmyOrdersRead {
if logFailure {
logger.Info("Client certificate is not permitted to read Army Orders")
}
return false
}
return cert.AllowArmyOrdersRead
case models.IssuerCoastGuard:
if !cert.AllowCoastGuardOrdersRead {
if logFailure {
logger.Info("Client certificate is not permitted to read Coast Guard Orders")
}
return false
}
return cert.AllowCoastGuardOrdersRead
case models.IssuerMarineCorps:
if !cert.AllowMarineCorpsOrdersRead {
if logFailure {
logger.Info("Client certificate is not permitted to read Marine Corps Orders")
}
return false
}
return cert.AllowMarineCorpsOrdersRead
case models.IssuerNavy:
if !cert.AllowNavyOrdersRead {
if logFailure {
logger.Info("Client certificate is not permitted to read Navy Orders")
}
return false
}
return cert.AllowNavyOrdersRead
default:
// Unknown issuer
logger.Error(fmt.Sprint("Unknown issuer ", issuer))
return false
}
return true
}

func verifyOrdersWriteAccess(issuer models.Issuer, cert *models.ClientCert, logger *zap.Logger) bool {
func verifyOrdersWriteAccess(issuer models.Issuer, cert *models.ClientCert) bool {
switch issuer {
case models.IssuerAirForce:
if !cert.AllowAirForceOrdersWrite {
logger.Info("Client certificate is not permitted to write Air Force Orders")
return false
}
return cert.AllowAirForceOrdersWrite
case models.IssuerArmy:
if !cert.AllowArmyOrdersWrite {
logger.Info("Client certificate is not permitted to write Army Orders")
return false
}
return cert.AllowArmyOrdersWrite
case models.IssuerCoastGuard:
if !cert.AllowCoastGuardOrdersWrite {
logger.Info("Client certificate is not permitted to write Coast Guard Orders")
return false
}
return cert.AllowCoastGuardOrdersWrite
case models.IssuerMarineCorps:
if !cert.AllowMarineCorpsOrdersWrite {
logger.Info("Client certificate is not permitted to write Marine Corps Orders")
return false
}
return cert.AllowMarineCorpsOrdersWrite
case models.IssuerNavy:
if !cert.AllowNavyOrdersWrite {
logger.Info("Client certificate is not permitted to write Navy Orders")
return false
}
return cert.AllowNavyOrdersWrite
default:
// Unknown issuer
logger.Error(fmt.Sprint("Unknown issuer ", issuer))
return false
}
return true
}
@@ -1,10 +1,11 @@
package ordersapi

import (
"fmt"
"net/http"

"github.com/go-openapi/runtime/middleware"
"github.com/gofrs/uuid"
"github.com/pkg/errors"

"github.com/transcom/mymove/pkg/auth/authentication"
"github.com/transcom/mymove/pkg/gen/ordersapi/ordersoperations"
@@ -21,32 +22,24 @@ type GetOrdersHandler struct {
func (h GetOrdersHandler) Handle(params ordersoperations.GetOrdersParams) middleware.Responder {
clientCert := authentication.ClientCertFromRequestContext(params.HTTPRequest)
This conversation was marked as resolved by jamesatheyDDS

This comment has been minimized.

Copy link
@mikena-truss

mikena-truss Mar 14, 2019

Contributor

I find it a little tangled that the concept of a certificate is inside of the handler. It is probably out of the scope of this PR, but I'd like to have a thread about making our handlers agnostic to authentication methods. To me, it seems like the handler should only have a concept of identity which gets extrapolated into authorization in a service/model layer (whether this be a session or some other struct that outlines the necessary info). Authentication methods should wrap handlers and generate this identity information, so we could swap out any given method (certs, login.gov, api tokens, whatever the future may bring...). Our handlers also would then be reusable across API boundaries.

This comment has been minimized.

Copy link
@jamesatheyDDS

jamesatheyDDS Mar 14, 2019

Author Contributor

I completely agree with your points. If you want my participation on making the handlers agnostic to auth methods for some future PR, let me know; otherwise I don't have a personal need to interfere.

if clientCert == nil {
h.Logger().Info("No client certificate provided")
return ordersoperations.NewGetOrdersUnauthorized()
return handlers.ResponseForError(h.Logger(), errors.WithMessage(models.ErrUserUnauthorized, "No client certificate provided"))
}
if !clientCert.AllowOrdersAPI {
h.Logger().Info("Client certificate is not authorized to access this API")
return ordersoperations.NewGetOrdersForbidden()
return handlers.ResponseForError(h.Logger(), errors.WithMessage(models.ErrFetchForbidden, "Not permitted to access this API"))
}

var err error

id, err := uuid.FromString(params.UUID.String())
if err != nil {
h.Logger().Error(fmt.Sprintf("Not a valid UUID: %s; why didn't the generated Swagger code catch this?", params.UUID))
return ordersoperations.NewGetOrdersBadRequest()
return handlers.ResponseForCustomErrors(h.Logger(), err, http.StatusBadRequest)
}

orders, err := models.FetchElectronicOrderByID(h.DB(), id)
if err == models.ErrFetchNotFound {
return ordersoperations.NewGetOrdersNotFound()
} else if err != nil {
h.Logger().Info("Error while fetching electronic Orders by ID")
return ordersoperations.NewGetOrdersInternalServerError()
if err != nil {
return handlers.ResponseForError(h.Logger(), err)
}

if !verifyOrdersReadAccess(orders.Issuer, clientCert, h.Logger(), true) {
return ordersoperations.NewGetOrdersForbidden()
if !verifyOrdersReadAccess(orders.Issuer, clientCert) {
return handlers.ResponseForError(h.Logger(), errors.WithMessage(models.ErrFetchForbidden, "Not permitted to read Orders from this issuer"))
}

ordersPayload, err := payloadForElectronicOrderModel(orders)
@@ -2,6 +2,7 @@ package ordersapi

import (
"github.com/go-openapi/runtime/middleware"
"github.com/pkg/errors"

"github.com/transcom/mymove/pkg/auth/authentication"
"github.com/transcom/mymove/pkg/gen/ordersapi/ordersoperations"
@@ -18,25 +19,18 @@ type GetOrdersByIssuerAndOrdersNumHandler struct {
func (h GetOrdersByIssuerAndOrdersNumHandler) Handle(params ordersoperations.GetOrdersByIssuerAndOrdersNumParams) middleware.Responder {
clientCert := authentication.ClientCertFromRequestContext(params.HTTPRequest)
if clientCert == nil {
h.Logger().Info("No client certificate provided")
return ordersoperations.NewGetOrdersByIssuerAndOrdersNumUnauthorized()
return handlers.ResponseForError(h.Logger(), errors.WithMessage(models.ErrUserUnauthorized, "No client certificate provided"))
}
if !clientCert.AllowOrdersAPI {
h.Logger().Info("Client certificate is not authorized to access this API")
return ordersoperations.NewGetOrdersByIssuerAndOrdersNumForbidden()
return handlers.ResponseForError(h.Logger(), errors.WithMessage(models.ErrFetchForbidden, "Not permitted to access this API"))
}
if !verifyOrdersReadAccess(models.Issuer(params.Issuer), clientCert, h.Logger(), true) {
return ordersoperations.NewGetOrdersByIssuerAndOrdersNumForbidden()
if !verifyOrdersReadAccess(models.Issuer(params.Issuer), clientCert) {
return handlers.ResponseForError(h.Logger(), errors.WithMessage(models.ErrFetchForbidden, "Not permitted to read orders from this issuer"))
}

var err error

orders, err := models.FetchElectronicOrderByIssuerAndOrdersNum(h.DB(), params.Issuer, params.OrdersNum)
if err == models.ErrFetchNotFound {
return ordersoperations.NewGetOrdersByIssuerAndOrdersNumNotFound()
} else if err != nil {
h.Logger().Info("Error while fetching electronic Orders by Issuer and Orders Num")
return ordersoperations.NewGetOrdersByIssuerAndOrdersNumInternalServerError()
if err != nil {
return handlers.ResponseForError(h.Logger(), err)
}

ordersPayload, err := payloadForElectronicOrderModel(orders)
@@ -2,6 +2,7 @@ package ordersapi

import (
"fmt"
"net/http"
"net/http/httptest"
"testing"

@@ -31,7 +32,10 @@ func (suite *HandlerSuite) TestGetOrdersByIssuerAndOrdersNumSuccess() {
response := handler.Handle(params)

suite.Assertions.IsType(&ordersoperations.GetOrdersByIssuerAndOrdersNumOK{}, response)
okResponse := response.(*ordersoperations.GetOrdersByIssuerAndOrdersNumOK)
okResponse, ok := response.(*ordersoperations.GetOrdersByIssuerAndOrdersNumOK)
if !ok {
return
}
suite.Equal(string(order.Issuer), string(okResponse.Payload.Issuer))
suite.Equal(order.OrdersNumber, okResponse.Payload.OrdersNum)
}
@@ -50,7 +54,12 @@ func (suite *HandlerSuite) TestGetOrdersByIssuerAndOrdersNumNoApiPerm() {
handler := GetOrdersByIssuerAndOrdersNumHandler{handlers.NewHandlerContext(suite.DB(), suite.TestLogger())}
response := handler.Handle(params)

suite.Assertions.IsType(&ordersoperations.GetOrdersByIssuerAndOrdersNumForbidden{}, response)
suite.IsType(&handlers.ErrResponse{}, response)
errResponse, ok := response.(*handlers.ErrResponse)
if !ok {
return
}
suite.Equal(http.StatusForbidden, errResponse.Code)
}

func (suite *HandlerSuite) TestGetOrdersByIssuerAndOrdersNumReadPerms() {
@@ -112,7 +121,12 @@ func (suite *HandlerSuite) TestGetOrdersByIssuerAndOrdersNumReadPerms() {
handler := GetOrdersByIssuerAndOrdersNumHandler{handlers.NewHandlerContext(suite.DB(), suite.TestLogger())}
response := handler.Handle(params)

suite.Assertions.IsType(&ordersoperations.GetOrdersByIssuerAndOrdersNumForbidden{}, response)
suite.IsType(&handlers.ErrResponse{}, response)
errResponse, ok := response.(*handlers.ErrResponse)
if !ok {
return
}
suite.Equal(http.StatusForbidden, errResponse.Code)
})
}
}
@@ -136,5 +150,10 @@ func (suite *HandlerSuite) TestGetOrdersByIssuerAndOrdersNumNotFound() {
handler := GetOrdersByIssuerAndOrdersNumHandler{handlers.NewHandlerContext(suite.DB(), suite.TestLogger())}
response := handler.Handle(params)

suite.Assertions.IsType(&ordersoperations.GetOrdersByIssuerAndOrdersNumNotFound{}, response)
suite.IsType(&handlers.ErrResponse{}, response)
errResponse, ok := response.(*handlers.ErrResponse)
if !ok {
return
}
suite.Equal(http.StatusNotFound, errResponse.Code)
}
@@ -1,6 +1,7 @@
package ordersapi

import (
"net/http"
"net/http/httptest"
"testing"

@@ -32,8 +33,11 @@ func (suite *HandlerSuite) TestGetOrdersSuccess() {
handler := GetOrdersHandler{handlers.NewHandlerContext(suite.DB(), suite.TestLogger())}
response := handler.Handle(params)

suite.Assertions.IsType(&ordersoperations.GetOrdersOK{}, response)
okResponse := response.(*ordersoperations.GetOrdersOK)
suite.IsType(&ordersoperations.GetOrdersOK{}, response)
okResponse, ok := response.(*ordersoperations.GetOrdersOK)
if !ok {
return
}
suite.Equal(strfmt.UUID(order.ID.String()), okResponse.Payload.UUID)
}

@@ -51,7 +55,12 @@ func (suite *HandlerSuite) TestGetOrdersNoApiPerm() {
handler := GetOrdersHandler{handlers.NewHandlerContext(suite.DB(), suite.TestLogger())}
response := handler.Handle(params)

suite.Assertions.IsType(&ordersoperations.GetOrdersForbidden{}, response)
suite.IsType(&handlers.ErrResponse{}, response)
errResponse, ok := response.(*handlers.ErrResponse)
if !ok {
return
}
suite.Equal(http.StatusForbidden, errResponse.Code)
}

func (suite *HandlerSuite) TestGetOrdersReadPerms() {
@@ -112,7 +121,12 @@ func (suite *HandlerSuite) TestGetOrdersReadPerms() {
handler := GetOrdersHandler{handlers.NewHandlerContext(suite.DB(), suite.TestLogger())}
response := handler.Handle(params)

suite.Assertions.IsType(&ordersoperations.GetOrdersForbidden{}, response)
suite.IsType(&handlers.ErrResponse{}, response)
errResponse, ok := response.(*handlers.ErrResponse)
if !ok {
return
}
suite.Equal(http.StatusForbidden, errResponse.Code)
})
}
}
@@ -133,5 +147,10 @@ func (suite *HandlerSuite) TestGetOrdersMissingUUID() {
handler := GetOrdersHandler{handlers.NewHandlerContext(suite.DB(), suite.TestLogger())}
response := handler.Handle(params)

suite.Assertions.IsType(&ordersoperations.GetOrdersNotFound{}, response)
suite.IsType(&handlers.ErrResponse{}, response)
errResponse, ok := response.(*handlers.ErrResponse)
if !ok {
return
}
suite.Equal(http.StatusNotFound, errResponse.Code)
}
@@ -2,6 +2,7 @@ package ordersapi

import (
"github.com/go-openapi/runtime/middleware"
"github.com/pkg/errors"

"github.com/transcom/mymove/pkg/auth/authentication"
"github.com/transcom/mymove/pkg/gen/ordersapi/ordersoperations"
@@ -19,26 +20,23 @@ type IndexOrdersForMemberHandler struct {
func (h IndexOrdersForMemberHandler) Handle(params ordersoperations.IndexOrdersForMemberParams) middleware.Responder {
clientCert := authentication.ClientCertFromRequestContext(params.HTTPRequest)
if clientCert == nil {
h.Logger().Info("No client certificate provided")
return ordersoperations.NewIndexOrdersForMemberUnauthorized()
return handlers.ResponseForError(h.Logger(), errors.WithMessage(models.ErrUserUnauthorized, "No client certificate provided"))
}
if !clientCert.AllowOrdersAPI {
h.Logger().Info("Client certificate is not authorized to access this API")
return ordersoperations.NewIndexOrdersForMemberForbidden()
return handlers.ResponseForError(h.Logger(), errors.WithMessage(models.ErrFetchForbidden, "Not permitted to access this API"))
}
allowedIssuers := clientCert.GetAllowedOrdersIssuersRead()
if len(allowedIssuers) == 0 {
h.Logger().Info("Client certificate is not permitted to read any Orders")
return ordersoperations.NewIndexOrdersForMemberForbidden()
return handlers.ResponseForError(h.Logger(), errors.WithMessage(models.ErrFetchForbidden, "Not permitted to read any Orders"))
}

orders, err := models.FetchElectronicOrdersByEdipiAndIssuers(h.DB(), params.Edipi, allowedIssuers)
if err == models.ErrFetchNotFound {
return ordersoperations.NewIndexOrdersForMemberOK().WithPayload([]*ordersmessages.Orders{})
} else if err != nil {
h.Logger().Info("Error while fetching electronic Orders by EDIPI")
return ordersoperations.NewIndexOrdersForMemberInternalServerError()
return handlers.ResponseForError(h.Logger(), err)
}

ordersPayloads := make([]*ordersmessages.Orders, len(orders))
for i, o := range orders {
payload, err := payloadForElectronicOrderModel(o)
Oops, something went wrong.
ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.