OM-188 Fixed missing SOAP Headers

openimis · Aug 26, 2024 · 62a0435 · 62a0435
1 parent 9ba04eb
commit 62a0435
Show file tree

Hide file tree

Showing 5 changed files with 62 additions and 12 deletions.
diff --git a/msystems/apps.py b/msystems/apps.py
@@ -11,8 +11,7 @@
     "mpass_key_dob": "BirthDate",
     "mpass_key_roles": "Role",
     "mpass_key_legal_entities": "OrganizationAdministrator",
-    #"mpass_key_legal_entities": "AdministeredLegalEntity",
-
+    # "mpass_key_legal_entities": "AdministeredLegalEntity",
 
     # Mpass configurations
     "mpass_config": {
@@ -97,7 +96,13 @@
         # The same as mpass private key
         "service_private_key": "",
         # Mconnect certificate, PEM string format
-        "mconnect_certificate": ""
+        "mconnect_certificate": "",
+
+        # Get Person Soap Header default values
+        "get_person_calling_user": "", # len 13
+        "get_person_calling_entity": "", # len 13
+        "get_person_call_basis": "", # max len 256
+        "get_person_call_reason": "", # max len 512
     }
 }
 

diff --git a/msystems/client/mconnect.py b/msystems/client/mconnect.py
@@ -1,7 +1,13 @@
+import logging
+
 from zeep import Client, Settings
 
+from core.models import User
 from msystems.apps import MsystemsConfig
 from msystems.client.utils import SoapWssePlugin, SoapClientError
+from policyholder.models import PolicyHolder
+
+logger = logging.getLogger(__name__)
 
 
 class MconnectClient:
@@ -16,8 +22,24 @@ def __init__(self):
                                                      MsystemsConfig.mconnect_config['service_certificate'],
                                                      MsystemsConfig.mconnect_config['mconnect_certificate'])])
 
-    def get_person(self, idpn):
+    def get_person(self, idnp: str, user: User = None, economic_unit: PolicyHolder = None):
         service_handle = self.client.service['GetPerson']
         if not service_handle:
             raise SoapClientError("Service GetPerson not found")
-        return service_handle(IDPN=idpn)
+
+        # Bounds for headers and idnp from Mconnect documentation, should not be exceeded in normal operation
+        # Added for extra protection
+
+        headers = {
+            "CallingUser": user.username[:13] or MsystemsConfig.mconnect_config['get_person_calling_user'][:13],
+            "CallingEntity": economic_unit.trade_name[:13]
+                             or MsystemsConfig.mconnect_config['get_person_calling_entity'][:13],
+            "CallBasis": MsystemsConfig.mconnect_config['get_person_call_basis'][:256],
+            "CallReason": MsystemsConfig.mconnect_config['get_person_call_reason'][:512]
+        }
+
+        try:
+            return service_handle(IDNP=idnp[:13], _soapheaders=headers)
+        except Exception as e:
+            logger.error("Error during Mconnect request", exc_info=e)
+            raise SoapClientError(str(e))
diff --git a/msystems/migrations/0007_add_languages.py b/msystems/migrations/0007_add_languages.py
@@ -0,0 +1,23 @@
+from django.db import migrations
+
+language_code_ro = "ro"
+language_code_ru = "ru"
+
+
+def on_migration(apps, schema_editor):
+    language_model = apps.get_model("core", "language")
+    if not language_model.objects.filter(code=language_code_ro).exists():
+        language_model(code=language_code_ro, name="Română").save()
+    if not language_model.objects.filter(code=language_code_ru).exists():
+        language_model(code=language_code_ru, name="Русский").save()
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ('msystems', '0006_add_bill_query_rights'),
+        ('core', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.RunPython(on_migration, migrations.RunPython.noop),
+    ]
diff --git a/msystems/services/saml_user_service.py → msystems/services/mpass_user_service.py b/msystems/services/saml_user_service.py → msystems/services/mpass_user_service.py
@@ -18,7 +18,7 @@
 logger = logging.getLogger(__name__)
 
 
-class SamlUserService:
+class MpassUserService:
     location = None
 
     def __init__(self):
@@ -85,13 +85,13 @@ def _update_user_legal_entities(self, user: User, user_data: dict) -> None:
         self._add_new_user_policyholders(user, policyholders)
 
     def _update_user_roles(self, user, user_data):
-        msystem_roles_list = user_data.get(MsystemsConfig.mpass_key_legal_entities, [MsystemsConfig.EMPLOYER])
+        mpass_roles_list = user_data.get(MsystemsConfig.mpass_key_roles, [MsystemsConfig.EMPLOYER])
 
-        for role in msystem_roles_list:
+        for role in mpass_roles_list:
             self._validate_incoming_roles(role)
 
-        self._delete_old_user_roles(user, msystem_roles_list)
-        self._add_new_user_roles(user, msystem_roles_list)
+        self._delete_old_user_roles(user, mpass_roles_list)
+        self._add_new_user_roles(user, mpass_roles_list)
 
     def _update_user_name(self, i_user, first_name, last_name):
         i_user.save_history()

diff --git a/msystems/views/mpass.py b/msystems/views/mpass.py
@@ -6,7 +6,7 @@
 from django.views.decorators.csrf import csrf_exempt
 from django.views.decorators.clickjacking import xframe_options_exempt
 from msystems.apps import MsystemsConfig
-from msystems.services.saml_user_service import SamlUserService
+from msystems.services.mpass_user_service import MpassUserService
 from onelogin.saml2.auth import OneLogin_Saml2_Auth, OneLogin_Saml2_Settings
 from graphql_jwt.decorators import jwt_cookie
 from graphql_jwt.shortcuts import get_token, create_refresh_token
@@ -83,7 +83,7 @@ def _handle_acs_login(request):
     username = auth.get_nameid()
     user_data = auth.get_attributes()
 
-    user = SamlUserService().login(username=username, user_data=user_data)
+    user = MpassUserService().login(username=username, user_data=user_data)
 
     # Tokens to be set in cookies
     request.jwt_token = get_token(user)