Add update for when certificate provider signs

Makefile

@@ -17,7 +17,7 @@ down: ## Stop application
 	docker compose down
 
 test: ## Unit tests
-	go test ./lambda/get/... ./lambda/create/... ./lambda/update/... ./internal/shared/... -race -covermode=atomic -coverprofile=coverage.out
+	go test ./... -race -covermode=atomic -coverprofile=coverage.out
 
 test-api: URL ?= http://localhost:9000
 test-api:

docs/openapi/openapi.yaml

@@ -119,7 +119,6 @@ paths:
         httpMethod: "POST"
         type: "aws_proxy"
         contentHandling: "CONVERT_TO_TEXT"
-
   /health-check:
     get:
       operationId: healthCheck
@@ -448,6 +447,7 @@ components:
             - DONOR_ADDRESS_UPDATE
             - ATTORNEY_ADDRESS_UPDATE
             - SCANNING_CORRECTION
+            - CERTIFICATE_PROVIDER_SIGN
         changes:
           type: array
           items:

internal/ddb/client.go

@@ -0,0 +1,69 @@
+package ddb
+
+import (
+	"context"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go/service/dynamodb"
+	"github.com/aws/aws-sdk-go/service/dynamodb/dynamodbattribute"
+	"github.com/aws/aws-xray-sdk-go/xray"
+	"github.com/ministryofjustice/opg-data-lpa-store/internal/shared"
+)
+
+type Client struct {
+	ddb       *dynamodb.DynamoDB
+	tableName string
+}
+
+func (c *Client) Put(ctx context.Context, data any) error {
+	item, err := dynamodbattribute.MarshalMap(data)
+	if err != nil {
+		return err
+	}
+
+	_, err = c.ddb.PutItemWithContext(ctx, &dynamodb.PutItemInput{
+		TableName: aws.String(c.tableName),
+		Item:      item,
+	})
+
+	return err
+}
+
+func (c *Client) Get(ctx context.Context, uid string) (shared.Lpa, error) {
+	lpa := shared.Lpa{}
+
+	marshalledUid, err := dynamodbattribute.Marshal(uid)
+	if err != nil {
+		return lpa, err
+	}
+
+	getItemOutput, err := c.ddb.GetItemWithContext(ctx, &dynamodb.GetItemInput{
+		TableName: aws.String(c.tableName),
+		Key: map[string]*dynamodb.AttributeValue{
+			"uid": marshalledUid,
+		},
+	})
+
+	if err != nil {
+		return lpa, err
+	}
+
+	err = dynamodbattribute.UnmarshalMap(getItemOutput.Item, &lpa)
+
+	return lpa, err
+}
+
+func New(endpoint, tableName string) *Client {
+	sess := session.Must(session.NewSession())
+	sess.Config.Endpoint = &endpoint
+
+	c := &Client{
+		ddb:       dynamodb.New(sess),
+		tableName: tableName,
+	}
+
+	xray.AWS(c.ddb.Client)
+
+	return c
+}

internal/shared/ddb.go

@@ -1,71 +1 @@
 package shared
-
-import (
-	"context"
-	"os"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/session"
-	"github.com/aws/aws-sdk-go/service/dynamodb"
-	"github.com/aws/aws-sdk-go/service/dynamodb/dynamodbattribute"
-	"github.com/aws/aws-xray-sdk-go/xray"
-)
-
-type DynamoDBClient struct {
-	ddb       *dynamodb.DynamoDB
-	tableName string
-}
-
-func (c DynamoDBClient) Put(ctx context.Context, data Lpa) error {
-	item, err := dynamodbattribute.MarshalMap(data)
-	if err != nil {
-		return err
-	}
-
-	_, err = c.ddb.PutItemWithContext(ctx, &dynamodb.PutItemInput{
-		TableName: aws.String(c.tableName),
-		Item:      item,
-	})
-
-	return err
-}
-
-func (c DynamoDBClient) Get(ctx context.Context, uid string) (Lpa, error) {
-	lpa := Lpa{}
-
-	marshalledUid, err := dynamodbattribute.Marshal(uid)
-	if err != nil {
-		return lpa, err
-	}
-
-	getItemOutput, err := c.ddb.GetItemWithContext(ctx, &dynamodb.GetItemInput{
-		TableName: aws.String(c.tableName),
-		Key: map[string]*dynamodb.AttributeValue{
-			"uid": marshalledUid,
-		},
-	})
-
-	if err != nil {
-		return lpa, err
-	}
-
-	err = dynamodbattribute.UnmarshalMap(getItemOutput.Item, &lpa)
-
-	return lpa, err
-}
-
-func NewDynamoDB(tableName string) DynamoDBClient {
-	sess := session.Must(session.NewSession())
-
-	endpoint := os.Getenv("AWS_DYNAMODB_ENDPOINT")
-	sess.Config.Endpoint = &endpoint
-
-	c := DynamoDBClient{
-		ddb:       dynamodb.New(sess),
-		tableName: tableName,
-	}
-
-	xray.AWS(c.ddb.Client)
-
-	return c
-}

internal/shared/jwt.go

@@ -88,25 +88,6 @@ func NewJWTVerifier() JWTVerifier {
 	}
 }
 
-// tokenStr is the JWT token, minus any "Bearer: " prefix
-func (v JWTVerifier) VerifyToken(tokenStr string) error {
-	lsc := lpaStoreClaims{}
-
-	parsedToken, err := jwt.ParseWithClaims(tokenStr, &lsc, func(token *jwt.Token) (interface{}, error) {
-		return v.secretKey, nil
-	})
-
-	if err != nil {
-		return err
-	}
-
-	if !parsedToken.Valid {
-		return fmt.Errorf("Invalid JWT")
-	}
-
-	return nil
-}
-
 var bearerRegexp = regexp.MustCompile("^Bearer[ ]+")
 
 // verify JWT from event header
@@ -119,9 +100,28 @@ func (v JWTVerifier) VerifyHeader(event events.APIGatewayProxyRequest) bool {
 	}
 
 	tokenStr := bearerRegexp.ReplaceAllString(jwtHeaders[0], "")
-	if v.VerifyToken(tokenStr) != nil {
+	if v.verifyToken(tokenStr) != nil {
 		return false
 	}
 
 	return true
 }
+
+// tokenStr is the JWT token, minus any "Bearer: " prefix
+func (v JWTVerifier) verifyToken(tokenStr string) error {
+	lsc := lpaStoreClaims{}
+
+	parsedToken, err := jwt.ParseWithClaims(tokenStr, &lsc, func(token *jwt.Token) (interface{}, error) {
+		return v.secretKey, nil
+	})
+
+	if err != nil {
+		return err
+	}
+
+	if !parsedToken.Valid {
+		return fmt.Errorf("Invalid JWT")
+	}
+
+	return nil
+}

internal/shared/jwt_test.go

@@ -26,7 +26,7 @@ func createToken(claims jwt.MapClaims) string {
 }
 
 func TestVerifyEmptyJwt(t *testing.T) {
-	err := verifier.VerifyToken("")
+	err := verifier.verifyToken("")
 	assert.NotNil(t, err)
 }
 
@@ -38,7 +38,7 @@ func TestVerifyExpInPast(t *testing.T) {
 		"sub": "M-3467-89QW-ERTY",
 	})
 
-	err := verifier.VerifyToken(token)
+	err := verifier.verifyToken(token)
 
 	assert.NotNil(t, err)
 	if err != nil {
@@ -54,7 +54,7 @@ func TestVerifyIatInFuture(t *testing.T) {
 		"sub": "[email protected]",
 	})
 
-	err := verifier.VerifyToken(token)
+	err := verifier.verifyToken(token)
 
 	assert.NotNil(t, err)
 	if err != nil {
@@ -70,7 +70,7 @@ func TestVerifyIssuer(t *testing.T) {
 		"sub": "[email protected]",
 	})
 
-	err := verifier.VerifyToken(token)
+	err := verifier.verifyToken(token)
 
 	assert.NotNil(t, err)
 	if err != nil {
@@ -86,7 +86,7 @@ func TestVerifyBadEmailForSiriusIssuer(t *testing.T) {
 		"sub": "",
 	})
 
-	err := verifier.VerifyToken(token)
+	err := verifier.verifyToken(token)
 
 	assert.NotNil(t, err)
 	if err != nil {
@@ -102,7 +102,7 @@ func TestVerifyBadUIDForMRLPAIssuer(t *testing.T) {
 		"sub": "",
 	})
 
-	err := verifier.VerifyToken(token)
+	err := verifier.verifyToken(token)
 
 	assert.NotNil(t, err)
 	if err != nil {
@@ -118,7 +118,7 @@ func TestVerifyGoodJwt(t *testing.T) {
 		"sub": "[email protected]",
 	})
 
-	err := verifier.VerifyToken(token)
+	err := verifier.verifyToken(token)
 	assert.Nil(t, err)
 }
 
@@ -134,7 +134,7 @@ func TestNewJWTVerifier(t *testing.T) {
 	newVerifier := NewJWTVerifier()
 	os.Unsetenv("JWT_SECRET_KEY")
 
-	err := newVerifier.VerifyToken(token)
+	err := newVerifier.verifyToken(token)
 	assert.Nil(t, err)
 }
 

internal/shared/lang.go

@@ -0,0 +1,12 @@
+package shared
+
+type Lang string
+
+var (
+	LangCy = Lang("cy")
+	LangEn = Lang("en")
+)
+
+func (l Lang) IsValid() bool {
+	return l == LangCy || l == LangEn
+}

internal/shared/person.go

@@ -9,6 +9,10 @@ type Address struct {
 	Country  string `json:"country"`
 }
 
+func (a Address) IsSet() bool {
+	return a.Line1 != "" || a.Line2 != "" || a.Line3 != "" || a.Town != "" || a.Postcode != "" || a.Country != ""
+}
+
 type Person struct {
 	FirstNames string  `json:"firstNames"`
 	LastName   string  `json:"lastName"`

internal/shared/update.go

@@ -1,9 +1,11 @@
 package shared
 
+import "encoding/json"
+
 type Change struct {
-	Key string      `json:"key"`
-	Old interface{} `json:"old"`
-	New interface{} `json:"new"`
+	Key string          `json:"key"`
+	Old json.RawMessage `json:"old"`
+	New json.RawMessage `json:"new"`
 }
 
 type Update struct {