NON-318: Sync changes from templates (#311)

* Use non-deprecated `internal` allow list group
Ref: ministryofjustice/hmpps-ip-allowlists#21

* hmpps-template-kotlin#215: Remove version from health and logging

* Use latest HMPPS kotlin test library and adopt their JWT authorisation helper

* Use HMPPS kotlin test library’s with-user annotation

* Adopt authentication holder from HMPPS kotlin library

* Remove product ID contributor in favour of `uk.gov.justice.hmpps.kotlin.health.ProductIdInfoContributor`

* Mark web application type as using servlets

* Remove unused/unnecessary components related to traces

* Report auth token’s principal (username or client-id) in audit events instead of falling back to SYSTEM_USER which is not really the actor in these cases

* Use concrete authentication holder in service test

---------

Co-authored-by: petergphillips <[email protected]>

build.gradle.kts

@@ -43,9 +43,8 @@ dependencies {
 
   testImplementation("org.wiremock:wiremock-standalone:3.8.0")
 
+  testImplementation("uk.gov.justice.service.hmpps:hmpps-kotlin-spring-boot-starter-test:1.0.2")
   testImplementation("org.awaitility:awaitility-kotlin:4.2.1")
-  testImplementation("io.jsonwebtoken:jjwt-impl:0.12.6")
-  testImplementation("io.jsonwebtoken:jjwt-jackson:0.12.6")
   testImplementation("org.mockito:mockito-inline:5.2.0")
   testImplementation("io.swagger.parser.v3:swagger-parser:2.1.22")
   testImplementation("org.springframework.security:spring-security-test")

helm_deploy/hmpps-non-associations-api/values.yaml

@@ -55,7 +55,8 @@ generic-service:
 
   allowlist:
     groups:
-      - internal
+      - digital_staff_and_mojo
+      - moj_cloud_platform
 
 generic-prometheus-alerts:
   targetApplication: hmpps-non-associations-api

src/main/kotlin/uk/gov/justice/digital/hmpps/hmppsnonassociationsapi/config/WebClientConfiguration.kt

@@ -9,7 +9,6 @@ import uk.gov.justice.digital.hmpps.hmppsnonassociationsapi.SYSTEM_USERNAME
 import uk.gov.justice.hmpps.kotlin.auth.authorisedWebClient
 import uk.gov.justice.hmpps.kotlin.auth.healthWebClient
 import java.time.Duration
-import java.util.*
 
 @Configuration
 class WebClientConfiguration(

src/main/kotlin/uk/gov/justice/digital/hmpps/hmppsnonassociationsapi/service/AuditService.kt

@@ -7,7 +7,7 @@ import org.slf4j.LoggerFactory
 import org.springframework.beans.factory.annotation.Value
 import org.springframework.stereotype.Service
 import software.amazon.awssdk.services.sqs.model.SendMessageRequest
-import uk.gov.justice.digital.hmpps.hmppsnonassociationsapi.config.AuthenticationFacade
+import uk.gov.justice.hmpps.kotlin.auth.HmppsAuthenticationHolder
 import uk.gov.justice.hmpps.sqs.HmppsQueue
 import uk.gov.justice.hmpps.sqs.HmppsQueueService
 import java.time.Clock
@@ -20,7 +20,7 @@ class AuditService(
   private val hmppsQueueService: HmppsQueueService,
   private val telemetryClient: TelemetryClient,
   private val objectMapper: ObjectMapper,
-  private val authenticationFacade: AuthenticationFacade,
+  private val authenticationHolder: HmppsAuthenticationHolder,
   private val clock: Clock,
 ) {
   private val auditQueue by lazy { hmppsQueueService.findByQueueId("audit") as HmppsQueue }
@@ -34,7 +34,7 @@ class AuditService(
   fun sendMessage(auditType: AuditType, id: String, details: Any, username: String? = null) {
     val auditEvent = AuditEvent(
       what = auditType.name,
-      who = username ?: authenticationFacade.getUserOrSystemInContext(),
+      who = username ?: authenticationHolder.principal,
       service = serviceName,
       details = details.toJson(),
       `when` = Instant.now(clock),

src/main/kotlin/uk/gov/justice/digital/hmpps/hmppsnonassociationsapi/service/NonAssociationsService.kt

@@ -9,7 +9,6 @@ import org.springframework.data.domain.PageRequest
 import org.springframework.data.domain.Pageable
 import org.springframework.data.domain.Sort
 import org.springframework.stereotype.Service
-import uk.gov.justice.digital.hmpps.hmppsnonassociationsapi.config.AuthenticationFacade
 import uk.gov.justice.digital.hmpps.hmppsnonassociationsapi.config.NonAssociationAlreadyClosedException
 import uk.gov.justice.digital.hmpps.hmppsnonassociationsapi.config.NonAssociationAlreadyOpenException
 import uk.gov.justice.digital.hmpps.hmppsnonassociationsapi.config.NonAssociationNotFoundException
@@ -36,6 +35,7 @@ import uk.gov.justice.digital.hmpps.hmppsnonassociationsapi.jpa.repository.NonAs
 import uk.gov.justice.digital.hmpps.hmppsnonassociationsapi.jpa.repository.findAllByPrisonerNumber
 import uk.gov.justice.digital.hmpps.hmppsnonassociationsapi.jpa.repository.findAnyBetweenPrisonerNumbers
 import uk.gov.justice.digital.hmpps.hmppsnonassociationsapi.jpa.repository.findAnyInvolvingPrisonerNumbers
+import uk.gov.justice.hmpps.kotlin.auth.HmppsAuthenticationHolder
 import java.time.Clock
 import java.time.LocalDateTime
 import kotlin.jvm.optionals.getOrNull
@@ -47,7 +47,7 @@ import uk.gov.justice.digital.hmpps.hmppsnonassociationsapi.jpa.NonAssociation a
 class NonAssociationsService(
   private val nonAssociationsRepository: NonAssociationsRepository,
   private val offenderSearch: OffenderSearchService,
-  private val authenticationFacade: AuthenticationFacade,
+  private val authenticationHolder: HmppsAuthenticationHolder,
   private val telemetryClient: TelemetryClient,
   private val clock: Clock,
 ) {
@@ -57,6 +57,9 @@ class NonAssociationsService(
   }
 
   fun createNonAssociation(createNonAssociationRequest: CreateNonAssociationRequest): NonAssociationDTO {
+    val createdBy = authenticationHolder.authenticationOrNull?.userName
+      ?: throw UserInContextMissingException()
+
     val prisonersToKeepApart = listOf(
       createNonAssociationRequest.firstPrisonerNumber,
       createNonAssociationRequest.secondPrisonerNumber,
@@ -76,8 +79,7 @@ class NonAssociationsService(
     }
 
     val nonAssociationJpa = createNonAssociationRequest.toNewEntity(
-      createdBy = authenticationFacade.currentUsername
-        ?: throw UserInContextMissingException(),
+      createdBy = createdBy,
       clock = clock,
     )
     val nonAssociation = persistNonAssociation(nonAssociationJpa).toDto()
@@ -153,15 +155,22 @@ class NonAssociationsService(
   }
 
   fun updateNonAssociation(id: Long, update: PatchNonAssociationRequest): NonAssociationDTO {
+    val updatedBy = authenticationHolder.authenticationOrNull?.userName
+      ?: throw UserInContextMissingException()
+
     val nonAssociation = nonAssociationsRepository.findById(id).getOrNull() ?: throw NonAssociationNotFoundException(id)
 
-    nonAssociation.updateWith(update, authenticationFacade.getUserOrSystemInContext(), clock)
+    nonAssociation.updateWith(update, updatedBy, clock)
 
     log.info("Updated Non-association [$id]")
     return nonAssociation.toDto()
   }
 
   fun closeNonAssociation(id: Long, closeRequest: CloseNonAssociationRequest): NonAssociationDTO {
+    val closedBy = closeRequest.closedBy
+      ?: authenticationHolder.authenticationOrNull?.userName
+      ?: throw UserInContextMissingException()
+
     val nonAssociation = nonAssociationsRepository.findById(id).getOrNull() ?: throw NonAssociationNotFoundException(id)
 
     if (nonAssociation.isClosed) {
@@ -170,7 +179,7 @@ class NonAssociationsService(
 
     nonAssociation.close(
       closedAt = closeRequest.closedAt ?: LocalDateTime.now(clock),
-      closedBy = closeRequest.closedBy ?: authenticationFacade.currentUsername ?: throw UserInContextMissingException(),
+      closedBy = closedBy,
       closedReason = closeRequest.closedReason,
     )
 
@@ -179,6 +188,10 @@ class NonAssociationsService(
   }
 
   fun reopenNonAssociation(id: Long, reopenNonAssociationRequest: ReopenNonAssociationRequest): NonAssociationDTO {
+    val reopenedBy = reopenNonAssociationRequest.reopenedBy
+      ?: authenticationHolder.authenticationOrNull?.userName
+      ?: throw UserInContextMissingException()
+
     val nonAssociation = nonAssociationsRepository.findById(id).getOrNull() ?: throw NonAssociationNotFoundException(id)
 
     if (nonAssociationsRepository.findAnyBetweenPrisonerNumbers(
@@ -193,7 +206,7 @@ class NonAssociationsService(
 
     nonAssociation.reopen(
       reopenedAt = reopenNonAssociationRequest.reopenedAt ?: LocalDateTime.now(clock),
-      reopenedBy = reopenNonAssociationRequest.reopenedBy ?: authenticationFacade.currentUsername ?: throw UserInContextMissingException(),
+      reopenedBy = reopenedBy,
       reopenedReason = reopenNonAssociationRequest.reopenReason,
     )