Avoid leaking details when canSeeReource rejects a resource from consent

service
2019-09-10 11:14:44 -04:00 · 2019-09-10 11:14:44 -04:00 · 0843a2b02d
parent 95e75d0a7d
commit 0843a2b02d
3 changed files with 74 additions and 4 deletions
--- a/hapi-fhir-jpaserver-base/src/test/java/ca/uhn/fhir/jpa/provider/r4/ConsentInterceptorResourceProviderR4Test.java
+++ b/hapi-fhir-jpaserver-base/src/test/java/ca/uhn/fhir/jpa/provider/r4/ConsentInterceptorResourceProviderR4Test.java
@ -313,7 +313,7 @@ public class ConsentInterceptorResourceProviderR4Test extends BaseResourceProvid
 		patient.setActive(true);

 		// Reject output
-		consentService.setTarget(new ConsentSvcRejectSeeingAnything());
+		consentService.setTarget(new ConsentSvcRejectCanSeeAnything());
 		HttpPost post = new HttpPost(ourServerBase + "/Patient");
 		post.addHeader(Constants.HEADER_PREFER, Constants.HEADER_PREFER_RETURN + '=' + Constants.HEADER_PREFER_RETURN_REPRESENTATION);
 		post.setEntity(toEntity(patient));
@ -356,7 +356,7 @@ public class ConsentInterceptorResourceProviderR4Test extends BaseResourceProvid
 		ourRestServer.getInterceptorService().registerInterceptor(myConsentInterceptor);

 		// Reject output
-		consentService.setTarget(new ConsentSvcRejectSeeingAnything());
+		consentService.setTarget(new ConsentSvcRejectCanSeeAnything());
 		patient = new Patient();
 		patient.setId(id);
 		patient.setActive(true);
@ -394,6 +394,32 @@ public class ConsentInterceptorResourceProviderR4Test extends BaseResourceProvid

 	}

+	@Test
+	public void testRejectWillSeeResource() throws IOException {
+		create50Observations();
+
+		ConsentSvcRejectWillSeeEvenNumbered consentService = new ConsentSvcRejectWillSeeEvenNumbered();
+		myConsentInterceptor = new ConsentInterceptor(consentService, IConsentContextServices.NULL_IMPL);
+		ourRestServer.getInterceptorService().registerInterceptor(myConsentInterceptor);
+
+		// Search for all
+		String url = ourServerBase + "/Observation?_pretty=true&_count=10";
+		ourLog.info("HTTP GET {}", url);
+		HttpGet get = new HttpGet(url);
+		get.addHeader(Constants.HEADER_ACCEPT, Constants.CT_JSON);
+		try (CloseableHttpResponse status = ourHttpClient.execute(get)) {
+			String responseString = IOUtils.toString(status.getEntity().getContent(), Charsets.UTF_8);
+			ourLog.info("Response: {}", responseString);
+			assertEquals(200, status.getStatusLine().getStatusCode());
+
+			Bundle result = myFhirCtx.newJsonParser().parseResource(Bundle.class, responseString);
+			List<IBaseResource> resources = BundleUtil.toListOfResources(myFhirCtx, result);
+			List<String> returnedIdValues = toUnqualifiedVersionlessIdValues(resources);
+			assertEquals(myObservationIdsOddOnly.subList(0, 5), returnedIdValues);
+		}
+
+	}
+
 	@Test
 	public void testGraphQL_Proceed() throws IOException {
 		createPatientAndOrg();
@ -727,7 +753,7 @@ public class ConsentInterceptorResourceProviderR4Test extends BaseResourceProvid

 	}

-	private static class ConsentSvcRejectSeeingAnything implements IConsentService {
+	private static class ConsentSvcRejectCanSeeAnything implements IConsentService {

 		@Override
 		public ConsentOutcome startOperation(RequestDetails theRequestDetails, IConsentContextServices theContextServices) {
@ -756,4 +782,43 @@ public class ConsentInterceptorResourceProviderR4Test extends BaseResourceProvid


 	}
+
+
+	private static class ConsentSvcRejectWillSeeEvenNumbered implements IConsentService {
+
+		@Override
+		public ConsentOutcome startOperation(RequestDetails theRequestDetails, IConsentContextServices theContextServices) {
+			return ConsentOutcome.PROCEED;
+		}
+
+		@Override
+		public ConsentOutcome canSeeResource(RequestDetails theRequestDetails, IBaseResource theResource, IConsentContextServices theContextServices) {
+			return ConsentOutcome.PROCEED;
+		}
+
+		@Override
+		public ConsentOutcome willSeeResource(RequestDetails theRequestDetails, IBaseResource theResource, IConsentContextServices theContextServices) {
+			if (theResource.getIdElement().isIdPartValidLong()) {
+				Long resIdLong = theResource.getIdElement().getIdPartAsLong();
+				if (resIdLong % 2 == 0) {
+					return new ConsentOutcome(ConsentOperationStatusEnum.REJECT);
+				}
+			}
+			return new ConsentOutcome(ConsentOperationStatusEnum.PROCEED);
+		}
+
+		@Override
+		public void completeOperationSuccess(RequestDetails theRequestDetails, IConsentContextServices theContextServices) {
+			// nothing
+		}
+
+		@Override
+		public void completeOperationFailure(RequestDetails theRequestDetails, BaseServerResponseException theException, IConsentContextServices theContextServices) {
+			// nothing
+		}
+
+
+	}
+
+
 }
--- a/hapi-fhir-server/src/main/java/ca/uhn/fhir/rest/server/interceptor/consent/ConsentInterceptor.java
+++ b/hapi-fhir-server/src/main/java/ca/uhn/fhir/rest/server/interceptor/consent/ConsentInterceptor.java
@ -178,7 +178,7 @@ public class ConsentInterceptor {
 						alreadySeenResources.put(newOperationOutcome, true);
 					} else {
 						String resourceId = nextResource.getIdElement().getValue();
-						theRequestDetails.getFhirContext().newTerser().clear(nextResource);
+						thePreResourceShowDetails.setResource(i, null);
 						nextResource.setId(resourceId);
 					}
 					break;
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@ -121,6 +121,11 @@
 				The GraphQL provider did not wrap the respone in a "data" element as described in the FHIR
 				specification. This has been corrected.
 			</action>
+			<action type="fix">
+				When using the Consent Service and denying a resource via the "Will See Resource" method, the resource ID
+				and version were still returned to the user. This has been corrected so that no details about
+				the resource are leaked.
+			</action>
 		</release>
 		<release version="4.0.1" date="2019-09-03" description="Igloo (Point Release)">
 			<action type="fix">