diff --git a/api.planx.uk/modules/send/uniform/uniform.ts b/api.planx.uk/modules/send/uniform/uniform.ts index 8bc552e053..ce8e6b2dda 100644 --- a/api.planx.uk/modules/send/uniform/uniform.ts +++ b/api.planx.uk/modules/send/uniform/uniform.ts @@ -1,11 +1,12 @@ import axios, { AxiosRequestConfig, isAxiosError } from "axios"; import { NextFunction, Request, Response } from "express"; -import { Buffer } from "node:buffer"; import FormData from "form-data"; import fs from "fs"; -import { markSessionAsSubmitted } from "../../saveAndReturn/service/utils"; import { gql } from "graphql-request"; +import jwt from "jsonwebtoken"; +import { Buffer } from "node:buffer"; import { $api } from "../../../client"; +import { markSessionAsSubmitted } from "../../saveAndReturn/service/utils"; import { buildSubmissionExportZip } from "../utils/exportZip"; interface UniformClient { @@ -21,8 +22,6 @@ interface UniformSubmissionResponse { interface RawUniformAuthResponse { access_token: string; - "organisation-name": string; - "organisation-id": string; } interface UniformAuthResponse { @@ -204,19 +203,21 @@ async function authenticate({ throw Error("Failed to authenticate to Uniform - no access token returned"); } - if ( - !response.data["organisation-name"] || - !response.data["organisation-id"] - ) { + // Decode access_token to get "organisation-name" & "organisation-id" + const decodedAccessToken = jwt.decode(response.data.access_token) as any; + const organisation = decodedAccessToken?.["organisation-name"]; + const organisationId = decodedAccessToken?.["organisation-id"]; + + if (!organisation || !organisationId) { throw Error( - "Failed to authenticate to Uniform - no organisation details returned", + "Failed to authenticate to Uniform - failed to decode organisation details from access_token", ); } const uniformAuthResponse: UniformAuthResponse = { token: response.data.access_token, - organisation: response.data["organisation-name"], - organisationId: response.data["organisation-id"], + organisation: organisation, + organisationId: organisationId, }; return uniformAuthResponse; diff --git a/e2e/tests/api-driven/src/invite-to-pay/mocks/server-mocks.yaml b/e2e/tests/api-driven/src/invite-to-pay/mocks/server-mocks.yaml index a1419013a9..65892e19ed 100644 --- a/e2e/tests/api-driven/src/invite-to-pay/mocks/server-mocks.yaml +++ b/e2e/tests/api-driven/src/invite-to-pay/mocks/server-mocks.yaml @@ -11,7 +11,7 @@ "messsage": "MOCKED RESPONSE" } -# UNIFORM token generation +# UNIFORM token generation, access_token is mock JWT with "organisation-name" & "organisation-id" properties - request: method: POST path: / @@ -21,9 +21,9 @@ Content-Type: application/json body: > { - "access_token": "TEST_TOKEN", - "organisation-name": "MOCKED", - "organisation-id": "MOCKED" + "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJvcmdhbmlzYXRpb24tbmFtZSI6Ik1PQ0tFRCIsIm9yZ2FuaXNhdGlvbi1pZCI6Ik1PQ0tFRCJ9.p0DE8MUc9obE751XWOYPQWWtLXtq8-kJMPre4VuOBHg", + "token_type": "Bearer", + "expires_in": 35999 } # UNIFORM submissions diff --git a/editor.planx.uk/.eslintrc b/editor.planx.uk/.eslintrc index d0141dc994..56e7548930 100644 --- a/editor.planx.uk/.eslintrc +++ b/editor.planx.uk/.eslintrc @@ -55,7 +55,7 @@ } ], "@typescript-eslint/no-unused-vars": [ - "error", + "warn", { "varsIgnorePattern": "^_", "argsIgnorePattern": "^_" diff --git a/infrastructure/application/index.ts b/infrastructure/application/index.ts index e05577573e..ae7e1d2aed 100644 --- a/infrastructure/application/index.ts +++ b/infrastructure/application/index.ts @@ -680,6 +680,10 @@ export = async () => { includeSubdomains: true, preload: true, }, + // Set X-Content-Type-Options = "nosniff" + contentTypeOptions: { + override: true, + }, }, } ).id,