Merge pull request #2171 from MeasureAuthoringTool/feature/mat-6046-u…

…pdate-vsac-connection-prior

[MAT-6046] Replace TGT/ST with UMLS API Key in VSAC Requests - Prior

.github/workflows/build.yml

@@ -30,13 +30,10 @@ jobs:
           ruby-version: 2.7.2
           bundler-cache: true
 
-      - name: Use Node.js 14.x
+      - name: Use Node.js 16.x
         uses: actions/setup-node@v2
         with:
-          node-version: 14.x
-
-      - name: Use latest npm
-        run: npm install -g npm
+          node-version: 16.x
 
       - name: Install bundler & bundle-audit
         run: |
@@ -91,13 +88,10 @@ jobs:
           ruby-version: 2.7.2
           bundler-cache: true
 
-      - name: Use Node.js 14.x
+      - name: Use Node.js 16.x
         uses: actions/setup-node@v2
         with:
-          node-version: 14.x
-
-      - name: Use latest npm
-        run: npm install -g npm
+          node-version: 16.x
 
       - name: Install bundler & bundle-audit
         run: |

Dockerfile

@@ -14,7 +14,7 @@ RUN bash -lc "rvm install ruby-${RUBY_VERSION} && rvm --default use ruby-${RUBY_
 RUN rm -f /etc/service/nginx/down \
     && rm -f /etc/nginx/sites-enabled/default \
     && apt update \
-    && curl -fsSL https://deb.nodesource.com/setup_14.x | bash - \
+    && curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \
     && apt-get install -y nodejs \
     && npm install -g npm@latest \
     && apt-get install shared-mime-info -y

Gemfile.lock

@@ -1,6 +1,6 @@
 GIT
   remote: https://github.com/projecttacoma/cqm-parsers.git
-  revision: baa3e9a50b376e29a47956f5cfb7c5ebe49fc9dd
+  revision: 50891071760b46b70d120e5f3cc752c258cf2c69 
   branch: bonnie-prior-version
   specs:
     cqm-parsers (0.2.1.1)

app/controllers/api_v1/measures_controller.rb

@@ -81,8 +81,7 @@ def description
       param :population_titles, Array, of: String, :required => false, :desc => "The titles of the populations. If this is not included, populations will assume default values. i.e. \"Population 1\", \"Population 2\", etc."
       param :calculate_sdes, %w[true false], :required => false, :desc => "Should Supplemental Data Elements be included in calculations. Defaults to 'false' if not supplied."
 
-      param :vsac_tgt, String, :required => true, :desc => "VSAC ticket granting ticket. See https://www.nlm.nih.gov/vsac/support/"
-      param :vsac_tgt_expires_at, Integer, :required => true, :desc => "VSAC ticket granting ticket expiration time in seconds since epoch."
+      param :vsac_api_key, String, :required => true, :desc => "UMLS Api Key."
       param :vsac_query_type, %w[release profile], :required => false, :desc => "The type of VSAC query, either 'release', or 'profile'. Default to 'profile' if not supplied."
       param :vsac_query_include_draft, %w[true false], :required => false, :desc => "If VSAC should fetch draft value sets. Defaults to 'true' if not supplied."
       param :vsac_query_release, String, :required => false, :desc => "The program release used to retrieve value sets. Defaults to latest release for the eCQM program."
@@ -210,7 +209,7 @@ def calculated_results
     formats ["multipart/form-data"]
     error :code => 400, :desc => "Client sent bad parameters. Response contains explanation."
     error :code => 409, :desc => "Measure with this HQMF Set ID already exists."
-    error :code => 500, :desc => "A server error occured."
+    error :code => 500, :desc => "A server error occurred."
     param_group :measure_upload
     def create
       permitted_params = params.permit!.to_h
@@ -229,7 +228,7 @@ def create
     formats ["multipart/form-data"]
     error :code => 400, :desc => "Client sent bad parameters. Response contains explanation."
     error :code => 404, :desc => "Measure with this HQMF Set ID does not exist."
-    error :code => 500, :desc => "A server error occured."
+    error :code => 500, :desc => "A server error occurred."
     param_group :measure_upload
     def update
       measures, main_hqmf_set_id = update_measure(uploaded_file: params[:measure_file],

app/controllers/measures_controller.rb

@@ -31,7 +31,7 @@ def create
 
     begin
       scan_for_viruses(params[:measure_file])
-      vsac_tgt = obtain_ticket_granting_ticket
+      set_vsac_api_key
     rescue VirusFoundError => e
       logger.error "VIRSCAN: error message: #{e.message}"
       raise MeasurePackageVirusFoundError.new
@@ -43,13 +43,11 @@ def create
       raise convert_vsac_error_into_shared_error(e)
     end
 
-    params[:vsac_tgt] = vsac_tgt[:ticket]
-    params[:vsac_tgt_expires_at] = vsac_tgt[:expires]
     measures, main_hqmf_set_id = persist_measure(params[:measure_file], params.permit!.to_h, current_user)
     redirect_to "#{root_path}##{params[:redirect_route]}"
   rescue StandardError => e
-    # also clear the ticket granting ticket in the session if it was a VSACTicketExpiredError
-    session[:vsac_tgt] = nil if e.is_a?(VSACTicketExpiredError)
+    # also clear the vsac api key in the session if it was a VSACInvalidCredentialsError
+    session[:vsac_api_key] = nil if e.is_a?(VSACInvalidCredentialsError)
     flash[:error] = turn_exception_into_shared_error_if_needed(e).front_end_version
     redirect_to "#{root_path}##{params[:redirect_route]}"
   end
@@ -162,6 +160,15 @@ def retrieve_measure_details(params)
     }
   end
 
+  def set_vsac_api_key
+    if session[:vsac_api_key].nil?
+      raise Util::VSAC::VSACNoCredentialsError.new if params[:vsac_api_key].nil?
+      session[:vsac_api_key] = params[:vsac_api_key]
+    else
+      params[:vsac_api_key] = session[:vsac_api_key]
+    end
+  end
+
   def shift_years(measure, year_shift)
     # Copy the patients to make sure there are no errors before saving every patient
     patients = CQM::Patient.by_user_and_hqmf_set_id(current_user, measure.hqmf_set_id).all.entries
@@ -202,33 +209,4 @@ def shift_birth_datetime(birth_datetime, year_shift)
       birth_datetime.change(year: year_shift + birth_datetime.year)
     end
   end
-
-  def obtain_ticket_granting_ticket
-    # Retreive a (possibly) existing ticket granting ticket
-    ticket_granting_ticket = session[:vsac_tgt]
-
-    # If the ticket granting ticket doesn't exist (or has expired), get a new one
-    if ticket_granting_ticket.nil?
-      # The user could open a second browser window and remove their ticket_granting_ticket in the session after they
-      # prepared a measure upload assuming ticket_granting_ticket in the session in the first tab
-
-      # First make sure we have credentials to attempt getting a ticket with. Throw an error if there are no credentials.
-      if params[:vsac_api_key].nil?
-        raise Util::VSAC::VSACNoCredentialsError.new
-      end
-
-      # Retrieve a new ticket granting ticket by creating the api class.
-      api = Util::VSAC::VSACAPI.new(config: APP_CONFIG['vsac'], api_key: params[:vsac_api_key])
-      ticket_granting_ticket = api.ticket_granting_ticket
-
-      # Create a new ticket granting ticket session variable
-      session[:vsac_tgt] = ticket_granting_ticket
-      return ticket_granting_ticket
-
-      # If it does exist, let the api test it
-    else
-      api = Util::VSAC::VSACAPI.new(config: APP_CONFIG['vsac'], ticket_granting_ticket: ticket_granting_ticket)
-      return api.ticket_granting_ticket
-    end
-  end
 end

app/controllers/vsac_util_controller.rb

@@ -51,26 +51,20 @@ def program_release_names
   ##
   # GET /vsac_util/auth_valid
   #
-  # Gets the status of the ticket_granting_ticket in the session. Returns JSON:
-  # { valid: boolean, expires: DateTime }
+  # Gets the status of the API KEY in the session. Returns JSON:
+  # { valid: boolean }
   def auth_valid
-    # If VSAC TGT is still valid, return its expiration date/time
-    ticket_granting_ticket = session[:vsac_tgt]
+    vsac_api_key = session[:vsac_api_key]
 
-    # If there is no VSAC ticket granting ticket then return false.
-    if ticket_granting_ticket.nil? || ticket_granting_ticket.empty?
-      session[:vsac_tgt] = nil
-      render :json => {valid: false}
-
-    # If it exists then check it using the API
+    if vsac_api_key.nil? || vsac_api_key.empty?
+      session[:vsac_api_key] = nil
+      render :json => {valid:false}
     else
       begin
-        Util::VSAC::VSACAPI.new(config: APP_CONFIG['vsac'], ticket_granting_ticket: ticket_granting_ticket)
-        render :json => {valid: true, expires: ticket_granting_ticket[:expires]}
-
-      # API will throw an error if it has expired
-      rescue Util::VSAC::VSACTicketExpiredError
-        session[:vsac_tgt] = nil
+        # Util::VSAC::VSACAPI.new(config: APP_CONFIG['vsac'], api_key: vsac_api_key)
+        render :json => {valid: true}
+      rescue Util::VSAC::VSACInvalidCredentialsError
+        session[:vsac_api_key] = nil
         render :json => {valid: false}
       end
     end
@@ -79,10 +73,10 @@ def auth_valid
   ##
   # POST /vsac_util/auth_expire
   #
-  # Dumps the ticket_granting_ticket in the user session if there is one. Always returns JSON {}.
+  # Sets the vsac_api_key in the user session to nil. Always returns JSON {}.
   def auth_expire
     # Force expire the VSAC session
-    session[:vsac_tgt] = nil
+    session[:vsac_api_key] = nil
     render :json => {}
   end
 end

app/helpers/measure_helper.rb

@@ -256,11 +256,9 @@ def retrieve_vasc_options(params, get_defaults_from_vsac = false)
   end
 
   def build_vs_loader(params, get_defaults_from_vsac)
-    vsac_tgt_object = {ticket: params[:vsac_tgt], expires: Time.at(params[:vsac_tgt_expires_at].to_i)} if params[:vsac_tgt].present? && params[:vsac_tgt_expires_at].present?
-
-    return Measures::VSACValueSetLoader.new(
+    Measures::VSACValueSetLoader.new(
       options: retrieve_vasc_options(params, get_defaults_from_vsac),
-      ticket_granting_ticket: vsac_tgt_object
+      vsac_api_key: params[:vsac_api_key]
     )
   end
 
@@ -270,8 +268,6 @@ def convert_vsac_error_into_shared_error(error)
       return VSACVSLoadingError.new(error.oid)
     elsif error.is_a?(Util::VSAC::VSACInvalidCredentialsError)
       return VSACInvalidCredentialsError.new
-    elsif error.is_a?(Util::VSAC::VSACTicketExpiredError)
-      return VSACTicketExpiredError.new
     elsif error.is_a?(Util::VSAC::VSACNoCredentialsError)
       return VSACNoCredentialsError.new
     else