Production deploy

api.planx.uk/modules/send/uniform/uniform.ts

@@ -1,11 +1,12 @@
 import axios, { AxiosRequestConfig, isAxiosError } from "axios";
 import { NextFunction, Request, Response } from "express";
-import { Buffer } from "node:buffer";
 import FormData from "form-data";
 import fs from "fs";
-import { markSessionAsSubmitted } from "../../saveAndReturn/service/utils";
 import { gql } from "graphql-request";
+import jwt from "jsonwebtoken";
+import { Buffer } from "node:buffer";
 import { $api } from "../../../client";
+import { markSessionAsSubmitted } from "../../saveAndReturn/service/utils";
 import { buildSubmissionExportZip } from "../utils/exportZip";
 
 interface UniformClient {
@@ -21,8 +22,6 @@ interface UniformSubmissionResponse {
 
 interface RawUniformAuthResponse {
   access_token: string;
-  "organisation-name": string;
-  "organisation-id": string;
 }
 
 interface UniformAuthResponse {
@@ -204,19 +203,21 @@ async function authenticate({
     throw Error("Failed to authenticate to Uniform - no access token returned");
   }
 
-  if (
-    !response.data["organisation-name"] ||
-    !response.data["organisation-id"]
-  ) {
+  // Decode access_token to get "organisation-name" & "organisation-id"
+  const decodedAccessToken = jwt.decode(response.data.access_token) as any;
+  const organisation = decodedAccessToken?.["organisation-name"];
+  const organisationId = decodedAccessToken?.["organisation-id"];
+
+  if (!organisation || !organisationId) {
     throw Error(
-      "Failed to authenticate to Uniform - no organisation details returned",
+      "Failed to authenticate to Uniform - failed to decode organisation details from access_token",
     );
   }
 
   const uniformAuthResponse: UniformAuthResponse = {
     token: response.data.access_token,
-    organisation: response.data["organisation-name"],
-    organisationId: response.data["organisation-id"],
+    organisation: organisation,
+    organisationId: organisationId,
   };
 
   return uniformAuthResponse;

e2e/tests/api-driven/src/invite-to-pay/mocks/server-mocks.yaml

@@ -11,7 +11,7 @@
         "messsage": "MOCKED RESPONSE"
       }
 
-# UNIFORM token generation
+# UNIFORM token generation, access_token is mock JWT with "organisation-name" & "organisation-id" properties
 - request:
     method: POST
     path: /
@@ -21,9 +21,9 @@
       Content-Type: application/json
     body: >
       {
-        "access_token": "TEST_TOKEN",
-        "organisation-name": "MOCKED",
-        "organisation-id": "MOCKED"
+        "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJvcmdhbmlzYXRpb24tbmFtZSI6Ik1PQ0tFRCIsIm9yZ2FuaXNhdGlvbi1pZCI6Ik1PQ0tFRCJ9.p0DE8MUc9obE751XWOYPQWWtLXtq8-kJMPre4VuOBHg",
+        "token_type": "Bearer",
+        "expires_in": 35999
       }
 
 # UNIFORM submissions

editor.planx.uk/.eslintrc

@@ -55,7 +55,7 @@
       }
     ],
     "@typescript-eslint/no-unused-vars": [
-      "error",
+      "warn",
       {
         "varsIgnorePattern": "^_",
         "argsIgnorePattern": "^_"

infrastructure/application/index.ts

@@ -680,6 +680,10 @@ export = async () => {
                 includeSubdomains: true,
                 preload: true,
               },
+              // Set X-Content-Type-Options = "nosniff"
+              contentTypeOptions: { 
+                override: true,
+              },
             },
           }
         ).id,